Data Privacy Policy

General information

Degura takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy policy.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This data protection declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

Who we are

The data processing controller on this website is:

Degura GmbH

Friedrichstraße 171

10117 Berlin

Phone: +49 30 629 328 50

Email: info@degura.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

This privacy policy does not apply to our recruiting activities or the processing of personal data in the Degura Pension Cloud.

Data protection officer

We have appointed a data protection officer for our company.

Aulinger Datenschutz & Consulting GmbH

Dr. Ralf Heine

Frankenstrasse 348

45133 Essen

Phone: +49 201 9598662
Email: r.heine@aulinger-dc.eu

When and why do we store and process your personal data

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically when you access this website. In addition, your surfing behavior can be statistically evaluated when you visit this website. This is done primarily with so-called analytics tools.

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior and thus to derive website optimizations. Furthermore, we use the data you provide via the contact form to contact you at your request.

To help you better understand how your data is processed, we have provided all the necessary information below.

You visit our website

When you visit our website, we process data about your browser, your operating system, your location, your IP address and some others to ensure the functionality of the website, the security of the connection and a smooth browsing experience. In addition, we process data for marketing purposes, sometimes with the support of service providers. We ask for your consent for this processing.

  • What data: IP address, browser type and version, time zone setting, browser plug-in types, geolocation, operating system and version, pages visited, clicking behavior, recurring visits, use of third-party services
  • Purposes: Statistics, optimization, security, marketing
  • Legal basis: if the processing is technically necessary, the lawfulness is based on legitimate interest (Art. 6 para. 1 lit. f GDPR), in the case of data that is not technically necessary, the legal basis is exclusively consent (Art. 6 para. 1 lit. a GDPR)
SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Usage of Cookies

Our websites use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g., cookies for displaying video content).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g., the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

If the storage and processing is technically necessary, the legality is based on legitimate interest (Art. 6 para. 1 lit. f GDPR). This is the case with the so-called necessary cookies, in which we as the website operator have a legitimate interest in the technically error-free and optimized provision of our services. In the case of cookies that are not technically necessary, the legal basis for storage and processing is exclusively your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third-party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this data Privacy policy and, if applicable, ask for your consent.Our websites use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

You use our contact form, call us or send us an email

If you send us requests via the contact form, call us or contact us by e-mail, your request including the resulting personal data (such as your name and e-mail address) will be stored and processed by us in order to handle your request and contact you. We will not pass on this data without your consent.

  • What data: First and last name, business email, telephone number, name of your company, any other information you have shared with us in the message field
  • Purposes: You contact us, we answer your questions, we receive feedback
  • Legal basis: The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your agreement (Art. 6 Para. 1 lit. a GDPR) if this has been requested.
  • Storage duration: The data you send to us via a contact request will remain with us until you ask us to erase it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
You are interested in Degura’s services

If you are interested in our offer in more detail, we can offer you a live demo. For this purpose, we need your contact details (e.g. email address, first and last name, etc.).

  • What data: Name and surname, company information, telephone number, email address
  • Purposes: Demonstration of Degura’s products and services, marketing, customer relationship
  • Legal basis: This data is processed to carry out pre-contractual measures in response to your request (Art. 6 para. 1 lit. b GDPR)
  • Storage duration: The information sent to us remains with us until you request us to delete it or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected.
Online-based audio or video conferences

Among other things, we use online conference tools to communicate with you. The individual tools we use can be found below under "Service providers used". If you communicate with us online via video or audio conference or participate in a webinar, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "contextual information" in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection declarations of the tools used, which are also listed below under "Service providers used".Among other things, we use online conference tools to communicate with you. The individual tools we use can be found below under "Service providers used". If you communicate with us online via video or audio conference or participate in a webinar, your personal data will be collected and processed by us and the provider of the respective conference tool.

  • What data: Which data exactly is stored depends on the tool used. Each provider stores and processes different data in different amounts. Most providers generally store your name, contact details (email address and/or telephone number) and IP address. These can also be stored: Information on devices used (device IDs, device types, operating system, client version, etc.), duration of participation, files shared within the video conference (photos, videos, texts).
  • Purposes: Provision of information, participation in online events, relationship management, marketing or newsletter distribution
  • Legal basis: The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent (Art. 6 para. 1 lit. a GDPR); the consent may be revoked at any time with effect from that date.
  • Storage duration: Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
    We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
You exercise your data subject rights

The privacy law gives you a number of data protection rights. We present these briefly further below. You can find more details in Art. 13 - 22 of the GDPR. If you want to exercise your data protection rights, please contact us. To ensure that you can exercise your rights we must process some of your data, such as name, surname, email address and some others, for example, to verify your identity and to reply to your request. This will generate further data about your person, which we will also process.

  • What data: Name and surname, address, telephone numbers or email addresses, content of the request
  • Purposes: Fulfilling your requests and legal requirements
  • Legal basis: This data is processed to fulfill our legal obligation (Art. 6 para. 1 lit. c GDPR)
  • Storage duration: two years
Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.

Information on data transfer to non-EU countries

Among other things, we use tools on our website from companies located in countries outside the European Economic Area (EEA) / the United Kingdom (UK) / Switzerland. If these tools are active, your personal data may be transferred to these third countries and may be processed there.

Please note that some of these countries do not have the same data protection laws as the EEA / UK / Switzerland and therefore cannot guarantee the same level of data protection. In particular, these countries may not provide the same level of protection for your personal data, may not grant you the same rights in relation to your personal data and may not have a data protection supervisory authority to assist you with any concerns you may have. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities. However, when transferring your personal data outside the EEA / UK / Switzerland, we will comply with our legal and regulatory obligations in relation to your personal data, including (where required) having a lawful basis for the transfer of personal data and taking appropriate safeguards to ensure an adequate level of protection for the personal data. We also take appropriate measures to ensure the security of your personal data in accordance with applicable data protection laws.

When transferring your personal data outside the EEA / UK / Switzerland, we will, where required by applicable data protection laws, ensure that at least one of the following safeguards is implemented: (1) we only transfer your personal data to countries or organizations that have been deemed to provide an adequate level of protection for personal data by the European Commission; or (2) we use specific contracts approved by the European Commission, commonly known as "standard contractual clauses" or "SSCs". SSCs are designed to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). You can find the EU Commission's decision and the corresponding standard contractual clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Your rights

As a user whose personal data is processed, you are a "data subject" within the meaning of the GDPR. As the data subject, you are entitled to the rights listed below towards us as the controller:

  • Right of access (Art. 15 GDPR)
    You have the right to receive information free of charge about the processing of your personal data by us.
  • Right to rectification (Art. 16 GDPR)
    You have the right to request the correction of incorrect data or the completion of your personal data stored by us.
  • Right to erasure (Art. 17 GDPR)
    You have the right to request the erasure of your personal data stored by us, provided that this does not conflict with any statutory retention obligation.
  • Right to restriction of processing (Art. 18 GDPR)
    You have the right, under certain conditions, to request the restriction of the processing of your personal data, e.g. if the accuracy of the data is disputed by you or the processing is unlawful.
  • Right to data portability (Art. 20 GDPR)
    You have the right to data portability and thus to receive the personal data concerning you in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR)
    You have the right to object to the processing of your personal data on certain grounds, unless there are compelling legitimate grounds for the processing. If the data is processed for the purpose of direct marketing, you have the right to object at any time.
  • Automated individual decision-making, including profiling (Art. 22 GDPR)
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to withdraw consent (Art. 7 para. 3 GDPR)
    You have the right to withdraw your consent at any time.
  • Right to lodge a complaint with the supervisory authority (Art. 77 para. 1 GDPR)
    You have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time to exercise your rights or for further questions about data protection.

Service providers used

As part of the operation of our website, to carry out our business operations and to provide certain services, we use service providers. This is done to operate the website (cookie banner, security and provision), in marketing and customer support, to display videos and more. But don’t worry, we have concluded data processing agreements (DPAs) with the service providers listed below in accordance with Art. 28 ff GDPR. This is a contract prescribed by data protection law, which ensures that the service providers only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

External hosting with DomainFactory

We use the web hosting provider DomainFactory for our website. The service provider is the German company DomainFactory GmbH, c/o WeWork, Neuturmstrasse 5, 80331 Munich, Germany. The data is stored in the data centers in Strasbourg and Cologne. Both locations are operated on the basis of the latest technology and the best security standards. The exact retention period of the data depends very much on the type of data and the individual configurations. In principle, DomainFactory stores data for as long as is necessary to fulfill its obligations. However, data may also be stored for longer, for example to provide evidence for possible legal disputes.

For more information about data protection at DomainFactory, we recommend the privacy policy at https://www.df.eu/de/datenschutz/. If you have any further questions, you can also send an email to support@df.eu.

Website builder and web design
Webflow

To create our website, we use Webflow, a website construction kit system from the American company Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103 USA (hereinafter referred to as Webflow).Webflow is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Webflow uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Webflow undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. 

Details can be found in Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy

Adobe Fonts

We use Adobe Fonts, a service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland (hereinafter referred to as "Adobe"), to provide fonts on our website. When loading the page, your browser loads the required fonts directly from the Adobe servers to ensure that texts are displayed correctly. Adobe may collect information about the use of the fonts, including the IP address of the end device, in order to establish the connection to the Adobe server. The use of Adobe Fonts is in the interest of a uniform and appealing presentation of our online offers.

Further information on data protection at Adobe Fonts can be found in Adobe's privacy policy: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

You can prevent the collection and processing of your data by Adobe by deactivating the execution of script code in your browser or installing a script blocker in your browser (however, this option may affect the correct display of the website).

Cookie consent with Finsweet Cookie Consent for Webflow

To manage your privacy preferences regarding cookies, we use Finsweet Cookie Consent, a service provided by Finsweet LLC, Finsweet LLC, 950 E. Paces Ferry Rd NE, Unit 2604, Atlanta, GA 30326, USA (hereinafter "Finsweet"). This cookie manager allows you to customize and control your cookie settings. Finsweet Cookie Consent informs you about the use of cookies and similar technologies when you visit our website. You have the option to customize your preferences and decide which types of cookies you want to allow. Finsweet then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them.

Finsweet's privacy policy provides detailed information on how your data is handled in connection with cookie management: https://finsweet.com/legal. You can also find additional information here: https://finsweet.com/cookie-consent#legal.

You can prevent data collection and processing by Finsweet Cookie Consent by rejecting the use of cookies in your browser settings or by following Finsweet's instructions to adjust your preferences.

Contact form with Jotform

In order to provide you with an efficient and user-friendly contact form on our website, we use Jotform, a service provided by Jotform Inc, 1700 Montgomery St, San Francisco, CA 94111, USA (hereinafter "Jotform"). Jotform enables us to create customized forms that make it easier for you to contact us.

When you fill out one of our forms, the data you enter is transmitted directly to Jotform and stored on their servers. These are located in Frankfurt. Jotform undertakes to treat your data securely and not to pass it on without your consent.

Details can be found in Jotform's privacy policy: https://www.jotform.com/privacy/.

You can object to the processing of your data by Jotform by refraining from using our contact form and using alternative contact methods such as email or telephone.

Booking appointments with Calendly

We use Calendly, a service provided by Calendly LLC, 3423 Piedmont Rd NE, Atlanta, GA 30305, USA (hereinafter referred to as "Calendly"), to enable you to conveniently arrange appointments. Calendly enables us to schedule appointments efficiently and makes it easier for you to book demo appointments with us.When you book an appointment via our online appointment scheduler, the data you enter is transmitted directly to Calendly and stored on its servers in the USA.

Calendly is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. In addition, Calendly uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Calendly undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

Calendly's privacy policy provides detailed information on how your data is processed in connection with the use of its services: https://calendly.com/privacy.

If you prefer not to make appointments with us via Calendly, you can alternatively contact us by email or telephone.

Conference tools
Microsoft Teams

Among other tools, we use Microsoft Teams, a cloud-based communication service from Microsoft, to communicate with you. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft"). When you use Microsoft Teams, your data will also be processed in the USA. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Microsoft also uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. 

You can find more information about the standard contractual clauses at Microsoft at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

You can find out more about the data that is processed through the use of Microsoft in the privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

Google Meet

In addition, we use Google Meet, a service of Google Inc and Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter "Google") for virtual meetings and video conferences. When you participate in an online meeting via Google Meet, certain data such as your name, device type and other information that you actively share may be collected and stored on Google's servers. Google undertakes to treat your data securely and not to pass it on without your consent.

For details on data processing, please refer to the Google Meets privacy policy: https://policies.google.com/privacy?hl=en

Managing customer data with Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter "Salesforce"). Salesforce Sales Cloud is a CRM system and enables us, among other things, to manage existing and potential customers and customer contacts and to organize sales and communication processes. Using the CRM system also enables us to analyze our customer-related processes. Customer data is stored on the Salesforce servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding corporate rules that legitimize the internal transfer of data to third countries outside the EU and the EEA. Details can be found here: https://compliance.salesforce.com/en/salesforce-bcrs.

Further details on data protection at Salesforce can be found in Salesforce's privacy policy: https://www.salesforce.com/de/company/privacy/.

Analytical tools and marketing

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools. In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our website technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

Piwik Pro

We use the Piwik PRO Analytics Suite from the provider Piwik PRO GmbH Kurfürstendamm 21, 10719 Berlin, Germany, as our website analytics software. We collect data about website visitors using cookies. The information collected includes, for example, the visitor's IP address, operating system, browser ID, browsing activity and other information. We calculate metrics such as bounce rate, page views, sessions and the like in order to understand how our website is used and to constantly optimize it. The data is stored on servers in Germany. Piwik PRO does not share the data about you with other sub-processors or third parties and does not use it for its own purposes.

Further information can be found at: https://piwik.pro/privacy-policy/.

LinkedIn Insight Tag

This website uses the "LinkedIn Insight Tag", an analysis and tracking tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag enables us to track the activities of visitors to our website who have reached our website via LinkedIn. The LinkedIn Insight Tag collects and stores data about your visitor behavior on our website, including page views, interactions and demographic information. This data is used to provide us with insights into the use of our website and to analyze campaign results in order to provide you with relevant information on LinkedIn. LinkedIn does not share any personal data with us, but only provides summarized reports on website audience and ad performance.

You can find more information about data protection on LinkedIn in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Sales Viewer

To analyze the behavior of visitors to our website and identify potential customers, we use Sales Viewer, a service provided by SalesViewer GmbH (Huestr. 30, 44787 Bochum, Germany, https://www.salesviewer.com/en). Sales Viewer enables us to track visitor behavior and obtain information about companies that visit our website.

Sales Viewer automatically collects data such as IP addresses, pages visited, time spent on the website and other information about the visitor's company from publicly available sources. This information is used to identify potential customers and to optimize our marketing and sales activities.

Sales Viewer is committed to keeping your information secure and not sharing it without your consent. For more information on how Sales Viewer processes your data, please refer to Sales Viewer's privacy concept: https://www.salesviewer.com/en/platform/data-protection/.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/en/opt-out/ in order to prevent SalesViewer from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again. 



Date of this privacy policy: 04-2024