Privacy policy

(November 1, 2025)

Protecting your privacy is very important to us. We therefore comply with the legal provisions of European and German data protection law in all data processing operations (e.g., collection, processing, and transmission).

The following statement applies to the processing of personal data in connection with your visit to our websites and to other data processing activities carried out by Dürr CTS GmbH and its affiliated international companies. The companies belonging to Dürr CTS can be found at Annex.

The general information under section 1 applies to all of our processing of personal data. Depending on the circumstances of the data processing, please also read the detailed information in sections 2-6), which takes precedence over the general information in section 1 in the event of a conflict with the more general information in section 1: 

1. General information

2. Detailed information about visiting our websites

3. Privacy information relating to our social media presence

4. Privacy information relating to other data processing by companies in the Dürr Group not in connection with the websites

5. Data protection information for job applications

Personal data is any information relating to an identified or identifiable natural person ("data subject"), such as your name, address, telephone number, date of birth, and IP address.

We collect and use personal data only to the extent necessary to provide a functional website and our content, products, and services. The collection and use of personal data from our users, customers, and business partners is based on the consent of the data subject or if the processing of the data is permitted by law. 

We use the personal data you provide to respond to your inquiries, provide services, process your order, and develop and maintain a business relationship with you, your company, or your employer. For details, please refer to sections 2-6. 

Your personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of developing a contractual relationship, initiating or executing a contract, for billing purposes, for collecting payment (e.g., shipping companies or payment service providers), for enforcing our claims, or in the course of a (partial) sale of our company.

In addition, we are entitled, upon order of the competent authority in individual cases, to provide information about data to the extent that this is necessary for the purposes of criminal prosecution, for averting danger by the police authorities of the federal states, for fulfilling the statutory tasks of the federal and state constitutional protection authorities, the Federal Intelligence Service or the Military Counter-Intelligence Service, or for enforcing intellectual property rights.

The legal basis in the above cases is Art. 6 (1) (f) GDPR, whereby our legitimate interest is identical to the purposes described, or, if you yourself are our contractual partner and do not conclude the contract on behalf of a company, Art. 6 (1) (b) GDPR.

We may also disclose or transfer your data to third parties if you have expressly consented to this. The legal basis in this case is Art. 6 (1) (a) GDPR.

Recipients of the data also include service providers that we use to conduct our business (in particular IT service providers, web hosts, marketing companies, advertising agencies, legal advisors). 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 

a) Information, correction, restriction of processing, and deletion

You have the right to obtain information free of charge at any time about the data we have stored about you, its origin and recipients, and the purpose of data processing via our websites. In addition, you have the right to rectification, erasure, and restriction of processing of your personal data, provided that the legal requirements for this are met. 

b) Right to data portability

You have the right to receive the personal data concerning you that you have provided to us as the controller in a structured, commonly used, and machine-readable format. We can fulfill this right by providing you with an export of the personal data processed about you. 

c) Right to notification

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients. 

d) Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

In the event of your objection, the controller will no longer process the personal data concerning you, unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC. 

e) Revocability of declarations of consent under data protection law

In addition, you can revoke your consent at any time with future effect by contacting us at the above contact details. To revoke your consent in connection with our use of cookies and similar technologies, please refer to section 2.3 e). 

f) Automated decision-making in individual cases, including profiling

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by European Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision. 

g) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. 

We have taken a variety of security measures to protect personal information to an appropriate extent and adequately.

Our databases are protected by physical and technical measures as well as procedural measures that restrict access to the information to specifically authorized persons in accordance with this privacy policy. 
Our information system is located behind a software firewall to prevent access from other networks connected to the Internet. Only employees who need the information to perform a specific task are granted access to personal information. Our employees are trained in security and data protection practices.

We use standard SSL encryption technology when collecting and transmitting data via our websites. Personal data is transmitted via SSL encryption during the ordering process, as indicated by the padlock symbol in the browser and the addition of "https://" in the address bar.

If a password is required to access our websites, you should never disclose it to third parties and change it regularly. In addition, you should not choose the same password for accessing our websites that you use on other websites for password-protected access (email account, online banking, etc.). Once you have left our sites, you should log out and close your browser to prevent unauthorized users from gaining access to your user account.

We cannot guarantee complete data security when communicating by email. 

If recipients of your data and their service providers are located outside the European Economic Area (EEA) or process your personal data outside the EEA, we ensure that your personal data is adequately protected (e.g., through an adequacy decision).

Countries outside the EEA may have different data protection regulations than your country of residence. Under certain circumstances, national law may offer less protection than that of your country of residence (e.g., because national regulations allow investigative authorities more extensive access rights to personal data).

Please note that the US is a so-called unsafe third country. This means that the US does not offer a level of data protection comparable to that in the EU. If data is transferred to the US, there is a risk that US authorities may access the data on the basis of surveillance programs based on Section 702 of the Foreign Intelligence Surveillance Act, as well as on the basis of Executive Order 12333 or Presidential Police Directive 28, without EU citizens having effective legal protection against such access.

In the event of a transfer of your personal data to unsafe third countries, we take precautions to ensure the adequate protection of your personal data in these countries (e.g., by concluding the standard contractual clauses of the EU Commission, with additional protective measures if necessary). We will provide evidence of the respective protective mechanism upon request to the contact details listed in the first sub-item of sections 2 ff. 

Please refer to the heading for the current version of the privacy policy. We reserve the right to change this privacy policy without prior notice if circumstances so require. Please therefore check this page regularly for any changes to this privacy policy.

Below you can find out how we process your data when you visit our websites. This section 2 applies in addition to the general information in section 1. If you cannot find the information you need in this section 2, please refer to section 1 (e.g., on data subject rights). In the event of a conflict between this section 2 and section 1, the information in this section 2 takes precedence over that in section 1. 

The controller for our websites is:

Dürr CTS GmbH 
Carl-Benz-Str. 34 
74321 Bietigheim-Bissingen 
Germany 
Phone +49 71 42 78 0 
info@cts-durr.com 

You can contact our data protection officer corresponding to the country at:

a) Accessing the website

When you use our websites, the following data is logged by our web host, whereby the storage serves exclusively internal system-related and statistical purposes, so-called usage data:

Information about the browser type and version used

The user's IP address

Date and time of access

Websites accessed by the user's system via our website

The data is also stored in our system's log files. This data is not stored together with other personal data relating to the user.

Cloudflare

To protect the security of our website visitors, all traffic streams are checked and filtered by our service provider Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany ("Cloudflare") before accessing our website. Cloudflare offers a secure, certified Security-as-a-Service platform for protecting digital business processes. In this way, we ensure the availability of our website and protect our infrastructure from attacks by criminals, botnets, or other malware. Cloudflare analyzes every request and thus protects the data from unauthorized access. This filtering does not restrict our users in their use of our website.

The legal basis for the temporary storage of data and log files and the use of Cloudflare is Art. 6 (1) (f) GDPR.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Protecting our website from malicious attacks and thus also protecting your data is our legitimate interest in using Cloudflare.

The storage of data in log files beyond this is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is after 14 days.

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object. For more information on data protection, please refer to Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/  

Right to object

In section 1.3, we explain your right to object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. As a user, you have the option of canceling your registration at any time. You can have the data stored about you changed at any time. Simply send us an email to info(at)cts-durr.com.

If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion. 

b) Contact options

For certain functions of our websites (e.g., personnel/service inquiries/press contacts), we offer you the option of contacting us via the email addresses provided and a contact form. In this case, the user's personal data transmitted via the contact form or email will be stored.

We use your data solely for the purpose of processing your request and may contact you for this purpose using the contact details provided. This also constitutes our legitimate interest in processing the data. This data will only be used for advertising purposes or passed on to third parties after you have explicitly consented to such use.

The legal basis for processing the data transmitted in the course of establishing contact is Art. 6 (1) (f) GDPR. If the purpose of establishing contact is to conclude a contract with you personally, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For the personal data you have provided us with for the purpose of contacting us, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.  

Right to object
In section 1.3, we explain your right to object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. 

c) Reporting/complaint channel  

We process personal data disclosed to us in the context of a report regarding a suspected criminal offense or a violation of the Dürr CTS Code of Conduct or human rights or environmental obligations by e-mail, letter, in person, or via our central compliance mailbox compliance@cts-durr.com .  

Purpose and data categories  

We process personal data of the reporting person and of persons affected by the report (e.g., the person who allegedly committed the violation, witnesses). The data is provided to us by the reporting person. We may collect additional data in the course of the subsequent investigation of the facts. The data we process depends on the type and content of the report. Reports may contain information about the reporting person (e.g., name, email address) and their relationship to Dürr (e.g., employment relationship), as well as information about persons to whom the suspicion relates (e.g., name) and information about the suspicion (e.g., place, time).  

The purpose of processing is to fulfill legal obligations, such as those under the Whistleblower Protection Act (HinSchG). The legal situation requires us to set up and operate a reporting channel, document and review reports, and take follow-up action. The persons making the reports and the persons affected by a report are to be given special protection.  

Follow-up measures may include initiating internal investigations (including disclosure to external lawyers, auditors, or other professionals bound by confidentiality obligations, as well as to affected group companies) and, if necessary, involving government agencies (such as the police, public prosecutors, or courts).

Legal basis

The legal basis for this processing is provided by Sections 10 and 12 of the German Whistleblower Protection Act (HinSchG) and Article 6(1)(f) of the GDPR, our legitimate interest in complying with the recommendations of the Corporate Governance Code and investigating and stopping violations. If a report concerns an employee of Dürr CTS GmbH or an affiliated company, the processing also serves to prevent criminal offenses or other legal violations in connection with the employment relationship (Section 26 (1) BDSG, Art. 6 (1) (b) GDPR). According to Section 10 sentence 2 HinSchG in conjunction with Art. 9 (2) lit. g GDPR, the processing of special categories of personal data by a reporting office is permissible in deviation from Art. 9 (1) GDPR if this is necessary for the fulfillment of its tasks. Section 10 sentence 3 HinSchG provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject by referring to Section 22 (2) BDSG with its various possible protective measures.  

Any transfer of data to Corporate Internal Investigations is based on Art. 6 (1) (c) GDPR and Sections 10, 12, 13, 18 (4) (a) and 9 (3) and (4) (2) HinSchG.  

Confidential treatment of reports and exceptions  

All reports are treated confidentially and promptly. Any form of discrimination against employees, business partners, or third parties due to a report made in good faith is excluded. This also applies if the report subsequently proves to be unfounded.

Anonymous reporting: It is possible to submit an anonymous report via a non-personal email provider using the reporting channel compliance@cts-durr.com. Dürr CTS will only contact you directly if you provide your contact details.  

With regard to storage location/storage duration and confidentiality, we comply with the applicable regulations (GDPR and HinSCHG).

Right to object
In section 1.3, we explain your right to object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. 

We use cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These are only stored on your hard drive. Cookies can only be read by the server that previously stored them. Cookies do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal data (name, address, etc.). With regard to transient and persistent cookies/tracking/web bugs and local storage, we comply with the applicable regulation, Art. 6 (1) (f) GDPR in conjunction with § 25 (2) No. 2 TTDSG.

a) Transient and persistent cookies

Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. We use these to store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

We use transient cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data, for example, is stored and transmitted in the cookies:

• Browser settings with regard to cookies (whether they are enabled or not)
• User's language settings
• Login information

We also use persistent cookies on our website that enable us to analyze users' surfing behavior. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. This allows us to record and evaluate users' click behavior on our websites (data recorded includes, for example, browser data, click frequency, bounce rate, etc.).

Data collected via persistent cookies is pseudonymized by technical measures, so that it is no longer possible to assign the data to the user who accessed the site. The data is not stored together with other personal data of the users. 

b) Tracking/web bugs

Some of our services also use so-called tracking or web bugs, also known as tracking pixels. These are usually code snippets measuring only 1x1 pixels, which are able to identify and recognize your browser type via the browser ID—the individual fingerprint of your browser. This allows the service provider to see when and how many users have accessed the pixel, or whether and when an email has been opened or a website visited.

To prevent web bugs on our websites, you can use tools such as webwasher, bugnosys, or AdBlock. To prevent web bugs in our newsletter, please set your email program so that HTML is not displayed in messages. Web bugs are also prevented if you read your emails offline. Without your express consent, we will not use web bugs to collect personal data about you without your knowledge or to transmit such data to third-party providers and marketing platforms. 

c) Local storage

In order to tailor our services to your needs and to be able to present you with individual offers, we use cookies as well as local storage technology. This technology stores certain data in your browser's local cache. This data remains stored even after you have closed your browser and can be retrieved and read by us the next time you visit our website.

Local storage allows us to save your preferences when using our websites. The data from local storage is used on our websites, for example, so that you do not have to make certain selections again after entering them the first time (job center/FAQ), so that your selection for certain formats on our websites is retained even when you visit again ( ), or so that you are shown a preselection of interesting articles. 

d) Legal basis for the use of cookies, web bugs, tracking pixels, etc.

The legal basis for the processing of personal data using (e.g., technically) necessary cookies is Art. 6 (1) (f) GDPR in conjunction with § 25 (2) No. 2 TTDSG.

The purpose of using strictly necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The right to object is excluded for strictly necessary cookies, as these are essential in order to display our website and its content to you and to provide you with the functionality of the website.

The user data collected by strictly necessary cookies is not used to create user profiles.

The use of technologies to increase functionality and for analysis and marketing purposes is carried out for the purpose of improving the quality of our website and its content. Analysis cookies tell us how the website is used, enabling us to continuously optimize our offering. We only carry out processing on your device that is based on cookies or other identifiers (e.g., browser fingerprints, pixels, local storage) (hereinafter "cookies") and is not technically necessary for the functioning of our websites with your consent, which you can give via our cookie banner when you first visit our websites. The legal basis for this cookie-based processing is Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG. Until you have given your consent, cookies that are not necessary for the functioning of our websites will not be set. 

e) Revocation of consent for the use of cookies, web bugs, tracking pixels, etc.

You can revoke your consent to data collection by cookies at any time. To do so, please follow these steps:

Open the cookie settings on our websites via the "Cookies" footer.

In the window that opens, you have the option to revoke data processing for individual categories of cookies and comparable technologies (e.g., data storage in local storage). 

Note: If you use an ad blocker that prevents our cookie banner from appearing, you can revoke your consent to the use of technically unnecessary cookies here. If you click on the link above, the technically unnecessary cookies will be deleted.  

In addition, you can also delete cookies at any time or adjust the corresponding cookie settings of the browser you are using. For more information on how to delete and/or manage cookies via your browser settings, please visit the help pages of the respective browser. Data from local storage can also be removed by clearing the local storage of the browser you are using. 

f) List of cookies used

Below, we list the cookies used on our websites individually. We make every effort to keep the following table up to date. However, please note that third-party cookies may change without our knowledge and that there may therefore be occasional deviations from the following table. The details of the respective services, which you will find in sections 2.2 and 2.4 ff., including the references therein, are authoritative. 

g) PiwikPro Tag Manager

We use Tag Manager for website tracking, ad delivery, and to display elements of the website of Piwik PRO GmbH, Knesebeckstraße 62/63, 10719 Berlin ("PiwikPro").  

PiwikPro Tag Manager makes it easier for us to integrate and manage our cookies and analytics tools. PiwikPro Tag Manager is therefore a support service that only processes personal data for technically necessary purposes. However, the other components loaded by PiwikPro Tag Manager may process additional data for other purposes, which PiwikPro can combine with other data. Further information on PiwikPro Tag Manager can be found in PiwikPro's privacy policy at https://piwikpro.de/datenschutz/.  

The legal basis for the associated data processing is your consent, Art. 6 (1) (a) GDPR. Without your consent, we only use the PiwikPro Tag Manager for the correct display of website elements (without tracking and advertising).

Withdrawal of consent

You can revoke the processing of your data by the services and networks integrated via the plugins at any time for the future by proceeding as described in section 2.3 e).

You can also prevent the collection and transmission of data relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. 

We maintain social media presences. Please read our privacy policy under section 3 for more information.

Here we inform you about how we integrate features and tools from social media channels or map services on our websites:

All buttons for social networks and map services are integrated into our websites using placeholders. The buttons are only loaded when you click on the "Agree" button in the respective placeholder. Only then is a connection to the servers of the respective third-party provider established and the information that you are visiting our websites transmitted. Before this, you will receive further information on the details of the possible data transfer to third-party providers in a text field that appears, with reference to this part of our privacy policy.

Your usage data will only be transferred if you are logged into your account on the respective social network or service (e.g., Google account – Google Maps). By clicking on the placeholder for the respective button, you agree to the data processing as described in this section of our privacy policy.

In this case, the legal basis for the processing of your data is the consent you give by clicking on the button in accordance with Art. 6 (1) (a) GDPR. Your consent to the transfer of data is documented in a cookie stored on your device.

Revocation of consent
You can revoke the processing of your data by the services and networks integrated via the plugins at any time for the future by proceeding as described in section 2.3 e).

We use plugins from the following providers: 

a) YouTube (Google)

We have integrated videos and a social stream from the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA ("YouTube") into our websites. YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ireland Ltd. is a subsidiary of Google LLC, based in the USA. With no Google service is it possible to rule out that your data collected by Google will also be transferred to the USA (for further information on third-country transfers, please also refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

Details about the YouTube plugin:

The YouTube videos on our video channel are also only loaded when you click on the corresponding plugin, and only then is a connection to Google's servers established.

For integration, we use the so-called extended data protection mode, which further restricts data processing by Google. According to Google, in this case no information about visitors to our website is stored before they view the embedded video. However, there is still the possibility that data may be passed on to Google partners.

As soon as you activate the plugin, a connection to Google's servers is established and Google collects data about which of our pages you have visited. Google collects further data about your surfing behavior if you are logged into your YouTube user account. To prevent the transmission of usage data to Google, you must log out of your YouTube user account before clicking on the YouTube links on our websites.

Further information about the purpose and scope of data collection and the further processing and use of your data and storage period by Google can be found in YouTube's privacy policy. This is available on the Internet at https://www.youtube.com/account_privacy. Here you will also find information about settings options for protecting your privacy and about your further rights regarding the collection, processing, and use of your data by YouTube, as well as information on revoking your consent. If you do not have your own YouTube account, you can view Google's privacy policy at https://policies.google.com/privacy?hl=de. 

b) Map services

(1) Google Maps

We use a plugin from the Google Maps internet service on our website. Google Maps is operated by Google Ireland Limited (see section 2.4 b for details about Google). As soon as you activate the Google Maps plugin on our website, information about your use of this website and your IP address will be transmitted to a Google server in the USA and stored on that server. We have no knowledge of the exact content of the data transmitted or how it is used by Google. In this context, the company denies linking the data with information from other Google services and collecting personal data.

By activating the plugin, you declare your consent to the described collection and processing of information by Google. For more information on the privacy policy and terms of use for Google Maps, please visit: https://www.google.com/intl/de_de/help/terms_maps.html 

(2) Baidu Maps

We use a plugin from the Baidu internet service on our website. Baidu Maps is operated by Baidu Inc, Baidu Campus, No. 10 Shangdi 10th Street, Haidian District, Beijing, 100085 China ("Baidu"). Please note that we only offer the Baidu service to people outside the EU or the EEA. If you activate the Baidu Maps plugin on our website, information about your use of this website and your IP address will be transmitted to a Baidu server and stored on that server. We have no knowledge of the exact content of the transmitted data or its use by Baidu. We therefore accept no liability for such data processing.

By activating the plugin, you declare that you are located outside the EU or the EEA and that you consent to the collection and processing of information by Baidu as described above. For more information on the privacy policy and terms of use for Baidu Maps, please visit: http://ir.baidu.com/baidu-statement-privacy-protection/ 

(3) Yandex.Maps 

We use a plugin from the internet service Yandex on our website. Yandex.Maps is operated by YANDEX LLC, Ulitsa Lva Tolstogo 16, Moscow, 119021 Russia ("Yandex"). Please note that we only offer the Yandex service to persons outside the EU or the EEA. If you activate the Yandex.Maps plugin on our website, information about your use of this website and your IP address will be transmitted to Yandex servers in Russia and the EEA and also stored on these servers. We have no knowledge of the exact content of the data transmitted or its use by Yandex. Yandex itself states that personal data collected via its services is aggregated and merged under your Yandex user account when you are logged in to it while using Yandex.Maps on our websites. We therefore accept no liability for such data processing.

By activating the plugin, you declare that you are located outside the EU or the EEA and that you consent to the collection and processing of information by Yandex as described above. For more information on the privacy policy and terms of use for Yandex.Maps, please visit: https://yandex.com/legal/confidential/

In addition, some of our websites link to social media platforms where we maintain profiles. This is done via a corresponding symbol on our websites, which is marked with the corresponding logo of the respective social media platform and behind which there is a link to our corresponding social media page. Social plugins (such as the Facebook "Like" button) are not integrated in these cases.

Our references to social media services do not result in any of your data being transmitted to these services. These are normal hyperlinks that do not regularly transmit data. When you click on the link, you will be redirected directly to our social media presence on the respective social media service. Data is only transferred if you are logged into your user account on the relevant social media service.

When you click on the links, you are responsible for the data transfer to the aforementioned social network services, as you become active yourself by logging into your respective social network account and following the respective link, thereby initiating the subsequent data processing by the respective social network service.

Please read our privacy policy for social media presences under section 3. 

a) Piwik PRO

For the statistical and analytical evaluation of certain data, we use the Piwik PRO Analytics Suite analysis tool, a cloud-based web analysis service provided by Piwik PRO GmbH in Germany.

We only process the data collected by the analysis tool with your prior consent and in order to keep the services and offers available on our website accessible to our customers and to continuously improve them. The legal basis for data processing is Art. 6 (1) (a) GDPR.

Piwik PRO uses cookies (see section 2.3 for information on cookies). The data collected includes, for example, the truncated IP address, the operating system, the browser ID, browsing activity, and other information. Further information on the data collected by Piwik PRO can be found at https://help.piwik.pro/support/privacy/what-data-does-piwik-pro-collect/.

In order to exclude the personal reference in the IP address, we have configured the settings so that Piwik Pro only uses IP addresses after they have been shortened by two bytes. In addition, Piwik Pro is hosted on Microsoft Azure servers in Germany (for more information on Microsoft and a possible transfer to a third country, see section 2.2.b) and section 1.5) above). The data is deleted after 25 months.

Piwik PRO calculates metrics such as bounce rate, page views, sessions, and the like for us so that we can understand how our website is being used. We can also create visitor profiles based on browsing history, allowing us to analyze visitor behavior, display personalized content, and run online campaigns. Piwik PRO does not share data about website visitors with other sub-processors or third parties, nor does it use it for its own purposes. For more information about data protection at Piwik PRO, please see here and in the Piwik PRO privacy policy.

You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Revocation of consent
You can prevent the collection of data relating to your use of the website and the processing of this data by Piwik PRO as described above in 2.3 e) in the future by revoking your consent. 

a) LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). This tool creates a cookie in your web browser that enables the collection of the following data, among other things: IP address, device and browser characteristics, and page events (e.g., page views), demographic data from LinkedIn if the user is an active LinkedIn member, last visited URL, and time information. This data is encrypted by LinkedIn, pseudonymized within seven days, and the pseudonymized data is deleted within 90 days. We are joint controllers with LinkedIn for this data processing. You can view the contract for this at LinkedIn and in section 3.3. Further information on the cookies placed in this context can be found in section 2.3, at https://www.linkedin.com/help/linkedin/answer/a427660, and in the LinkedIn privacy policy at https://de.linkedin.com/legal/privacy-policy?.

This technology enables us to generate reports on the effectiveness of our advertisements, as well as information on website interaction, and to display targeted advertising on LinkedIn (conversion tracking) without identifying you as a website visitor. However, LinkedIn may link your data to your LinkedIn profile if you are logged into LinkedIn when you visit our website. We process your data to evaluate events and collect information about website visitors who may have reached us via LinkedIn. We process your data because you have consented to this, Art. 6 (1) (a) GDPR, and store your data for as long as we need it for the respective purpose (event evaluation) and you have not objected to the storage of your data or revoked your consent. Insofar as LinkedIn transfers the data to its own parent company in the USA, this transfer is based on the Commission's standard contractual clauses. For information on transfers to third countries, please refer to section 1.5.

You can object to LinkedIn's processing at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Withdrawal of consent

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight Tag on our website, please follow the steps described in section 2.3. e) above. 

b) Google Ads (Google AdWords Remarketing)

As an online marketing measure, we use Google's remarketing services on our websites (see section 2.4 b) for details about Google). This allows us to present visitors to our website with advertisements based on their interests on other websites within the Google advertising network, in Google Search, or on YouTube. To do this, we analyze visitors' interactions on our website, e.g., which offers the visitor was interested in, so that we can display targeted advertising to visitors on other sites even after they have visited our website.

To do this, Google stores cookies on visitors' devices, which we list individually in section 2.3. These cookies are used to track visitors' visits. In this context, we collect the following personal data from visitors to our website: duration of visit, IP address, pages visited, content of interest to the visitor, and website usage.

The place of processing is the European Union. However, the information about your use of this website may be transferred to a Google server in the USA or another country outside the EU or the EEA and stored there (namely Singapore, Taiwan, or Chile). The recipients of the data are Google LLC and Alphabet Inc., both of which belong to the Google Group. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and surveillance purposes without you having any legal recourse. This may be the case for various purposes, e.g. for storage or processing. The transfer of data to third countries with an uncertain level of data protection is based on the standard contractual clauses of the EU Commission. For information on transfers to third countries, please refer to section 1.5.

For further information, please read Google's privacy policy at https://policies.google.com/privacy?hl=de.

Withdrawal of consent

We obtain your prior consent for processing (Art. 6 (1) (a) GDPR), which you can revoke at any time with future effect by proceeding as described in section 2.3 e). 

c) Microsoft Advertising (formerly Bing Ads)

Our website uses the Microsoft Advertising remarketing function from Microsoft Ireland Operations Limited (for more information about Microsoft and possible third-country transfers, see sections 2.2.b) and 1.5) above).

With your consent (§ 25 (1) TTDSG), cookies are stored or read on your device if you have accessed our website via a Microsoft Advertising ad. A Universal Event Tracking tag is also integrated into our website. This is software that recognizes visitors and, in combination with cookies, stores some data about the use of the website. This includes, among other things, the IP address, country, language settings, screen resolution, page load time, last visited website, length of stay on the website, which areas of the website were opened, and which advertisement brought users to the website.

Microsoft uses this information to create pseudonymized user profiles. We divide the interests of our website visitors into segments so that we can tailor our advertising activities to their respective interests. We only learn the total number of users who clicked on a Microsoft ad and were then redirected to the conversion page.

Microsoft uses the collected data to provide Microsoft Advertising, including retargeting and conversions, if applicable, as well as for its own purposes, such as improving its services, reporting, and performance analysis. Your personal data will be deleted by Microsoft after a maximum of 390 days.

For more information about data protection and the cookies used by Microsoft Advertising, please visit https://privacy.microsoft.com/de-de/privacystatement; details about cookies can also be found in section 2.3.f.

If you do not want Microsoft to use your information as described, you can refuse to accept the cookie required for this purpose. To do this, you can, for example, register on opt-out lists (e.g., at https://youradchoices.com), or you can generally disable the automatic setting of cookies via your browser settings. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by declaring your objection at the following link: http://choice.microsoft.com/de-DE/opt-out. 

Revocation of consent
Withdrawal of consent
We obtain your prior consent to the processing of your data (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect by following the instructions in section 2.3 e).

In order to provide you with further information about our services, you can subscribe to newsletters on some of our websites. For the processing of data for the advertising communications mentioned below, your consent is obtained during the registration process and reference is made to this privacy policy.

The legal basis for processing the data after you have registered for these services is Art. 6 (1) (a) GDPR if consent has been given. Your email address is collected for the purpose of delivering the newsletter. Other personal data collected during the registration process is used to prevent misuse of the services or the email address used.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your email address will therefore be stored for as long as your subscription to the information service is active.

You can cancel your subscription to the services at any time. For this purpose, there is a corresponding note in each newsletter. This also allows you to revoke your consent to the storage of personal data collected during the registration process. 

a) Online publications CTS Dürr GmbH and newsletter tracking

It is also possible to receive information about Dürr CTS online publications via our newsletter. When you register, the data from the input mask is transmitted to us.

We use the Salesforce Pardot advertising email service to send and evaluate newsletters to our customers (for details on Salesforce, see section 2.2.c above). The data specified below is processed by Salesforce on our behalf. This also involves transferring the data to the USA. Salesforce has issued binding corporate rules (available at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf) that ensure the secure transfer of data. For information on transfers to third countries, please refer to section 1.5.

The following data is processed in this context: 

• Email address
• Company (optional)
• Salutation and title (optional)
• First and last name (optional)
• Address (optional)

The newsletters sent on our behalf by Salesforce contain a tracking pixel that transmits information to Salesforce as soon as you open the newsletter. We then retrieve this information from Salesforce's servers in order to generate statistical evaluations and measure the success of our newsletter campaigns. The data obtained is also used to send you information that matches your specific interests.

This information allows us to determine whether the newsletters are opened, when they are opened, and which links within the newsletter are clicked. The evaluations are primarily used to determine the level of interest in certain topics and to measure the effectiveness of our communication measures. For this purpose, we only collect your data if you have expressly consented to the collection and storage of your data for this purpose when subscribing to the service. In this case, the legal basis for the processing of your personal data is the consent you have given in accordance with Art. 6 (1) (a) GDPR.

Withdrawal of consent
You can revoke your consent to newsletter tracking at any time via the corresponding link in each mailing or by sending an email to info[at]cts-durr.com. 

In section 1.3, we describe in detail what rights you have in connection with our data processing. 

Below you can find out how we process your data when you visit our social media presence. Section 3 applies in addition to the general information in Section 1. If you cannot find the information you need in Section 3, please refer to Section 1 (e.g., for data subject rights, see Section 1.3). In the event of a conflict between the general information and this specific information, the information in this section 3 takes precedence over that in section 1.

Please note that we provide additional information on features and tools that we use on our website that are provided by social media providers (e.g., plugins, cookies, etc.) in sections 2.3-2.8.

The following information is structured as follows: First, we provide you with general information in section 3.1 that applies to all social media presences. Additional, specific information on the respective social media presences can be found in sections 3.2 to 3.6. 

Dürr CTS GmbH (details above in section 2.1) maintains social media presences. Visiting our social media presences triggers a variety of data processing operations. As the operator of these presences, we are jointly responsible with the respective network operators within the meaning of Art. 4 No. 7 GDPR. 

a) Which social media accounts do we maintain?

We maintain social media presences with the following network operators:

• Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ("Instagram", details under section 3.2);
• LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, ("LinkedIn", details under section 3.3);
• YouTube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube", details in section 3.4);
• Kununu: NEW WORK AUSTRIA, XING kununu Prescreen GmbH, Schottenring 2-6, 1010 Vienna, Austria, ("Kununu", details under section 3.5). 

b) For what purposes is my data processed?

Dürr operates social media accounts to give you deeper insights into our offerings and our day-to-day business, to spark your interest in us as your (future) business partner but also as your (future) employer.

• Publicly disclosed information: In individual cases, Dürr can only view the information in your profile that you have made public (such as your user name and the content published in your profile and the actions you perform with it, e.g., when you "like" or share a post). You can find out what this is in your profile settings. In addition, you have the option of unfollowing our respective social media presence. Your profile will then no longer appear in the list of fans (connected contacts) of this presence.
• Contact: We process your data when you contact us via our social media presence, e.g. when you send us a direct message via the network, when you like, share, or comment on one of our posts, when you mention us in a post, or when we like, share, or comment on one of your posts. We use your data (e.g., first name, last name, message) to respond to your request in our customer service department.
• Analysis of usage behavior: We use analysis technologies provided by network operators to statistically evaluate how our presence is received by visitors. This enables us to control and optimize our offering in line with the interests of visitors. To do this, network operators use cookies and similar technologies, such as pixels, when you visit our sites. Some network operators use third-party services (e.g., Piwik PRO) for this purpose. Registered users can be identified by the network operator through a unique user ID. In addition to compiling the aforementioned statistics on page usage, this processing also serves to improve the advertising played by the network operators via the network and on third-party sites.

The data processing described above is carried out on the legal basis of Art. 6 (1) (f) GDPR, our legitimate interest in responding to your enquiry, offering you services and products tailored to your interests, and improving our offering and our social media presence and adapting it to the needs and interests of our visitors. This applies equally if you send us your request via a form on the network. Details on processing within the scope of CRM can be found in section 4.4. If social media providers place cookies or similar technologies on our website for analysis or marketing purposes, we will obtain your consent. For details, please refer to section 2.3.

Right to object
In section 1.3, we explain your right to object to the processing of your data on the basis of Art. 6 (1) (f) GDPR.

Note: Processing by network operators and third parties: We would also like to point out that network operators also process data that you have voluntarily made public and when you visit and use our social media sites (e.g., viewing, commenting on, or liking a post). In addition, network operators process so-called log data (e.g., your IP address, browser and device information, last visited page, location, timestamp, settings). If you are logged into your own profile on the network, the network can assign this data to your profile. Partners of the network operator or third parties may also set cookies via social media networks in order to provide services to companies that advertise on the networks. This processing is based on the respective terms and conditions and privacy policy, which we link to below in the information on the respective network. We cannot necessarily track or influence this processing. 

When you visit our Instagram page, personal data about users is collected, for example, through the use of cookies. The data is primarily collected by Facebook. Details on the use of cookies by Facebook can be found in the Facebook cookie policy: https://www.facebook.com/policies/cookies/. Visitors to our Instagram page who are not logged in or registered with Instagram are also tracked.

We use the Instagram Insights feature to obtain statistical evaluations of the readers of our posts. Details can be found at https://help.latest.instagram.com/788388387972460?helpref=hc_fnav. Dürr has no direct access to the user data collected by Facebook. We refer to the further explanations on Insights data in section 3.2 on Facebook Insights, which apply accordingly to Instagram. 

Dürr CTS maintains a presence on LinkedIn (details on LinkedIn can be found in section 3.1 a)).

LinkedIn is part of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, USA. This means that data may be transferred to the USA (for further information on transfers to third countries, please also refer to section 1.5). The standard contractual clauses of the EU Commission ensure the security of this transfer.

For more information on data protection at LinkedIn, please refer to LinkedIn's privacy policy: https://de.linkedin.com/legal/privacy-policy?, and LinkedIn's terms of use at https://de.linkedin.com/legal/user-agreement.

In accordance with the agreement we have concluded with LinkedIn (available at https://de.linkedin.com/legal/l/dpa), LinkedIn will inform us as soon as a visitor asserts their rights as a data subject under Articles 15 to 22 of the GDPR. LinkedIn will assist us in responding to requests for information. You can assert your rights (see section 1.3) against us and against LinkedIn.

LinkedIn Page Analytics: We use LinkedIn Page Analytics in connection with the operation of our LinkedIn presence. LinkedIn acknowledges its status as joint controller in this regard (see the underlying agreement available at https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn uses cookies, for example, to evaluate user behavior. We receive information about the use of our content via Page Analytics in the form of aggregated data that we cannot link to visitor profiles. In the aforementioned agreement, LinkedIn assumes responsibility for the rights of data subjects. Nevertheless, you can also contact us as explained in section 1.3.

Please also read section 2.7 a) to find out how we use LinkedIn services on our website. You can object to LinkedIn's processing for advertising purposes at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Dürr CTS maintains a channel on the YouTube platform of YouTube LLC (details in section 3.1.a)), a subsidiary of Google LLC based in the USA. With no Google service, it can be ruled out that your data collected by Google will also be transferred to the USA (for further information on third-country transfers, please also refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

YouTube Analytics: We receive statistics on the use of our channel, including the following aggregated and therefore anonymized information:

• Total number of video views
• Average video views per person and trend (decreasing/increasing)
• Number of subscribers and trend
• Number of visitors
• Viewer interactions (likes, comments, shared content)
• Time visitors spent on the channel watching videos
• Reach of the video
• Percentage of videos that a user watches on average from the videos.

The data is processed by the network operator on the basis of the Terms of Service (https://www.youtube.com/static?gl=DE&template=terms&hl=en) and Google's Privacy Policy (https://policies.google.com/privacy). You can object to the processing by the network operator via the settings in your Google account, which you can access at here: https://adssettings.google.com/authenticated. Details on managing the privacy settings for your Google account can be found here: https://support.google.com/youtube/topic/9257518?hl=de&ref_topic=9257107.

The agreement we have concluded with Google for our YouTube channel stipulates that you can assert your rights as a data subject against us (see section 1.3) and Google. 

Dürr CTS maintains a presence on Kununu (details on Kununu can be found in section 3.1 a)). Kununu is part of Xing, which is why the underlying conditions are partially identical (see section 3.7).

For information on how Kununu processes your data (including the use of cookies and similar technologies), please refer to Xing's privacy policy (see section 3.7), which also applies to Kununu. Kununu's terms and conditions can be found at https://www.kununu.com/de/info/agb.

Analysis: We have access to statistical evaluations of accesses and activities on our Kununu presence. The information provided for Xing (section 3.7) applies accordingly. Information on the rights of data subjects can be found in section 1.3. 

In section 1.3, we describe in detail the rights you have in connection with our data processing. 

Below you can find out how we handle your data in the course of our business activities that take place outside our websites. This section 4 applies in addition to the general information in section 1. If you cannot find the information you need in this section 4, please refer to section 1 (e.g., on data subject rights). In the event of a conflict between this Section 4 and Section 1, the information in this Section 4 shall take precedence over that in Section 1. 

This Section 4 applies to data processing by the companies of Dürr CTS, which you can find at List , insofar as this processing does not take place on the basis of the provision of the website (in which case Sections 2 and 5 apply). The appendix also contains the contact details of the respective controller (the company with which you are in contact) and its company data protection officer. Alternatively, you can also contact the data protection officer at Dürr AG with any questions or concerns regarding data protection. You can reach them by email at data.privacy@cts-durr.com or by post at

Dürr CTS GmbH 

Attn: Data Protection Officer 
Carl-Benz-Str. 34 
74321 Bietigheim-Bissingen 
Germany

In some explicitly described cases, two or more Dürr CTS companies are jointly responsible for processing (see, for example, section 4.4). 

If you enter into a contractual relationship with us (e.g., in connection with an order for the goods and services we offer or in connection with an order placed by your company) or if a contractual relationship with you is initiated, or for the purpose of establishing contact or providing information about companies and products, or in connection with customer satisfaction analyses or product surveys, we process the following information:

• Master data (e.g., title, first name, last name, gender),
• (Publicly available) data about your company/employer,
• Communication and contact data (e.g., business telephone number (landline and/or mobile), valid email address, business postal address),
• Survey data (comments and ratings submitted by customers) and log data (timestamp when a survey was answered),
• Data generated when using the training portal, such as participation data, ratings, test results, and comments,
• Data generated in connection with your inclusion in our SRM system (e.g., position, responsibilities, substitutes, etc.).

This data is processed

• to identify you or your company/employer as our customer/prospective customer for our services/supplier;
• to comply with legal obligations (e.g., supply chain transparency, anti-corruption, counterterrorism);
• to initiate a contractual relationship with you/your company/your employer;
• to be able to fulfill any contract subsequently concluded with you/your company/your employer;
• for correspondence with you, provided this serves the purpose of initiating or fulfilling a contract;
• for invoicing, provided that a contractual relationship involving payment is established;
• to improve customer service, services, and products;
• for marketing and advertising purposes;
• to protect legitimate interests.

Data processing is carried out at your request or as part of customer satisfaction analyses or product surveys and is based on Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR (if you work for a company) for the purposes mentioned for the initiation of the contractual relationship and for the mutual fulfillment of obligations arising from the contract that may be concluded subsequently. In the event of a legal obligation, the legal basis arises from national or Union law in conjunction with Art. 6 (1) (c) GDPR. If you have given us your consent to process your data for specific purposes, such as product advertising or marketing, data processing is based on Art. 6 (1) (a) GDPR. In the event of a legal obligation, the legal basis arises from national or Union law in conjunction with Art. 6 (1) (c) GDPR.

In addition, your personal data will be processed to safeguard legitimate interests pursuant to Art. 6 (1) (f) GDPR, including

• to improve the range of services and products offered by Dürr CTS for you,
• to compile statistical evaluations,
• to forward your inquiry to one of our authorized dealers,
• to ensure the IT and building security of Dürr CTS,
• to simplify and optimize processes, and to enable cross-buying activities of our group companies.

The personal data we process will be stored until the above-mentioned purposes no longer apply and will then be deleted, unless we are obliged to store it for a longer period in accordance with Art. 6 (1) (c) GDPR due to legal storage and documentation obligations (e.g. under the German Commercial Code (HGB) or the German Fiscal Code (AO)), or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR. StGB or AO) or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR. 

Your personal data will not be transferred to third parties for purposes other than those listed below.

Insofar as this is necessary for the performance of the contract concluded with you in accordance with Art. 6 (1) (b) GDPR (or in accordance with Art. 6 (1) (f) GDPR if you are acting on behalf of a company), your personal data will be disclosed to third parties. This includes, in particular, companies of Dürr CTS or partners that we use for contract processing, such as shipping companies, payment service providers, or portal operators.

The data passed on may only be used by these third parties for the purposes specified.

In accordance with Art. 6 (1) (f) GDPR, your personal data may also be passed on to third parties whom we use to safeguard the legitimate interests mentioned in section 4.2 (including marketing service providers, authorized dealers, consultants, agencies, group companies, SRM system operators).

Insofar as necessary for the performance of services, your personal data, for which consent has been obtained in accordance with Art. 6 (1) (a) GDPR, will be passed on to partners (including advertising service providers, shipping companies, group companies).

If the above-mentioned recipients process your data outside the EEA, please refer to section 1.5. 

The companies of Dürr CTS operate a joint customer database (CRM system) and in this respect act as joint controllers within the meaning of Art. 26 GDPR (also referred to as joint controllers).

Data is generally stored for as long as is necessary for the purpose for which it was collected or as required by law, or if we have a legitimate interest in storing it, for example for law enforcement purposes.

If this involves the transfer of data to Dürr CTS companies outside the EEA, we rely on the standard contractual clauses of the EU Commission. We also refer to the comments on third-country transfers in section 1.5.

The CRM system is provided by Salesforce. The storage location is the EU. The transfer of data to companies of the Salesforce Group outside the EEA is not excluded (see section 2.2 c for details on Salesforce).  

Internally, we have distributed the responsibilities as follows in a contract: Data subjects can contact all joint controllers to exercise their rights (for more information on data subject rights, see section 1.3).

The Dürr CTS company to which you have provided your data will nevertheless act as your first point of contact. Dürr CTS GmbH, which is responsible for operating the CRM system, is responsible for the information obligations under Art. 13 f. GDPR. The joint controllers are responsible for fulfilling the necessary reporting obligations within their sphere of activity, maintaining documentation, obliging employees to maintain confidentiality and informing them of their data protection obligations, as well as ensuring technical and organizational security in data processing. 

The Dürr CTS companies operate a joint supplier database (SRM system) and in this respect act as joint controllers within the meaning of Art. 26 GDPR (also referred to as joint controllers). The reason for this is that we want to enable cross-buying activities between our group companies and support compliance with the requirements of the Supply Chain Transparency Act.

For this purpose, as a supplier, you will receive an invitation email from the Dürr CTS company that collected your data. If you would like to register for our supplier portal, please click on the registration link below. A web form will open where you can decide whether you would like to register for the platform or simply provide the information required for inclusion in our SRM.

If you register for the platform, the data will be processed by the platform (Coupa Software Inc.) on its own responsibility. Registration is optional. It is also possible to enter the information required for our SRM without registering.

You will be asked to complete the questionnaires provided by us and to enter your company data and contact details (e.g., name, email address, position).

A confirmation email will then be sent to all email addresses entered. Your data will only be passed on to other companies in the Dürr Group once you have completed the process as described. The legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in an efficient management system that also offers our suppliers a wide range of benefits. In terms of data protection law, the companies of the Dürr Group act as so-called joint controllers within the meaning of Art. 26 GDPR.

The data is generally stored for as long as is necessary for the purpose for which it was collected or as required by law, or if we have a legitimate interest in storing it, for example for the enforcement of legal claims.

If data is transferred to Dürr CTS companies outside the EEA, we rely on the standard contractual clauses of the EU Commission. We also refer to the comments on third-country transfers in section 1.5. The SRM system is provided to us by Coupa Software, Inc. The storage location is in the EU.

Internally, we have distributed the responsibilities as follows in a contract: Data subjects can contact all joint controllers to exercise their rights (for more information on data subject rights, see section 1.3).

The Dürr CTS company to which you have provided your data will nevertheless act as your first point of contact. The joint controllers are responsible for fulfilling the necessary reporting obligations within their sphere of activity, maintaining documentation, obliging employees to maintain confidentiality and informing them of their data protection obligations, as well as ensuring technical and organizational security in data processing. 

In section 1.3, we describe in detail the rights you have in connection with our data processing. 

Below you can find out how we process your data when you apply for a job with us. This section 6 applies in addition to the general information in section 1. If you cannot find the information you need in this section 6, please refer to section 1 (e.g., on data subject rights).

Insofar as we refer to detailed information from sections 1-5 below, this applies accordingly. In the event of a conflict between this section 6 and sections 1-5, the information in this section 6 takes precedence over that in sections 1-5. 

This section 5 applies to data processing in connection with your application by the companies of Dürr CTS, which you can find in this list.The company to which you are applying is always responsible for processing your application data. In the linked list, you will also find the contact details of the respective responsible person and their company data protection officer. Alternatively, you can also contact the data protection officer at Dürr CTS GmbH with any questions or concerns regarding data protection. You can reach them by email at data.privacy[at]cts-durr.com or by mail at

Dürr CTS GmbH 
Attn: Data Protection Officer 
Carl-Benz-Str. 34 
74321 Bietigheim-Bissingen 
Germany

Dürr CTS GmbH is responsible for data processing in connection with the provision of the website for the application process. Section 2 applies additionally in this regard. 

By applying to a Dürr CTS company, you are providing the company with your personal data for a specific application for the purpose of job search. Your data will be stored and processed on the IT systems of our external service providers commissioned for application management.

During the application process, we collect the following data:

• Master data (e.g., title, first name, last name, date of birth, place of residence),
• Documents (e.g., references, certificates, resume, cover letter),
• If you had reimbursable expenses, the data relevant for billing, e.g., your bank details,
• Communication data (e.g., telephone number (landline and/or mobile), email, postal address),
• Log data generated when using IT systems,
• Video and audio data collected when using communication technology and recorded with your consent, if applicable,
• Other data, if applicable, depending on the requirements of the job description or the online form; under certain circumstances, this may also include special categories of data, such as health data;

Data processing is carried out at your request or application and is necessary in accordance with Art. 6 (1) (b) GDPR for the initiation of a contractual relationship and for the mutual fulfillment of obligations arising from the employment contract that may then be concluded. If it is necessary to collect special categories of data, we base this in particular on Art. 9 (2) (b) GDPR (reasons of labor law, social security law, or social protection law), Art. 9 (2) (c) GDPR (protection of vital interests of applicants or third parties), or Art. 9 (2) (a) GDPR (your consent). Within the respective Dürr CTS company to which the application is made, only the persons and departments involved in the application process (e.g., supervisors and employees of the specialist department, human resources department, employee representatives involved in the application process) will have access to your personal data. If you have given us your consent to process your data for specific purposes, this is done on the basis of Art. 6 (1) (a) GDPR. In addition, your personal data will be processed to safeguard legitimate interests pursuant to Art. 6 (1) (f) GDPR, including for the creation of anonymized statistical evaluations, for the processing of the application process, or for legal prosecution. The personal data collected by us will be stored until the above-mentioned purposes no longer apply and will then be deleted, unless we are obliged to store it for a longer period in accordance with Art. 6 (1) (c) GDPR due to legal storage and documentation obligations (e.g. under the German Commercial Code (HGB) or the German Fiscal Code (AO)) or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR. StGB or AO) or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR (e.g. for receiving job alerts). If your application is unsuccessful, the data will generally be deleted six months after the conclusion of the process, unless there are specific longer retention obligations (e.g., for any receipts for travel expense reimbursement). If your application is successful, the data from the application process may also be processed for the purposes of the employment relationship. As part of the application process, we use cloud-based software services for document storage and management, appointment management, emailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients, or for publishing websites, forms or other content and information, as well as chats and participation in audio and video conferences. In this context, personal application data may be processed and stored on the providers' servers, insofar as this is part of communication processes with us or is otherwise processed by us or the providers, as set out in this privacy policy. 

c) Microsoft

Depending on the format and technology used, we work with a third-party provider, such as Microsoft for the "Teams" video conferencing service, cloud storage, cloud infrastructure services, and cloud-based application software. 

Your applicant data may be disclosed within Dürr CTS to another job advertisement in accordance with Art. 6 (1) (a) GDPR, provided that there is a match for another position and you have consented to the disclosure of your data for this purpose. In order to carry out pre-contractual measures as part of the application process, your personal data will be passed on to third parties in accordance with Art. 6 (1) (b) GDPR. This includes, in particular, our external service provider for applicant management. The data passed on may only be used by these third parties for the purposes specified.

In order to safeguard the legitimate interests referred to in section 6.2 pursuant to Art. 6 (1) (f) GDPR, your personal data will only be passed on to our external service provider for applicant management for the purpose of creating anonymized statistical evaluations. Your data may also be passed on in accordance with Art. 6 (1) (c) GDPR if we are legally obliged to do so, for example in the context of preliminary investigations. If the above-mentioned recipients process your data outside the EEA, we refer you to section 1.5. 

In section 1.3, we describe in detail what rights you have in connection with our data processing.