Data Protection at a glance
Who is responsible for data processing on this website?
Data on this website is processed by the website operator, RAPS GmbH & Co. KG, Adalbert-Raps-Str. 1, D-95326 Kulmbach, phone +49 (0) 9221 807-0, E-Mail: firstname.lastname@example.org (hereinafter referred to as “RAPS”). Our data processing officer can be contacted via E-Mail: email@example.com.
How do we collect your data?
Your data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit our website. These data are primarily technical data, e.g. internet browser, operating system or time of website access. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected and used to ensure proper functioning of the website. Other data can be used to contact you, to provide website functionalities (e.g. insertion of videos) or to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored personal data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us or our data processing officer at any time using the address above if you have any further questions about data protection. You may also, of course, file a complaint with the regulatory authorities.
I. General information
RAPS GmbH & Co. KG (hereinafter referred to as “RAPS”) as operator of the website www.raps.com takes the protection of your personal data very seriously. We treat personal data as confidential and in accordance with the data protection regulations and this privacy statement. The legal details can be found in the General Data Protection Regulation (GDPR) as well as the German “Bundesdatenschutzgesetz” (BDSG).
If you use this website, various pieces of personal data will be processed. Personal information is any data on an identified or identifiable individual person (hereinafter referred to as “person concerned”). An identifiable individual is a person directly or indirectly identifiable, e.g. by allocating online identification data. This may include information such as name, address, phone number and date of birth.
This data protection statement explains (in accordance with Art. 12 et seq. GDPR) handling of your personal data when using our website. It explains in particular what data we collect and what we use it for. It also explains how and for what purposes this happens.
This data protection statement refers explicitly to the website specific data processing when visiting our website www.raps.com. Also beyond website specific data processing, RAPS takes protection of personal data very seriously. Please also note – where applicable – our data protection information in accordance with General Data Protection Regulation (GDPR) (information leaflet for customers, suppliers and business partners/contacts of RAPS), which can be retrieved any time as amended from here.
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, E-Mail addresses, etc.). The party responsible (in accordance with GDPR and the valid national data protection laws, especially BDSG as well as other data protection regulations) is:
RAPS GmbH & Co. KG
Tel.: +49 9221 807-0
Fax: +49 9221 807-100
III. Company data protection officer
We have appointed a data protection officer for our company, who can be contacted at:
RAPS GmbH & Co. KG
Datenschutzbeauftragter (data protecton officer)
Tel.: +49 9221 807-106
Fax: +49 9221 807-66314
IV. Purpose and legal basis of processing data
1. Access to our website – server log files
For the technical provision of the website, we have to process certain information that your browser automatically transmits to us. This information is automatically collected when you visit our website and it is automatically filed in server log files. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The collection of the before-mentioned access data is required for technical reasons in order to provide a functional webiste and for system security. This applies also to the inevitable storage of your IP address, which can under further conditions, at least theoretically, enable identification of your person. Beyond the before-mentioned purposes, we use server log files only for appropriate design and improvement of our internet services, purely statistically and without any conclusions being drawn to your person. The data will not be combined with data from other sources. An evaluation of the data for marketing purposes will not take place.
The data collected when accessing our website will only be stored as long as needed for the before-mentioned purposes. Your IP address will be stored on our web server for IT safety reasons for a maximum period of 7 days.
If you visit our website to receive and use information on our products and services, the temporary storage and processing of your data is based on Art. 6 (1) (f) GDPR, which permits the processing of data to fulfil a contract or for measures preliminary to a contract. Beyond this, Art. 6 (1) (f) GDPR is the legal basis for temporary storage of technical access data. Our legitimate interest is to provide a functional and user-friendly website, and to ensure the security of our systems.
2. Contact form
Should you send us questions via the contact form, we will collect the message entered on the form including the contact details you provide, to answer your questions and any follow-up questions. We do not share this information with third parties, unless it is necessary to answer your questions or with your consent.
If you contact us regarding an existing contract or to obtain information on our offerings and other services, we will process any data and information you enter only for processing and answering your questions as defined in Art. 6 (1) (f) GDPR (legal basis). Furthermore, for the protection of our legitimate interests (as defined in Art. 6 (1) (f) GDPR) when answering customer/contact inquiries appropriately.
We will retain the data on the contact form until the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit (so-called transient cookies). Other cookies remain in your device’s memory until you delete them (so-called persistent cookies). These cookies enable us to recognize your browser when you next visit. Upon a written request, we are well prepared to provide further information on the used functional cookies. In that case, please contact the above mentioned address.
Some of the cookies we use on our website are from third parties. They help us to analyze the effect of our website contents and the interests of our visitors. They also help to evaluate the efficiency and performance of our website or to place appropriate advertising and other contents on the website. We use “first party cookies” (only visible from the domain which is visited) as well as “third party cookies” (visible from all domains and regularly set by third parties).
The cookie-based data processing is based on your authorization according to Art. 6 (1) (a) GDPR (legal basis) or on Art. 6 (1) (f) GDPR (legal basis) for protection of our legitimate interests. Our legitimate interests are in particular to provide an optimized and user-friendly website and to ensure the security of our systems. You may revoke any given consent at any time, e.g. by deactivating the cookie-based tools/plugins described below. With appropriate settings, you can also object to data processing based on legitimate interests.
We use the following cookie-based tools/plugins on our website:
The information generated by the cookies about your use of this website (e.g. time, place and frequency or your visits including IP address) is usually transmitted to a Google server in the USA and stored there. Google is certified by the “Privacy-Shield-Agreement” (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The storage time of the respective data at Google has been set at 14 months on user and event level (shortest possible setting option).
We have activated the function IP anonymization on this website. Your IP address will be shortened and thus anonymized by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United Sates. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with any other data on your person held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. (see above). You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objecting to the collection of data
Alternatively, you can activate/deactivate the collection of your data by Google Analytics (especially on mobile devices) by clicking on the following link:
An opt-out cookie will be set to prevent your data from being collected on future visits to this site.
The following tracking cookies are used by Google Analytics:__utmz, __utma, __utmb, __utmc, __utmt.
Our website uses plugins from the video platform YouTube for incorporating and playing videos on the website. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA („YouTube“). YouTube is operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The incorporation of YouTube videos is carried out under the so-called “extended data protection mode”. This mode, according to the operator, will only start collecting user data after the videos have been started. Sharing of data with YouTube partners is not completely excluded by the extended data protection mode. YouTube establishes a connection to Google DoubleClick network, irrespective of whether you watch a video or not.
If you are logged into your YouTube account, YouTube can assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before starting the video. YouTube is used to make our website more appealing. This is a justified interest pursuant to article 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under: https://www.google.de/intl/de/policies/privacy.
This site uses the Google Maps services via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to article 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at: https://www.google.de/intl/de/policies/privacy/.
Digital Data Solutions
This website uses “Cookie First”, a service offered by Digital Data Solutions (Digital Data Solutions B.V., Plantage Middenlaan 42a, Amsterdam 1018DH (NL)). It is a plugin for approving cookies and/or tracking technologies. “Cookie First” does not collect personal data. Details on this tool can be found at: https://cookiefirst.com.
4. Further purposes for processing data
Legal compliance: Additionally, we process personal data in order to comply with other legal obligations which can arise in connection with our business operations. In particular this includes retention periods relating to commercial and tax law. We process your personal data in compliance with article 6 (1) (f) GDPR (legal base) in order to fulfil our legal obligations.
Law enforcement: We process your personal data to assert and enforce our legal rights. Furthermore, for defending legal claims. Finally, we process your personal data for prevention and persecution of criminal offences. We process your personal data for protection of our legitimate interests in compliance with article 6 (1) (f) GDPR (legal base), insofar as such claims are asserted or we have to defend against legal claims or prevent/investigate criminal offences (legitimate interests).
Consent: Insofar as you have given your consent to process your personal information for certain purposes (e.g. to send informative material or offers), the legality of this processing is given on the basis of your consent. You may revoke your consent at any time. This applies also to consents given before GDPR came into force (before 25thMay 2018). Please note that the withdrawal will only be effective for future processing of data.
V. Recipients of data
Finally we transmit personal data in individual cases to our legal or tax consultants. These consultants are likewise committed to confidentiality and secrecy due to their professional status.
VI. Data transfer to third countries
Within the use of the above mentioned tools (e.g. Google), we transmit your IP address, if necessary, to third countries (see above). The transfer of data is based on the implementation decision (EU) 2016/2015 of the EU commission, dated 12thJuly 2016 in compliance with directive 95/46/EC of the European Parliament and Council on the adequacy of the protection provided by the EU-US data protection shield. Apart from that we do not transmit your personal data to countries outside the EU or European Economic Area, or to international organizations unless indicated otherwise in this data protection declaration.
VII. Duration of data storage
Initially we process and store your personal data as long as necessary for a respective purpose (see above – individual processing purposes). This can include the periods for contract initiation (precontractual relationship) and settlement of a contract. Should information no longer be necessary to fulfil the contractual or legal obligations, this information shall be frequently deleted unless its further processing for a given period of time is necessary for the following purposes:
- To fulfil data storage obligations due to trade and tax law which are included in the commercial and tax code (commercial code §§ 238, 257 (4) and tax code § 147 (3, 4) AO). The period of time provided in these for storage or documentation is up to ten years.
- To safeguard evidence within the scope of the statute of limitation. According to §§ 194 ff of the German Civil Code (BGB), these statutes of limitation can be for up to 30 years, whereby the standard statute of limitation is three years.
VIII. Data security
We protect personal data by means of technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the right of privacy. Among other things, the measures taken are for prevention of unauthorized access to the technical facilities we use as well as protection of personal data from unauthorized access by third parties. In particular, this website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential information such as inquiries you send to us as site operator.
You can recognize an encrypted connection in your browser’s address line when it changes from http://to https://and the lock symbol is displayed in your browser’s address bar. Once SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. Nevertheless, we have to point out that data transmission on the internet (e.g. communication by e-mail) may involve gaps in security. It is not possible to protect data completely against access by third parties.
IV. Your rights as data subject
Provided that the legal conditions are met, you have the following rights as data subject.
Right of access to information: According to article 15 GDPR you always have the right to learn whether we process your personal data. If this is the case, you have the right, according to article 15 GDPR, to receive information about your stored data as well as certain other information (amongst others, processing reasons, categories of personal data, categories of recipients, planned storage time, origin of the data, use of an automated decision-making and, in case of a transfer to third countries, appropriate guarantees) and a copy of your data. The restrictions of § 34 GDPR apply.
Right to correction: According to article 16 GDPR you have the right to request correction of the personal data we store if this data is incorrect.
Right to deletion: You have the right, according to article 17 GDPR, to request immediate deletion of your personal data. The right to deletion does not apply if processing of personal data is required for example for fulfilling legal obligations (e.g. data storage obligations) or for enforcement, exercise or defence of legal rights. Beyond that, the restrictions of § 35 GDPR apply.
The right to limitation of processing: You have the right, according to article 18 GDPR, to request limitation of processing your personal data.
Right to data transfer: You have the right, according to article 20 GDPR, to receive the personal data you provided to us, in a structurized, common and machine-readable form.
Right of revocation: You may revoke your consent in processing your personal data at any time. This applies also to consents given before GDPR came into force (before 25th May 2018). Please note that the withdrawal will only be effective for future processing of data. The data processed before revocation may still be legally processed. To revoke your consent, an informal message is sufficient, e.g. by e-mail.
Right of revocation: You have the right, according to the preconditions of article 21 GDPR, to object to the processing of our personal data so that we are obliged to stop processing your personal data. The right of revocation shall apply only within the limits stipulated in article 21 of GDPR. Our interest may oppose to the ending of processing, thus entitling us to process your personal data despite your revocation. We shall respect an opposition against any marketing actions immediately and without further consideration of interests.
Information on your right of objection, article 21 GDPR
You always have the right to object to the processing of your data which is processed on the basis of article 6 (1) (f) GDPR (data processing based on a balance of interests) or article 6 (1) (e) (data processing based on the public interest) , if there are reasons which arise from your specific circumstances.
Right to file complaints with regulatory authorities: On the basis of article 77 GDPR you have the right to file a complaint with regulatory authorities. You may contact the regulatory authority responsible for us, the Bavarian Commissioner for Data Protection, Wagmüllerstr. 18, D-80538 Munich or any other responsible regulatory authority. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Other concerns/requests: You may contact our data protection officer for further questions regarding data protection. If possible, please send requests to exercise your rights in written form to the address mentioned above or by e-mail to firstname.lastname@example.org.
VI. Obligation to provide data
Generally you are not obliged to provide your personal data. However, if you refuse to provide the necessary data, our website cannot be made available without restrictions or we will not be able to answer your questions. Personal data which is not mandatory for the reasons mentioned before, is marked accordingly as optional.
VII. Automated decision-making / Profiling
We do not use automated decision-making or profiling tools (an analysis of your personal circumstances).