DATA PROTECTION AT A GLANCE
The following information provides a brief overview of what happens to your personal data when you visit our website at www.raps.de. Personal data are all data that enable you to be personally identified. Detailed information on data protection, the individual processing activities and your rights as a data subject can be found in our data protection declaration underneath this brief overview.
Who is responsible for data processing?
Data are processed on this website by the website’s operator, RAPS GmbH & Co. KG, Adalbert-Raps-Str. 1, 95326 Kulmbach, Germany, tel.: +49 9221 807-0, e-mail: firstname.lastname@example.org (“RAPS”) as the controller. Our data protection officer can be contacted by e-mail at email@example.com.
How do we collect your data?
Some of your data are collected when you submit them to us. This can be data that you enter in a contact form, for example. Other data are recorded automatically by our IT systems when you visit our website. These are primarily technical data (e.g. web browser, operating system or time of the page view). These data are recorded automatically as soon as you access our website.
What do we use your data for?
We collect and use some of the data to ensure that we can operate the website properly. Other data can be used for the purposes of making contact, website functionality (e.g. embedding videos) or possibly to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information on the origin, recipients and purpose of your stored personal data at any time. You also have a right to demand the rectification, restriction of processing and erasure of these data. If you have any questions about this or any other aspect of data protection, please contact us or our data protection officer at the addresses stated above at any time. You also have the right to lodge a complaint with the competent supervisory authority.
When users visit our website, cookies are sometimes used, e.g. to analyse our users’ browsing habits purely for statistical purposes. Your browsing habits are typically analysed anonymously and cannot be traced to you personally. It is up to you whether you enable/disable such analysis processes and allow this tracking. Detailed information on this can be found in the data protection declaration below.
DATA PROTECTION DECLARATION
I. General Information
RAPS GmbH & Co. KG (“RAPS”), as the operator of the website www.raps.de, takes the protection of personal data very seriously. We handle personal data in strict confidence in accordance with the statutory data protection regulations and on the basis of this data protection declaration. In particular, the legal basis can be found in the EU General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG – German Federal Data Protection Act).
If you use this website, various items of personal data are processed depending on the nature and extent of your use. “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes information such as name, address, telephone number or date of birth.
This data protection declaration informs you in accordance with Article 12 et seq. GDPR of the handling of your personal data when you use our website. This data protection declaration explains which data we collect and what we use them for. It also explains how and why this is done.
This data protection declaration expressly relates to the website-specific data processing activities when visiting our website at www.raps.de. RAPS also attaches a high level of importance to the protection of personal data beyond the website-specific data processing activities. Therefore, please also note – if applicable to you – our further “Data protection information in accordance with the EU General Data Protection Regulation” (information sheet for customers, suppliers and business partners/contacts of RAPS), the current version of which can be accessed at any time here.
The controller is the natural or legal person which alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.). The controller as referred to by the General Data Protection Regulation, the applicable national data protection laws (including the German Federal Data Protection Act in particular) and other data protection provisions is:
RAPS GmbH & Co. KG
Tel.: +49 9221 807-0
Fax: +49 9221 807-100
III. Data protection officer
We have appointed a data protection officer for our company. The data protection officer can be contacted at:
RAPS GmbH & Co. KG
Data Protection Officer
Tel.: +49 9221 807-106
Fax: +49 9221 807-66314
IV. Purposes of and legal basis for data processing
1. Accessing and visiting our website – server log files
For the purpose of the technical provision of the website, it is necessary for us to process certain information transmitted automatically by your browser so that our website can be displayed in your browser and you can use the website. This information is recorded automatically every time that our website is accessed and stored automatically in server log files. This information is:
- - browser type and version
- - operating system used
- - referring URL
- - host name of accessing computer
- - time of server request
- - IP address
The storage of the above access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, at least theoretically, can be assigned to you personally under further conditions. Beyond the above purposes, we use server log files purely statistically and without personal identification exclusively for the needs-based design and optimisation of our Internet content. These data are not combined with other data sources and they are not analysed for marketing purposes.
The access data collected when our website is used are only retained for the period for which these data are required to achieve the above purposes. For the purposes of IT security, your IP address is stored on our web server for a maximum of seven days.
If you visit our website to learn more about or use our range of products and services, the basis for the temporary storage and processing of access data is Article 6(1)(b) GDPR (legal basis), which allows the processing of data for the performance of a contract or to take steps prior to entering into a contract. Furthermore, Article 6(1)(f) GDPR is also the legal basis for the temporary storage of the technical access data in this context. Our legitimate interest is in being able to provide a technically functional website designed to be user-friendly and to guarantee the security of our systems.
2. Contact form
When you contact us using the contact form, we store and appropriately process your message (comment), including the contact data you provide, in order to process and respond to your enquiry and in the event of follow-up questions. We do not share these data with third parties, unless this is necessary in conjunction with processing and responding to your enquiry or you have granted us the corresponding consent.
If you contact us in conjunction with an existing contractual relationship or in advance to obtain information on our services, the data and information you provide will be processed for the purposes of processing and responding to your enquiry in accordance with Article 6(1)(b) GDPR (legal basis). Moreover, to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR in properly responding to customer/contact enquiries.
We retain the data you enter in the contact form until the purpose of data storage/processing no longer applies (e.g. after processing your enquiry). This does not affect mandatory legal provisions, including retention periods in particular.
Most of the cookies we use are “session cookies”. They are automatically deleted after the end of your visit/your browser session (transient cookies). Other cookies remain on your device for a set period or until you delete them (persistent cookies). These cookies allow us to recognise your browser the next time you visit the website. We will be happy to provide further information on the functional cookies used on written request. Please use the contact data provided above in this case.
You can set your browser to inform you when cookies are used and to only allow cookies in certain cases, to reject cookies in certain cases or in general and to automatically delete cookies when you close your browser. The procedure for disabling cookies can typically be found using the “Help” function on your Internet browser. Disabling cookies can limit the functionality and/or full availability of this website. For further information on specific cookie settings and disabling options, please see the notes below on the cookies and related functions/technologies specifically used when visiting our website.
Some of the cookies we use on our website come from third parties that help us to analyse the impact of our website content and the interests of our visitors, to measure the performance of our website or the placement of customised advertising and other content on our or other websites. In conjunction with our website, we use first-party cookies (only visible from the domain currently being visited) and third-party cookies (visible from different domains and typically set by third parties).
Cookie-based data processing is based on your consent in accordance with Article 6(1)(a) GDPR (legal basis) and on the basis of Article 6(1)(f) GDPR (legal basis) to safeguard our legitimate interests. In particular, our legitimate interests are in being able to provide a technically optimised, user-friendly and needs-based website and to guarantee the security of our systems. Previously granted consent can be withdrawn at any time, e.g. by disabling options in the following overview of the individual cookie-based tools/plugins used or by clicking on the fingerprint button (bottom left on the website) to open and change your cookie settings. Corresponding settings can also be used to opt out of processing based on legitimate interests.
Specifically, this website uses the following cookie-based tools/plugins:
The information generated by the Google Analytics cookies on your use of this website (e.g. the time, place and frequency of your visit to our website, including your IP address) is sent to a Google server in the USA and stored there. Data are transferred to Google LLC., which is based in the USA, and to service providers used by Google LLC., on the basis of the EU’s standard contractual clauses. We have set the storage period at Google for such data at user and event level at 14 months (shortest available option).
We have enabled IP anonymisation on this website. This means that your IP address is shortened, and thus anonymised, by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Your full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. According to information provided by Google, the IP address sent by your browser in conjunction with Google Analytics is not merged with other Google data about you personally.
You can opt out of the storage of Google Analytics cookies using the appropriate settings in your browser software (see above). You can also opt out of the collection of the data generated by the cookie and relating to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to data collection
Alternatively, you can object to the collection of your data by Google Analytics by clicking on the fingerprint button on the bottom left and changing your cookie settings there.
You can disable Google cookies in this way.
Specifically, Google Analytics uses the following tracking cookies:__utmz, __utma, __utmb, __utmc
Our website uses plugins of the YouTube video platform to embed and play videos directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube). YouTube is an affiliated company of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
YouTube videos are embedded in “Privacy Enhanced Mode”, which, according to the provider, only stores user information when videos are played. However, the sharing of data with YouTube’s partners is not necessarily precluded by Privacy Enhanced Mode. For example, YouTube establishes a connection with the Google DoubleClick network regardless of whether you watch a video.
If you are logged in on your YouTube account, you enable YouTube to associate your browsing habits directly with your personal profile. You can prevent this by logging out of your YouTube account before activating the playback button. We use YouTube in the interests of making the online content we offer appealing. This is a legitimate interest in accordance with Article 6(1)(f) of the GDPR.
This website uses Google Maps services through an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Your IP address has to be stored in order to use Google Maps functions. This information is typically sent to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer.
Google Maps is used in the interests of making the online content we offer appealing and to make it easy to find us at the locations shown on our website. This is a legitimate interest in accordance with Article 6(1)(f) of the GDPR.
Digital Data Solutions
4. Services for registered users – newsletters, webinars
If you wish to use the (personalised or paid) content and services provided on the website, we may require further information from you in order to provide these services and for billing purposes.
In particular, such information includes your name, your (valid) e-mail address and other information (address, telephone number, etc.) that allows us to check, for example, that you are the owner of the e-mail address provided or that the owner consents to receiving the services in question in order to perform the services you wish for accordingly and, ultimately, to issue a proper invoice. A valid e-mail address is required so that we can prevent illegitimate registrations – for instance for newsletters.
The legal basis for the processing of data, subject to your consent, is Article 6(1)(a) GDPR. If the purpose of registration is for the performance of a contract or to take steps prior to entering into a contract, the legal basis for the processing of the data is Article 6(1)(b) GDPR.
Data are also processed on the basis of our legitimate business interests in accordance with Article 6(1)(f) GDPR for the purposes of guaranteeing the smooth and straight-forward processing of your order, the efficient processing of any further enquiries, for the needs-based design of our content, for product information on advertising and for customer service.
The data are erased as soon as they are no longer necessary to achieve the purpose of their processing. Even after a contract has ended, it may still be contractually or legally necessary to store a contractual partner’s personal data. In such event, you are not entitled to the erasure of your data, but you may be entitled to restrict the processing of your data.
You can unsubscribe from our newsletter at any time, i.e. by withdrawing your consent or objecting to receiving it again. A link to unsubscribe from the newsletter can be found at the bottom of each newsletter or you can use the contact options provided above.
You can use our website to register for webinars. If you register for a webinar, we collect certain data to enable your participation in the webinar.
Providing a webinar entails a high financial outlay. We can therefore only allow participation in a webinar in return for providing various items of personal data, possibly also entailing consent to advertising. The specific data types to be provided are shown on the registration form, as is the extent of the declaration of consent you issue when registering for the webinar.
We also process your data for advertising purposes in this context. The legal basis for the processing of data, subject to your consent, is Article 6(1)(a) GDPR. The provision of your data is neither legally nor contractually prescribed. Not providing such data will mean that you cannot participate in the webinar.
We erase the data as soon as they are no longer necessary to achieve the purpose of their processing, or after you revoke your consent at the latest, unless a legitimate interest in their further retention stands in the way of this.
Services used and service providers:
Webinar partner: Paule Porter Cinematography, Friedrich Puchta Straße 19, 95444 Bayreuth, Germany. They are responsible for the technical implementation of the webinar. Website: https://www.pauleporter.de; data protection declaration: https://www.pauleporter.de/datenschutz.
The service provider is Youtube, see IV. Paragraph 3.
You can register for our events on our website. To do so, please use either a printed registration form or the participation management tool “XING Events”. In conjunction with a registration, we process your data for the purposes of performing contractual services, billing and delivery of customer services.
“XING Events”, a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, can be used to register for some of our events.
We have integrated a corresponding XING plugin on our website for this purpose. You can use this to register for the event or to buy a ticket. When participants buy tickets or register, XING collects the requested data of the participants and then sends these data to us as the event’s organiser.
If registering through “XING Events”, you can log in on your XING account while registering to fill in the registration form more quickly. Naturally, you can also enter your data in full every time that you register. In either case, your first name, surname, company affiliation and your valid e-mail address and address will be collected.
Self-printed registration form
For some of our events, you can also register as a guest using our registration form.
If you place your order as a guest, you must enter your data in full every time that you order. When you register for our events as a guest, we will always collect your first name, surname, company affiliation and your valid e-mail address, telephone number and address.
Purpose of processing, storage period
These data are processed for the purpose of identifying you as our contractual partner and for processing your order. The data will be processed after you place an order and, in accordance with Article 6(1) sentence 1(b) GDPR, this is necessary for the stated purposes for the fulfilment of the order for the corresponding product or service or to take steps prior to entering into a contract.
The personal data collected for the order will be stored until the end of the statutory warranty period and will then be erased, unless we are required to store them for longer owing to retention and documentation obligations under tax or commercial law in accordance with Article 6(1) sentence 1(c) GDPR or you have consented to further storage in accordance with Article 6(1) sentence 1(a) GDPR.
5. Other purposes of processing
Compliance with statutory requirements: We also process your personal data to comply with other statutory obligations that may apply to us in connection with our business operations. In particular, this includes retention periods under commercial, trade or tax law. In such cases, we process your personal data in accordance with Article 6(1)(c) GDPR (legal basis) to comply with a legal obligation to which we are subject.
Legal enforcement: We also process your personal data in order to assert our rights and to enforce our legal claims. Likewise, we process your personal data in order to defend ourselves against legal claims. Finally, we process and store your personal data to the extent necessary for the prevention or prosecution of crimes. In such cases, we process your personal data to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR (legal basis) to the extent that we assert legal claims or defend ourselves in legal disputes or prevent or investigate criminal offences (legitimate interest).
Consent: If you have given us consent to process personal data for certain purposes (e.g. sending information materials and offers), the lawfulness of this processing is based on your consent. Once granted, consent can be withdrawn at any time. This also applies to withdrawing declarations of consent issued to us before the General Data Protection Regulation became effective, i.e. before 25 May 2018. Please note that the withdrawal of consent is only effective for the future and does not affect processing that has already taken place up until that time.
V. Data recipients
Within RAPS as a company, your data can be accessed by those departments that require the data to fulfil our contractual and statutory obligations. The service providers and agents (e.g. technical service providers, shipping companies, disposal companies) we use can also receive data for these purposes. We limit the sharing of your personal data to what is necessary in line with the provisions of data protection law. In some cases, the recipients receive your personal data as processors, in which case they are strictly bound by our instructions in the handling of your personal data. In some cases, the recipients operate under their own data protection responsibility and thus likewise have an obligation to uphold the requirements of the General Data Protection Regulation and other data protection provisions.
Finally, in individual cases we send personal data to our consultants on legal and tax matters, whereby these recipients are required to maintain special confidentiality and secrecy on the basis of their professional duties.
VI. Data transfer to third countries
We may send your IP address to third countries in conjunction with the use of the tools described above. Data are transferred on the basis of the EU’s standard contractual clauses for transferring personal data to processors in third countries. Otherwise we do not transfer your personal data to countries outside the EU/EEA or to international organisations unless expressly indicated otherwise in this data protection declaration.
VII. Data storage period
We initially process and store your personal data for the period necessitated by the respective purpose (see individual purposes of processing above). This may also include periods prior to entering into a contract and during the processing of a contract. On this basis, personal data are typically erased in conjunction with the performance of our contractual/statutory duties, unless further processing for a limited period is required for the following purposes:
- - fulfilment of statutory retention requirements arising, for example, from the Handelsgesetzbuch (HGB – German Commercial Code) (sections 238, 257(4) HGB) and the Abgabenordnung (AO – German Fiscal Code) (section 147(3), (4) AO). The periods stipulated there for retention/documentation are up to ten years.
- - preserving evidence in line with the provisions on limitation periods. In accordance with sections 194 et seq. of the Bürgerliches Gesetzbuch (BGB – German Civil Code), these limitation periods can be up to 30 years, though the typical limitation period is three years.
VIII. Data security
We protect personal data using suitable technical and organisational measures to guarantee an appropriate level of protection and to protect data subjects’ personal rights. Among other things, the measures serve to prevent unauthorised access to the technical equipment that we use and to protect personal data from unauthorised inspection by third parties. In particular, for security reasons and to protect transfers of confidential content, such as contact enquiries that you send to us as the website operator, this website uses SSL and TLS encryption. You can recognise an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the padlock symbol in your browser bar. If SSL or TLS encryption is enabled, the data you send us cannot be read by third parties. Nonetheless, please note that security vulnerabilities can exist when transferring data on the Internet (e.g. when communicating by e-mail). Thus, it is not possible to completely protect data against access by third parties.
IX. Your rights as a data subject
You have the following rights as a data subject under the statutory conditions:
Right of access: In conjunction with Article 15 GDPR you are entitled, at any time, to obtain from us confirmation as to whether or not we are processing personal data concerning you; where that is the case, in conjunction with Article 15 GDPR, you are also entitled to receive details of these personal data and certain other information (such as the purposes of processing, categories of personal data, categories of recipients, the envisaged period for which the personal data will be stored, the origin of the data, the existence of automated decision-making and, in the event of transfer to a third country, suitable guarantees) and a copy of your data. The restrictions of section 34 BDSG apply.
Right to rectification: In accordance with Article 16 GDPR, you are entitled to demand that we rectify data we have stored about you if they are inaccurate or incorrect.
Right to erasure: Subject to the conditions of Article 17 GDPR, you are entitled to demand that we erase personal data about you without undue delay. Among other circumstances, the right to erasure does not apply if the processing of personal data is necessary, for example, to comply with a legal obligation (e.g. statutory retention requirements) or for the establishment, exercise or defence of legal claims. The restrictions of section 35 BDSG also apply.
Right to restriction of processing: Subject to the conditions of Article 18 GDPR, you are entitled to demand that we restrict the processing of your personal data.
Right to data portability: Subject to the conditions of Article 20 GDPR, you are entitled to receive from us the personal data concerning you in a structured, commonly used and machine-readable format.
Right to withdraw consent: You can withdraw your consent to the processing of personal data at any time. This also applies to withdrawing declarations of consent issued to us before the General Data Protection Regulation became effective, i.e. before 25 May 2018. Please note that the withdrawal of consent is only effective for the future. It does not affect any processing before the withdrawal of consent. You can declare the withdrawal of your consent to us in a free-form notification, e.g. by e-mail.
Right to object: Subject to the conditions of Article 21 GDPR, you are entitled to object to the processing of your personal data with the result that we must cease processing your personal data. The right to object only applies within the confines set out in Article 21 GDPR. Also, our interests may stand in the way of ceasing processing, in which case we are still entitled to process your personal data despite your objection. An objection to any direct marketing will be complied with immediately and without further considering our other interests.
Right to lodge a complaint with a supervisory authority: At any time, you have the right to object to any processing of your data that is taking place on the basis of Article 6(1)(f) GDPR (data processing based on a consideration of interests) or Article 6(1)(e) GDPR (data processing in the public interest) on grounds relating to your particular situation. In particular, you can lodge a complaint with our competent supervisory authority, The Bavarian State Data Protection Commissioner, Wagmüllerstr. 18, 80538 Munich, Germany, or any other competent supervisory authority. A list of the data protection supervisory authorities and their contact details can be accessed using the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Other concerns: You can contact our data protection officer for any other questions or concerns in connection with data protection. If possible, corresponding enquiries and declarations exercising your rights as described above should be sent in writing to the above address or by e-mail to firstname.lastname@example.org.
X. Obligation to provide data
You are under no obligation to provide us with your personal data. However, if you do not do so, we will be unable to provide you with unimpeded access to our website or to answer your enquiries to us. Personal data that are not essential for the above purposes of processing are indicated as voluntary disclosures.
XI. Automated decision-making/profiling
We do not use automated decision-making or profiling (the automated analysis of your personal circumstances).
XII. Can this data protection declaration change?