Important information regarding the handling of personal information by RAPS GmbH & Co.KG

 

Dear Ladies and Gentlemen,

 

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will enter into force. This means the rights of affected persons in the European Union regarding the protection of their personal information will become significantly stronger. The company RAPS has always placed special value on the safety of your personal information.

 

The GDPR is the most significant data protection regulation in Europe since the EU Privacy Directive from the year 1995. After a two-year grace period, the GDPR will replace the outdated EU Privacy Directive and, in many parts, the privacy policy laws of individual member states. In contrast to a directive, a regulation is directly valid in all member states of the EU, without the need for national laws. As a result, an EU-wide and uniform set of rules for data protection has been created for the first time.

 

In addition to ensuring consistency of privacy policy regulations in the individual EU member states, the GDPR takes into consideration key IT trends which have become relevant to data protection in the last two decades. It therefore increases the level of data protection in the EU member states. This means it strengthens the rights of affected persons and increases the obligations of companies in equal measure.

 

What does this mean for you?

 

So that you can better understand the individual aspects and the effects of the new regulation, we are giving you this updated privacy policy. It provides an overview of the processing of personal information by the company RAPS and of your expanded rights, which are the result of the data protection law.

 

We are aware that care and transparency are the basis for a trustful collaboration with our customers. The compliance with laws and regulatory requirements in general is just as important to us and our employees as the legal and sensible handling of your personal data, in particular.

 

Other information about the concrete handling of personal information can be found in the enclosed privacy policy. You can also find information on who an affected person can contact in the case of questions or concern.

 

Privacy policy according to the EU General Data Protection Regulation

 

I. Name and address of the person responsible

 

The responsible person according to the General Data Protection Regulation (GDPR) and other national privacy policy laws of the member states, as well as other regulations regarding data protection laws is:

 

RAPS GmbH & Co. KG
Adalbert-Raps-Str. 1
95326 Kulmbach
Germany
Tel.: +49 9221 807-0
Fax: +49 9221 807-100
Email: info@raps.com

 

The privacy officer appointed by the responsible person is:

 

RAPS GmbH & Co. KG
Privacy Officer
Adalbert-Raps-Str. 1
95326 Kulmbach Germany
Tel.: +49 9221 807-106
Fax: +49 9221 807-66314
Email: datenschutz@raps.com

 

II. Origin of data and types of data for data processing

 

We process personal information which we receive from you in your position as representative/authoriser of the legal person (interested person, client and/or supplier).

 

Relevant personal information of the authorised person / authoriser can be or are: Surname, first name, contact information (telephone number and email address).

 

When closing a contract and using services, additional personal information besides that mentioned above may be collected, processed and saved. These comprise in essence:
information and logging of client requirements, contractual agreements and, possibly, declarations of consent to marketing activities.

 

III. Legal framework and purpose of processing

 

We process the above-mentioned personal information in accordance to the requirements of the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG):

 

a. To fulfil contractual obligations (article 6, par. 1b of the GDPR)

 

The processing of personal information takes place to provide services within the scope of fulfilling contractual measures. Further details for the purpose of data processing can be found in the respective contract documents and the terms and conditions.

 

b. For legal requirements (article 6, par. 1c of the GDPR)

 

The company RAPS is also subject to various legal obligations; in other words, legal requirements (e.g. tax and trade law, tax code).

 

c. Within the scope of a balance of interests (article 6, par. 1f of the GDPR)

 

Insofar as is required, we process your personal information beyond the actual fulfilment of the contract to safeguard rightful interests we or third parties have. Examples:
- Assertion of legal claims and defence in legal disputes
- Guarantee of IT security and IT operations of the RAPS Group
- Prevention of crimes
- Video surveillance to safeguard company rights
- Measures for building and facility security (e.g. access controls)

 

d. With your consent (article 6, par. 1a of the GDPR)

 

Insofar as you have given your consent to process your personal information for certain purposes (e.g. to send informative materials), the legality of this processing is given on the basis of your consent. Consent provided may be retracted at any time. This also goes for the retraction of declarations of consent which were given to us before the EU GDPR entered into force; in other words, before 25 May 2018. Please note that the retraction is valid for the future and processing up to the point of entry into force is not affected.

 

IV. Passing-on of information

 

Within the company RAPS, certain persons have access to your personal information in order to fulfil our contractual and legal obligations. Likewise, service providers we commission (e.g. logistics companies) and vicarious agents (e.g. data processers, waste disposal companies) may receive information for their respective purpose when they comply with and guarantee the adherence to the privacy policy requirements in the GDPR and other data protection regulations.

 

V. Data transfer to third countries or an international organisation

 

Personal information is transferred to places outside the EU or the European Economic Area (so-called third countries), insofar as this is necessary to fulfil orders from the client or suppliers or is legally required (customs regulations). Should service providers in third countries be used, these are additionally obliged by the agreement with the EU standard contractual clauses to comply with the level of European data protection.

 

VI. Duration of data storage

 

We process and store your personal information as long as you are authorised to represent the respective legal person. Should information no longer be necessary to fulfil the contractual or legal obligations, this information shall be frequently deleted unless its further processing for a given period of time is necessary for the following purposes:

- To fulfil data storage obligations due to trade and tax law and which are included in the commercial code and tax code. The period of time provided in these for storage or documentation is up to ten years.

- To safeguard evidence within the scope of the statute of limitation. According to §§ 194 ff. of the German Civil Code (BGB), these statutes of limitation can be for up to 30 years, whereby the standard statute of limitation is three years.

 

VII. Rights toward the responsible place

 

Each affected person has the right to receive information according to article 15 of the GDPR, the right to correction according to article 16 of the GDPR, the right to deletion according to article 17 of the GDPR, the right to limitation to processing according to article 18 of the GDPR and the right to disagreement according to article 21 of the GDPR, as well as the right to appeal with data protection authorities according to article 77 of the GDPR in connection with § 19 of the BDSG.

 

Consent to the processing of personal information can be retracted at any time. This also goes for the retraction of declarations of consent which were given to us before the EU GDPR entered into force; in other words, before 25 May 2018. Please note that the retraction is valid for the future and processing up to the point of entry into force is not affected.

 

VIII. Obligations toward the responsible place

 

Within the scope of our business connection with the legal person representing you, you must provide the personal information of this person needed for the intake and fulfilment of a representation/authorisation and the contractual obligations associated with this, or for which we are legally obliged. Without this information, we must as a rule reject the position of authorised representative / authorised person or have to cancel an existing authorised representation / authorisation.

 

Download this information as PDF.