Data protection

Privacy Policy of Debitos GmbH (Effective Date: Mai 14, 2024)

Foreword

Whether you are a prospective customer, applicant, or a visitor to our website, Debitos GmbH, hereinafter referred to as “we,” places great importance on the protection of your personal data. What does this specifically mean?

Below, we offer you an insight into what personal data we collect from you and how we process it. You will also receive an overview of your rights under applicable data protection law. Furthermore, we will provide you with contact information should you have any questions.

Who are we?

As the responsible party under data protection laws, we, Debitos GmbH, located at Mainzer Landstraße 69-71, 60329 Frankfurt am Main, Germany, Email: service@debitos.com, Phone: +49 2234 96 45 40, take all necessary measures to ensure the security of your personal data. You can reach our data protection officer at:

2B Advice GmbH,

Joseph Schumpeter Allee 25,
53227 Bonn,
Email: debitos@2b-advice.com,
Phone: +49 (0)228 926165-120.

Scope of the Privacy Policy

The processing of personal data involves a variety of processes that are precisely defined under legal frameworks. These include, in particular, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.

By personal data, we mean any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This privacy policy applies to the personal data of prospects, applicants, participants, and visitors of our website.

In this statement, we provide comprehensive information about the type, scope, and purpose of the personal data we collect and process. Additionally, we aim to inform you about the rights you are entitled to.

How do we collect and for what purpose do we use your personal data?

Use of Cookies and Similar Technologies

We use cookies to optimize your online experience on our website. Cookies are small text files that are sent from our website to your browser and stored on your device. They contain specific information such as your preferred language or page settings, which are sent back to our website on your next visit. This technology allows us to tailor our website to your needs and provide an enhanced user experience.

The use of technically necessary cookies is based on our legitimate interest in providing a functional website according to Art. 6(1)(f) GDPR.

Google Analytics

Our website uses Google Analytics from Google Inc., USA, to analyze user behavior. Google Analytics uses cookies, text files on your computer that allow an analysis of your use of the website. The information generated is typically transferred to and stored on a Google server in the USA. We use Google Analytics exclusively with activated IP anonymization, which truncates your IP address within the EU or EEA before it is transmitted to the USA. Google processes this data to evaluate your use of the website, compile reports on website activities for us, and provide other services related to website and internet usage. Data processing is based on your consent according to Art. 6(1)(a) GDPR. The IP address collected by Google Analytics is not merged with other Google data.

For more information about Google Analytics, please visit: https://support.google.com/analytics/answer/6004245?hl=en

Contact Form

You have the option to contact us directly.

Your data (identification and contact data) is exclusively used for contacting, processing, and answering your query.

The legal basis for processing is based on our legitimate interest in responding to your query or complaint according to Art. 6(1)(f) GDPR.

We store your data only as long as necessary to process your query. Afterward, it is deleted unless there are legal retention obligations that require longer storage.

Customer Account

Generally, visiting our website does not require registration. However, the use of certain services requires registration in a personal customer account.

For the creation of a customer account, the following personal data is collected:

  • Identification data (title, first and last name)
  • Contact data (email address, postal address, and telephone number).

In the customer portal, your personal data can be processed within the following processing activities:

  • Management of the customer account

The legal basis for processing is your consent according to Art. 6(1)(a) GDPR. You have the right to withdraw your consent at any time and delete your customer account. To delete your customer account, please contact service@debitos.com.

Newsletter

You have the opportunity to subscribe to our newsletter via our website to receive information about product innovations, service actions, events, or exciting trends.

For registration, we process your identification data (name, first name, title) and your email address.

Registration is voluntary and based on your consent (Art. 6(1)(a) GDPR). The registration is carried out using a double opt-in procedure, ensuring that the registration is desired by you. After registration, a confirmation link will be sent to you by email. Unless you click the link, you will not receive newsletters from us. The confirmation serves your personal protection, verifying that you personally ordered the Debitos newsletter and that your email address has not been misused by third parties.

For sending our newsletters, we use the program “Mailchimp” from the company Rocket Science Group. Your data is transmitted to this service provider in the USA. The Rocket Science Group has a current and valid Privacy Shield certification, which guarantees a level of data protection adequate to EU standards.

You have the right at any time to withdraw your consent and unsubscribe from the newsletter. To unsubscribe, simply click the unsubscribe link contained in the newsletter. After unsubscribing, we will delete your email address from our distribution list.

External Links (Plug-Ins)

Our online offer may contain links to third-party websites (e.g., LinkedIn, Xing, X), which are not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing, and use of any personal data transmitted by clicking on the link to the third party (such as the IP address or the URL of the page on which the link is located), as third parties’ behavior is naturally beyond our control. We assume no responsibility for the processing of such personal data by third parties.

If you activate or click on a link to a third-party offer, it is possible that personal data may be transferred to providers in countries outside the European Economic Area that, from the perspective of the European Union (“EU”), do not provide an “adequate level of protection” for the processing of personal data in accordance with EU standards.

Data Transfer

Within Debitos GmbH, only those departments that need your personal data to fulfill our contractual or legal obligations or to protect our legitimate interests will have access to your information.

We respect the protection of your personal data and only disclose information about you when legal provisions mandate it, you have consented, or to fulfill contractual obligations.

For the following recipients, a legal obligation to disclose your personal data might arise:

  • Public bodies or supervisory authorities, e.g., tax authorities, customs authorities;
  • Judicial and law enforcement authorities, e.g., police, courts, public prosecutor’s offices;
  • Lawyers or notaries, e.g., in legal disputes;
  • Auditors

To fulfill our contractual obligations, we cooperate with other companies. This includes:

  • Transport service providers and freight forwarders;
  • Organizers and training service providers, if you have registered through us for certain fairs or events;
  • Banks and financial service providers to handle all financial matters

To ensure that the same data protection standards are maintained with the service providers as in our company, we have concluded appropriate contracts for order processing. These contracts regulate, among other things:

  • that third parties only have access to the data they need to perform the tasks assigned to them;
  • that only employees of the service providers who have explicitly committed to complying with data protection regulations have access to your data;
  • that technical and organizational measures are maintained with the service providers, which ensure data security and data protection;
  • what happens to the data when the business relationship between the service provider and us ends.

Service providers located outside the European Economic Area (EEA) require us to take special security measures (e.g., by using specific contractual clauses) to ensure that the data is handled with the same level of care as within the EEA. We regularly review all our service providers to ensure they meet our requirements.

Very importantly: We never sell your personal data to third parties!

Your Rights

In the context of processing your personal data, you are also entitled to certain rights. The specific details can be found in the relevant provisions of the GDPR (there in Articles 15 to 21). To exercise your rights, please contact:

Debitos GmbH

Mainzer Landstraße 69-71
60329 Frankfurt am Main
Germany
Email: service@debitos.com
Phone: +49 2234 96 45 40

We strive to process your inquiries and claims as quickly as possible to uphold your rights. Depending on the frequency of inquiries, it may take up to 30 days before we can inform you further about your concerns. If it should take longer, we will promptly inform you of the reasons for the delay and discuss further procedures with you.

Right of Access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you are entitled to the following information:

  • Information about the categories of personal data we process, the purposes for which we process your personal data, and information about how we determine applicable retention periods;
  • Information about the categories of recipients to whom your personal data may be disclosed, and
  • A copy of the personal data that we have stored about you.

Right to Rectification (Art. 16 GDPR)

You have the right to have incorrect or incomplete personal data that we have stored about you corrected immediately.

Right to Erasure (Art. 17 GDPR)

You can demand the immediate deletion of your personal data under the following circumstances:

  • if your personal data are no longer necessary for the purposes for which they were collected;
  • if you have withdrawn your consent and there is no other legal ground for processing;
  • if you object to the processing and there are no overriding legitimate grounds for processing;
  • if your data have been unlawly processed;
  • if your personal data have to be erased for compliance with a legal obligation.

Please note that before deleting your data, we must check whether there is a legitimate reason for processing your personal data.

Right to Restriction of Processing (‘Right to Block’) (Art. 18 GDPR)

You may request the restriction of processing of your personal data for one of the following reasons:

  • if you contest the accuracy of the data, for a period enabling us to verify the accuracy of the personal data;
  • if the data has been processed unlawly, but you oppose the erasure of the personal data and request the restriction of their use instead;
  • if we no longer need the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defense of legal claims;
  • if you have objected to processing pending the verification whether our legitimate grounds override yours.

Right to Object (Art. 21 GDPR)

Case-by-Case Right to Object

If processing is carried out in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons arising from your particular situation. Upon objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims. The objection does not affect the lawfulness of the processing that took place up to the point of objection.

Advertising Objection

In cases where your personal data is used for advertising purposes, you can object at any time to this form of processing. We will then no longer process your personal data for these purposes.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive personal data that you have provided to us for processing in a portable and machine-readable format.

Right to Complain to a Supervisory Authority (Art. 77 GDPR)

If you are dissatisfied with our responses or actions, or if you believe that we are violating applicable data protection law, you are free to file a complaint with both our data protection officer and a supervisory authority. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Tel: 0611 / 1408 – 0
Fax: 0611 / 1408 – 900
Email: poststelle@datenschutz.hessen.de

Reservation of Right to Amend

We reserve the right to amend this privacy policy at any time in accordance with legal requirements. We therefore recommend that you regularly check our website to stay informed about our current data protection practices.