
Data-Protection
Information notice on the Processing of Your Personal Data
Controller Responsible for Data Processing: The controller responsible for data processing on this website, its associated social media presences, and other specified processing activities is:
DOT GmbH
Charles-Darwin-Ring 1a
18059 Rostock
Phone: +49 381 40 33 5-0
info@dot-coating.de
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company. You can reach him by post at the address listed above, adding “Data Protection Officer” to the recipient line, or by email at Datenschutzbeauftragter@dot-coating.de.
On What Legal Basis Is Your Data Processed?
In principle, the processing of personal data is prohibited by law unless permitted under one of the following legal bases:
- Art. 6(1)(a) GDPR ("Consent"): When the data subject has voluntarily, informedly, and unambiguously indicated their consent to the processing of their personal data for one or more specific purposes.
- Art. 6(1)(b) GDPR: When processing is necessary to perform a contract to which the data subject is a party, or for the implementation of pre-contractual measures at the request of the data subject.
- Art. 6(1)(c) GDPR: When processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., statutory retention obligations).
- Art. 6(1)(d) GDPR: When processing is necessary to protect the vital interests of the data subject or another natural person.
- Art. 6(1)(e) GDPR: When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Art. 6(1)(f) GDPR ("Legitimate Interests"): When processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject (especially if the data subject is a minor).
The storage of information on or access to information already stored on the user's device is
permissible only if justified by one of the following legal grounds:
- § 25(1) TTDSG: When the end user has consented on the basis of clear and comprehensive information. Consent must be obtained in accordance with Art. 6(1)(a) GDPR.
- § 25(2)(1) TTDSG: When the sole purpose is to transmit a message over a public telecommunications network.
- § 25(2)(2) TTDSG: When storage or access is strictly necessary to provide a telemedia service explicitly requested by the user.
For the processing activities we undertake, we specify the applicable legal basis in each case. Processing may also rely on multiple legal bases.
To Whom Is Your Data Disclosed?
Your personal data is disclosed to third parties only if: 1 It is necessary to perform a contract with you, 2 The disclosure is permitted based on a legitimate interest under Art. 6(1)(f) GDPR, or 3 We are legally required to do so. If you express interest in our products and consent to the disclosure of your data, we may share your contact information with a local specialist retailer.
What Are Your Rights as a Data Subject?
You may assert the following rights regarding your personal data at any time by contacting us using the details provided under "Controller Responsible for Data Processing":
- Right to Access (Art. 15 GDPR): Request access to your personal data and information about its processing purposes, data categories, recipients, storage duration, and more.
- Right to Rectification (Art. 16 GDPR): Request the correction of inaccurate or incomplete personal data stored by us.
- Right to Erasure (Art. 17 GDPR): Request the deletion of your data, provided that its processing is not required to exercise the right to freedom of expression, comply with legal obligations, serve the public interest, or establish, exercise, or defend legal claims.
- Right to Restriction of Processing (Art. 18 GDPR): Request the restriction of data processing, for instance, if you dispute its accuracy or the processing is unlawful.
- Right to Data Portability (Art. 20 GDPR): Request your data in a structured, commonly used, and machine-readable format, or its transfer to another controller.
- Right to Object (Art. 21 GDPR): Object to the processing of your data based on Art. 6(1)(e) or (f) GDPR, particularly if not required for contract fulfilment. For objections unrelated to direct marketing, please explain your reasons for objecting.
- Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw previously given consent at any time, which will prevent further data processing based on that consent.
- Right to Lodge a Complaint (Art. 77 GDPR): File a complaint with a data protection authority about our processing of your personal data.
Data Deletion and Storage Duration
We specify the storage duration for each processing activity. If no explicit duration is stated, your data will be deleted or the data processing is restricted once the purpose or legal basis for processing ceases to apply.
Storage beyond this period may occur if: Legal retention periods apply (e.g., § 257 HGB, § 147 AO), or Storage is necessary for the establishment, exercise or defence of legal claims. When such legal retention periods expire, your data will be deleted or the data processing is restricted unless further storage is necessary and legally justified.
Cookies
Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.
Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Which cookies and services are used on this website can be found in the cookie policy.
Contact Processing
When you contact us via email, phone, or contact form, your personal data (e.g., name, inquiry) is stored and processed to handle your request. This data will not be shared without your consent.
Processing is based on: Art. 6(1)(b) GDPR: For inquiries related toiInitiation, establishment, substantive arrangement, or modification of a legal relationship.
Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR: For consent-based promotional contact (e.g., postal, phone, or electronic communications) involving special categories of personal data.
Art. 6(1)(f) GDPR: For our legitimate interest in efficiently handling your inquiries.
Your data remains with us until you request its deletion, withdraw consent, or the purpose for storage ceases. Legal retention obligations remain unaffected.
Processing of Data (Customer and Contract Data)
We collect, process, and use personal data only insofar as it is necessary to establish, structure, or modify the legal relationship (inventory data). This is done on the basis of Article 6(1)(b) GDPR, which permits data processing for the fulfillment of a contract or for pre-contractual measures. We also collect, process, and use personal data about the use of this website (usage data) only insofar as it is necessary to enable you to use our service or to bill you for it.
The customer data collected is deleted after completion of the order or upon termination of the business relationship. Statutory retention periods remain unaffected.
If you order goods from us, we will pass on your personal data to the transport company entrusted with delivery and to the payment service provider commissioned to handle the payment. Only the data required by the respective service provider to perform its task will be disclosed. The legal basis for this is Article 6(1)(b) GDPR, which permits data processing for the fulfilment of a contract or for pre-contractual measures. If you have given your consent pursuant to Article 6(1)(a) GDPR, we will forward your email address to the transport company entrusted with delivery so that it can inform you by email about the shipping status of your order; you may revoke this consent at any time.
We only transfer personal data to third parties if this is necessary within the scope of contract processing, for example to the credit institution responsible for handling payments.
Any further transfer of data does not occur—or only occurs if you have expressly consented to it. Your data will not be disclosed to third parties without your explicit consent, for example for advertising purposes.
The basis for data processing is Article 6(1)(b) GDPR, which permits data processing for the fulfilment of a contract or for pre-contractual measures.
Application Process
We provide you with the opportunity to apply to us (e.g., via email or by post). Below, we inform you about the scope, purpose, and use of the personal data collected during the application process. We assure you that the collection, processing, and use of your data comply with applicable data protection laws and all other legal provisions, and that your data will be treated with strict confidentiality.
If you submit an application to us, we process your associated personal data (e.g., contact and communication details, application documents, notes from interviews, etc.) insofar as this is necessary to make a decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation), and – if you have given your consent – Article 6(1)(a) GDPR. Consent can be withdrawn at any time with future effect. Your personal data will only be shared within our organization with individuals involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of Section 26 BDSG and Article 6(1)(b) GDPR.
If we cannot offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have submitted for up to six months from the end of the application process (rejection or withdrawal of the application) based on our legitimate interests (Article 6(1)(f) GDPR). After this period, the data will be deleted, and physical application documents will be destroyed. Retention serves as evidence in the event of a legal dispute.
If it becomes apparent that the data will be required beyond the six-month period (e.g., due to a pending or anticipated legal dispute), deletion will only take place once the purpose for extended retention no longer applies.
Longer retention may also occur if you have given your consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.
Server Log Files
Each request, i.e., each page visit, automatically generates information stored in server log files. These include:
- Your IP address
- Date and time of the request
- Address of the requested page or file
- Data volume transferred (in bytes)
- Success or error code of the request ("status code")
- Identification of your web browser (e.g., browser type, version, and operating system; "User-Agent" header)
- Referring page that led you to our site (if applicable)
The information for the last two points is automatically sent by your web browser. You may disable this in your browser settings. These server log file data are not associated with specific individuals. They are not combined with other data sources. Evaluation occurs solely to ensure the proper functioning of our website and to identify potential issues. We reserve the right to review these data retroactively if concrete indications of unlawful use become known. Processing is based on our legitimate interests (Article 6(1)(f) GDPR). Server log files are automatically deleted after an appropriate period.
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analytics. It serves solely to manage and deploy the tools integrated through it. However, Google Tag Manager does process your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on the website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent can be withdrawn at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Companies certified under the DPF are obligated to adhere to these data protection standards. Further information can be found at the following link: dataprivacyframework
Google Analytics
This website uses features of the web analytics service Google Analytics, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Anbieter ist die Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and user origins. These data are associated with the user’s device. No association with a user ID occurs.
Additionally, Google Analytics can record mouse and scroll movements, as well as clicks. Google Analytics also employs modeling approaches to supplement collected data and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing their behavior (e.g., cookies or device fingerprinting). Information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the United States.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be withdrawn at any time with future effect.
Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. privacy.google
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Companies certified under the DPF are obligated to adhere to these data protection standards. Further information can be found at the following link: dataprivacyframework
More information on the handling of user data by Google Analytics can be found in Google’s Privacy Policy: support.google
Google Analytics E-Commerce Measurement
This website uses the “E-Commerce Measurement” feature of Google Analytics. This feature allows the website operator to analyze the purchasing behavior of website visitors to improve online marketing campaigns. Data such as completed orders, average order values, shipping costs, and the time between viewing and purchasing a product are collected. These data may be aggregated by Google under a transaction ID, which is associated with the respective user or their device.
YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website's visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. These cookies will stay on your device until you delete them.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
OpenStreetMap - mapping service
We are using the mapping service provided by OpenStreetMap ("OSM") to display the route to our company for you and to make it easier for you to plan your journey.
We embed the map data from OSM on the server of the OpenStreetMap Foundation ("OSMF"), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.
When using the OSM maps, a connection is established to the servers of the OSMF. In the process and among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OSM may store cookies in your browser or use similar recognition technologies for this purpose. Further information on how OSM handles your personal data can be found here:
https://wiki.osmfoundation.org/wiki/Privacy_Policy
The use of OSM is exclusively based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time for the future.
We Maintain Publicly Accessible Profiles on Social Networks
This privacy policy applies to our social media presences on Facebook, LinkedIn, Instagram, and YouTube. Facebook, LinkedIn, Instagram und YouTube.
Social networks can usually analyze your user behavior extensively when you visit their websites or a website with integrated social media content (e.g., Like buttons or ad banners). Visiting our social media profiles triggers numerous data processing operations relevant to data protection.
Specifically: If you are logged into your social media account and visit our profile, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected in certain circumstances even if you are not logged in or do not have an account with the respective social media platform. This data collection occurs, for example, through cookies stored on your device or by recording your IP address.
The data collected in this manner allows social media platform operators to create user profiles that include your preferences and interests. This enables interest-based advertising to be displayed both within and outside the social media platform. If you have an account with the respective social network, interest-based advertising may be displayed on all devices where you are logged in or have been logged in.
Please note that we cannot track all processing activities on the social media platforms. Depending on the provider, additional processing activities may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Our social media appearances aim to ensure the broadest possible presence on the internet. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. The analysis processes initiated by social networks may rely on differing legal bases, which the operators of the social networks must specify (e.g., consent under Article 6(1)(a) GDPR).
When you visit one of our social media profiles, we are jointly responsible with the social media platform operator for the data processing triggered during your visit. You can assert your rights (e.g., access, rectification, deletion, restriction of processing, data portability, and complaints) both against us and the operator of the respective social media platform (e.g., Facebook).
Please note that despite joint responsibility with social media platform operators, we do not have full influence over their data processing activities. Our options are primarily determined by the corporate policies of the respective provider.
Data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage, or the purpose for its storage no longer applies. Cookies stored on your device remain there until you delete them. Mandatory statutory provisions—especially retention periods—remain unaffected.
We have no influence on the storage duration of your data that is stored by social network operators for their purposes. For details, please consult the privacy policies of the respective social networks (see links below).
LinkedIn: https://www.linkedin.com/company/dot-gmbh/?viewAsMember=true
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For information on how LinkedIn handles your personal data, please refer to their privacy policy: https://www.linkedin.com/legal/privacy-policy. https://www.linkedin.com/legal/privacy-policy.
Facebook: https://www.facebook.com/dotimplantcoating
We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland (hereinafter "Meta"). According to Meta, the data collected is also transferred to the United States and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook Page.
You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your ad settings independently within your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. https://www.facebook.com/settings?tab=ads.
Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. https://de-de.facebook.com/help/566994660333381.
Details entnehmen Sie der Datenschutzerklärung von Facebook: For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/..
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Companies certified under the DPF are obligated to adhere to these data protection standards. Further information can be found at the following link: dataprivacyframework
YouTube:
We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how YouTube handles your personal data, please refer to their privacy policy: https://policies.google.com/privacy?hl=en. https://policies.google.com/privacy?hl=de.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Companies certified under the DPF are obligated to adhere to these data protection standards. Further information can be found at the following link: dataprivacyframework
Provided by Ingo Goblirsch LL.M.
Externer Datenschutzbeauftragter
Datenschutz | Compliance | Informationssicherheit
Aachen / NRW
https://www.goblirsch.org