Privacy notice – Your data, our responsibility

Privacy Notice

1. Introduction
With the following information, we would like to provide you, as the “data subject,” with an overview of the processing of your personal data by us and of your rights under data protection laws. In general, you can use our websites without providing personal data. However, if you wish to use certain services offered by our company via our website, it may be necessary to process personal data. Where the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data—such as your name, address, or email address—always takes place in accordance with the General Data Protection Regulation (GDPR; German: DS-GVO) and in compliance with the country-specific data protection provisions applicable to Dürkopp Fördertechnik GmbH. By means of this Privacy Notice, we would like to inform you about the scope and purpose of the personal data we collect, use, and process.
As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions may, in principle, have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, for example by telephone or by mail.
You, too, can take simple and easy-to-implement measures to protect yourself against unauthorized access by third parties to your data. Therefore, we would like to provide you here with some information on how to handle your data securely:

  • Protect your account (login, user account, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords.
  • Only you should have access to the passwords.
  • Ensure that you use your passwords only for one account (login, user account, or customer account).
  • Do not use one password for different websites, applications, or online services.
  • Especially when using publicly accessible IT systems or IT systems shared with other persons: always log out after each login to a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but should include uppercase and lowercase letters, numbers, and special characters.

2. Controller

The controller within the meaning of the GDPR is:
Dürkopp Fördertechnik GmbH
Potsdamer Str. 190, 33719 Bielefeld, Germany
Phone: +49 521 925-01
Fax: +49 521 925-2180
Email: info@duerkopp.com
Representatives of the controller: Dirk Bockelmann, Johannes Holas, Helmut Schmitz

3. Data Protection Officer

You can reach the data protection officer as follows:
Thomas Otten
Phone: 05221 87292-08
Fax: 05221 87292-49
Email: datenschutz-duerkopp-foerdertechnik@audatis.de
You may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

This Privacy Notice is based on the terminology used by the European legislator when adopting the GDPR (German: DS-GVO). Our Privacy Notice is intended to be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we explain below the terminology used.
In this Privacy Notice, we use, among other things, the following terms:

1. Personal data
Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

6. Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

7. Processor
A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

8. Recipient
A recipient is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union law or the law of the Member States are not regarded as recipients.

9. Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

10. Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

5. Legal basis for processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party—for example, processing operations necessary for the delivery of goods or the provision of any other service or consideration—the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data—for example, to fulfill tax obligations—the processing is based on Article 6(1)(c) GDPR.

In rare cases, processing of personal data may be necessary to protect vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a physician, hospital, or other third parties. In that case, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations may be based on Article 6(1)(f) GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless such interests are overridden by the interests, fundamental rights, and freedoms of the data subject. Such processing operations are permitted in particular because they were specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 GDPR).

Our offer is generally directed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect such data, and do not disclose it to third parties.

6. Disclosure of data to third parties

Your personal data will not be disclosed to third parties for purposes other than those listed below.
We disclose your personal data to third parties only if:

  1. you have given us your explicit consent pursuant to Article 6(1)(a) GDPR,
  2. disclosure is permissible pursuant to Article 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  3. there is a legal obligation for disclosure pursuant to Article 6(1)(c) GDPR, or
  4. this is legally permissible and required pursuant to Article 6(1)(b) GDPR for the performance of contractual relationships with you.

In order to protect your data and, where applicable, to enable a transfer of data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of protection, your consent pursuant to Article 49(1)(a) GDPR may serve as the legal basis for transfers to third countries. This does not apply, among other things, to transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 GDPR.

7. Technology

7.1 SSL/TLS encryption
This site uses SSL/TLS encryption to ensure secure data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection by the fact that the browser address bar shows “https://” instead of “http://” and by the lock symbol in your browser’s address bar.
We use this technology to protect the data you transmit.
7.2 Data collection when visiting the website
When you use our website for informational purposes only—i.e., if you do not register or otherwise transmit information to us and do not provide consent for processing operations requiring consent—we collect only the data that is technically necessary to provide the service. This is typically data that your browser transmits to our server (in so-called “server log files”). Our website collects a range of general data and information each time you access a page, either by you or by an automated system. This general data and information is stored in the server’s log files. The following may be collected:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the subpages that are accessed on our website via an accessing system,
  5. the date and time of access to the website,
  6. a shortened Internet Protocol address (anonymized IP address), and
  7. the Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about your person. Rather, this information is needed in order to:

  1. deliver the contents of our website correctly,
  2. optimize the contents of our website and the advertising for it,
  3. ensure the long-term functionality of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

We therefore evaluate this collected data and information both statistically and with the aim of increasing data protection and data security in our company, in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymized data of the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

7.3 Encrypted payment transactions

If, after concluding a paid contract, there is an obligation to transmit your payment data to us (e.g., providing the account number when issuing a direct debit authorization), this data is required for payment processing.

Payment transactions via common means of payment (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the change of the browser address bar from “http://” to “https://” and by the lock symbol in your browser’s address bar.

We use this technology to protect the data you transmit.

7.4 Hosting by Hetzner

We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter “Hetzner”).
When you visit our website, your personal data (e.g., IP addresses in log files) is processed on Hetzner’s servers.

Hetzner is used on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision, and security of our website.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with Hetzner. This is a contract required under data protection law, which ensures that Hetzner processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information on Hetzner’s data protection provisions can be found at: https://www.hetzner.com/de/rechtliches/datenschutz

8. Cookies

8.1 General information about cookies
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that results in each case from the context of the specific device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited certain pages of our website. These are automatically deleted after you leave our site.

In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have already been on our site and which entries and settings you made, so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and to evaluate our offer for optimization purposes. These cookies enable us to recognize automatically, when you visit our website again, that you have already visited it. The cookies set in this way are automatically deleted after a defined period in each case. The respective storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal basis for the use of cookies

The data processed by cookies that are required for the proper functioning of the website is necessary to safeguard our legitimate interests and those of third parties pursuant to Article 6(1)(f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

The functionality of the website is not ensured without the processing. The cookie set by Osano is classified as necessary.

The legal basis for managing your consents to the processing of your personal data is Article 6(1)(f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents, the management of marketing measures based on the consent granted, and the optimization of consent rates.

There is no possibility for the user to object as long as the legal obligation exists to obtain a user’s consent for certain data processing operations (Article 7(1), Article 6(1), sentence 1(c) GDPR).

This U.S. company is certified under the EU–U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 GDPR therefore exists, so that personal data may be transferred even without further safeguards or additional measures.

Detailed information on the use of Osano can be found at: https://www.osano.com/legal/gdpr.

8.3 CookieConsent (consent management tool)

To document your decisions regarding various data processing operations and to comply with our obligations under data protection law, we use a consent banner. When you visit our website, this banner asks for your consent to cookies. A cookie is then set that stores information about consents granted or withdrawn. This data processing serves to fulfill our legal obligations pursuant to Article 6(1)(c) GDPR.

9. Content of our website

9.1 Data processing when opening a customer account and for contract performance
Pursuant to Article 6(1)(b) GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be carried out, among other ways, by sending a message to the controller’s address stated above. We store and use the data you provide for contract performance. After complete performance of the contract or deletion of your customer account, your data will be blocked in consideration of retention periods under tax and commercial law and deleted after the expiration of these periods, unless you have expressly consented to further use of your data or unless further use of data is legally permitted on our part, about which we will inform you accordingly below.

9.2 Data processing for order processing
The personal data collected by us is passed on within the scope of contract performance to the transport company commissioned with delivery, insofar as this is necessary for delivery of the goods. We pass on your payment data within the scope of payment processing to the commissioned credit institution insofar as this is necessary for payment processing. If payment service providers are used, we will explicitly inform you of this below. The legal basis for disclosure of the data is Article 6(1)(b) GDPR.

9.3 Contract conclusions for online shop, dealers, and shipping of goods
We transmit personal data to third parties only if this is necessary within the scope of contract performance, for example to the companies commissioned with delivery of the goods or to the credit institution commissioned with payment processing. No further transmission of data takes place, or only if you have expressly consented to the transmission. Data will not be disclosed to third parties without express consent, for example for advertising purposes.
The basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for contract performance or pre-contractual measures.

9.4 Contact / contact form
When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and for the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after your request has been finally processed; this is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no statutory retention obligations preventing deletion.

9.5 Processing of personal data via HubSpot
We use the marketing, CRM, and automation system HubSpot to manage and process personal data transmitted via our forms. The provider is HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland.
The personal data entered when using our forms is stored and processed by Dürkopp Fördertechnik GmbH in the HubSpot system. Processing is carried out for the purpose of contacting you, providing requested information, and—if you have given your consent—sending personalized information about our products and services.
The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future.
HubSpot may also transfer personal data to countries outside the European Union, in particular to the United States. Such a data export cannot be excluded. HubSpot bases these transfers on Standard Contractual Clauses pursuant to Article 46 GDPR as well as additional safeguards implemented by HubSpot. Nevertheless, it cannot be excluded that U.S. authorities may access your data.
Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/privacy-policy.

9.6 Applicant management / job board
We collect and process applicants’ personal data for the purpose of handling the application process. Processing may also take place electronically. This is the case in particular if an applicant transmits corresponding application documents to us electronically, for example by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If we do not conclude a contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with other legitimate interests on our part. Such a legitimate interest within the meaning of this provision is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
The legal basis for processing your data is Article 6(1)(b), Article 88 GDPR in conjunction with Section 26(1) BDSG.

10. Our activities on social networks
To enable us to communicate with you on social networks and to inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered thereby, within the meaning of Article 26 GDPR.

We are not the original provider of these pages, but use them only within the scope of the possibilities offered to us by the respective providers. We therefore note as a precaution that your data may also be processed outside the European Union and/or the European Economic Area. Use may therefore involve data protection risks for you, as the enforcement of your rights (e.g., access, deletion, objection, etc.) may be more difficult, and processing in social networks often takes place directly for advertising purposes or to analyze user behavior by the providers, without this being influenced by us. If the provider creates user profiles, cookies are often used and/or usage behavior is assigned to the social networks’ member profile you created.

The described processing of personal data takes place pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to be able to communicate with you in a contemporary manner and/or inform you about our services. If you must give consent to data processing as a user to the respective providers, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.

Since we have no access to the providers’ data, we note that you are best able to assert your rights (e.g., access, rectification, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is provided below for each social network provider we use:

10.1 Instagram
(Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Meta (Instagram) may—unless an objection is raised—process content of adult users from the EU, e.g., photos, posts, or comments, for training its own AI models. As a company, we have no influence on this specific processing by Meta. The basis is a legitimate interest pursuant to Article 6(1)(f) GDPR. Users may object via an online form on Meta platforms.
Privacy Policy (Data Policy):
https://instagram.com/legal/privacy/

10.2 LinkedIn
(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

10.3 YouTube
(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy:
https://policies.google.com/privacy

11. Lehrwerkstatt (Training Workshop)
Within the scope of our Lehrwerkstatt, we also conduct training segments, training courses, and seminars for apprentices who are employed by other companies. In this context, we process participants’ personal data for the organization and implementation of the training measures. This includes in particular:

master data (e.g., name, contact details)
company affiliation (training company)
training and course data (e.g., modules attended, dates)
performance and assessment data (e.g., participation, results, feedback)

Processing is carried out to provide the training and education services and to organize processes in the Lehrwerkstatt. The legal basis for processing is Article 6(1)(b) GDPR (implementation of pre-contractual measures and/or performance of a contract) as well as Article 6(1)(f) GDPR (legitimate interest in efficient implementation and organization of the training measures).

Personal data is transferred to the sending training companies insofar as this is necessary for the implementation of the training (e.g., for documentation of participation and performance).

The data is deleted as soon as it is no longer required for the implementation of the training measure and any statutory retention obligations.

12. Your rights as a data subject

12.1 Right to confirmation
You have the right to obtain confirmation from us as to whether personal data concerning you is being processed.

12.2 Right of access (Article 15 GDPR)
You have the right to obtain at any time, free of charge, information about the personal data stored about you and a copy of this data in accordance with statutory provisions.

12.3 Right to rectification (Article 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you. In addition, taking into account the purposes of processing, you have the right to request the completion of incomplete personal data.

12.4 Erasure (Article 17 GDPR)
You have the right to request that we delete personal data concerning you without undue delay, provided that one of the reasons provided for by law applies and insofar as processing or storage is not necessary.

12.5 Restriction of processing (Article 18 GDPR)
You have the right to request restriction of processing from us if one of the statutory requirements is met.

12.6 Data portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, to whom the personal data has been provided, provided that processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not adversely affect the rights and freedoms of others.

12.7 Right to object (Article 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Article 6(1)(e) (processing in the public interest) or (f) (processing based on balancing of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing serves the establishment, exercise, or defense of legal claims.

In individual cases, we process personal data for the purpose of direct marketing. You may object at any time to the processing of personal data for such advertising. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

12.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

12.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

13. Routine storage, deletion, and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or insofar as this is provided for by the legal provisions to which our company is subject.
If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions.

14. Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiration of the period, the corresponding data is routinely deleted, provided it is no longer required for contract performance or initiation of a contract.

15. Currency and changes to this Privacy Notice

This Privacy Notice is currently valid and is dated: May 2026.
Due to the further development of our websites and offerings or due to changed legal or regulatory requirements, it may become necessary to amend this Privacy Notice. The current Privacy Notice can be accessed and printed at any time on the website at “https://www.duerkopp.com/en/privacy/”.