Privacy Policy

D-M-E UK – see below in Section 7 for Contact Information – (“DME” or “we” or “our“) take data privacy seriously. This Website Data Protection Notice (“Notice“) informs the users of www.dmeeu.com (“Website“) how DME, as controller within the meaning of the General Data Protection Regulation (“GDPR“), collects and processes the personal data and other information of such users in connection with their usage of the Website.

Note that for other DME services or other relationships with users, suppliers or customers other privacy terms may apply. This Notice does not apply to third-party sites which may be linked to from this Website.

Content Overview

• 1 – Categories of Personal Data, Processing Purposes and Legal Bases
• 2 – Consequences When You Do Not Provide Your Data
• 3 – Categories of Recipients and International Transfers
• 4 – Retention Periods
• 5 – Your Rights
• 6 – Cookies and other Tracking Technologies
• 7 – Questions and Contact Information

1 – Categories of Personal Data, Processing Purposes and Legal Bases – What personal data do we process about you and why? What are the legal bases?

(i) Usage Data: In connection with your visit of the Website we will collect the following information: E.g., details on your browser (such as type, version, language); operating system and interface; website from which you are visiting us (referrer URL); webpage(s) you are visiting on our Website; date and time of accessing our Website and time zone difference; access status/HTTP status code; volume of data transferred; internet protocol (IP) address; whether you are 18 years or older; information gathered via cookies (see below Section 6 for further information on Cookies).

Purposes: Usage Data will be used to provide you access to the website and to maintain or restore the security of the Website, or to detect technical faults and/or errors in the transmission of electronic communications.

Legal bases:

The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (e.g., business partners of DME), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6(1)(f) GDPR). Such interests are to provide you with the website as requested by you and to achieve the other purposes as set out above. Additional information on this legal basis and the respective balancing of interest can be requested by contacting us using the details as set out in Section 7. The processing is necessary for the performance of a contract (e.g., the usage relationship) to which you are a party or in order to take steps at the request of you prior to entering into a contract (Art. 6(1)(a) GDPR).

2 – Consequences When You Do Not Provide Your Data – What happens if you choose not to provide it?

The provision of your personal data is generally not required by a statutory or contractual obligation. However, the provision of certain of your personal data is necessary to visit our Website, to enter into a contract with us or to receive our services, products or information as requested by you. In certain cases, the provision of your personal data is voluntary.

Not providing your personal data may result in disadvantages for you – for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.

3 – Categories of Recipients and International Transfers – Who do we transfer your personal data to and where are they located?

(i) Recipients

You should expect that we will transfer your personal data to (internal and external) recipients for the processing purposes described above as follows:

• Within DME: Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within DME may receive personal data. For example, our IT department may have access to Usage Data, and our sales departments may have access to Account and Order Data. Moreover, other departments within DME may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department or internal auditing.
• With data processors: Certain third party service providers such as IT support providers will receive your personal data to process such data under appropriate instructions (“Processors“) as necessary for the processing purposes described above, such as IT / Website service providers, customer care providers, marketing service providers, or other service providers who support us in maintaining our relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.
• Other recipients: We may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, courts, external consultants, shipping service providers, payment service providers, or other business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition.

Any access to your personal data is generally restricted to those individuals that have a need-to-know in order to fulfill their job responsibilities.

(ii) International transfers

• You should expect that the recipients above, which will receive or have access to your personal data, are located inside or outside the European Economic Area (“EEA“).
• Some recipients located outside of the EEA are located in countries with adequacy decisions pursuant to Art. 45 GDPR. Those recipients are located in Canada and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective.

Other recipients are located in countries which do not adduce an adequate level of protection from a European data protection law perspective (in particular, the USA (if not certified under the EU-U.S. Privacy Shield). We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law.

With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as binding corporate rules (Art. 46(2)(b), 47 GDPR), standard data protection clauses adopted/approved by the European Commission or by a supervisory authority (Art. 46(2)(c) or (d) GDPR), approved codes of conduct together with binding and enforceable commitments of the recipient (Art. 46(2)(e) GDPR), or approved certification mechanisms together with binding and enforceable commitments of the recipient (Art. 46(2)(f) GDPR).

You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below.

4 – Retention Periods – How long do we keep your personal data?

Your personal data will be retained as long as necessary to provide you with the services and products requested. Once you have terminated the contractual relationship with us and/or you have deleted your account, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which DME is subject – e.g., taxation purposes).

Personal data will in principle be deleted 2 years after the last interaction and contact between you and DME. However, we will retain your contact details and interests in our products or services for a longer period of time if DME is allowed to send you marketing materials. Also, we typically erase contracts, communications, and business letters containing personal data, or we redact personal data from such documents, 10 years after their termination or creation, as such data may be subject to statutory retention requirements, which often require retention of up to 10 years.

We may also retain your personal data on a need to know basis only after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.

5 – Your Rights – What rights do you have and how can you assert your rights?

Right to withdraw your consent: If you have given your consent regarding certain types of processing activities (in particular regarding the receipt of certain direct marketing communications), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You can withdraw your consent by using the contact information set out in Section 7 (e.g., sending an e-mail).

Additional data privacy rights: Pursuant to applicable data protection law, you have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data. Below please find further information on your rights to the extent that the GDPR applies. Please note that these rights might be limited under the applicable (local) data protection law.

(I) Right to request access to your personal data: As provided by applicable data protection law, you have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You also have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

(ii) Right to request rectification: As provided by applicable data protection law, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(iii) Right to request erasure (right to be forgotten): As provided by applicable data protection law, you have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.

(iv) Right to request restriction of processing: As provided by applicable data protection law, you have the right to obtain from us and we may be obliged to restrict the processing of your personal data. In this case, the respective personal data will be marked and may only be processed by us for certain purposes.

(v) Right to request data portability: As provided by applicable data protection law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another entity without hindrance from us, where the processing is carried out by automated means and is based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR.

(vi) Right to object:

Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we are required to no longer process your personal data. Such right to object especially applies if we collect and process your personal data for certain types of direct marketing.

If you have a right to object and if you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below.

Such a right to object may, in particular, not exists if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

To exercise your rights, please contact us as stated under Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority in the relevant Member State (e.g., the place where you reside, work, or of an alleged infringement of the GDPR).

6 – Cookies and other Tracking Technologies

Cookies are small text files, which are placed in a browser directory of your end device. Cookies are completely common and are used on numerous websites. Each cookie typically contains the name of the placing domain, the lifetime of the cookie and a value (typically a unique number). Some cookies expire when you end your internet session, others are stored for a specific time. You can find detailed information about what cookies are and how they work at www.aboutcookies.org.

For instance, cookies enable the operator of a website to determine whether a computer (or possibly its user as well) has already visited the website before. Basically, the purpose of cookies is to improve the efficiency and the user experience of the website. Cookies allow a website to work more efficiently, provide additional functions and convey additional functions to the operators of websites regarding your visit to a website. Cookies allow the operator of a website to quantify the total use of the website and to determine the preferred user areas.

The following cookie is used on our website:

Google Analytics

This website uses Google Analytics, a web analytics service of the Google LLC (“Google”). Google Analytics uses so-called “cookies”, text files, which are stored on the users’ computers and which enable an analysis of your usage of the website. The information concerning the usage of the website by the users, which is created by the cookie, is usually transmitted to and stored by a Google server in the USA. IP anonymization is activated on this website, so that the users’ IP address is previously shortened by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server located in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google uses this information to evaluate the usage of the website by the users, to compile reports on website activities and to perform other services to the website operator associated with the website usage and internet usage. The IP address transmitted by your browser in the framework of Google Analytics will not be consolidated with other data from Google.

You can prevent the storage of cookies by selecting appropriate settings in your browser software. However, we would like to point out that you may not be able to use all functions of this website if you choose to do so. Users can also prevent Google from collecting data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout

Of course, you can also set your internet browser so that it does not accept cookies or you will be informed as soon as cookies are placed. You can usually access the relevant information using the help function of your internet browser. However, we would like to point out that in this case the functions of our website may only be available to a limited extent.

Legal bases for cookies and tracking technology:

You have given your consent to the processing of your personal data for one or more specific purposes (Art. 6(1)(a) GDPR). If you have given your consent, you can withdraw this consent at any time as set out in Section 5. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

The processing is necessary for the performance of a contract (e.g., the usage relationship) to which you are a party or in order to take steps at the request of you prior to entering into a contract (Art. 6(1)(a) GDPR).

The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (e.g., business partners of DME), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6(1)(f) GDPR). Such interests are to achieve the purposes as set out above. Additional information on this legal basis and the respective balancing of interest can be requested by contacting us using the details as set out in Section 7.

7 – Questions and Contact Information

If you have any questions about this Notice or if you want to exercise your rights as stated above in Section 5, please contact us.