Privacy policy
Privacy Policy
Preamble With the following privacy policy, we aim to inform you about the types of personal data (hereinafter also referred to as "data") we process, the purposes for which we process them, and the extent of such processing. This privacy policy applies to all processing of personal data conducted by us, both in the provision of our services and particularly on our websites, mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").
The terms used are not gender-specific.
Effective date: January 10, 2025
Table of Contents
Preamble
Data Controller
Overview of Data Processing
Legal Basis for Processing
General Information on Data Retention and Deletion
Rights of Data Subjects
Business Services
Use of Cookies
Contact and Inquiry Management
Marketing Communication via Email, Mail, Fax, or Phone
Online Marketing
Presence on Social Networks (Social Media)
Data Controller Denis Friedrich Delwood GmbH Delvin-Katz Straße 7 90451 Nuremberg, Germany
Authorized Representative: Managing Director Denis Friedrich Email: denis.friedrich@delwood.eu
Overview of Data Processing
The following overview summarizes the types of data we process, the purposes of their processing, and the affected data subjects.
Types of Processed Data
Master data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication, and procedural data
Categories of Data Subjects
Clients and service recipients
Interested parties
Communication partners
Users
Business and contract partners
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Direct marketing
Reach measurement
Tracking
Office and organizational procedures
Conversion measurement
Audience targeting
Organizational and administrative procedures
Feedback
Marketing
User profile generation
Provision of our online services and user-friendliness
IT infrastructure
Public relations
Sales promotion
Business processes and economic procedures
Legal Basis for Processing
The following is an overview of the legal bases of the GDPR on which we process personal data. In addition to the GDPR provisions, national data protection regulations in your or our country of residence or establishment may also apply. If more specific legal bases are relevant in individual cases, we will inform you of them in the privacy policy.
Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for a specific purpose.
Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take pre-contractual measures.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with a legal obligation.
Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override them.
National Data Protection Regulations in Germany: In addition to the GDPR, national regulations apply, particularly the Federal Data Protection Act (BDSG). This law includes specific regulations on data subject rights, data processing for other purposes, and data transfer. Additionally, the data protection laws of individual German federal states may apply.
Applicability of GDPR and Swiss DSG: This privacy policy serves to provide information under both the Swiss Data Protection Act (DSG) and the GDPR. We use the terminology of the GDPR for broader applicability, though the legal meaning of terms is defined by the relevant legislation.
General Information on Data Retention and Deletion
We delete personal data according to legal requirements as soon as the underlying consents are revoked, or there are no further legal grounds for processing. This applies when the original purpose for processing ceases to exist, and the data is no longer required. Exceptions apply when legal obligations or particular interests require longer retention.
In particular, data retained for commercial or tax law reasons must be archived. Furthermore, legal obligations may require longer retention for litigation or other lawful interests.
The following general retention periods apply under German law:
10 years: Accounting records, annual financial statements, and relevant documentation (§ 147 AO, § 14b UStG, § 257 HGB).
8 years: Invoices and cost documents (§ 147 AO, § 257 HGB).
6 years: Business correspondence and tax-relevant documents (§ 147 AO, § 257 HGB).
3 years: Data necessary for handling potential warranty and liability claims (§§ 195, 199 BGB).
Rights of Data Subjects
Under the GDPR, data subjects have various rights, including:
Right to Object: The right to object to processing based on legitimate interests (Art. 6(1)(e) or (f) GDPR).
Right to Withdraw Consent: The right to revoke consent at any time.
Right of Access: The right to request information about stored personal data.
Right to Rectification: The right to correct inaccurate personal data.
Right to Deletion: The right to request deletion of personal data.
Right to Data Portability: The right to receive personal data in a structured format.
Right to Lodge a Complaint: The right to file a complaint with a supervisory authority.
Business Services
We process customer and business partner data within contracts and communications to fulfill contractual obligations, maintain security, and optimize business processes. Data is processed according to contract requirements and deleted according to legal retention periods.
Processed Data Types:
Master data, payment data, contact data, contract data, usage data, meta-data.
Legal Basis:
Contract fulfillment (Art. 6(1)(b) GDPR)
Legal obligation (Art. 6(1)(c) GDPR)
Legitimate interest (Art. 6(1)(f) GDPR)
Use of Cookies
We use cookies for functionality, security, and marketing purposes. Users can withdraw consent or disable cookies in their browser settings.
Contact and Inquiry Management
We process personal data from contact inquiries to respond effectively. Data includes names, contact details, and message content.
Legal Basis:
Contract fulfillment (Art. 6(1)(b) GDPR)
Legitimate interests (Art. 6(1)(f) GDPR)
Marketing, Online Presence, and Social Media
We engage in online marketing, measure engagement, and maintain social media profiles for communication and brand awareness. Users can object to processing or withdraw consent at any time.
Platforms:
Instagram (Meta)
Facebook (Meta)
Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR)
Consent (Art. 6(1)(a) GDPR)
For further inquiries, please contact us at denis.friedrich@delwood.eu.
