Data Privacy Statement

We, DARCO (Europe) GmbH (hereinafter referred to as "DARCO"), take the protection of your Personal Data very seriously. We treat your Personal Data as confidential; all Processing of Personal Data (such as name, address, email address or telephone number of a Data Subject) is done in accordance with the General Data Protection Regulation and the country-specific data protection regulations that apply to us.
As a matter of principle, it is possible to use our internet pages without entering any Personal Data. However, where Processing of Personal Data is required in certain cases for the use of special offers or services, and there is no legal basis for such Processing, as a matter of principle we obtain the Consent of the Data Subject.
By way of the present Data Privacy Statement, we wish to inform about the nature, scope and purpose of the Personal Data we collect, use and Process. Furthermore, by way of the present Data Privacy Statement, Data Subjects are informed of their rights.
As the Controller responsible for the Processing, we have implemented a large number of technical and organisational measures to ensure maximally complete protection for Personal Data to be Processed via this internet site. Nevertheless, data transmissions on the internet may essentially have security flaws, so absolute protection cannot be guaranteed. For this reason, every Data Subject is free to submit Personal Data to us in alternative ways, for example by telephone.


1. Definitions

In the present Data Privacy Statement, we use the following terms, among others:

a) Personal Data
Personal Data are all and any information relating to an identified or identifiable person (hereinafter referred to as the "Data Subject"). A person is deemed identifiable if he or she can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features wherein the physical, physiological, genetic, mental, economic, cultural or social identity of this person become manifest.

b) Data Subject
A Data Subject is any identified or identifiable person whose Personal Data are Processed by the Controller responsible for the Processing.

c) Processing
Processing means any operation or series of operations related to Personal Data, such as collecting, recording, organising, sorting, storing, adapting or modifying, retrieving, querying, use, disclosure by transfer, dissemination or other form of provision, reconciliation or merging, restriction, erasure or deletion, that is performed with or without the aid of automated procedures.

d) Restriction of Processing
Restriction of Processing is the marking of stored Personal Data with the objective of limiting their future Processing.

e) Profiling
Profiling is any kind of automated Processing of Personal Data that consists in using said Personal Data in order to assess certain personal aspects relating to a person, in particular in order to analyse or predict aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that person.

f) Pseudonymisation
Pseudonymisation is the Processing of Personal Data in such a way that these Personal Data can no longer be attributed to a specific Data Subject without consideration of additional information, with the proviso that such additional information be kept separate and subject to technical and organisational measures that ensure that the Personal Data are not assigned to an identified or identifiable person.

g) Controller or Controller responsible for the Processing
The Controller or Controller responsible for the Processing is the person or entity, public authority, agency or other body that, alone or in cooperation with others, decides on the purposes and means of the Processing of Personal Data. Where the purposes and means of such Processing are determined by Union law or law of Member States, the Controller or the specific criteria for the designation of the same, respectively, may be provided for under Union law or law of Member States.

h) Processor
A Processor is a person or entity, public authority, agency or other body that Processes Personal Data on behalf of the Controller.

i) Recipient
A Recipient is a person or entity, public authority, agency or other body to whom Personal Data are disclosed, independently of whether the Recipient is a Third Party or not. However, public authorities that may receive Personal Data in the course of a particular investigative mission under Union law or law of Member States are not deemed Recipients.

j) Third Party
A Third Party is a person or entity, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorised under the direct responsibility of the Controller or the Processor to Process the Personal Data.

k) Consent
Consent is any declaration of intent that is voluntarily and unambiguously given in the form of a statement or declaration or other unambiguous confirmatory act, based on correct and sufficient information, by the Data Subject for the particular case, whereby the Data Subject indicates his/her agreement to the Processing of the Personal Data concerning him/her.


2. Name and address of the Controller responsible for the Processing

DARCO (Europe) GmbH
Gewerbegebiet 18
82399 Raisting
Germany
Phone +49 8807 9228 0
Email: info@darco-europe.com
Internet site: https://www.darco-europe.com

Data Protection Officer:
DARCO (Europe) GmbH
Data Protection Officer
Gewerbegebiet 18
82399 Raisting
Germany
Email: datenschutz@darco.de


3. Cookies

DARCO's internet sites use cookies. Cookies are text files that are stored on a computer system via an internet browser.
Numerous internet sites and servers use cookies. Many cookies contain so-called cookie IDs. A cookie ID is a unique identifier of the cookie. It consists of a string permitting internet pages and servers to be assigned to the specific internet browser in which the cookie was stored. This allows visited internet sites and servers to distinguish the individual browser of the Data Subject from other internet browsers that contain other cookies. An individual web browser can be recognised and identified by the unique cookie ID.
By using cookies, DARCO can provide users of this internet site with more user-friendly services than would be possible without cookies.
By means of cookies, the information and offers on our internet site can be optimised to the benefit of the user. Cookies allow us, as already mentioned, to recognise the users of our internet site. The purpose of this recognition is to make it easier for users to use our internet site. For example, the user of an internet site that uses cookies does not need to re-enter his/her credentials each time he/she visits the internet site, as this is done by the internet site and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.
The Data Subject can prevent the storing of cookies through our internet site at any time by means of a corresponding setting of the internet browser being used, and thus permanently block the setting of cookies. Furthermore, cookies already stored can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the Data Subject disables storing of cookies in the internet browser being used, not all functions of our internet site may be fully available.


4. Collection of general data and information

The DARCO internet site collects a series of general data and information each time the internet site is accessed by a Data Subject or an automated system. These general data and information are stored in the log files of the server. The following may be recorded: (1) browser types and versions used; (2) the operating system used by the accessing system; (3) the internet page from which an accessing system accesses our internet site (the so-called referrer); (4) the lower-level domains, paths and individual web pages addressed and requested by an accessing system on our web page; (5) the date and time of access to the internet site; (6) an Internet Protocol address (IP address); (7) the internet service provider of the accessing system; and (8) other similar data and information used for defence in the event of attacks on our IT systems.
When using these general data and information, DARCO does not draw any conclusions about the Data Subject. Rather, this information is required to (1) correctly deliver the contents of our internet site; (2) optimise the contents of our internet site and the advertising for the same; (3) ensure the continued functioning of our information technology systems and the technology of our internet site; and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by DARCO on the one hand statistically and further with the aim of increasing the data privacy and security in our company, in order to ultimately ensure an optimal level of protection for the Personal Data we Process. The anonymous data of the server log files are stored separately from all Personal Data provided by a Data Subject.


5. Routine deletion and blocking of Personal Data

We Process and store the Personal Data of the Data Subject only for the time required to achieve the purpose of the storage or as provided for by the European legislator and regulator or any other legislator in any legislation or regulations to which we are subject.
If the purpose of the storage ceases to apply, or if a storage period prescribed by the European legislator and regulator or any other relevant legislator expires, the Personal Data shall be routinely blocked or deleted in accordance with the statutory provisions.


6. Rights of the Data Subject

a) Right to confirmation
Each Data Subject has the right granted by the European legislator and regulator to require the Controller responsible for the Processing to issue a confirmation as to whether any Personal Data relating to him/her are Processed. If a Data Subject wishes to assert this right to confirmation, he/she may contact our Data Protection Officer at any time.

b) Right to be informed
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to obtain from the Controller responsible for the Processing information on the Personal Data stored about the Data Subject and a copy of that information, at any time and free of charge. Furthermore, the European legislator and regulator has provided the Data Subject with right to the following information:

In addition, the Data Subject has a right to information as to whether Personal Data have been transmitted to a third country or to an international organisation. In that case, the Data Subject is furthermore entitled to obtain information about the appropriate guarantees in connection with the transmission.
If a Data Subject wishes to exercise this right to information, he/she may contact our Data Protection Officer at any time.

c) Right to rectification
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to demand immediate correction of inaccurate Personal Data concerning him/her. Furthermore, the Data Subject has the right to demand completion of incomplete Personal Data, including by means of a supplementary declaration, taking into account the purposes of the Processing.
If a Data Subject wishes to exercise this right to rectification, he/she may contact our Data Protection Officer at any time.

d) Right to erasure (right to be forgotten)
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to require the Controller to immediately delete the Personal Data concerning the Data Subject, provided that any of the following reasons is satisfied and the Processing is not required:

If any of the above conditions is fulfilled and a Data Subject wishes deletion of Personal Data stored by DARCO, he/she may contact our Data Protection Officer at any time. DARCO's Data Protection Officer will cause the deletion request to be fulfilled immediately. If the Personal Data have been made public by DARCO, and our company is responsible for deleting Personal Data as the Controller pursuant to Art. 17 I of the GDPR, DARCO shall take appropriate measures, including technical ones, taking into account the available technology and the costs of implementation, in order to inform other Controllers that are Processing the published Personal Data that the Data Subject has requested deletion of all links to such Personal Data or copies or replicates of such Personal Data from those other Controllers, unless the Processing is required. DARCO's Data Protection Officer will arrange for the measures that may be necessary in individual cases.

e) Right to restrict Processing
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to demand Restriction of Processing from the Controller if any of the following conditions applies:

If any of the above conditions is met and a Data Subject wishes to demand Restriction of Personal Data stored by DARCO, he/she may contact our Data Protection Officer at any time. DARCO's Data Protection Officer will arrange for the Restriction of Processing.

f) Right to data portability
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to obtain the Personal Data concerning him/her that were provided to a Controller by the Data Subject in a structured, commonly used and machine-readable format. The Data Subject furthermore has the right to transfer these data to another Controller unhindered by the Controller to whom the Personal Data were provided, provided that the Processing is based on the Consent pursuant to Article 6 I a of the GDPR or Article 9 II a of the GDPR or is done under a contract pursuant to Article 6 I b of the GDPR and done by means of automated processes, unless the Processing is necessary for the performance of a task of public interest or is performed in the exercise of public authority, which has been vested in the Controller.
Furthermore, in exercising his/her right to data portability under Article 20 I of the GDPR, the Data Subject has the right to obtain that the Personal Data be transmitted directly from one Controller to another, insofar as this is technically feasible and does not affect the rights and freedoms of other persons or entities.
In order to assert the right to data portability, the Data Subject may contact DARCO's Data Protection Officer at any time.

g) Right to object
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to object at any time, for reasons arising from his/her particular situation, to the Processing of Personal Data relating to him/her pursuant to Article 6 I e or f of the GDPR. This also applies to any Profiling based on these provisions.
In the event of an objection, DARCO shall cease Processing of the Personal Data unless we can establish compelling legitimate grounds for Processing that outweigh the interests, rights and freedoms of the Data Subject, or the Processing is done for purposes of asserting or exercising, or defending against, legal claims.
If DARCO Processes Personal Data in order to perform direct advertising, the Data Subject has the right to object to the Processing of Personal Data for the purpose of such advertising at any time. This also applies to Profiling, insofar as it is related to such direct advertising. If the Data Subject objects towards DARCO to the Processing for direct advertising purposes, DARCO shall no longer Process the Personal Data for these purposes.
In addition, the Data Subject has the right, for reasons arising from his/her particular situation, to object to the Processing of Personal Data relating to him/her that is done by DARCO for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 I of the GDPR objection, unless such Processing is necessary to fulfil a task of public interest.
In order to exercise the right to object, the Data Subject may directly contact DARCO's Data Protection Officer. The Data Subject is also free, in the context of the use of information society services and notwithstanding Directive 2002/58/EC, to exercise his/her right of objection by means of automated procedures using technical specifications.

h) Automated decisions in individual cases including Profiling
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator not to be subject to a decision exclusively based on automated Processing, including Profiling, which has a legal effect on it or significantly affects it in any similar manner, unless said decision is (1) necessary for the conclusion or fulfilment of a contract between the Data Subject and the Controller; or (2) permitted by Union law or law of Member States to which the Controller is subject, and said legislation provides for appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the Data Subject; or (3) taken with the Consent of the Data Subject.
If the decision (1) is required for the conclusion or performance of a contract between the Data Subject and the Controller or (2) takes place with the Consent of the Data Subject, DARCO shall take reasonable measures to safeguard the rights, freedoms and legitimate interests of the Data Subject, including at least the right to obtain intervention of a person on the part the Controller, to express his/her own position, and to contest the decision.
If the Data Subject wishes to assert rights relating to automated decision-making, he/she may contact our Data Protection Officer at any time.

i) Right to revoke a data protection Consent
Any Data Subject affected by Processing of Personal Data has the right granted by the European legislator and regulator to revoke any granted Consent to the Processing of Personal Data at any time.
If the Data Subject wishes to assert his/her right to revoke a Consent, he/she may contact our Data Protection Officer at any time.

j) Right to appeal to the competent supervisory authority
In case of violations of any applicable data protection laws or regulations, the Data Subject is entitled to appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the State Data Protection Officer of the Federal state in which our company is based. A list of the data protection officers and their contact details can be found on the following page:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.


7. SSL or TLS encryption

For security reasons and in order to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption, respectively. You can recognise an encrypted connection by the address line of the browser changing from "http://" to "https://"" and a padlock symbol appearing in your browser line.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by Third Parties.


8. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored in order to process the request and to be available in case of follow-up questions. We will not disclose this information without your Consent.
The Processing of the data entered into the contact form is therefore exclusively based on your Consent (Art. 6 I a GDPR). You can revoke this Consent at any time. An informal notice by email to us is sufficient. The legality of the Processing operations carried out until the revocation remains unaffected by the latter.
The data entered by you in the contact form remain stored by us until you ask us for deletion or revoke your Consent to the storage, or the purpose for the data storage ceases to apply (e.g. after completion of your request). Mandatory statutory provisions - especially retention periods - remain unaffected.


9. YouTube

Our internet site uses plugins from the Google-powered YouTube site. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit any of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 I f of the GDPR.

For more information about the handling of user data, please refer to the YouTube Privacy Policy at: https://www.google.com/intl/en/policies/privacy.


10. Duration for which the Personal Data are stored

The criterion for the duration of the storage of Personal Data is the respective statutory retention period. After expiry of said period, the respective data will be routinely deleted, unless still required to fulfil or initiate a contract.


11. Legal or contractual provisions for provision of the Personal Data; necessity for conclusion of the contract; obligation of the Data Subject to provide the Personal Data; possible consequences of non-provision

We inform you that the provision of Personal Data is partly required by applicable law (e.g. fiscal regulations) or may also result from contractual provisions or arrangement (e.g. information about the contracting party). Occasionally it may be necessary for conclusion of a contract that a Data Subject provide us with Personal Data that must subsequently be Processed by us. For example, the Data Subject is required to provide us with Personal Data when our company enters into a contract with him/her. Failure to provide the Personal Data would mean that the contract with the person concerned could not be concluded. Prior to any Personal Data being provided by the Data Subject, the Data Subject must contact our Data Protection Officer. Our Data Protection Officer will inform the Data Subject on a case-by-case basis as to whether the provision of Personal Data is required by law or contract or is needed for the conclusion of the contract, whether there is an obligation to provide the Personal Data, and what the consequences of non-provision of the Personal Data are.

The data protection measures are subject to continuous technical upgrading; for this reason, we ask you to keep informed about our data protection measures by reviewing our data privacy statement at regular intervals.