DIORA Facility Management

Legal

Privacy Policy

As of: July 2026

This is a courtesy translation. The German version of this privacy policy is the legally binding one.

01Preamble

With the following privacy policy we would like to inform you about the types of your personal data (hereinafter also referred to in short as „data“), for which purposes and to what extent we process them in the context of providing our website and the services associated with it.

The terms used are not gender specific. This privacy policy applies to the website diorafacilitymanagement.com and its subpages as well as to communication initiated via the website.

02Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is:

DIORA Facility Management GbR

Represented by the partners:
Iwona Banasiewicz, Daniel Banasiewicz

Heinrich-Niemeyer-Straße 50 B
48477 Hörstel-Riesenbeck
Germany

Phone: +49 1573 5742196
Email: info@diorafacilitymanagement.com

A data protection officer has not been appointed, as the legal requirements (§ 38 BDSG) for this are not met. For questions regarding data protection, please contact us directly using the contact details listed above.

03Definitions

This privacy policy uses the terminology from Art. 4 GDPR. „Personal data“ means any information relating to an identified or identifiable natural person. „Processing“ means any operation carried out with or without the help of automated procedures in connection with personal data, such as collecting, recording, storing, using, disclosing, transmitting or erasing.

04Legal bases for processing

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures (e.g. contact for the preparation of a quote).

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject (e.g. tax or commercial law retention obligations), Art. 6(1)(c) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, then Art. 6(1)(f) GDPR serves as the legal basis (e.g. secure operation of the website, reach measurement, defence against attacks, handling of general enquiries).

05General storage period

We store personal data only for as long as it is necessary to achieve the respective processing purpose or as long as we are obliged to do so under statutory retention obligations (in particular 6 or 10 years pursuant to §§ 147 AO, 257 HGB). Once the respective purpose no longer applies or the retention periods have expired, the corresponding data is routinely erased or blocked in accordance with the statutory provisions. For individual processing operations, the specific storage period or the criterion for determining it is stated in the respective sections of this privacy policy.

06Data security & SSL/TLS encryption

For security reasons and to protect the transmission of personal data as well as other confidential content (e.g. enquiries via the contact form), this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser shows „https://“ and a lock symbol is displayed.

In addition, we take suitable technical and organisational measures pursuant to Art. 32 GDPR in order to protect personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties.

07Hosting (Vercel Inc.)

This website is hosted on servers provided by Vercel Inc. The provider is:

Vercel Inc.

340 S Lemon Ave #4133
Walnut, CA 91789
USA

Privacy policy: vercel.com/legal/privacy-policy
Data processing agreement (DPA): vercel.com/legal/dpa

On our behalf, Vercel processes in particular access and connection data (see section 8, server log files) in order to ensure the delivery of the website, its availability, performance and security. We have concluded a data processing agreement with Vercel pursuant to Art. 28 GDPR, which ensures that Vercel processes the personal data of website visitors only on our instructions and in accordance with the GDPR.

The website is delivered via Vercel’s global edge network. In doing so, personal data may be transferred to third countries, in particular the USA. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF); in addition, the standard contractual clauses of the European Commission pursuant to Art. 46(2)(c) GDPR are used as a further appropriate safeguard (see section 16).

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a secure, fast and reliable provision of our website through a professional provider).

08Provision of the website & server log files

When you access our website, information is automatically collected by the host (Vercel Inc.) in so-called server log files, which your browser automatically transmits to us or to the host. These are in particular:

  • IP address of the requesting device
  • Date and time of access
  • URL accessed or name of the retrieved file
  • Amount of data transferred
  • Message indicating whether the access was successful (HTTP status code)
  • Browser type and browser version
  • Operating system used and its version
  • Referrer URL (the previously visited page)
  • Language and region of the browser

We do not merge this data with other data sources. No evaluation for the purpose of profiling or for marketing purposes takes place.

Purpose

Ensuring a smooth connection setup, comfortable use of the website, evaluation of system security and stability as well as defence against attacks (e.g. DDoS).

Legal basis

Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the website).

Storage period

The log files are generally stored for a maximum of 30 days and then automatically erased, unless security-relevant events (e.g. attempted attacks) make longer storage necessary.

09Vercel Web Analytics & Speed Insights

On our website we use the service Vercel Web Analytics as well as Vercel Speed Insights provided by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel Web Analytics is a privacy-friendly, cookieless analytics service for reach measurement. Speed Insights measures aggregated performance data (Core Web Vitals) without cookies.

Data collected

Vercel Web Analytics collects and processes the following information in aggregated form:

  • Page accessed / URL path
  • Referrer (referring page)
  • Approximate country (derived from the IP address)
  • Device type (desktop, tablet, mobile device)
  • Operating system and browser
  • Number of page views and visitors (pseudonymised)
  • Bounce rate and visit duration

No cookies, no trackers, no profiling

Vercel Web Analytics does not set any cookies and does not use fingerprinting techniques for cross-device recognition. To distinguish individual visitors, a short-lived, pseudonymous hash is generated per day from the IP address and the user agent; this hash is regenerated daily and not stored permanently. The full IP address is not stored by us.

Purpose

Statistical evaluation of usage behaviour in order to improve our online offering (e.g. which pages are accessed particularly often, number of visitors, bounce rate).

Legal basis

Art. 6(1)(f) GDPR (legitimate interest in an anonymous, cookieless reach measurement). Since no cookies are set and no personal data in the sense of a unique identification is stored long term, consent pursuant to § 25(1) TDDDG is not required.

Storage period

Aggregated statistical data is stored by Vercel for the duration of our contractual relationship. Pseudonymous daily hashes are discarded within 24 hours.

Further information: vercel.com/docs/analytics/privacy

10Cookies

This website does not use tracking cookies, marketing cookies or analytics cookies. We do not use any third-party cookies. For this reason, no cookie banner / consent tool is required either, provided that no further technologies requiring consent are actually integrated.

To temporarily store progress in the contact form (selection steps and address details, but not name, phone number, email, message or file attachments), our form uses only your browser's local sessionStorage. The data is stored solely on your device, is not transmitted to our server or to third parties, and is erased at the latest when you close the browser tab or after the enquiry has been successfully submitted. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a user-friendly form experience) and, where applicable, § 25(2) no. 2 TDDDG.

You can manage, restrict or delete cookies and data stored locally in your browser yourself at any time via your browser settings. Notes on this can be found in the help function of your browser.

11Fonts

For the presentation of this website we use the font „Switzer“. The font files are served exclusively from our own server or via our hosting provider (Vercel). When you access the website, the font is not loaded from an external font CDN (such as Fontshare or Google Fonts). Therefore, no IP address is transmitted to a font provider.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent and appealing presentation of our website).

12Contact form

On our website, at /en/contact, we offer you the option to get in touch with us via a contact form.

Data processed

In detail, we process the data you provide in the form:

  • First and last name (mandatory field)
  • Phone number (mandatory field)
  • Email address (mandatory field)
  • Postal code (mandatory field)
  • Town / city (optional, suggested automatically based on the postal code)
  • Street and house number (optional details)
  • Selected type of service (from the form selection step)
  • Message / description of your request (mandatory field)
  • Files you optionally upload (see „File upload“)
  • Confirmation of your consent to data processing in accordance with this privacy policy (mandatory field, checkbox)

File upload (optional)

You can optionally attach files to your enquiry (e.g. photos of the areas to be cleaned or floor plans). The permitted formats are PDF, JPG, PNG and WebP. You may transmit up to 5 files with a total size of no more than 15 MB. These files are transmitted as an attachment to the same email to our mailbox and are used exclusively to process your enquiry.

Automatic town suggestion based on the postal code

To make entry easier, the form suggests the corresponding town based on your postal code. This matching takes place exclusively locally in your browser against a file provided on our own server. No data is transmitted to third parties in the process.

Temporary storage in the browser

So that you do not lose progress in the form, the contact form stores selected steps and address details locally in your browser's sessionStorage (see section 10). Contact details such as name, phone number, email and message as well as file attachments are not stored there.

Purpose of processing

Exclusively the handling of your enquiry, scheduling of appointments, preparation of a quote, a callback or contact by phone or email, as well as the handling of any resulting order. Data is expressly not passed on to third parties for advertising or other purposes. The data is not sold, not transmitted to marketing networks and not used for automated decisions.

Technical implementation

When submitted, the form entries are transmitted to our server via an encrypted HTTPS connection and forwarded from there as an email to our business mailbox. The email delivery and the operation of the mailbox are provided by IONOS SE (Elgendorfer Straße 57, 56410 Montabaur, Germany), with which we have concluded a data processing agreement pursuant to Art. 28 GDPR. Processing and storage take place on servers in Germany or within the European Union. No transfer to a third country takes place in this context.

Legal basis

  • Art. 6(1)(a) GDPR (consent), insofar as you activate the checkbox confirming consent to data processing in accordance with this privacy policy before submitting. Consent may be withdrawn (see section 21).
  • Art. 6(1)(b) GDPR (carrying out pre-contractual measures or performance of a contract), insofar as your enquiry is aimed at the conclusion or performance of a contract.
  • Art. 6(1)(f) GDPR (legitimate interest in the efficient handling of incoming enquiries), insofar as your enquiry has no direct contractual relevance.

Storage period

We store your enquiry and the associated personal data for as long as this is necessary to handle your request. In addition, we store the data insofar as we are obliged to do so due to statutory retention obligations (in particular §§ 147 AO, 257 HGB), as a rule 6 or 10 years from the end of the calendar year in which the business transaction was completed. Enquiries that do not lead to the conclusion of a contract are erased at the latest after 24 months.

Application form

At /en/apply you can apply for open roles or submit a speculative application. We process your name, email address, optional phone number and message, the selected role and working hours, and your CV uploaded as a PDF (max. 10 MB, PDF format). Before submitting, confirmation of consent to data processing in accordance with this privacy policy is required (checkbox). The documents are transmitted via HTTPS to our server and forwarded as an email with attachment to our business mailbox (technical implementation as for the contact form). The legal basis is Art. 6(1)(a) GDPR (consent) as well as Art. 6(1)(b) GDPR (pre-contractual measures in the application process) or Art. 6(1)(f) GDPR. Applications that do not lead to employment are generally erased after 6 months at the latest, unless longer retention is required by law or agreed with you.

13Contact by email

If you contact us by email (e.g. at info@diorafacilitymanagement.com), the personal data you transmit (in particular sender address, name, subject, content of the message and any attachments) is stored and processed in order to handle your request.

Legal basis: Art. 6(1)(b) GDPR (for contract-related or pre-contractual enquiries) or Art. 6(1)(f) GDPR (for other enquiries).

Storage period: in accordance with the general principles of the storage period (section 5) and the statutory retention periods.

14Contact by phone

If you contact us by phone (+49 1573 5742196), we process the data you provide (as a rule name, phone number, request and, where relevant, further factual information) for the purpose of consultation, scheduling an appointment or initiating a contract. Telephone calls are not recorded.

Legal basis: Art. 6(1)(b) or (f) GDPR.

15Contact via WhatsApp

On our website we optionally offer the possibility to contact us via WhatsApp (link to the WhatsApp service operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; where applicable involving Meta Platforms, Inc., USA). Use is exclusively on your initiative: only when you click the corresponding link do you leave our website and are redirected to the WhatsApp / Meta service.

For data processing by WhatsApp / Meta after you leave our website, Meta itself is the controller. Please consult the privacy policy of WhatsApp or Meta (whatsapp.com/legal/privacy-policy-eea). We have no influence over which data WhatsApp / Meta collects and processes in the course of using the service.

Legal basis for providing the optional link on our website: Art. 6(1)(f) GDPR (legitimate interest in straightforward accessibility). Transmission of your message content to us via WhatsApp takes place on the basis of your express initiative (Art. 6(1)(a) or (b) GDPR, depending on the content of the enquiry).

16Recipients / processors

Within our company, only those persons receive access to your data who need it for the purposes stated above. To provide individual services, we also use carefully selected processors with whom a data processing agreement pursuant to Art. 28 GDPR exists, in particular:

  • Vercel Inc. (hosting, web analytics, Speed Insights), USA
  • IONOS SE (email delivery and email mailbox for contact and application form enquiries), Germany

Where WhatsApp is used optionally (section 15), Meta Platforms Ireland Limited (and, where applicable, Meta Platforms, Inc.) is itself the controller for processing there; there is no processing on our behalf in that regard.

Beyond this, your personal data is generally not passed on to third parties. Exceptions apply only insofar as:

  • you have expressly consented (Art. 6(1)(a) GDPR);
  • the disclosure is necessary for the performance of a contract with you (Art. 6(1)(b) GDPR);
  • there is a legal obligation to disclose (Art. 6(1)(c) GDPR, e.g. towards tax authorities);
  • the disclosure is necessary to safeguard legitimate interests (Art. 6(1)(f) GDPR, e.g. to lawyers, tax advisors or debt collection companies).

17Transfer to third countries

In the context of hosting and the use of Vercel Web Analytics, personal data (in particular IP addresses, technical metadata) may be transferred to a third country, namely the USA.

Vercel Inc. is actively certified under the EU-U.S. Data Privacy Framework (DPF). By adequacy decision of 10 July 2023, the European Commission determined that the USA provides an adequate level of protection under the DPF for personal data transferred from the EU to US companies that are certified under the DPF (Art. 45 GDPR). In addition, the standard contractual clauses (SCC) of the European Commission pursuant to Art. 46(2)(c) GDPR have been agreed with Vercel.

The sending of emails via the contact and application forms and the operation of our email mailbox are handled by IONOS SE with its server location in Germany. No transfer of this data to a third country takes place in this context.

If you optionally contact us via WhatsApp (section 15), Meta Platforms, Inc. (USA) as its own controller may process personal data in the USA or other third countries. Please consult the privacy policy of WhatsApp / Meta for details and any safeguards.

You can request a copy of the standard contractual clauses and further information on the safeguards from us using the contact details listed in section 2.

18Rights of the data subject

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:

Right of access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request further information (among other things the purposes of processing, categories of data, recipients, planned storage period).

Right to rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of the personal data stored by us, provided that the requirements of Art. 17 GDPR are met and no statutory retention obligations conflict with the erasure.

Right to restriction of processing (Art. 18 GDPR)

Under the conditions of Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, insofar as this is technically feasible.

Right to object (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data that is carried out on the basis of Art. 6(1)(e) or (f) GDPR. See also section 18 on this.

Right to withdraw consent given (Art. 7(3) GDPR)

You have the right to withdraw consent given at any time with effect for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority. See section 19 on this.

To exercise your rights, an informal message to the contact details listed in section 2 is sufficient, in particular to info@diorafacilitymanagement.com.

19Right to object under Art. 21 GDPR

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(f) GDPR (processing on the basis of a balancing of interests).

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If personal data is processed by us to conduct direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for the purposes of direct marketing, we will no longer process the personal data for these purposes.

20Right to lodge a complaint with the supervisory authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

Kavalleriestraße 2-4
40213 Düsseldorf

Phone: 0211 38424-0
Fax: 0211 38424-10
Email: poststelle@ldi.nrw.de
Website: ldi.nrw.de

21Withdrawal of consent given

Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time with effect for the future. The withdrawal can be made informally by email to info@diorafacilitymanagement.com or by post to the address listed in section 2. The lawfulness of the data processing carried out on the basis of the consent until the withdrawal is not affected by the withdrawal.

22Obligation to provide personal data

You are not legally or contractually obliged to provide us with your personal data. However, for the conclusion or performance of a contract it may be necessary to provide us with certain data. Without this data we cannot fulfil the contract, or cannot do so completely.

23Automated decision-making / profiling

Automated decision-making in individual cases, including profiling within the meaning of Art. 22 GDPR, does not take place. We do not use your personal data to make automated decisions that produce legal effects concerning you or similarly significantly affect you.

24Notice on the right of withdrawal for distance contracts

The contact form provided via this website serves exclusively for a non-binding enquiry and does not constitute the conclusion of a contract. A contract for our services (building cleaning, glass cleaning, facade cleaning, caretaker service and the like) is as a rule only concluded on site or through a separate written or verbal agreement.

If, in exceptional individual cases, a contract is concluded exclusively using means of distance communication (phone, email, messenger), consumers (§ 13 BGB) are generally entitled to a statutory right of withdrawal pursuant to §§ 312g, 355 BGB.

Withdrawal notice

Right of withdrawal. You have the right to withdraw from a contract concluded at a distance within fourteen days without giving any reason. The withdrawal period is fourteen days from the day of the conclusion of the contract.

To exercise your right of withdrawal, you must inform us (DIORA Facility Management GbR, Iwona Banasiewicz, Daniel Banasiewicz, Heinrich-Niemeyer-Str. 50 B, 48477 Hörstel-Riesenbeck, phone: +49 1573 5742196, email: info@diorafacilitymanagement.com) of your decision to withdraw from this contract by means of a clear statement (e.g. a letter sent by post or an email). You can use the attached model withdrawal form for this, although it is not mandatory.

Consequences of withdrawal. If you withdraw from this contract, we must repay to you all payments we have received from you without undue delay and at the latest within fourteen days from the day on which we received the notification of your withdrawal from this contract.

Special note on the early expiry of the right of withdrawal for services: Your right of withdrawal expires in the case of a contract for the provision of services if we have provided the service in full and only started performing it after you gave your express consent and at the same time confirmed your knowledge that you lose your right of withdrawal upon full performance of the contract by us.

Model withdrawal form

If you want to withdraw from the contract, you can fill out this form and send it back to us.

To: DIORA Facility Management GbR, Iwona Banasiewicz, Daniel Banasiewicz, Heinrich-Niemeyer-Str. 50 B, 48477 Hörstel-Riesenbeck, email: info@diorafacilitymanagement.com

I/we hereby withdraw from the contract concluded by me/us for the purchase of the following goods / the provision of the following service:

Ordered on / received on: ___________

Name of the consumer(s): ___________

Address of the consumer(s): ___________

Signature (only for notification on paper): ___________

Date: ___________

25Validity and amendment of this privacy policy

This privacy policy is currently valid and has the status stated above (July 2026). Due to the further development of our website and offerings, or as a result of changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The respective current privacy policy can be accessed and printed out by you at any time on the website at diorafacilitymanagement.com/en/privacy-policy.