General Terms and Conditions

General Terms and Conditions (GTC) of Dipolo GmbH

PREAMBLE 

Dipolo GmbH (hereinafter "we" or "Dipolo") takes the protection of your personal data very seriously. We process your data exclusively on the basis of legal provisions (GDPR, BDSG, TTDSG). This privacy policy informs you about the processing of your personal data when using our website and our services.

1. CONTROLLER AND CONTACT

Controller according to GDPR:
Dipolo GmbH
Am Mittleren Moos 48, 86167 Augsburg
Germany

Phone: +49 (0)821 71 04 96 16

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: https://www.dipolo-gmbh.de

Management:
Marco Brunelli, Carmelo Li Veli

Commercial Register:
Local Court Augsburg, HRB 31223

VAT ID: DE298616951

Due to the company size and the nature of data processing, the appointment of a data protection officer according to § 38 BDSG is currently not required. For data protection inquiries, please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. GENERAL INFORMATION ON DATA

PROCESSING

2.1. Scope of processing of personal data

We generally only process personal data

of our users and business partners to the

extent necessary to provide a functional

website, our content and services, and to

execute contracts. The processing of

personal data is regularly carried out

only with the user's consent. An

exception applies in cases where data

processing is permitted by law.


2.2. Legal basis for processing personal

data

Where we obtain consent for processing

operations involving personal data, Art. 6

para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal

basis.

When processing personal data

necessary for the performance of a

contract to which the data subject is

party, Art. 6 para. 1 lit. b GDPR serves as

the legal basis. This also applies to

processing operations necessary for pre-

contractual measures.

Where processing of personal data is

necessary for compliance with a legal

obligation to which our company is

subject, Art. 6 para. 1 lit. c GDPR serves as

the legal basis.

If processing is necessary to protect a

legitimate interest of our company or a

third party and the interests,

fundamental rights, and freedoms of the

data subject do not override the former

interest, Art. 6 para. 1 lit. f GDPR serves as

the legal basis for processing. 


2.3. Data deletion and storage period

The personal data of the data subject will

be deleted or blocked as soon as the

purpose of storage ceases to apply.

Storage may also occur if provided for by

European or national legislators in EU

regulations, laws, or other provisions.

Blocking or deletion of data also occurs

when a storage period prescribed by the

aforementioned standards expires,

unless there is a need for further storage

of the data for the conclusion or

fulfillment of a contract.



3. PROVISION OF THE WEBSITE AND

CREATION OF LOG FILES

3.1. Description and scope of data

processing

Each time our website is accessed, our

system automatically collects data and information from the computer system

of the accessing computer. The following

data is collected:

 User's IP address

(shortened/anonymized after 7 days at

the latest)

 Date and time of access

 Pages and files accessed

 Amount of data transferred

 Notification of successful retrieval

(HTTP status code)

 Browser type and version

 User's operating system

 Referrer URL (previously visited page)

 Hostname of the accessing computer

 User's provider

This data is stored in our system's log

files. This data is not stored together with

other personal data of the user.


3.2. Legal basis

The legal basis for the temporary storage
of data and log files is Art. 6 para. 1 lit. f
GDPR (legitimate interest).

3.3. Purpose of data processing

The temporary storage of the IP address
by the system is necessary to enable
delivery of the website to the user's
computer. For this purpose, the user's IP
address must remain stored for the
duration of the session.
Storage in log files is carried out to
ensure the functionality of the website.
The data also serves to optimize the
website, ensure the security of our
information technology systems, and for
error analysis. Data is not evaluated for
marketing purposes.

3.4. Duration of storage

The data is deleted as soon as it is no
longer necessary to achieve the purpose
for which it was collected. In the case of
data collection for website provision, this
is when the respective session has
ended.
In the case of data storage in log files,
this is after 7 days at the latest. Further
storage is possible, whereby the users' IP
addresses are deleted or anonymized so
that assignment of the calling client is
no longer possible.

3.5. Objection and removal options

The collection of data for website provision and the storage of data in log
files is essential for the operation of the
website. Consequently, there is no
possibility for the user to object.


4. USE OF COOKIES

4.1. Description and scope of data

processing

Our website uses cookies. Cookies are
text files that are stored in or by the
Internet browser on the user's computer
system. When a user visits a website, a
cookie may be stored on the user's
operating system. This cookie contains a
characteristic string that enables unique
identification of the browser when the
website is accessed again.
We use the following types of cookies:
Technically necessary cookies (session
cookies):
 Purpose: Provision of website
functionality
 Legal basis: Art. 6 para. 1 lit. f GDPR
(legitimate interest)
 Storage duration: Until end of browser
session
 Examples: Session ID, language
selection, login status
Functional cookies:
 Purpose: Improvement of user-
friendliness
 Legal basis: Art. 6 para. 1 lit. a GDPR
(consent) via cookie banner
 Storage duration: [Specify period, e.g.,
30 days]
 Examples: Preferred settings, form
data
Analysis of cookies (if used):
 Purpose: Statistical evaluation of
website use
 Legal basis: Art. 6 para. 1 lit. a GDPR (consent) according to § 25 TTDSG
 Storage duration: [Specify period, e.g.,
24 months]
 Provider: [e.g., Google Analytics,
Matomo, etc.]

4.2. Legal basis

The legal basis for processing personal
data using technically necessary cookies
is Art. 6 para. 1 lit. f GDPR (legitimate
interest in website functionality).
The legal basis for processing personal
data using analysis and marketing
cookies is Art. 6 para. 1 lit. a GDPR and §
25 para. 1 TTDSG if the user has given
consent.

4.3. Purpose of data processing

The purpose of using technically
necessary cookies is to simplify the use
of websites for users and ensure the
functionality of our website.
Analysis cookies are used to improve the
quality of our website and its content.
Through these cookies, we learn how the
website is used and can thus
continuously optimize our offer.

4.4. Storage duration, objection and

removal options

Cookies are stored on the user's
computer and transmitted from there to
our site. Therefore, as a user, you have
full control over the use of cookies. By
changing the settings in your Internet
browser, you can disable or restrict the
transmission of cookies. Cookies that
have already been stored can be deleted
at any time. This can also be done
automatically.
You can adjust your cookie settings at
any time via our cookie consent tool:
[Link to cookie banner/settings]
If cookies for our website are
deactivated, it may no longer be possible
to use all functions of the website to
their full extent.

5. CONTACT FORM AND EMAIL CONTACT

5.1. Description and scope of data

processing
A contact form is available on our
website that can be used for electronic
contact. If a user makes use of this
option, the data entered in the input
mask is transmitted to us and stored.
This data typically includes:
 First and last name
 Email address
 Phone number (optional)
 Company (for B2B inquiries)
 Subject and message text
 Date and time of submission
At the time of sending the message, the
following data is also stored:
 User's IP address (for spam
prevention)
 Timestamp
Your consent is obtained for data
processing as part of the submission
process, and reference is made to this
privacy policy.
Alternatively, contact is possible via the
email address provided. In this case, the
user's personal data transmitted with
the email is stored.
In this context, no data is passed on to
third parties. The data is used exclusively
for processing the conversation.


5.2. Legal basis

The legal basis for processing data if the
user has given consent is Art. 6 para. 1 lit.
a GDPR.
The legal basis for processing data
transmitted in the course of sending an
email is Art. 6 para. 1 lit. f GDPR
(legitimate interest in processing
inquiries). If email contact aims at
concluding a contract, the additional
legal basis for processing is Art. 6 para. 1
lit. b GDPR.

5.3. Purpose of data processing

The processing of personal data from the
input mask serves us solely for processing the contact request. In the
case of contact by email, this also
constitutes the necessary legitimate
interest in processing the data.
Other personal data processed during
the submission process serves to prevent
misuse of the contact form and ensure
the security of our information
technology systems.

5.4. Duration of storage

The data is deleted as soon as it is no
longer necessary to achieve the purpose
for which it was collected. For personal
data from the contact form input mask
and those sent by email, this is the case
when the respective conversation with
the user has ended. The conversation is
ended when the circumstances indicate
that the matter has been conclusively
clarified.
If a contract is concluded, the statutory
retention periods according to HGB and
AO apply (usually 6 or 10 years).
Personal data additionally collected
during the submission process (IP
address) is deleted after a period of 7
days at the latest.

5.5. Objection and removal options

The user has the option at any time to
revoke their consent to the processing of
personal data. If the user contacts us by
email, they can object to the storage of
their personal data at any time. In such a
case, the conversation cannot continue.
A revocation or objection can be made
by email to datenschutz@dipolo-
gmbh.de.
All personal data stored in connection
with contact will be deleted in this case,
unless statutory retention obligations
prevent this.

6. PROCESSING OF BUSINESS CUSTOMER

DATA (B2B)

6.1. Scope and purpose of processing

When you order or inquire about
products or services from us as a
business customer, we process the
following data:
Master data:
 Company name, legal form
 Contact person (name, position)
 Address (billing and delivery address)
 Contact details (email, phone, fax)
 VAT ID, commercial register number
 Bank details (for payment processing)
Contract data:
 Quotes, order confirmations
 Delivery notes, invoices
 Payment data and history
 Correspondence (emails, letters, notes)
 Technical specifications, drawings
Technical data (for
installation/service):
 Machine location data
 Maintenance logs
 Error reports, service tickets
 Remote access data (encrypted)

6.2. Legal basis

Processing is based on the following
legal bases:
 Art. 6 para. 1 lit. b GDPR (contract
fulfillment, pre-contractual measures)
 Art. 6 para. 1 lit. c GDPR (legal
obligation, e.g., retention
requirements under HGB/AO)
 Art. 6 para. 1 lit. f GDPR (legitimate
interest in business relationships,
creditworthiness check, fraud
prevention)

6.3. Recipients of data

Within our company, those departments that need this data to fulfill our
contractual and legal obligations have
access to your data (sales, accounting,
customer service, technology).
External recipients may include:
 Shipping service providers (for
deliveries)
 Banks and payment service providers
 IT service providers (hosting,
maintenance)
 Tax advisors, auditors
 Lawyers (in case of disputes)
 Manufacturers/suppliers (for technical
inquiries)
 Authorities (in case of legal obligation) 

6.4. Data transfer to third countries

Your data will only be transferred to third
countries (outside EU/EEA) if:
 This is necessary for contract
fulfillment (e.g., delivery to
Switzerland)
 Consent is given
 Adequate safeguards exist (standard
contractual clauses, adequacy
decision)
We will inform you individually about
third-country transfers.

6.5. Storage duration
Business customer data is stored for the
duration of the business relationship and
beyond according to the following
periods:
 Commercial law: 6 years (§ 257 HGB)
for business letters, commercial books
 Tax law: 10 years (§ 147 AO) for
invoices, accounting documents
 Contract law: Until expiry of warranty
period + statutory limitation periods
 After contract end: Up to 3 years for
potential warranty claims
After expiry of these periods, data is
routinely deleted unless there are
legitimate reasons for further storage.


7. NEWSLETTER AND MARKETING

7.1. Description and scope of data

processing
On our website, there is an option to
subscribe to a free newsletter. When
registering for the newsletter, the data
from the input mask is transmitted to us:
 Email address (mandatory field)
 First name, last name (optional)
 Company (optional)
 Time of registration
 IP address (for verification purposes)
When registering for the newsletter,
your consent to processing is obtained
and reference is made to this privacy
policy.


7.2. Double opt-in procedure

For sending the newsletter, we use the
so-called double opt-in procedure. After
registration, you will receive an email
asking you to confirm that you wish to
receive the newsletter. If you do not
confirm your registration, your data will
be automatically deleted within 30 days.

7.3. Legal basis

The legal basis for processing data after
registration for the newsletter by the
user is Art. 6 para. 1 lit. a GDPR if consent
has been given.

7.4. Purpose of data processing

The collection of the user's email address
serves to deliver the newsletter. The
collection of other personal data as part
of the registration process serves to
prevent misuse of the services or the
email address used.

7.5. Duration of storage

The data is deleted as soon as it is no
longer necessary to achieve the purpose
for which it was collected. The user's
email address is therefore stored as long
as the newsletter subscription is active.

7.6. Revocation and removal options

The newsletter subscription can be
canceled by the affected user at any
time. For this purpose, a corresponding
link can be found in each newsletter.
This also enables revocation of consent
to the storage of personal data collected
during the registration process.
We currently do not offer a newsletter
service. If you nevertheless receive
marketing emails from us, please
contact This email address is being protected from spambots. You need JavaScript enabled to view it..

8. SOCIAL MEDIA AND EXTERNAL

SERVICES

8.1. Social media plugins
Our website uses social media plugins
from the following services:
LinkedIn:
 Provider: LinkedIn Corporation, 2029
Stierlin Court, Mountain View, CA
94043, USA
 Function: "Share" button, embed
company page
 Legal basis: Art. 6 para. 1 lit. a GDPR
(consent via cookie banner) or Art. 6
para. 1 lit. f GDPR (legitimate interest)
 Data transfer: USA (based on standard
contractual clauses)
 Privacy policy:
https://www.linkedin.com/legal/privacy-
policy
To protect your privacy, we only use
social media plugins with your consent
(2-click solution). Plugins only become
active when you click the corresponding
button.


8.2. Google services

Google Analytics: 
  •  Provider: Google Ireland Limited,
  • Gordon House, Barrow Street, Dublin
  • 4, Ireland
  •  Function: Web analysis, visitor
  • statistics
  •  Legal basis: Art. 6 para. 1 lit. a GDPR
  • (consent via cookie banner)
  •  Anonymization: IP anonymization
  • activated
  •  Objection: Via browser add-on or cookie settings
Google Maps: 
  •  Provider: Google Ireland Limited
  •  Function: Display of interactive maps
  •  Legal basis: Art. 6 para. 1 lit. f GDPR
  • (legitimate interest in user-friendly
  • location presentation)
  •  Data transfer: Possible when using the
  • map

8.3. YouTube

If we embed YouTube videos, we use
enhanced privacy mode. Videos are only
loaded when you click "Play."

8.4. Other services

 Hosting provider
 CRM systems
 Payment service providers
 Chat tools

9. RIGHTS OF THE DATA SUBJECT

You have the following rights with regard to
personal data concerning you:

9.1. Right to access (Art. 15 GDPR)

You have the right to obtain
confirmation from us as to whether
personal data concerning you is being
processed. If this is the case, you have a
right to information about this personal
data and to the information specified in
detail in Art. 15 GDPR.

9.2. Right to rectification (Art. 16 GDPR)

You have the right to request from us
without undue delay the rectification of
inaccurate personal data concerning
you. Taking into account the purposes of
the processing, you have the right to
have incomplete personal data
completed, including by means of
providing a supplementary statement.

9.3. Right to erasure (Art. 17 GDPR)

You have the right to request from us
that personal data concerning you be
erased without undue delay if one of the
reasons listed in detail in Art. 17 GDPR
applies, e.g., if the data is no longer
needed for the purposes pursued.

9.4. Right to restriction of processing (Art. 18 GDPR)

You have the right to request from us
the restriction of processing if one of the
conditions listed in Art. 18 GDPR is met,
e.g., if you have objected to the
processing, for the duration of our
review.

9.5. Right to data portability (Art. 20 GDPR)

You have the right to receive the
personal data concerning you that you
have provided to us in a structured,
commonly used, and machine-readable
format, and you have the right to
transmit this data to another controller
without hindrance from us, provided
that the processing is based on consent
or a contract and the processing is
carried out by automated means.

9.6. Right to object (Art. 21 GDPR)

You have the right to object at any
time, on grounds relating to your
particular situation, to the processing
of personal data concerning you which
is based on Art. 6 para. 1 lit. f GDPR
(data processing based on a balance of
interests).
If you object, we will no longer process
your personal data unless we can
demonstrate compelling legitimate
grounds for the processing which
override your interests, rights, and
freedoms, or the processing serves the
establishment, exercise, or defense of
legal claims.
If personal data is processed by us for
direct marketing purposes, you have
the right to object at any time to the
processing. If you object to processing
for direct marketing purposes, we will
no longer process your personal data
for these purposes.

9.7. Right to withdraw data protection

consent (Art. 7 para. 3 GDPR)

You have the right to withdraw your
consent to the processing of personal
data at any time with effect for the
future. The lawfulness of processing
based on consent before its withdrawal
remains unaffected.

9.8. Right to lodge a complaint with a

supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint
with a supervisory authority, particularly
in the Member State of your habitual residence, place of work, or place of the
alleged infringement, if you believe that
the processing of personal data
concerning you infringes the GDPR.
Competent supervisory authority for
Dipolo GmbH:
Bayerisches Landesamt für
Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://www.lda.bayern.de


9.9. Exercising your rights
To exercise your rights, please contact:
Dipolo GmbH
Data Protection
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.


10. DATA SECURITY

During your visit to our website, we use the
widespread SSL procedure (Secure Socket
Layer) in conjunction with the highest
encryption level supported by your browser.
This is usually 256-bit encryption. If your
browser does not support 256-bit encryption,
we use 128-bit v3 technology instead. You can
tell whether an individual page of our
website is transmitted in encrypted form by
the closed display of the key or lock symbol in
the lower status bar of your browser.
We also use appropriate technical and
organizational security measures to protect
your data against accidental or intentional
manipulation, partial or complete loss, destruction, or unauthorized access by third
parties. Our security measures are
continuously improved in line with
technological developments.
Our security measures include:
 Encrypted data transmission (TLS/SSL)
 Firewall systems
 Access controls and authorization
concepts
 Regular security updates and patches
 Backup systems
 Employee training on data protection
 Confidentiality obligations of employees

11. CURRENCY AND CHANGES TO THIS

PRIVACY POLICY

This privacy policy is currently valid and dated
October 2025.
Due to the further development of our
website and offers or due to changed legal or
regulatory requirements, it may become
necessary to change this privacy policy. The
current privacy policy can be accessed and
printed at any time on the website at
https://www.dipolo-gmbh.de/en/imprint.html
We recommend that you review this privacy
policy regularly to stay informed about the
protection of the personal data we collect.

12. DEFINITIONS
Personal Data:
Any information relating to an identified or
identifiable natural person (Art. 4 No. 1 GDPR).
Processing:
Any operation or set of operations performed
on personal data or on sets of personal data,
whether or not by automated means (Art. 4
No. 2 GDPR).
Controller:
The natural or legal person which determines
the purposes and means of the processing of
personal data (Art. 4 No. 7 GDPR).
Processor:
A natural or legal person which processes
personal data on behalf of the controller (Art.
4 No. 8 GDPR).
Consent:
Any freely given, specific, informed and
unambiguous indication of the data subject's
wishes by which they signify agreement to
the processing of personal data relating to
them (Art. 4 No. 11 GDPR).
Third Party:
A natural or legal person, public authority,
agency or body other than the data subject,
controller, processor and persons who, under
the direct authority of the controller or
processor, are authorized to process personal
data (Art. 4 No. 10 GDPR).
Recipient:
A natural or legal person, public authority,
agency or another body, to which the
personal data are disclosed, whether a third
party or not (Art. 4 No. 9 GDPR).
Special Categories of Personal Data:
Personal data revealing racial or ethnic origin,
political opinions, religious or philosophical
beliefs, or trade union membership, and
genetic data, biometric data for the purpose
of uniquely identifying a natural person, data
concerning health or data concerning a
natural person's sex life or sexual orientation
(Art. 9 para. 1 GDPR).
Profiling:
Any form of automated processing of
personal data consisting of the use of
personal data to evaluate certain personal
aspects relating to a natural person (Art. 4 No.
4 GDPR).
Pseudonymization:
The processing of personal data in such a
manner that the personal data can no longer
be attributed to a specific data subject
without the use of additional information,
provided that such additional information is
kept separately (Art. 4 No. 5 GDPR).
Anonymization:
The alteration of personal data in such a way
that individual information about personal or
factual circumstances can no longer be
attributed to an identified or identifiable
natural person, or only with a
disproportionate amount of time, cost and
effort.
Data Subject:
An identified or identifiable natural person to
whom the personal data relates (Art. 4 No. 1
GDPR).
Supervisory Authority:
An independent public authority which is
established by a Member State and is
responsible for monitoring the application of
the GDPR (Art. 4 No. 21 GDPR).
International Organization:
An organization and its subordinate bodies
governed by public international law, or any
other body which is set up by, or on the basis
of, an agreement between two or more
countries (Art. 4 No. 26 GDPR).
Third Country:
A country outside the European Economic
Area (EEA), consisting of the EU member
states as well as Iceland, Liechtenstein and
Norway.


Last Updated:
This Privacy Policy was created in accordance
with:
 EU General Data Protection Regulation
(GDPR) - Regulation (EU) 2016/679
 German Federal Data Protection Act
(BDSG) as of June 30, 2017
 Telecommunications-Telemedia Data
Protection Act (TTDSG) of June 23, 2021
 German Telemedia Act (TMG)



Mobile Menu EN