- Sect. 1: Controller for Data Processing and Data Protection Officer; Scope
- Sect. 2: General PrinciplesofProcessing Personal Data
- Sect. 3: Log-Data and Cookies when using our WEBSITE
- Sect. 4: Additional Features and Options (Contact, Newsletter, Online-Catalogue, Training Courses, Applications)
- Sect. 5: Statistical and Marketing Tools (Google Analytics, DoubleClick by Google, Google Tag Manager)
- Sect. 6: Third Party Content (Monotype Web Fonts, Youtube)
- Sect. 7: Data Security
- Sect. 8: Your Rights
1. Controller for Data Processing and Data Protection Officer; Scope
(1) We, the company RAFI GmbH & Co. KG, Ravensburger Strasse 128-134, 88276 Berg / Ravensburg, Germany, Tel.: +49 751 89-0, Fax: +49 751 89-1300, E-Mail: email@example.com, are the Data Controller for the processing your personal data as a user of our website, available at www.rafi.de (hereinafter referred to as „WEBSITE (“you”) in accordance with Art. 4 No. 7 General Data Protection Regulation (GDPR). If you are an applicant or intern/trainee, we hereby also inform you about the handling of your personal data in our specially designed area for applicants.
(2) Our external Data Protection Officer is Mr. Dr. Norbert Kuhn, Heustrasse 3, 70174 Stuttgart, Germany, E-Mail: firstname.lastname@example.org.
(3) Hereinafter, in the context of our information obligations, we would like to inform you in detail about the ways in which we process your personal data when visiting our WEBSITE and the use of our other features and options (hereinafter referred to as “Services”) on our WEBSITE. Furthermore, we would like to inform you about the associated protective measures, which we have taken by implementing both technical and organizational methods with regard to our WEBSITE as well as your rights relating to processing your personal data.
2. General Principles of Processing of Personal Data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that can be directly or indirectly assigned to your person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us primarily if and to the extent
- you have given us your consent to the processing personal data for one or several specific purposes (Article 6 (1) Subpar. 1 a) GDPR), or
- the processing is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual actions at your request (Article 6 (1) Subpar. 1 b) GDPR), or
- the processing of data is necessary to fulfill a legal obligation to which we are subjected (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing of data is necessary to ensure our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
3. Log-Data and Cookies when using our WEBSITE
(1) In connection with the use of our WEBSITE we will collect those data that your internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the network access device of the respective requesting computer
- Date and time of the request (in GMT)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
(2) This information is technically necessary for us to ensure you can use the WEBSITE and make sure it functions properly, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning WEBSITE. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete this data as soon as it is no longer necessary for the purpose of its collection. A storage of your IP address will last up to seven days in its entirety, thereafter in anonymized form. Your IP address will be reduced by the last octet (or a corresponding subsegment in the case of IPv6). The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our WEBSITE and to avert dangers. In all other cases, the deletion takes place when the respective session has ended.
4. Other Features and Offers
In connection with various services on our WEBSITE, which you may use if you are interested, you usually have to provide further personal data. Here is what that means respectively:
4.1 Ordering Brochures and Contact/Feedback
(1) If you contact us, e.g. when ordering our printed flyers, brochures and / or catalogs or to provide us with your feedback, the processing of your voluntarily communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via the contact form, e-mail or otherwise. The processing of your data is only for processing the contact as well as to prevent misuse and ensure the security of our information technology systems.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not violate statutory retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection.
4.2 Subscription to our Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our latest interesting offers and activities. The advertised offers and activities are mentioned in the declaration of consent.
(3) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address listed in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation.
(4) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately tagged data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for sending you the newsletter. The legal basis is Art. 6 (1) Subpar. 1 a) GDPR
(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke by clicking on the link provided in each newsletter, by e-mail to email@example.com or by sending a message to the contact details mentioned in Sect. 1 at any time. You may also unsubscribe via this link: www.rafi.de/de/meta/konto/newsletter/.
(6) We will delete your data as soon as it is no longer necessary to achieve the purpose of its collection, your e-mail address becomes unreachable or if you revoke your consent to the sending of newsletters. Your data is therefore stored as long as the subscription to the newsletter is active.
4.3 Contact Form for our B2B Online Catalog
(1) If you would like to send us an inquiry or message (e.g. about our products) via our B2B online catalog (eCatalog), the processing of your voluntarily provided contact data (e.g. first and last name, address, telephone number, fax, e-mail-address etc.) for replying to your message sent via the contact form. Your e-mail address is sufficient for a contact request or the request for information material. If you request an offer, it is necessary that you provide us with further data necessary for the preparation of the offer.
(2) The legal basis is Art. 6 (1) Subpar. 1 (f) GDPR. If your message is aimed at the conclusion of a contract (for example, because you request an offer), then an additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 (b) GDPR.
(3) We may also process the information you provide to inform you of other interesting offers or to provide you with technical information e-mails. The legal basis for this is Art. 6 (1) Subpar. 1 (f) GDPR.
(4) Insofar as it does not violate statutory retention periods regarding your personal data, we will delete the data as soon as they are no longer required to achieve the purpose for which they were collected.
4.4. Registration for our Training Courses
(1) If you want to register for a training course on our WEBSITE, it is necessary for the conclusion of the contract that you provide your personal data in order to process your registration. Mandatory information required for registration is marked accordingly, all non-marked information is voluntary. We also process the voluntary data you provide to process your registration. The legal basis for this is Art. 6 (1) Subpar. 1 (b) GDPR and Art. 6 (1) Subpar. 1 (f) GDPR for the voluntary data you provided.
(2) Insofar as it does not violate statutory retention periods regarding your personal data, we will delete them as soon as they are no longer required to achieve the purpose for which they were collected. Due to commercial and tax law requirements, we are obliged to save your address and order data for a period of ten years.
4.5. Job Applications
(1) The application process on our WEBSITE is carried out using software to process the application data from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin, Germany ("softgarden"). softgarden processes the data on our behalf.
(2) For more information about softgarden and the purpose and scope of data collection and processing as part of the application process, please refer to the data protection declaration for the application process, available at: https://rafi.softgarden.io/de/data-security.
(3) You can find the applicant information from us according to Art. 13, 14 GDPR on our WEBSITE at: https://www.rafi.de/fileadmin/user_upload/rafi_de/Medien/Unternehmen_und_Arbeitgeber/00_Information_Bewerberdaten__22.11.2019_.pdf
5. Statistics and Marketing Tools
5.1 Google Analytics
(1) By giving your consent, our WEBSITE uses Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Analytics uses so-called "cookies", text files, which are stored on your respective storage device and allow an analysis of your use of the WEBSITE. The information generated by a cookie about your use of our WEBSITE (including your IP address) is usually transmitted to and stored by Google on their servers. It cannot be ruled out that the data will also be transmitted to a Google LLC server in the USA. However, if IP anonymization is enabled on our WEBSITE, your IP address will be shortened by Google beforehand within member states of the European Union or other parties of the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the US and shortened there. On our behalf, Google will use this information to evaluate your use of the WEBSITE, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
(2) The IP address provided by Google Analytics within your Internet browser will not be merged with any other data provided by Google.
(3) The legal basis for processing your data is your consent to statistical cookies in accordance with Art. 6 (1) subpar. 1 (a) GDPR. You can withdraw your consent at any time with future effect e.g. revoke with the buttons "change your consent" or "revoke your consent" in our cookie statement [https://www.rafi.de/en/cookie-declaration/].
(4) You can also prevent participation in this tracking process in a number of other ways: (a) You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of our WEBSITE in full. (b) At any time in the future, you may also prevent the collection of the cookie-generated and WEBSITE-related data (including your IP address) from Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. (c) Alternatively, for browsers on mobile devices, you can prevent Google Analytics from collecting it by clicking the following Link. An opt-out cookie will be set which prevents the future collection of your data when visiting our WEBSITE. Please note: The cookie only works for the browser on which it is placed. If you delete the cookie on this browser, you must reset it by clicking on the above links.
(5) Insofar as you give consent and allow such cookies to be stored, Google Analytics retains your data for 14 months. Data that has reached the end of this retention period will be automatically deleted.
(6) We point out that Google Analytics is used on our WEBSITE with the extension "_anonymizeIp()" and that your IP address will only be processed shortened in order to exclude a direct personal reference. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.
(7) As part of Google Analytics, we use the additional features of Universal Analytics. Universal Analytics allows us to analyze your activities on our sites across multiple devices. This is made possible by the pseudonymous assignment of a user identification (user ID) to a user. Such an allocation is made, for example, when you register for a customer/supplier account or log in to your customer/supplier account. However, no personal information will be forwarded to Google.
(8) For all cases in which personal data is transferred to the US, Google LLC is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
5.2 DoubleClick by Google
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence regarding the extent and further use of the data collected by the use of this tool by Google and therefore inform you to the best of our knowledge: By including DoubleClick, Google receives the information that you access the corresponding part of our WEBSITE or clicked an ad from us. If you're registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find and store your IP address.
(3 The legal basis for processing your data is your consent to marketing cookies in accordance with Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with future effect e.g. revoke with the buttons "change your consent" or "revoke your consent" in our cookie statement [https://www.rafi.de/en/cookie-declaration/].
(4) You can also prevent participation in this tracking process in a number of other ways: (a) by adjusting your browser software accordingly; in particular, the suppression of third-party cookies results in you not receiving any third-party advertisements; (b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", www.google.com/settings/ads, where these setting is cleared when you delete your cookies; (c) by deactivating the interest-based advertisements of the providers that are part of the "About Ads" self-regulatory campaign via the link www.aboutads.info/choices, which will be deleted when you delete your cookies; (d) through permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link www.google.com/settings/ads/plugin. We point out that in this case you may not be able to use all features of this offer in full.
5.3 Google Tag Manager
(1) Our WEBSITE also uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager allows us to manage our tags on one centralized interface. Tags are small code elements on our WEBSITE that are used to measure visitor behavior and visitor traffic.
(2) Google Tag Manager does not save cookies and does not collect personally identifiable information from you. Rather, Google Tag Manager triggers tags that come from other services and that may collect data. In our case these are the services of DoubleClick by Google (cf. Sect. 5.1). If you deactivate the tracking features used by the mentioned services (cf. Sect. 5.1), the same applies to the tags implemented with the Google Tag Manager.
(3) The legal basis for processing your data is your consent to marketing cookies in accordance with Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with future effect e.g. revoke with the buttons "change your consent" or "revoke your consent" in our cookie statement www.rafi.de/en/cookie-declaration/.
(4) For all cases in which personal data is transferred to the US, Google is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
6. Third-Party Content
6.1 Web Fonts by Monotype
(1) Our WEBSITE uses so-called web fonts provided by Monotype Inc., Monotype, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Fonts.net). (“Monotype”).
(2) The tracking code of the web fonts does not collect, process or save any personal data. When you access our WEBSITE, Monotype collects the project identification number of the web font (anonymized), the URL of the licensed website linked to a customer number to identify the licensee and the licensed web fonts, and the URL of the previously visited page.
(3) Monotype stores the anonymized project identification number of the web fonts in encrypted log files with such data for a period of 30 days in order to determine the monthly number of page views. After such determination and storage of the number of page views, the log files are deleted.
(4) Monotype shares anonymized data with subsidiaries and affiliates.
(2) By playing YouTube videos on our WEBSITE, YouTube receives the information that you have accessed the corresponding sub-page of our WEBSITE. In addition, the data mentioned under Sect. 3.1 of this Policy will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish your profile to be assigned on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our WEBSITE. You have the right to object to the creation of these user profiles, and you must address YouTube directly to exercise that.
(3) The legal basis for using YouTube on our WEBSITE is your consent in accordance with Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with future effect e.g. revoke with the buttons "change your consent" or "revoke your consent" in our cookie statement [https://www.rafi.de/en/cookie-declaration/].
(4) Google processes your personal data in the US and has subjected itself to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
7. Data Security
(1) We use technical and organizational security measures to protect accruing or collected personal data, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons. Our security measures are continuously improved in line with technological developments.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize the secure transmission by the protocol name "https: //" in the URL line.
8. Your Rights
(1) With regard to the processing of personal data concerning you, you are entitled to the rights listed below in a)-h) under the legal preconditions. Please contact the Data Protection Officer or us for this. The contact details can be found under Sect. 1.
a) Right to Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or objection to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) - f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to Restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Consultation
According to Art. 19 GDPR we communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to Objection
As far as we base the processing of your personal data on the balance of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform us or the Data Protection Officer about your objection under the contact data mentioned in Sect. 1.
h) Right to revoke the Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us, at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 GDPR. Please contact a supervisor in the Member State of your place of residence, your work place or the location of the potential breach. An overview can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Version: April 1st 2020