Privacy Policy

Protecting and securing your personal data is important to us. This privacy policy explains how we handle the personal information you provide on our websites. It also helps you understand what information we request, why we request it, what we do with it, and how long we keep it.

1. Responsibility and contact details of the data protection officer
Data processing on this website is carried out by
DESKO GmbH Gottlieb-Keim-Str. 56 95448 Bayreuth
Phone: +49 (0)921/792790 Email: info@desko.de

We have appointed a data protection officer for our company:

DEKRA Assurance Services GmbH Mr. Jürgen Schmidt Handwerkstr. 15 70565 Stuttgart
Email: datenschutz@desko.de

2. Processing on our website
We process personal data when you visit our website and use its functions. Unless otherwise specified, you are not required to provide us with personal data. However, if you choose not to, we will generally be unable to provide you with our website and the services offered on it.
The following sections explain what data we process, why we process it, how long we keep it, and the legal basis for processing it. You will also learn whom we share your data with. At the end of the privacy policy, you will find information on storage periods, general recipients, and automated decision-making.

2.1 Provision of the online service
Purposes: You can generally use our website without providing any personal data, such as registration. However, some technical data is collected during use that may indicate your identity as a natural person.
Categories of data: The data processed regularly includes the IP address and other technical data such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer, time of the server request, and the URL accessed.
Recipients:
- weber.digital GmbH, Zollernstraße 49, 72336 Balingen, Germany.
Legal basis: The legitimate interest in pursuing the aforementioned purposes (Art. 6 (1) (f) GDPR).
Storage duration: We do not permanently store any personal data for the purposes stated.

2.2 Collection of access data and log files
Purposes: We ourselves or our web host create so-called server log files each time the server is accessed. The server log files can be used for security purposes, e.g., to prevent server overload, to ensure server utilization and stability, and to track misuse of our website.
Categories of data: Your IP address, as well as other technical data such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer, time of the server request, the URL accessed.
Recipients:
- weber.digital GmbH, Zollernstraße 49, 72336 Balingen, Germany.
Legal basis: The legitimate interest in pursuing the aforementioned purposes (Art. 6 (1) (f) GDPR).
Storage duration: The server log files are stored for 1 year and then deleted.

2.3 Contact
Purposes: When you contact us (e.g., product or support inquiries via contact form, email, or telephone), the information provided by the inquiring party will be processed to the extent necessary to respond to the contact inquiries and any requested measures.
Categories of data: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms).
Recipients:
- Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Privacy policy: https://friendlycaptcha.com/legal/privacy-end-users/.
- reCAPTCHA, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Privacy Policy: https://policies.google.com/privacy.
- Software System Salesforce Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany. Privacy policy: https://www.salesforce.com/de/company/privacy.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) or legitimate interest in effectively responding to inquiries (Art. 6 (1) (f) GDPR).
Storage period: The data will generally be processed for as long as it is necessary to process the inquiry.

2.4 Product advice
Purposes: We provide a product advisor on our website who will suggest the most suitable product solution for you after asking you a few questions. You can then request a personal offer using the contact form.
Categories of data: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., area of application, working environment used, entries in online forms).
Recipients:
- Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Privacy policy: https://friendlycaptcha.com/legal/privacy-end-users/.
- Software System Salesforce Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany. Privacy policy: https://www.salesforce.com/de/company/privacy.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) or legitimate interest in effectively responding to inquiries (Art. 6 (1) (f) GDPR).
Storage period: The data will be stored for as long as necessary for the consultation, subject to statutory retention obligations.

2.5 Repair processing via the "Repairline" web portal
Purposes: We use the "Repairline" web portal to process and track repair requests. If you start a repair request on our website in the Support & Service section, you will be redirected to www.repairline.de after selecting your region. We have our own secure customer area on the web portal, to which you will be redirected.
Categories of data: In particular, the serial number of the damaged device, its accessories, error report, customer data (title, name, email, telephone number, street, postal code, city), delivery address, and different billing address if desired.
Recipient:
- initPRO GmbH, Franz-Mayer-Strasse 1, 93053 Regensburg, Germany
Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR) in the efficient processing of repair requests.
Storage period: The data will be stored for as long as necessary to process repair requests, subject to statutory retention obligations.
Note: If you do not agree to the collection and storage of data via the Repairline web portal, we offer alternative contact options for submitting repair requests by email(repair@desko.de) or telephone (+49 921 / 79279 -0).

2.6 Consent management
Purposes: When you visit our website, we ask for your consent to store information on your device (e.g., cookies) and to process your data for specific purposes. Consent is documented in order to comply with our obligation to provide evidence and to control the setting of cookies technically. Cookies are also used for this purpose. You can adjust your settings at any time and/or revoke your consent.
Categories of data: Your IP address, the date of your consent, a pseudonymous ID, and your selected settings are stored for the purpose of obtaining, managing, and tracking your consent.
Recipients:
- Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany. Privacy policy: https://usercentrics.com/privacy-policy/.
Legal basis: Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in being able to offer you convenient use of our website.
Storage duration: The data is stored for 1 year and then deleted.

2.7 Newsletter
Purposes: You have the option of subscribing to our newsletter. In it, we regularly inform you about DESKO expert knowledge, current industry trends, and offers. The newsletter is sent by email.
We use the double opt-in procedure to confirm your subscription to our newsletter. This means that we will only send you our newsletter once you have confirmed that you are the owner of the specified means of communication by clicking on a link in a message. If you confirm your address, we will store your address or number, the time of registration, and, if applicable, the IP address used for registration for verification purposes until you unsubscribe from the newsletter.
We use technologies in our newsletters that track the use of emails (e.g. open and click rates, click maps, etc.) and use this info to optimize and, if necessary, personalize our mailings.
Categories of data: Consent data (name, email address, institution, IP address) and usage data (messages opened, links clicked).
Recipients:
- HubSpot Germany GmbH, HubSpot Ireland Limited - One Sir John Rogerson's Quay, Dublin 2, Ireland. Privacy policy: https://legal.hubspot.com/de/privacy-policy.
Legal basis: We process your data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
Storage period: We store your data until you unsubscribe from the newsletter.
After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interest.
Revocation: You can unsubscribe from the newsletter at any time, e.g. via the link in the footer of each email.

2.8 Applications
Purposes: When you apply for a job with us (by email to jobs@desko.de or by post), we process personal data to the extent necessary to decide whether to establish an employment relationship.
Categories of data: Inventory data (name, date of birth), contact details (address, email address), content data (such as resume, cover letter, references), communication data.
Recipients:
- Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18 98052.
Third country transfers: Data may be transferred to the US and, if necessary, to other third countries. Microsoft's parent company, Microsoft Inc., is certified under the Data Privacy Framework, ensuring an adequate level of protection during processing. Standard contractual clauses have also been concluded.
Company privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) or legitimate interest in effectively responding to applications (Art. 6 (1) (f) GDPR).
Storage period: In the event of a successful application, we will store your data for the purpose of the employment relationship (Art. 6 (1) (b) GDPR in conjunction with § 26 BDSG).
If your application is rejected or withdrawn, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for verification purposes in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

2.9 Sanctions list check
Purposes: We carry out a sanctions list check to comply with legal requirements and to identify risky business contacts. This also involves the processing of personal data, as the data of customers or other business partners must be compared with the relevant list.
Categories of data: In particular, inventory data (contact details: name, address, country)
Recipients:
- AEB SE, Sigmaringer Straße 109, 70567 Stuttgart
Privacy policy: https://www.aeb.com/de/datenschutz.php.
Legal basis: Art. 6 (1) (c) GDPR in conjunction with Regulations 2002/881/EC and 2001/2580/EC (legal obligation) and, alternatively, Art. 6 (1) (f) GDPR (legitimate interest), whereby our legitimate interest lies in complying with regulatory requirements and avoiding compliance risks.
Storage period: The data will be stored for a period of 10 years.

2.10 Retention obligations
Purposes: We are subject to statutory retention obligations for certain documents, in particular those relating to tax and fiscal law. These documents also contain personal data, which we retain for the purpose of storage and in the event of an audit or inspection to prove that we are acting in accordance with the law.
Categories of data: With regard to tax and accounting retention obligations: the documents specified in Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB).
Recipients:
- Legal and tax advisors, auditors, and the authorities responsible for auditing.
Legal basis: Legal obligation pursuant to Art. 6 (1) (c) GDPR and § 147 AO as well as § 257 HGB.
Storage period: The tax and accounting retention period is 6 or 10 years, depending on the type of document, and begins at the end of the year in which the respective documents were created.

2.11 Audio and video conferences
Purposes: We use online conference tools, among other things, to communicate with our customers. When using such tools, personal data of the participants is processed.
Categories of data: Inventory data (e.g., name), contact data (e-mail address), content data (e.g., files, audio/video content), technical data (e.g., IP addresses, operating system).
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) or legitimate interests (Art. 6 (1) (f) GDPR).
Recipients:
- TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on data processing, please refer to TeamViewer's privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
- Microsoft Ireland Operations Limited, Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18 98052.
Third country transfers: Data may be transferred to the US and, if necessary, to other third countries. Microsoft's parent company, Microsoft Inc., is certified under the Data Privacy Framework, ensuring an adequate level of protection during processing. Standard contractual clauses have also been agreed upon.
Company privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Storage period: The data will only be stored for as long as it is necessary to conduct the video conference.
Note: Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the tools used.

2.12 Web analysis, monitoring, and optimization
Purposes: Web analysis is used to evaluate visitors to our online offering and may include behavior, interests, or demographic information about visitors, such as gender, in pseudonymous form. This enables us, for example, to recognize at what time our online offering or its functions or content are used most frequently. It also allows us to identify areas that require optimization. In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components.
Categories of data:
- Pseudonymous usage data (e.g., websites visited, elements used there and technical information, access times), meta/communication data (e.g., device information).
- Various log files (e.g., IP address, referrer, browsers and operating systems used)
- Interests
- Demographic information
- If users have consented to the collection of their location data, this may also be processed depending on the provider.
Recipients:
- Google Analytics 4 with the extensions Google Tag Manager, Google Conversion Tracking, and Google Web Fonts (local hosting)
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Third-country transfer: Data may be transferred from Google to recipients in third countries. Google has entered into standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists on the basis of a Commission decision. You can access the standard contractual clauses here, here, and here.
Privacy policy: https://policies.google.com/privacy?hl=de
- Matomo
Provider: weber.digital GmbH, Zollernstraße 49, 72336 Balingen, Germany.
Legal basis: Art. 6 (1) (a) GDPR with consent and Art. 6 (1) (f) GDPR.
Storage period: The data processed in Google Analytics is stored and processed by us for a period of 14 days. Otherwise, we do not store any personal data.

2.13 Plugins and tools

2.13.1 Online CRM system Salesforce
Purposes: If you fill out and submit a form on our website for sales or support inquiries, the data you enter will be automatically stored in our company account with the cloud-based CRM system Salesforce.
Categories of data: Inventory data (e.g., name, title), contact data (e.g., email address, telephone number), content data (e.g., inquiry content, form content).
Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the efficient processing of customer inquiries.
Recipients:
- Salesforce Germany GmbH, Erika-Mann-Str. 31, 80636 Munich
Salesforce stores data exclusively on servers in Germany and France and is certified under the EU-U.S. Data Privacy Framework.
Privacy policy: https://www.salesforce.com/de/company/privacy
Storage period: The data will only be stored for as long as it is necessary to process the request, subject to statutory retention periods.
Note: If you do not agree to the storage of your data in the Salesforce system, you can alternatively send us your request by email, telephone, fax, or post.

2.13.2 YouTube
Purposes: We embed YouTube videos in our website that are stored at https://www.youtube.com and can be played directly from our website. Data is only transferred to YouTube if you have consented to the display of the videos.
Categories of data: IP address, time of access, subpage visited, referrer URL, device data, browser and operating system information, YouTube account data if applicable.
Legal basis: Your consent in accordance with Art. 6 (1) (a) GDPR.
Recipients:
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
Third country transfer: Google is certified under the Data Privacy Framework. Alternatively, the transfer is based on standard contractual clauses.
– Privacy policy: https://policies.google.com/privacy?hl=de
– Cookie policy: https://policies.google.com/technologies/cookies?hl=de

2.13.3 GStatic
Purposes: We use the GStatic service on our website. This is a background service for delivering static content (e.g., Google Fonts, Google Maps components) to improve the performance of the website.
Categories of data: IP address, browser and device information, usage data.
Legal basis: Your consent in accordance with Art. 6 (1) (a) GDPR.
Recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third country transfer: Google is certified under the Data Privacy Framework. Google has also entered into standard contractual clauses with the respective recipients, unless an adequate level of protection exists on the basis of a Commission decision. You can access the standard contractual clauses here, here, and here.
Privacy policy: https://policies.google.com/privacy?hl=de
Opt-out option: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de

3. Cookie policy

3.1. Why do we use cookies (and similar technologies)?
For the purposes mentioned above, we also store information on your device and access information stored on your device. This is done with the help of cookies or similar technologies such as local storage (hereinafter referred to as cookies for simplicity).
Some of these cookies are strictly necessary for us to provide our services to you (Section 25 (2) No. 2 TTDSG). We only use cookies that are not strictly necessary for our offering with your express consent (Section 25 (1) TTDSG). You can give this consent at any time by clicking on the "Privacy settings" button at the bottom left of our website and revoke it with future effect.
You can also view which cookies are stored and how long these cookies remain stored on your device in the "Privacy Settings." There you will also find the assignment of cookies to the above-mentioned processing purposes and the providers used.

3.2. What types of cookies do we use?
We use permanent and temporary cookies ("session cookies"). Session cookies remain on your device only until you end your browser session. Permanent cookies remain stored on your device until they expire or are deleted.

3.3. Strictly necessary cookies
These cookies enable basic functions and are essential for the proper functioning of the website.

3.4. Statistics cookies
If you consent to the "Statistics" category, cookies will be set and personal data will be processed to analyze your use of our offers, improve our service to you, avoid bugs, and test new features. Pseudonymized profiles about your use are also created, e.g., using a cookie ID. These profiles mainly contain information about your activities on our site and interactions with its elements. The success of advertising campaigns, e.g., from radio and television, can also be measured.

3.5. Functional cookies
If you activate the "Functional cookies" category, cookies will be set and personal data will be processed in order to provide additional functions of the website.

3.6. Marketing cookies
If you activate the "Marketing cookies" category, cookies will be set and personal data will be processed in order to show you relevant sponsored content about our services and to be able to target you with our ads on third-party websites and offers. Here, too, only pseudonymized profiles are usually created, which contain information about your activities, interests, demographic information, or information about your location. This information may also be combined with information from other sources held by us or third parties. In doing so, information may also be processed across devices.

4. General information about recipients
When we process your data, it may be necessary to transfer or disclose your data to other recipients. In the sections on processing above, we name the specific recipients as far as we are able to do so. If recipients are located in a country outside the EU, we indicate this separately under the individual points listed above. Unless we expressly refer to an adequacy decision, no adequacy decision exists for the respective recipient country. In such cases, we will agree on appropriate safeguards in the form of standard contractual clauses to ensure an adequate level of data protection (unless other appropriate safeguards, such as binding corporate rules, are in place). You can access the current versions of the standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
In addition to these specific recipients, data may also be transferred to other categories of recipients. These may be internal recipients, i.e., persons within our company, but also external recipients. Possible recipients may include, in particular:
• Our employees who are responsible for processing and storing the data and whose employment relationship with us is governed by a confidentiality agreement.
• Service providers who act as processors bound by our instructions. These are primarily technical service providers whose services we use when we cannot or do not reasonably perform certain services ourselves.

5. General information on the storage period
We generally process your personal data for the storage period described above. However, data is often processed for more than one purpose, meaning that even after the storage period has expired, we may continue to process your data for another purpose. In this case, the storage period specified for this purpose applies. Once the last storage period has expired, we will delete your data immediately.

6. Automated decision-making and obligation to provide data
We do not use automated decision-making that has legal effects on you or significantly affects you in a similar way.

7. What rights do you have in relation to the personal data you provide to us?
You have the following rights, provided that the legal requirements are met. To exercise these rights, you can contact us at the contact addresses provided.

• Art. 15 GDPR – Right of access by the data subject:
You have the right to obtain confirmation from us as to whether personal data concerning you are being processed and, if so, which data and the circumstances of the data processing.

• Art. 16 GDPR – Right to rectification:
You have the right to request that we immediately correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

• Art. 17 GDPR – Right to erasure:
You have the right to request that we delete personal data concerning you without delay.

• Art. 18 GDPR – Right to restriction of processing:
You have the right to request that we restrict processing.

• Art. 20 GDPR – Right to data portability:
In the event of processing based on consent or for the performance of a contract, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us or to have the data transmitted directly to the other controller, where technically feasible.

• Art. 77 GDPR in conjunction with § 19 BDSG – Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable law.

8. In particular, right to object and withdrawal of consent
• Art. 21 GDPR – Right to object:
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on our legitimate interests or on the performance of a task carried out in the public interest or on the exercise of official authority.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
You can lodge your objection at any time with future effect via one of the contact addresses known to you.
• Revocation of consent:
You can revoke your consent at any time with future effect via one of the contact addresses known to you.

9. Obligation to provide data
You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we are unable to offer you our services.

10. If you have any comments or questions
We take all possible precautions to protect and secure your data. We welcome your questions and comments regarding data protection. If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, blocking, or deletion of data, or revoke your consent, please contact us using the contact details provided above.
As of August 2025