info@duffco.com

201 E. Lafayette Street Norristown, PA 19401

Effective as of February, 2026

Introduction and data controllers

Duff Co. values your privacy and takes data protection seriously. We are committed to comply with the General Data Protection Regulation (“GDPR”, Regulation (EU) 2016/679), United States federal and state and other applicable data protection laws in regions where we operate. This privacy policy describes what personal data we collect from you, how we collect it, why we collect it, how we may use and share it, and what your rights are.

This privacy policy does not cover personal data in relation to employees, job applicants using our system to share employment information, or other contexts which are subject to separate privacy policies.

In most cases, Duff Co. is the data controller responsible for your data. Your personal data may also be processed and/or stored by third-party website plug-ins, also subject to local data protection laws. We take great care to ensure compliance with local requirements, and additional policies may apply.

Website visitors 

If you visit our websites, we collect personal data from you. The personal data collected by Google Analytics and/or other entities includes, among others:

  • Details about how you arrived at our website, e.g. if you clicked on a banner or used search terms.
  • IP address and other geolocation information, which may reveal your current location, country.
  • Usage and interaction information, such as your IP address, details about your interactions with our websites (including product searches, page visits, time spent on pages, clicks performed, written input, etc.), performance and diagnostics data and statistics, your device’s operating system and other specifications, etc.
  • Customer support-related information, such as details entered in self-service or contact forms, etc.
  • Survey and customer satisfaction data, such as responses to surveys, feedback provided to Duff Co., etc.

For website visitors we may collect personal data through interactions with the websites, e.g. through use of cookies. Finally, we may collect or receive personal data from third parties, such as social media platforms, websites, lead-gen software, or from publicly available sources.

We use personal data to improve our services and to learn more about the behaviour of our visitors. We do this through analyses and statistics based on the data that we collect. Further, we use your personal data for internal purposes. The main purposes include:

  • improvement and development of our offerings, including for statistical purposes, and analyses of user requirements;
  • customer service management;
  • optimisation of our marketing services based on knowledge of user behaviours and usage;
  • training of Duff Co. employees;
  • optimisation and development of support services;
  • bug fixing and technical maintenance;
  • compliance with legal obligations; and
  • solving disputes, enforcing contractual agreements, and establishing, exercising or defending legal claims.

To do the above, we may combine and enrich the data we collect or receive, and we may use profiling and automated decision-making. As examples, this entails that your product searches or use of certain features can be combined with data from our marketing systems or with data concerning your account (if you are a registered user), which may allow us to personalize content for you, or that data is enriched with data from third parties or AI/machine learning.

Duff Co. may process the following data such as:

  • IP address and geolocation data
  • Date and time of access
  • Content of request (specific site)
  • Status of access/HTTP status code
  • Transferred volume of data
  • Website requesting access
  • Browser, language settings, version of browser software operating system and surface

Marketing

Personal data may be collected for marketing purposes in order to provide news, information, and offerings. The personal data collected includes, among others:

  • Personal details, such as name, language preferences, etc.
  • Contact details, such as work address, country of residence/geographic region, telephone number, email address, etc.
  • Work-related information, such as your industry, role, employer, relationship with other parties (e.g. distributors or installers), areas of interest, etc.
  • Information about interactions, such as consent to receipt of marketing materials, effectiveness of marketing efforts (such as your clicks, opens, channels, etc.), marketing preferences, product searches and interests, information about sales visits, event participation, etc.
  • Survey and customer satisfaction data, such as responses to surveys (unless anonymous), feedback provided to employees, etc.
  • Lead generation data may be collected and compiled by Lead Forensics, and their privacy policy can be found on the Lead Generation Privacy Policy web page.

Customers and Suppliers

Personal data may be collected from customers in order to provide the best experience. The personal data collected includes, among others:

  • Personal details, such as your name, language preferences, etc.
  • Contact details, such as work address, geographic region, telephone number, email address, etc.
  • Work-related information, such as industry, role, employer, relationship with other parties (e.g. distributors or installers), areas of interest, etc.
  • Sales-related information, to the extent that this contains personal data, such as email correspondence, appointments, events participation both in-person and/or online, pending orders, purchase/order history, quotation history, delivery addresses, rebates and incentives, etc.
  • Product, warranty and service-related information, to the extent that this contains personal data, such as installation, warranty, repair and service information.
  • Product usage and product status information, to the extent that this contains personal data and that it may be linked with you as a customer. 
  • Offering or website usage, to the extent that this may be linked with you as a customer, such as your interactions with functions within the various services (including feature usage, product searches, page visits, time spent on pages, clicks or touches performed, written input, usage history, etc.), product connectivity, event logs, reports created or shared, your IP address, performance and diagnostics data and statistics, version data, your device’s type, operating system and other specifications, crash data, network carrier, etc.
  • Customer support-related information, such as details entered in self-service or contact forms, contact with our customer support personnel, caller ID, call notes, time of calls, correspondence with Duff Co., etc.
  • Survey and customer satisfaction data, such as responses to surveys, feedback provided to Duff Co.

How your information is shared and transferred

Your data is only shared when necessary to achieve the purposes described above, and it is never sold or rented by Duff Co. to any other party. We do not sell your personal data or share it with irrelevant third parties. The main categories of recipients are:

  • Other companies within the Duff Co. family.
  • Business partners of Duff Co. (e.g. suppliers, sales and marketing partners), partners for digital offerings, logistics partners, event organizers, etc.
  • IT service providers and data processors on our behalf (e.g. hosting services, IT support, cloud services, user administration services, etc.).
  • Supporting business operations, e.g. consultants and advisers.
  • Other authorized third parties who may need to access or store personal data if required or permitted by applicable law (e.g. governmental authorities, courts, attorneys, etc.).

In certain cases, your personal data may be transferred to countries outside of the United States. Duff Co. does its best to ensure that such transfer is carried out in accordance with the applicable data protection laws.

Data Retention

Personal data may be collected for the purposes stated above and will be stored only for as long as necessary for the relevant purpose. As examples:

  • When signing up for an account, you may receive an account validation email and reminder emails. If you do not validated your account, your personal data will be deleted. Inactive accounts may be deleted.
  • If you are a customer or supplier, or if your employer is, we will keep your contact details for as long as we have an active relationship with you.
  • Financial, transactional, tax/customs, and compliance-related personal data will be kept for as long as required under applicable law or for as long as necessary to ensure proper performance of contractual obligations.

Your Rights

Withdrawal of consent: You may withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the withdrawal of the consent or processing based on a different legal basis than consent. Depending on your location and subject to applicable laws, you may also benefit from the below rights:

Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed by Duff Co, and, where that is the case, to request access to the personal data. Access – inter alia – the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data has been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

Right to rectification: You may have the right to obtain the rectification of inaccurate personal data concerning you. Depending on the purposes of processing, you may have the right to have incomplete personal data completed.

Right to erasure: Under certain circumstances, you may have the right to erase of data concerning you and we may be obliged to erase such personal data.

Right to object: Under certain circumstances, you may have the right to object on grounds relating to your particular situation, or – where personal data is processed for direct marketing purposes – to object at any time to the processing of your personal data by us, in which case we can be required to no longer process your personal data.

Right to data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you may have the right to transmit those data to another entity without hindrance from us.

Right to lodge a complaint: If you are of the opinion that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with related authorities in the location where you reside, work, or where the alleged infringement has taken place. A right to lodge a complaint with your local supervisory authority may also apply outside region, depending on your location.

Data protection contact information

If you have any questions to this privacy policy or our processing of your personal data, or if you would like to exercise any of your rights as set out above, you are welcome to contact Duff Co. 201 E Lafayette Street, Norristown, PA 19401 – info@duffco.com.

Data protection complaint information or concerns related to third-parties can be raised by visiting their privacy policies. You can find the Lead Forensics policy here.

Changes to the privacy policy

We reserve the right to change or supplement this privacy policy at any time.