Privacy Notice pursuant to Article 13 GDPR
Controller and Data Protection Officer
Controller
- euro delkredere GmbH & Co. KG
- Alexanderstraße 38, 45472 Mülheim an der Ruhr, Germany
- Phone: +49 (0) 208 305590
- Email: info@eurodelkredere.de
Data Protection Officer
We have appointed a Data Protection Officer.
You can contact the Data Protection Officer
By post: euro delkredere GmbH & Co. KG, Data Protection Department, Alexanderstraße 38, 45472 Mülheim an der Ruhr
By email: datenschutz@eurodelkredere.de
By phone: +49 (0) 208 305590
2. Processing when Visiting the Website (Provision, Security, Logging)
2.1 What data is processed?
When you access this website—like any web application—technical connection and access data is processed automatically. This includes, in particular: IP address Date and time of access Pages accessed and HTTP status codes Referrer URL (originating page) Browser type and version Operating system Device information This data is collected to provide and ensure the stable operation of the website and is stored in system logs (server logs).
2.2 Purposes of processing
This processing serves the following purposes: Provision and functionality of the website IT security and detection of misuse and attacks Error analysis and optimization of system stability Operation and technical administration of the hosting platform (Microsoft Power Pages)
2.3 Legal basis
Processing is based on: Article 6(1)(f) GDPR (legitimate interest in the secure, stable, and functional provision of the website, as well as in preventing and analyzing attacks and disruptions) Section 25(2) No. 2 TDDDG (storage of technically required data to provide the requested web services) Logging and storage are technically necessary and are described by Microsoft as essential for detecting and preventing security issues and fraud.
2.4 Hosting and recipients
This website is provided via Microsoft Power Pages—a platform within the Microsoft Cloud (Azure). Power Pages uses scalable, highly available Azure infrastructure with automatic traffic management, application servers, and an optional Content Delivery Network (CDN). Microsoft processes data as a processor in accordance with the applicable online service agreements (Data Processing Agreement).
2.5 Storage period
In line with the principle of data minimization, server log files are stored only for as long as necessary for the purposes stated above. The retention period follows your configured privacy policy (typically 30 days by default). In the event of security incidents, logs may be retained for longer—up to completion of the final analysis, for a maximum of 90 days. After that, the data is deleted or anonymized.
3. Cookies and Consent Management
3.1 Legal foundations
Storing and reading information on the end device (including cookies and local storage objects) is generally permitted under Section 25(1) TDDDG only with consent. An exception applies under Section 25(2) TDDDG for storage that is technically necessary—for example, to transmit a communication expressly requested by the user or to provide the service. The subsequent processing of personal data is governed by the GDPR (e.g., Article 6(1)(f) or Article 6(1)(a) GDPR).
3.2 Technically necessary cookies (Power Pages)
This website is operated using Microsoft Power Pages. Power Pages sets cookies required for operation and security that cannot be fully disabled. This includes, in particular: Security functions (CSRF protection, token management) Session management and user authentication Routing and load balancing within the Azure infrastructure
Overview of “Power Pages” cookies:
| Cookie | Storage duration | Functional scope |
|---|---|---|
| __RequestVerificationToken | Session | CSRF-Protection / Anti-Forgery-Token |
| .AspNet.ApplicationCookie | Session | User-Session-ID |
| ASP.NET_SessionId | Session | Session of logged-in users |
| ARRAffinity / ARRAffinitySameSite | Session | Azure-Loadbalancing (Session Affinity) |
| ContextLanguageCode | Session | User language preference |
| timeZoneCode / timezoneoffset | Session | Used for correct time zone display |
| isDSTObserved / isDSTSupport | Session | Stores information regarding Daylight Saving Time |
| adxPreviewUnpublishedEntities | Session | Preview-mode for admin-users |
| adx-notification | Session | Notifications & Error handling |
| WebPageCaching | 1 day | CDN-Cache-decision |
| MC1 / MS0 | Session | Used for page speed optimization |
| OpenIdConnect.nonce.xxxxxx | Session | ID-Token-Verknüpfung (Sicherheit) |
| AspNet.ExternalCookie | Session | Session-tracking for external identity providers for logged-in users |
| Dynamics365PortalAnalytics | 90 days | Anonymous usage tracking; critical service cookie for billing purposes |
Session cookies are automatically deleted when you close your browser.
The cookie “Dynamics365PortalAnalytics” stores anonymized usage statistics and aggregated data for the technical management of license quotas. According to Microsoft, this cookie is essential for reliable service functionality. It does not store personalized or identifying data.
3.3 Consent Management System (Consentmanager)
We use "Consentmanager" as a consent management platform (CMP) to: Obtain and store your consents Block third-party content and optional technologies until consent is given Document your consents and maintain evidence of compliance
CMP cookies Consentmanager sets the following cookies to manage consent: __cmpconsentx… (TCF consent string; required for consent under the TCF standard) __cmpcccx… (custom consent format; stores your consent preferences) __cmpld, __cmpiuid (CMP functionality and user identification)
Legal basis: For the cookie itself: Section 25(2) No. 2 TDDDG (technically necessary to provide the consent controls you requested) For processing by Consentmanager: Article 6(1)(f) GDPR (legitimate interest in legally compliant consent management and proof of compliance)
Withdrawal and adjustment: You can adjust or withdraw your consents at any time via the “Cookie settings”. The change takes effect immediately for future processing.
4. Optional Technologies Subject to Consent
4.1 Client-side telemetry
With your consent, optional client-side telemetry features may be enabled. These may set a local storage object with a unique visitor identifier (UUID). Purpose: Collection of anonymized technical data about user experience and system performance Legal basis: End device (local storage): Section 25(1) TDDDG (consent required) Processing: Article 6(1)(a) GDPR (consent) Storage period: Local storage data has no automatic expiry and remains stored until you delete it. You can delete this data at any time via your browser settings or cookie management. Withdrawal: You can disable telemetry at any time via the cookie settings.
5. Contacting Us
If you contact us (via the contact form on this website, by email, or by phone), we process the data you provide to handle and respond to your inquiry. This typically includes: Name Company Email address Phone number (optional) Message content Legal basis: Article 6(1)(b) GDPR (steps taken to respond to an inquiry and, where applicable, to initiate a contract) Article 6(1)(f) GDPR (legitimate interest in efficient communication and business operations) Storage period: Data is stored until your inquiry has been fully processed. It is then retained in accordance with applicable statutory retention obligations (e.g., commercial law, tax law) or for legal defense purposes, and subsequently deleted.
6. Embedded Google Maps
6.1 Provision and consent
On a subpage of this website, we provide an interactive Google Maps map to display our business location. Google Maps is embedded as an iFrame (embedded element). Important: The Google Maps map is completely blocked by our consent management system (Consentmanager). The iFrame is loaded only after you give your explicit consent. Without your consent, no data is transferred to Google. 6.2 Data and provider Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Ireland Limited is a Google group company and the controller for Google Maps in the EU) If you consent to the use and load the map, the following data may be transmitted to Google: IP address Browser type and version Operating system Usage behavior within the map (zooming, panning, etc.) Unique device/browser identifiers (cookies and similar technologies) After consent, Google may also load its own web fonts from fonts.googleapis.com or fonts.gstatic.com.
6.3 Legal basis and third-country transfer
Legal basis: Article 6(1)(a) GDPR (your consent) Section 25(1) TDDDG (consent for storing information on your end device) Transfer to the USA: Data is transferred to the United States. Google LLC is certified as a participant in the EU–US Data Privacy Framework (DPF). In addition, Google has implemented EU Standard Contractual Clauses (SCCs) as an additional safeguard. Further information: Google Privacy Policy: https://policies.google.com/privacy?hl=de Google GDPR Controller Terms: https://privacy.google.com/businesses/gdprcontrollerterms/ Google SCC documentation: https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
6.4 Withdrawal
You can withdraw your consent to the use of Google Maps at any time via the cookie settings or the cookie banner. After withdrawal, the iFrame will no longer be loaded and no further data will be transferred to Google.
7. Transfers to Third Countries (USA)
7.1 Microsoft Power Pages and Azure
Certifications and safeguards: Microsoft is certified under the EU–US Data Privacy Framework (DPF) Microsoft has implemented EU Standard Contractual Clauses (SCCs) EU Data Boundary: For core cloud services, storage and processing preferably take place within the EU/EFTA. Microsoft documents transparent exceptions (e.g., system-generated logs). Legal basis: Article 45 GDPR (data transfers based on an adequacy decision) in conjunction with Article 46 GDPR (Standard Contractual Clauses).
7.2 Google Maps and Google services
Certifications: Google LLC is certified under the EU–US Data Privacy Framework (DPF) Google has implemented Standard Contractual Clauses (SCCs) Further information: https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
8. Security (TLS/SSL Encryption)
This website uses TLS encryption (recognizable by the https:// URL prefix and the padlock icon in your browser’s address bar). This protects the confidentiality and integrity of your data during transmission between your browser and our server.
9. Obligation to Provide Personal Data
Providing personal data is not legally required. However, for certain functions of this website (e.g., contacting us via the form), specific details are necessary; without them, we cannot process your inquiry. Required fields are marked in the form.
10. Automated Decisions and Profiling
There are no decisions on this website that are based solely on automated processing and produce legal effects. Profiling (automated analysis of personality profiles) does not take place.
11. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
11.1 Right of access (Article 15 GDPR)
You have the right to obtain information at any time about which personal data we process about you, for what purpose, and on what legal basis.
11.2 Right to rectification (Article 16 GDPR)
You have the right to have inaccurate or incomplete data corrected.
11.3 Right to erasure (Article 17 GDPR)
You have the right to have your data deleted, provided that no statutory retention obligations or other grounds for processing apply.
11.4 Right to restriction of processing (Article 18 GDPR)
In certain cases, you may request that the processing of your data be restricted.
11.5 Right to data portability (Article 20 GDPR)
You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
11.6 Right to object (Article 21 GDPR)
You have the right to object at any time to processing based on legitimate interests (Article 6(1)(f) GDPR). This may be relevant in particular for processing for marketing purposes or security analyses. If you object, we will assess your case individually. Processing will continue only if: compelling legitimate grounds override your interests, or processing serves the establishment, exercise, or defense of legal claims
11.7 Withdrawal of consent
You may withdraw any consent you have given (e.g., for cookies, Google Maps, telemetry) at any time with effect for the future via the cookie settings or by contacting us. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
11.8 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that we are violating your rights. The competent authority is usually the authority in the state where you reside or work. For users in North Rhine-Westphalia: State Commissioner for Data Protection and Freedom of Information (LDI NRW) https://www.ldi.nrw.de/kontakt/ihre-beschwerde
12. Contact for Data Protection Inquiries
If you have questions about this privacy notice or your data protection rights, please contact: Data Protection Officer euro delkredere GmbH & Co. KG Data Protection Department Alexanderstraße 38 45472 Mülheim an der Ruhr Email: datenschutz@eurodelkredere.de Phone: +49 (0) 208 305590