Privacy Policy

1. Responsibility and Contact

In this Privacy Policy, “D.CT”, “we”, “us” or “our” refers to D.CT Deutsche Cleantech GmbH. D.CT is the data controller within the meaning of the GDPR (if applicable), as we use your personal data in the context of our respective relationship with you. You can find D.CT’s address, company name and other legal information at [Imprint].

If you have any comments, complaints or questions about this Privacy Policy or our processing of your personal data, or if you wish to exercise your data subject rights, please feel free to contact us at the following contact details:

D.CT German Cleantech GmbH
Hochstrasse 29
D-60313 Frankfurt
Phone: +49 69 2692354-0
Fax: +49 69 2692354-99
E-mail: info@d-ct.de

2. Processing of Personal Data

This Privacy Policy explains how we collect, store, use, disclose and transfer (hereinafter “Process”) your personal data. The personal data we process depends on the context of your interactions with us, the products, services and features you use, your location and applicable law. We process your data for the reasons described below and only for the purposes intended in each case.

Our services are neither directed at nor intended for children and/or adolescents, both within the meaning of § 7 of SGB VIII, paragraph I, nos. 1 and 2, respectively.

It is important that the personal information we have about you is accurate and up to date. If your personal information changes, please notify us of any changes of which we should be aware. Please use the contact details above or inform your contact person at D.CT.

2.1.  Website Visit

2.1.1. Server Logs

When you visit our website, we record the following information:

• Your IP address;
• the data accessed on the website;
• the amount of data transferred;
• the website from which the request comes to our website;
• the server response code to your browser’s request;
• information about the browser you are using
• the date, time and duration of your visit to our website; and
• other similar data and information used to avert the risk of an attack on our information technology systems.

As a rule, D.CT cannot assign this data to a specific person.

A record of this information is necessary

• to transmit the contents of our website correctly
• to constantly optimize our website- to ensure the functions of our IT systems and technology of our website on a permanent basis; and
• to provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR (for the optimization of our website), Art. 6 para. 1 lit. f) GDPR (for the proper provision of the content of our website and to ensure the continuous functioning of our IT systems and the technology of our website) and Art. 6 para. 1 lit. c) GDPR (to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack).

2.1.2. Personal Data directly Collected from You

We collect and process information that you enter on our website or otherwise submit to us (including by simply visiting the website). This includes data you enter in forms or contact fields or select from lists or menus.

There are some areas on our website where you can submit information to us by uploading documents to our servers through this website or by sending us this information via email. This happens, for example, when you apply online. On our website, you also have the option of contacting D.CT via the contact forms and e-mail addresses, telephone and fax numbers provided there. If you contact us in this way, all resulting personal data will be stored and processed by us for the purpose of processing your request. Your information may be stored in our customer relationship management system. The data will be used exclusively for processing the request. The legal basis for the processing of data is Art. 6 para. 1 lit. f) GDPR (general inquiries). If the contact is necessary for the implementation of pre-contractual measures, which are carried out in response to your request, the legal basis is Art. 6 para. 1 lit. b) GDPR. The processing of the personal data collected by us is solely for the effective processing of the requests sent to us.

2.1.3. Cookie Policy

In addition to the above data, when you use our website, we use technical tools for various functions, in particular cookies, which may be stored on your terminal device. Some of them are necessary, while others are not, but help us to improve website navigation, analyze website usage and support our marketing activities. You can consent to the use of the non-essential cookies by clicking the “OK” button or decline them by clicking the “Decline” button, as well as select only certain cookie groups (preferences, statistics, marketing) and accept them by clicking the “Allow selection” button. You can access all these cookie settings at any time and also deselect cookies subsequently at any time.

Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you are using so that certain information can flow to the entity that sets the cookie. Their primary purpose is to make the user experience on a website faster and more user-friendly.

By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types, we need your permission. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time from the cookie statement on our website.

Necessary (2)

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name	Provider	Usage	Lapses	Type
Cookieyes-consent	CookieYes	CookieYes sets this cookie to store users’ consent preferences so that their preferences are honored on subsequent visits to this site. No personal information about visitors to the site is collected or stored.	1 Year	Necessary
pll_language	Polylang	Polylang sets this cookie to store the language selected by the user when he returns to the website, in order to preserve the language information when it is not available by other means.	1 Year	Necessary

Statistics, Marketing and Tracking (1)

Statistics cookies help website owners understand how visitors interact with the website by collecting and reporting information anonymously.

Name	Provider	Usage	Lapses	Type
_ga	Google	Google Analytics sets cookies to calculate visitor, session, and campaign data and track website usage for the website analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize individual visitors.	1 Year, 1 Month, 4 Days	Marketing

2.1.4. Services and Contents of Third Parties

Within our website, we use content or service offerings from third parties to integrate their content and services. In the case of technically necessary cookies, we do this on the legal basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, in the case of technically unnecessary cookies on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. On some visits, we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to specific pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to exit the site. We may use this information to measure activity on the Site, to develop ideas to improve our Site, and for any other purpose to the extent permitted by applicable law. The pseudonymous information may also be stored in cookies on the user’s device and may contain, for example, technical information about the browser and operating system, referring website, time of visit, and other information about the use of our online offering, as well as being linked to such information from other sources. We use and commission certain providers with the use of cookies, web beacons and similar tracking technologies (collectively “cookies”) on our website. Below you will find an overview of third-party providers and their content, as well as links to their privacy statements, which contain further information on the processing of data and, if applicable, further options for objection (so-called opt-out).

Google Analytics / Google Search Console

Insofar as you have given your consent, Google Analytics and the Google Search Console, web analytics services provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics and the Google Search Console use cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the function ‘anonymizeIP’ (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union (EU) or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics/Google Search Console will not be merged with other data from Google.

During your visit to our website, the following data is collected, among other things:

• The pages you visit,
• Your “click path.”
• Achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases),
• Your user behavior (for example, clicks, dwell time, bounce rates),
• Your approximate location (region)
• Your IP address (in shortened form),
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution),
• your internet service provider,
• the referrer URL (via which website/ via which advertising medium you came to this website). On our behalf, Google will use this information for the purpose of evaluating your (pseudonymous) use of the website and compiling reports on website activity. The reports provided by Google Analytics/Google Search Console are used to analyze the performance of our website and the success of our marketing campaigns. The recipient of the data is Google as an order processor. We have concluded an order processing agreement with Google for this purpose. Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google. A transfer of data to the USA cannot be ruled out. The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

• not giving your consent to the setting of the cookie or
• downloading and installing the browser add-on to disable Google Analytics HERE (https://tools.google.com/dlpage/gaoptout?hl=de).

You can also prevent the storage of cookies by selecting the appropriate settings on your browser software. The legal basis and revocation option for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. For more information on Google Analytics/Google Search Console terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de. Data processing terms for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms.

Google Tag Manager

Our website uses Google Tag Manager. Google Tag Manager is a service that allows you to manage marketed website tags through an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register any personal data. The tool causes other tags to be activated, which in turn may register data. Google Tag Manager does not access this information. If recording has been disabled at the domain or cookie level, this setting is retained for all tracking tags implemented with Google Tag Manager. The legal basis for this data processing is your consent, Art. 6 (1) a) GDPR.

CookieYes

Our website uses the cookie consent technology of CookieYes to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. When you enter our website, a cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of CookieYes. The collected data will be stored until you request us to delete it or delete the cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

Details on the data processing of CookieYes can be found at [https://www.cookieyes.com/kb/cookie-consent/].

The CookieYes consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the “Recommend Button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. For more information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy

2.2. Clients/Other Contractual Parties If you have contacted us to enter into a contract (e.g., a retainer agreement) with us, for example, through an email or a meeting with one of our employees, we collect, use and store personal data , such as your name, job title, employer, contact information and other information necessary for the contract (e.g., to advise the client), to a limited extent.

We collect, process and store this personal data for the following purposes:

• Identifying associates and employees or contacts of the client or other contracting party.
• Advising the client and fulfilling the contract
• Correspondence with the client or other contractual partner or the contact persons of the client or other contractual partner
• Invoicing
• In connection with the settlement of disputes or other legal complaints
• Contacting the shareholders or the contact persons of the client or other contractual partner in the case of future business transactions that are of interest to the shareholders and/or clients or other contractual partners
• Inviting clients or other contractual partners to participate in marketing or other promotional events or seminars or similar events and informing clients or other contractual partners on other topics that may interest them
• Conducting sanctions list/compliance/ MLA screenings (see further details below).
• Soliciting feedback (e.g., in a survey about our services and managing, reviewing and responding to feedback received) The legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR, if it is necessary for the conclusion of a contract, for the establishment, implementation and termination of the contract and for the mutual fulfillment of obligations arising from the contract, furthermore Art. 6 para. 1 lit. c) GDPR if it is a legal obligation in case of dispute resolution or other legal complaints, furthermore your consent according to Art. 6 para. 1 lit. a) GDPR if you have given us your business card, and Art. 6 para. 1 lit. f) GDPR if it is necessary for the legitimate interests of D.CT. As part of our cooperation with business partners, we are obliged to carry out sanctions list screenings in order to meet existing compliance obligations. Such use of your personal data is based on permission to process personal data for the purpose of complying with a legal obligation under Art. 6 (1) c) GDPR and based on our legitimate interest under Art. 6 (1) f) GDPR or in accordance with the relevant provisions of other applicable law. Partially, we research and use personal data from public sources (such as LinkedIn, Xing and other publicly available sources on the Internet) to complete or correct your data (first names, company, country, etc.). We store this data in our CRM system. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. Your personal data, such as names, email addresses, organizational information, may also be processed by us in connection with your use of our Microsoft 365 Services. Separate privacy notices apply for this specific purpose (see the Supplemental Privacy Notice for Microsoft365 Cloud Services (English only)).

2.3. Visitors in our Offices

When you visit our office, we may collect the following personal information from you for the following purposes:

• Contact information by filling out the security list of visitors as part of our legitimate interests (security of the building);
• Video images of you in the entrance and exit areas from CCTV footage as part of our legitimate interests (security of the building);
• Your name and the time you entered our office through a security access system, consistent with our legitimate interests (maintaining the security of our office);
• Names and meal requests for catering in meetings consistent with our legitimate interests (accommodating the needs of visitors);
• Health data to assist in combating infectious diseases (such as the Covid-19 virus) in accordance with our legal health and safety obligations;
• If applicable, health data by completing the First Aid Accident Book to comply with our legal health and safety obligations; and
• Name and other information of guests, if applicable, for the purpose of organizing events (e.g. conferences, charity events, or student/graduate events) and providing name tags, attendee lists, team lists, and table plans.

3. Forwarding of personal Data

Once you submit your information to us or it is collected on our website, we forward it within D.CT to the recipients who need to know.

3.1. External Service Providers

Insofar as we involve service providers who support us in the processing of personal data or otherwise and who may come into contact with your personal data in the process, this is only done after the prior conclusion of a so-called contract for commissioned processing, with which we oblige our service providers to process personal data only in accordance with our instructions and to treat it confidentially. If your personal data is transferred to another country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we again ensure that the data transfer is based on an adequacy decision or the conclusion of the EU standard contractual clauses.

3.2. Transfer of Data to third Parties

As a general rule, we will not share, sell or otherwise market personal data to third parties, such as other companies or organizations, without your explicit consent, unless sharing such data is necessary to fulfill our contractual obligations between us and you.

For example, the following categories of recipients may receive your personal data:

• Government agencies, courts, parties to litigation or their designees to whom we are required to disclose your personal data pursuant to applicable law, regulation, legal process or enforceable governmental order, e.g., tax and customs authorities, regulatory authorities and their designees, financial market regulators, public registries;
• auditors or external advisors such as lawyers, tax advisors, insurers or banks; and
• another company in the event of a change of ownership, merger, acquisition or disposal of assets

3.3. Transfer of Non-EU/EEE Countries

If there is a sufficient legal basis, your personal data may be transferred to and processed in other countries outside the EU/EEA where the laws and regulations governing the processing of personal data are less stringent. In such cases, we will ensure that the data transfer is based on an adequacy decision or the conclusion of the EU standard contractual clauses and inform you about the consequences of such data transfer.

4. Your Rights

You have rights vis-à-vis D.CT pursuant to Articles 15-21 of the GDPR with respect to personal data concerning you. In particular, you have the following rights:

• You may at any time request information about whether and which personal data D.CT has stored about you and request a copy thereof (right of access, Article 15 GDPR);
• If your personal data that we have stored is incorrect or incomplete, you have the right to request that D.CT correct this data at any time (right to rectification, Art. 16 GDPR);
• You have the right to request D.CT to delete your personal data or to restrict data processing (right to erasure, Art. 17 GDPR, and right to restriction of processing, Art. 18 GDPR);
• You may object to the processing of your personal data at any time (right to object, Art. 21 and 22 GDPR);
• You have the right to have your personal data transferred to you or to another controller (right to data portability, Art. 20 GDPR). If you are not satisfied with the way we have handled your personal data or your data protection requests, you have the right to complain to the competent supervisory authority (Art. 77 GDPR). However, we would appreciate the opportunity to address your concerns before you contact the supervisory authority. We may need to request certain information from you to confirm your identity and to ensure your right of access (or to exercise your other rights). This is another reasonable security measure to ensure that personal information is not disclosed to individuals who have no right to receive it.

Revocation of Consent

If we process your data with your consent (Art. 6 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future. If we process your data on the basis of Art. 6 (1) (f) GDPR (legitimate interests), you may object to the use of your personal data at any time (directly to D.CT by mail, fax, e-mail or via the contact details provided above). When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have carried out. In the event of your objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our reasons for continuing the processing.

5. Safeguarding of Personal Data

We store personal data in accordance with the statutory retention periods (in particular, but not conclusively, Section 147 of the German Tax Code and Section 257 of the German Commercial Code). We routinely delete stored personal data as soon as the statutory retention periods have expired or the reasons for storage have ceased to apply in accordance with the provisions of this privacy policy. If you have consented to the storage, processing and use of your data for longer than the statutory period, we will delete or block your data after this period has expired or after you have withdrawn your consent (see Supplementary Privacy Policy for Applicants (English only) ). The data you send to us via contact requests will remain with us until you request us to delete it, you object to its storage or the purpose for storing the data no longer applies. The purpose for data storage ceases to apply if it can be inferred from the circumstances that the underlying concern has been conclusively clarified.

6. Fundamentals of Data Protection

We naturally comply with the applicable data protection laws. These state, with respect to the personal data we have from you, that it will be

• used lawfully, fairly and in a transparent manner;
• collected only for valid purposes that we have explained to you and not in a way that is incompatible with those purposes;
• used only for the purposes – and only for those purposes – about which we have informed you;
• kept only for as long as is necessary for the purposes about which we have informed you; and
• kept securely.

7.     Safety

In accordance with the legal requirement, D.CT has taken extensive technical and organizational measures to ensure a level of protection that meets the requirements of data protection. With the help of extensive technical and organizational security measures, D.CT protects your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized third parties.

8. Amendments to this Privacy Policy

This Privacy Policy was last modified on July 17, 2023. We may change or amend this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will update the change date at the top of this Privacy Policy. If the changes are material, we will take steps to notify you of those changes. The new amended or supplemented Privacy Policy will be effective as of the date indicated. Please always check whether you have consulted the latest version of the Privacy Policy.