If you have any questions about this Privacy Policy or how we process your personal data, you can contact us at: infosec.privacy@deugro-group.com

Alternatively, you may write to us at:

ATTN: Information Security  – Data Privacy
DEHOCO (Deutschland) GmbH
Nürnberger Strasse 2A – 4
63450 Hanau, Germany

You also have the right to lodge a complaint with your local data protection authority if you believe that your personal data has been processed in violation of applicable data protection laws.

“Personal data” refers to any information relating to an identified or identifiable natural person.

We process different categories of personal data depending on your interaction with us. The types of personal data we collect and the purposes for which we process them are outlined below:

Website Use and Direct Interactions

• Contact and account data, such as your name, surname, username, business email address, company name, industry sector, and any information you choose to share, is processed to create and manage your account, process your subscriptions, and respond to your inquiries submitted via our contact or subscription forms.
• Marketing preferences, where you have consented to receive marketing communications, are processed to manage and document your communication preferences and to ensure compliance with applicable marketing laws.
• Technical and usage data, collected via cookies and similar technologies, such as your IP address (including approximate location), operating system, browser type and version, screen resolution, HTTP referrer, date and time of access, accessed files, and data volume, is processed to ensure the proper functioning, security, and optimization of our website. You can manage your preferences when visiting our website. For more information, please refer to our Cookie Policy.

Business Relationships and Contractual Activities

• Business contact data, such as your name, telephone number, email address, company, and job position, is processed to communicate with you and manage our relationship with the company you represent.
• Contract-related data, such as contact details, signature, job position, responsibilities, qualifications, employer details, and, where necessary, bank details, is processed to conclude, perform, and manage contractual relationships, including payment processing where applicable.
• Additional business information, such as information shared by individuals within your organization, is processed to support ongoing business communications and collaboration.

Compliance, Due Diligence, and Legal Obligations

• Due diligence and KYC data, such as information provided in questionnaires or obtained from publicly available databases, internet sources, media reports, and company information databases, is processed to conduct risk assessments and comply with our anti-corruption and anti-bribery policies, including Know Your Client (KYC) procedures.

Based on these obligations, we may assess potential risk factors before entering into or maintaining business relationships. More information about how we process personal data for due diligence purposes can be found in our Due Diligence Privacy Information Notice.

• Regulatory and identification data, such as age, gender, country of residence, preferred language, passport number, citizenship, and date of birth, is processed to comply with legal and regulatory requirements, including obligations towards airport, port, customs, or other authorities.

Communications and Public Relations

• Communication data, such as records of correspondence via email, phone, or post, is processed to handle inquiries, provide support, and manage public relations activities.
• Social media data, such as comments, posts, messages, usernames, and associated profile information, is processed to interact with you and respond to your engagement on our social media platforms. We encourage you to review the privacy policies of the respective social media providers to understand how your data is processed by them.

Marketing Activities, Events, and Surveys

• Event participation data, such as your name, surname, email address, telephone number, job position, and employer details, is processed to organize and manage your participation in events such as trade fairs (e.g. Breakbulk events), webinars, surveys, contests, and campaigns.
• Photos and videos from events, including any related personal data you provide, are processed to document our participation in events and for PR, press, and marketing purposes in print and online media, where necessary and in accordance with applicable legal requirements.
• Webinar data, such as registration details and participation data (including recordings where you have provided your consent), is processed to organize and deliver webinars and, where applicable, record sessions with your consent.
• Survey data, typically processed in anonymized form, is used to collect feedback and improve our services and business strategies.

Office Visits and On-Site Security

• Visitor data, such as your name, surname, email address, phone number, company, position, signature, vehicle registration number, and records of your arrival and departure, is processed to manage access to our premises, ensure security, and provide visitor-related services (such as internet access).

Other Sources and Aggregated Data

• Third-party and publicly available data, such as information obtained from colleagues, professional networking platforms, or market research sources, is processed to maintain accurate business records and support our commercial activities.
• Aggregated data, such as statistical or demographic data derived from personal data, is used to analyze trends and improve our services. This data does not directly or indirectly identify you.

Under data protection law, we are required to have a valid legal basis for collecting and processing your personal data. Depending on the circumstances, we rely on one or more of the following legal bases:

Consent (Article 6(1)(a) GDPR)

In some cases, we process your personal data based on your consent. For example, this applies when you subscribe to our newsletter or agree to receive marketing communications.

You may withdraw your consent at any time by contacting us using the details in the “How to Contact Us” section or by unsubscribing from our communications.

This will not affect the lawfulness of any processing carried out before your consent was withdrawn.

Performance of a contract (Article 6(1)(b) GDPR)

We process your personal data where it is necessary to enter into or perform a contract with you or with the company you represent. This includes, for example, providing our services and managing contractual relationships.

Compliance with legal obligations (Article 6(1)(c) GDPR)

We may process your personal data where this is necessary for us to comply with legal or regulatory obligations, such as requirements under applicable laws governing our operations.

Legitimate interests (Article 6(1)(f) GDPR)

We may also process your personal data where it is necessary for our legitimate interests, provided that these interests are not overridden by your rights and freedoms.

These interests may include:

• operating and improving our business and services;
• ensuring security and preventing misuse;
• managing business relationships and communications;
• protecting or enforcing our legal rights, for example by defending the Company or entities within the deugro group in the event of legal disputes.

You have the right to object to this processing at any time by contacting us at infosec.privacy@deugro-group.com.

We may share your personal data with third parties where necessary for our business operations, to comply with legal obligations, or where you have consented to such sharing. The main categories of recipients are described below.

Other deugro group entities

We may share your personal data with other companies within the deugro group, including our parent company DEHOCO AG in Switzerland. These entities process your personal data for the purposes and in a manner consistent with this Privacy Policy.

In particular, DEHOCO (Deutschland) GmbH may process certain personal data for global analysis and reporting purposes, based on its legitimate interests in developing and improving the deugro group’s business.

Service providers

We may share your personal data with service providers that support our operations. These may include:

• companies that host and operate our website;
• providers of marketing and communication services (e.g. Mailchimp), which support the delivery of newsletters and manage contact databases;
• providers of social media management and analytics tools (e.g. Later), which help us manage communications, engage with users, and analyze interactions;
• providers of tools for surveys, feedback collection, and customer engagement.

These service providers are contractually required to keep your personal data confidential and may only use it to provide services on our behalf.

Business partners

We may share your personal data with business partners where this is necessary to provide products or services to you or to the company you represent.

Professional advisors

We may share your personal data with professional advisors, such as lawyers, auditors, consultants, and insurers, where necessary in the context of the services they provide to us.

Legal and regulatory disclosures

We may disclose your personal data where required to comply with legal obligations or requests from courts, regulatory authorities, or other government bodies, or where necessary for purposes such as national security, law enforcement, or other matters of public interest.

Corporate transactions

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to relevant third parties as part of that transaction. In such cases, the new entity will continue to use your personal data in accordance with this Privacy Policy.

Other disclosures with your consent

We may also share your personal data with other third parties where you have given your consent to such disclosure.

When we share your personal data with companies within the deugro group or with third parties (as described in the section above), these recipients may be located outside the European Economic Area (“EEA”), the United Kingdom, or your country of residence, in jurisdictions where data protection laws may differ from those in your country.

Where we transfer your personal data outside the EEA, the United Kingdom, or your country of residence, we take appropriate measures to ensure that it is protected in a manner consistent with applicable data protection laws.

These measures may include, for example, the use of Standard Contractual Clauses adopted by the European Commission, or other legally recognized safeguards, to ensure an adequate level of data protection.

You may contact us using the details provided in the “How to Contact Us” section if you would like more information about the safeguards we apply to such transfers.

In some cases, DEHOCO (Deutschland) GmbH may transfer your personal data onward to third parties located in countries that do not provide an adequate level of data protection. In such cases, these transfers will be carried out in accordance with applicable law and subject to appropriate safeguards, such as Standard Contractual Clauses.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy and in accordance with applicable laws.

In certain cases, we may retain personal data for longer periods where required to comply with legal, regulatory, accounting, or reporting obligations, or to protect and enforce our legal rights.

Where it is not possible to specify exact retention periods, we determine the retention period based on criteria such as the nature of the data, the purpose of processing, and applicable legal requirements.

Once personal data is no longer needed, we will securely delete or anonymize it.

We implement appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, or alteration, in accordance with the requirements of Article 32 GDPR.

These measures include, for example, the use of encryption, access controls, and password protection to ensure that your personal data is secure and accessible only to authorized persons.

While we take reasonable steps to protect your personal data, please note that the transmission of information over the internet is not completely secure. We therefore cannot guarantee the security of data transmitted to us through unsecured channels.

You can also help protect your personal data by maintaining the confidentiality of your credentials, using strong passwords, and avoiding sharing access to your accounts with others.

Under applicable data protection laws, you have the following rights regarding your personal data, subject to certain conditions:

• Right of access (Article 15 GDPR): You have the right to request access to your personal data and to obtain additional information about how we process it.
• Right to rectification (Article 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data.
• Right to erasure and restriction (Articles 17 and 18 GDPR): You have the right to request the deletion of your personal data or the restriction of its processing in certain circumstances.
• Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data, in particular where it is based on our legitimate interests.
• Right to withdraw consent (Article 7 GDPR): Where processing is based on your consent, you may withdraw your consent at any time, including by unsubscribing from marketing communications.
• Right to data portability (Article 20 GDPR): In certain circumstances, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
• Right to lodge a complaint (Article 77 GDPR): You have the right to lodge a complaint with your local data protection authority if you believe that your personal data has been processed in violation of applicable laws.
• Rights related to automated decision-making (Article 22 GDPR): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not typically carry out such processing; if we do, we will inform you accordingly.

To exercise your rights, you may contact us at infosec.privacy@deugro-group.com, providing details of your request.

Our website may contain links to third-party websites or services that are not operated or controlled by us.

These third parties may have their own privacy policies and practices, which may differ from ours. We do not have control over how they process your personal data.

We encourage you to review the privacy policies of any third-party websites you visit before providing your personal data.

Supervisory authorities are independent public bodies responsible for monitoring and enforcing the application of data protection laws. They provide guidance on data protection matters and handle complaints from individuals regarding the processing of their personal data.

In general, the main point of contact is the supervisory authority in the country where the relevant company or organization is established. However, where an organization operates in multiple countries or is part of a group with establishments in different jurisdictions, a different supervisory authority may act as the lead authority.

You can find the contact details of supervisory authorities here:

• European Economic Area (EEA): https://edpb.europa.eu/about-edpb/about-edpb/members_en
• Switzerland: https://www.admin.ch
• United Kingdom: https://ico.org.uk/

If you are located outside the EEA or the United Kingdom, you may contact the data protection authority in your country of residence.

This Privacy Policy was last updated on April 22, 2026.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published on this page.

If you have any questions about how we process your personal data, please contact us using the details provided in the “How to Contact Us” section.