1. Controller for Data Processing and Data Protection Officer and general Principles
(1) We, the RAFI GmbH & Co. KG, Ravensburger Straße 128-134, 88276 Berg / Ravensburg, Germany, Tel.: +49 751 89-0, Fax: +49 751 89-1300, E-Mail: email@example.com, operator of the websites, available at www.rafi.de (hereinafter referred to as „WEBSITE“), and controller for the processing of personal data of the users of our website (“You”) subject to Art. 4 No. 7 General Data Protection Regulation (GDPR) and other national data protection laws of the Member States and other data protection provisions.
(2) Our external Data Protection Officer is: Mr. Dr. Norbert Kuhn, Heustraße 3, 70174 Stuttgart, Germany, E-Mail: firstname.lastname@example.org.
(3) Hereinafter, in the context of our information obligations, we would like to inform you in detail, which data are processed when visiting our WEBSITE and the use of our other services and offers on our WEBSITE. Furthermore, we would like to inform you about the associated protective measures we have also taken in technical and organizational terms.
2. Processing of personal Data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that can be directly or indirectly assigned to your person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us only if and to the extent of which
- the processing of data is necessary to fulfill a legal obligation to which we are subject to (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual actions that you request (Article 6 (1) Subpar. 1 b) GDPR), or
- You have given us your consent to the processing of data for one or more specific purposes (Article 6 (1) Subpar. 1 a) GDPR), or
- the processing of data is necessary to ensure our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
(5) The extent and nature of the processing of your data differs depending on whether you visit our WEBSITE solely for the purpose of retrieving information (see the following Sect. 3) or make use of services offered by us (see the following Sect. 4).
3. Merely informative use of our WEBSITE
(1) In connection with the mere informational use of our WEBSITE, that is, if you do not use any of our services and offers on our WEBSITE or provide us with any other information, we will only collect those data that your internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the network access device of the respective requesting computer
- Date and time of the request (in GMT)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
(2) This information is technically necessary for us to enable you usage and functionality of our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete your data as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for the merely informative provisioning of our WEBSITE, the deletion takes place when the respective session has ended. A storage of your IP address takes up to seven days in complete, then in anonymous form. Your IP address will be reduced by the last octet (or a corresponding subsegment in the case of IPv6). The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our website and to avert dangers.
4. Other Features and Offers
In addition to the purely informational use of our WEBSITE, we offer various offers and functions (hereinafter also referred to as "Services") that you can use, if you are interested. To do this, you will generally need to provide other personal information that we use to provide the Service and for which the aforementioned data processing principles apply.
In detail, these are the following Services for which we process your personal data:
4.1 Ordering Brochures and Contact/Feedback
(1) If you contact us, e.g. when ordering our printed flyers, brochures and / or catalogs or to provide us with your feedback, the processing of your voluntarily communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via the contact form, e-mail or otherwise. The processing of your data is only for processing the contact as well as to prevent misuse and ensure the security of our information technology systems.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not prevent statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is the case when the conversation with you is over. In general, the conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2 Subscription to our Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our offers and activities. The advertised offers and activities are mentioned in the declaration of consent.
(3) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address listed in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation.
(4) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately tagged data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for sending you the newsletter. The legal basis is Art. 6 (1) Subpar. 1 a) GDPR.
(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke by clicking on the link provided in each newsletter, by e-mail to email@example.com or by sending a message to the contact details mentioned in Sect. 1 at any time. You can also unsubscribe via this link: www.rafi.de/de/meta/konto/newsletter/.
(6) We will delete your data as soon as it is no longer necessary to achieve the purpose of its collection, your e-mail address becomes unreachable or if you revoke your consent to the sending of newsletters. Your data is therefore stored as long as the subscription to the newsletter is active.
4.3 Customer / Supplier Account (RSN and RCN)
(1) If you are already a customer with us, we can create a customer account for you on request within our RAFI Customer Net (RCN), through which we store your data for later further inquiries about our products, in case you are already a customer with us.
(2) If we commission you as a supplier, we can create a user account for you on request within our RAFI Supplier Net (RSN), through which we store your data for future orders and inquiries about your products / services.
4.4 Use of our B2B online catalog
(1) If you wish to request certain products through our B2B Online Catalog, processing your request requires that you create a customer account, providing personal information that we need to process your request and that we may store for further inquiry. Mandatory information required for the creation of the customer account is marked separately, further information is optional. We also process the voluntary data you provided to process your inquiries. The legal basis for this is Art. 6 (1) Subpar. 1 (b) GDPR and Article 6 (1) Subpar. 1 (f) GDPR for the voluntary data you provided.
(2) The data you provide are revocably stored by us. All data can be changed in your customer area. You can also delete your customer account in the customer area at any time.
(3) We may also process the information you provide to inform you of other interesting offers or to provide you with technical information e-mails. The legal basis for this is Art. 6 (1) Subpar. 1 (f) GDPR.
(4) If you delete your customer account, all data stored about you will be deleted. If a complete deletion of your data is not possible or necessary due to legal reasons, we will block your data for further processing.
(1) When you apply for a position in our company, we process the personal data that you provide us with, e.g. sent by e-mail. We do not require any information from you that is not usable under the General Equal Treatment Act (such as race, ethnic origin, religion or belief, age, sexual identity). We also do not ask you to submit any information on pregnancy, political views, philosophical or religious convictions and union membership.
(2) The processing of your personal data is for the sole purpose of staffing within our company. A transfer of your personal data will not take place, unless you have given us your consent. The legal basis for the processing of your personal data is Art. 6 (1) Subpar. 1 (b), Article 9 (2) (b), Art. 88 GDPR in conjunction with Section 26 FDPA.
(3) If we cannot offer you a position, we will delete your data no later than 6 months after completing the application process, unless you give us your consent that we may save the applicant details longer.
(2) Our WEBSITE uses persistent cookies. Persistent cookies are automatically deleted when you close the browser or log out. In particular, these include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our WEBSITE. The session cookies are deleted accordingly when you log out or close the browser.
(3) If personal data are processed by individual cookies, the processing is carried out in accordance with Art. 6 (1) Subpar. 1 b) GDPR either for the execution of the contract or in accordance with Art. 6 (1) Subpar. 1 f) GDPR for the protection of our legitimate interests in the best possible functionality of our WEBSITE as well as a customer-friendly and effective design of the page visit.
(4) You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. We point out that you may not be able to use all the features of our WEBSITE when cookies are deactivated.
6. Google Analytics
(1) Our WEBSITE uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the WEBSITE. The information generated by a cookie about your use of our WEBSITE (including your IP address) is usually transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on our WEBSITE, your IP address will be shortened by Google beforehand within member states of the European Union or other parties of the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the US and shortened there. On our behalf, Google will use this information to evaluate your use of the WEBSITE, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
(2) ) The IP address provided by Google Analytics within your Internet browser will not be merged with any other data provided by Google.
(3) You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of our WEBSITE in full. At any time in the future, you may also prevent the collection of the cookie-generated and WEBSITE-related data (including your IP address) from Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(4) Alternatively, for browsers on mobile devices, you can prevent Google Analytics from collecting it by clicking the following Link. An opt-out cookie will be set which prevents the future collection of your data when visiting our WEBSITE. Please note: The cookie only works for the browser on which it is placed. If you delete the cookie on this browser, you must reset it by clicking on the above links.
(5) Insofar as you allow cookies to be stored, Google Analytics retains your data for 14 months. Data that has reached the end of this retention period will be automatically deleted.
(6) We point out that Google Analytics is used on our WEBSITE with the extension "_anonymizeIp()" and that your IP address will only be processed shortened in order to exclude a direct personal reference. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.
(7) We use Google Analytics to analyze and regularly improve the use of our WEBSITE. With the statistics, we can improve our offer and make it more interesting for you as a user. Our legitimate interests lie in the optimization and marketing purposes. For exceptional cases in which personal data is transferred to the US, Google is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Googly Analytics is Art. 6 (1) subpar. 1 f) GDPR.
(9) As part of Google Analytics, we use the additional features of Universal Analytics. Universal Analytics allows us to analyze your activities on our sites across multiple devices. This is made possible by the pseudonymous assignment of a user identification (user ID) to a user. Such an allocation is made, for example, when you register for a customer account or log in to your customer account. However, no personal information will be forwarded to Google. Please note that also regarding the functions of Google Universal above possibilities of objection by the browser plugin or opt-out cookie are possible. You can also disable the cross-device analysis of your usage in “ My Account”, “Personal Information” personal account.
7. Third-Party Contents
a) Web Fonts (Fonts from Fonts.com and Fonts.net)
(1) We have incorporated videos from YouTube into our online offering, which are stored on www.YouTube.com and are directly playable from our WEBSITE. These are all included in the "extended privacy mode", i.e. that no data about you as a user will be transferred to YouTube, if you are not playing the videos. Only when you play the videos, the data mentioned in the next paragraph will be transmitted. We have no influence on this data transfer.
(2) By visiting our WEBSITE, YouTube receives the information that you have accessed the corresponding sub-page of our WEBSITE. In addition, the data mentioned under Sect. 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish your profile to be assigned on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our WEBSITE. You have the right to object to the creation of these user profiles, and you must address YouTube directly to exercise that.
8. Data Security
(1) We use technical and organizational security measures in order to protect accruing or collected personal data against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons in particular. Our security measures are continuously improved in line with technological developments.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize the secure transfer by the protocol name "https: //" in the URL line.
9. Your Rights
(1) With regard to the processing of personal data concerning you, you are entitled to the rights listed below in a)-h) under the legal preconditions. Please contact the Data Protection Officer or us for this. The contact details can be found under Sect. 1.
a) Right to Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or objection to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) - f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Consultation
According to Art. 19 GDPR we communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to Objection
As far as we base the processing of your personal data on the balance of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform us or the Data Protection Officer about your objection under the contact data mentioned in Sect. 1.
h) Right to revoke the Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us, at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 GDPR. Please contact a supervisor in the Member State of your place of residence, your work place or the location of the potential breach. An overview can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Effective: August 29th, 2018