Thank you for your interest in our website. The protection of your privacy is very important to us. Therefore, we will process your data carefully, for a specific purpose and on the basis of your consent, and only in accordance with the legal requirements for data protection.

In this data protection policy, we inform you about the aspects of data processing within our website.

Responsible Body

The responsible body within the meaning of the data protection laws is:

I. When and for What Purpose Does DCX Collect Personal Data?

It is generally possible to use our websites without submitting personal data.

If you use one of our services (e.g., our newsletter, our future online shop, or our contact form), you enter your data voluntarily. We use this data (such as name, address, e-mail address, telephone, and fax number) exclusively for the purpose for which you provide it (e.g., for processing contact requests, processing orders and payments, delivery of goods, and provision of services such as, in particular, the dispatch of newsletters or bathroom planning) and only for the execution of our own business purposes. Information we receive from you helps us process your order as smoothly as possible, improve our service for you, and prevent misuse and fraud.

When you access our website, information of a general nature is automatically recorded. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, and such like. This is only information that does not allow conclusions to be drawn about you. This information is technically necessary to correctly deliver the contents of websites requested by you and is mandatory when using the internet. Anonymous information of this kind is statistically evaluated by us to optimize our internet appearance and the technology behind it.

We do not sell your data, nor do we use it for unspecified purposes.

II. General Information About Our Services

If you use our services, we will ask you for personal data (at the time of collection, we will explain which information is required and which you may voluntarily provide).

To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.

For users who have signed up for one or more of the following services, it is possible to change or delete the information provided at registration at any time. Of course, we will also provide you with information about the personal data we hold about you at any time. We are happy to correct or delete this at your request, as long as no statutory retention requirements prevent this. To contact us in this context and to revoke your consent, please use the contact details provided at the end of this data protection policy.

III. Our Services in Detail

Online Shop

Purpose of data processing: Implementation and processing of the purchase process initiated by you as well as compliance with legal requirements such as, in particular, customs provisions.

Legal basis: Article 6 (1) (b) GDPR (required to fulfill the contract) and Article 6 (1) (c) GDPR (fulfillment of a legal obligation).

For shopping in the online shop, provision of the data is required by you. Without this data, no contract can be concluded. Failure to provide the data would result in your being unable to shop on our website.

Contact Form

If you contact us via e-mail or our contact form, the information you provide will be stored for the purposes of processing the request as well as for any follow-up questions and sending you any requested information, if applicable.

Purpose of data processing: Responding to your request.

Legal basis: Article 6(1)(b) of the GDPR (required for implementing pre-contractual measures that are made at the request of the person in question).

Revocation of Consent

Consents given by you are always voluntary and can be revoked at any time with effect for the future without giving reasons. For this purpose, you can contact the above address of DCX.

Social Plugins

We offer you the option of using “social media buttons” on our website. We rely on the “Shariff” solution to protect your data during the use of these features. As a result, these buttons are only integrated onto the website as graphics that contain a link to the corresponding website of the button’s provider. Clicking this graphic will redirect you to the respective provider’s services. Your data will not be sent to the respective provider until then. As long as you do not click the graphic, there will be no exchange of any kind between you and the provider of the social media button. Information about the collection and use of your data in social networks can be found in the relevant provider’s respective terms and conditions of use.

IV. Collecting Data During Your Visit to Our Website

Along with the information that you submit yourself, we collect other data from you during your visit through cookies and tracking. We would like to clarify this in the following.

1. Cookies and Other Tracking Technologies

Some of our websites use “cookies”. This standard technology refers to small text files that are stored on the device you use and allow your visit to a website to be made more convenient or more secure, among other things. Via the cookies, we automatically receive certain data about your computer and your internet connection, such as your جزئیات IP address, the browser used, and operating system. Cookies may also be used to better tailor the offerings on a website to the visitor’s interests or generally improve the site based on statistical analysis.

Cookies cannot be used to start programs or transmit viruses to a computer. Using the information in the cookies, we can make navigation easier for you and allow our web pages to be displayed correctly.

Third-party technologies such as scripts, pixels, and tags that we embed in our websites for advertising purposes also set cookies on your terminal device. In the following sections, we explain what we use these technologies for and how you can adjust the settings to suit your needs.

2. Cookie Categories

Depending on the function and purpose, we divide data processing into different categories. The purpose of each category is described in our Consent Management Tool, and your consent to these categories can be adjusted here.

You can decide yourself whether the browser you use permits cookies or not. Please note that website features may be restricted or even suspended if cookies are disabled.

3. Purpose of Processing, Legal Basis, and Legitimate Interests

Purpose of data processing: Secure operation of the website as well as allowing targeted communication with customers.

Legal basis: Article 6(1)(a) GDPR (consent via our cookie consent), in exceptional cases not requiring consent, we base our processing on our legitimate interest under Article 6(1)(f) GDPR.

Legitimate interests:

• Ensuring proper function of our website
• Optimization of our website

4. Revocation of Consent

Consents given by you are always voluntary and can be revoked at any time with effect for the future without giving reasons. Your consent to cookies and other technologies can be adjusted here.

5. Browser Settings

You can determine yourself whether the browser you use allows cookies or not. Please note that the functionality of websites may be restricted or even suspended if cookies are not allowed. Here you can find out more about how to set your browser correctly:

• Internet Explorer
• Mozilla Firefox
• Google Chrome
• Safari
• Opera
• Adobe (Flash cookies)
• Google Chrome App

6. Location of Processing of Information Collected via Cookies

Information collected via cookies is primarily processed within the European Union (EU). In some cases, cookie information may also be processed by our contracted service providers or by third-party cookie providers in countries outside the EU that do not offer a comparable level of data protection from an EU perspective. In some countries, such as the USA, there is a particular risk that local authorities may obtain access to cookie information processed there for monitoring purposes and that there are no effective legal remedies against such access. We have implemented appropriate additional safeguards, such as contracts based on the EU standard contractual clauses and the implementation of supplementary technical measures to ensure that information collected via cookies is adequately protected. Where you have given your consent to the use of cookies and other tracking technologies, you also consent to the transfer and further processing of information collected via cookies to countries outside the EU.

V. Implemented Technologies

• Cloudflare
• Fraud0
• Google Tag Manager
• reCAPTCHA
• reCaptcha v3
• Salesforce Commerce Cloud B2B
• Usercentrics Consent Management Platform
• ViAcademy Webshop
• AdRoll
• Affiliate Provider APAC
• AWIN
• DoubleClick Ad
• epoq
• Excentos
• Facebook Pixel
• Google Ads
• Google Ads Conversion Tracking
• Google Ads Remarketing
• Google Analytics
• Google Analytics 4
• Google Maps
• Hotjar
• Hotjar – B2B Shop
• Inzynk
• Kameleoon A/B Testing
• LinkedIn Insight Tag
• Messaging
• Microsoft Advertising
• Mynewsdesk

VI. Joint Responsibility

DCX is jointly responsible with third parties for certain processing of personal data of visitors to our website pursuant to Art. 4 No. 7 GDPR and has concluded special agreements for this purpose pursuant to Art. 26 Para. 1 Sentence 2.

• Facebook Pixel
• Pinterest Tag

These agreements stipulate in particular that these third parties are primarily responsible for data processing and that DCX has no access to the individual data of visitors (but can only call up aggregated statistics, e.g., regarding gender or age distribution).

Furthermore, they undertake to respect the rights of the data subjects and to respond, for example, to requests for information, objections, or deletion.

You can find an overview of the cookies used on our website under V. Technologies used. You can revoke your consent to the processing of your personal data for the purposes stated there at any time in the future by calling up our cookie banner again via the footer of our homepage and adjusting your settings accordingly.

DCX asks visitors to the website to contact the aforementioned third parties directly with regard to the assertion of their data subject rights concerning the processing of their data. DCX could also only forward requests for information, for example.

VII. Recipients/Categories of Recipients

1. Other Third Parties

We will only share the data you provide for the purposes of contract fulfillment, such as with shipping companies or payment service providers, or in cases where we are legally obliged to do so. Examples of these recipients include:

• Authorities and courts (legal duty of disclosure)
• Lawyers (assertion of claims)
• Credit institutes (processing payment transactions)
• Credit agencies (for checking credit history)
• Auditors and income tax auditors/accountants (legal audit assignment)
• Insurance companies, insurance agents
• Tax consultants
• Expert/appraiser
• Health insurance providers/pension funds (social insurance carriers)

2. Data Transmission to Third Countries

If we process data in third countries (meaning countries outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the process of utilizing the services of third parties or transmitting data to third parties, this will only be done for the purpose of fulfilling our contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests. In doing so, we ensure that your personal data is processed in compliance with the European level of data protection, based on special guarantees or due to corresponding contractual obligation including adequate technical and organizational measures.

VIII. Information About Children

We do not knowingly collect any personal data about children under 13 years old as a matter of principle. If we become aware that we have unintentionally collected personal data about children under 13 years old, we will take steps to delete this information as quickly as possible insofar as we are not obliged to retain it under the applicable law.

IX. Obligation to Provide Data, Automatic Decision Making, Profiling

1. Do I Have an Obligation to Provide Data?

In the context of the contractual relationship, you must provide the personal data that is necessary for acceptance, implementation, and completion of the contractual relationship and for fulfillment of the duties related to the contract, or that we are obliged by law to collect. Without this data, we will generally not be able to conclude or implement the contract with you.

2. To What Extent Is There Automated Decision Making/Profiling?

Within the framework of the procedure for sending newsletters described under III. 2, we use profiling to the extent described there.

X. Deleting or Locking Data

We abide by the principles of data reduction and data economy. We therefore only store your personal data as long as necessary to achieve the purposes described here or for the retention period stipulated by the legislator. Once the respective purpose has ceased to exist or this period has lapsed, the relevant data is routinely locked or deleted in accordance with legal regulations. If processing is based on consent, the respective purpose generally is considered to cease to exist when the consent becomes invalid due to revocation or passage of time. If processing is necessary for fulfillment of the contract, this will generally occur when the contract has been completed in full and after the retention period expires, as required in particular under the German Commercial Code (HGB) and the German Fiscal Code (Abgabenordnung).

XI. What Data Protection Rights Do You Have?

You have the right to information under Article 15 of the GDPR, the right to correction under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to objection under Article 21 of the GDPR, and the right to data portability under Article 20 of the GDPR.

You can contact our data protection commissioner to exercise these rights. You also have the right to file a complaint with a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act, BDSG). A list of supervisory authorities (for the non-public sector) with addresses can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

XII. Our Data Protection Officer

If you have questions about this statement or about data protection at DCX, you can contact our data protection officer directly:

XIII. Changes to Our Data Protection Provisions

We reserve the right to adjust this data privacy notice occasionally to ensure it always meets the current legal requirements or to reflect changes to our services in the data privacy notice, e.g., when introducing new services. In this case, the new data privacy notice will apply to your next visit to our website.