The following information provides an initial overview of what happens to your personal data when you visit our website at www.raps.com or use our online shop. Personal data refers to any data that can be used to identify you personally. For detailed information on data protection, the individual data processing procedures and your rights as a data subject, please refer to our Privacy Policy, which is listed below this brief overview.
Who is responsible for data processing?
Data processing on this website is carried out by the operator, RAPS GmbH & Co. KG, Adalbert-Raps-Str. 1, 95326 Kulmbach, Germany, telephone: +49 9221 807-0, email: info@raps.com (hereinafter “RAPS”) as the data controller. You can contact our Data Protection Officer by email at datenschutz@raps.com.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form or that you provide to us in connection with your participation in an event or webinar, or when you subscribe to our newsletter. Other data is collected automatically by our IT systems when you visit the website. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
We collect and use some of your data to ensure the website functions correctly. Other data may be used to contact you, to provide website features (e.g. embedding videos) or, where applicable, to analyse your user behaviour, as well as for the purpose of organising an event or webinar and sending out our newsletter.
What rights do you have regarding your data?
You have the right at any time to obtain information free of charge, for example, regarding the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification, restriction of processing or erasure of this data. For this and any further questions regarding data protection, you can contact us or our Data Protection Officer at any time at the address given above. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.
Do we use cookies and analytics tools?
When you visit our website and use our online shop, we do use cookies in some cases, for example to analyse our users’ browsing behaviour for purely statistical purposes. The analysis of your browsing behaviour is carried out anonymously and cannot be traced back to you personally. You are free to choose whether to enable or disable these analytics processes and allow such tracking. You can find detailed information on this in the privacy policy below.
Privacy Policy
I. General Information
RAPS GmbH & Co. KG (hereinafter “RAPS”), as the operator of the website www.raps.com, takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with statutory data protection regulations, as well as on the basis of this privacy policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
When you use this website or online shop, various types of personal data are processed depending on the nature and extent of your use. Personal data is information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly (e.g. by association with an online identifier). This includes information such as name, address, telephone number and date of birth.
This privacy policy informs you, in accordance with Article 12 et seq. of the GDPR, about how your personal data is handled when you use our website or our online shop. In particular, it explains what data we collect and what we use it for. It also informs you about how and for what purpose this is done.
This privacy policy primarily relates to the website-specific data processing activities that take place when you visit our website at www.raps.com. Information regarding additional specific data processing activities when using our online shop at shop.raps.com can be found in Section IV, point 4(e) of this privacy policy. Beyond the website-specific data processing procedures, RAPS attaches great importance to the protection of personal data. Please therefore also take note – where applicable to you – of our additional “Data Protection Notice in accordance with the EU General Data Protection Regulation” (information sheet for customers, suppliers and business partners/contacts of RAPS), the current version of which you can access here at any time.
II. Data controller
The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.). The data controller within the meaning of the GDPR and the applicable national data protection laws (in particular the BDSG) as well as other data protection regulations is:
RAPS GmbH & Co. KG
Adalbert-Raps-Str. 1
95326 Kulmbach
Germany
Phone: +49 9221 807-0
Fax: +49 9221 807-100
Email: info@raps.com
III. The Company Data Protection Officer
We have appointed a company data protection officer for our organisation. You can contact them at:
RAPS GmbH & Co. KG
Datenschutzbeauftragter
Adalbert-Raps-Str. 1
95326 Kulmbach
Germany
Phone: +49 9221 807-106
Fax: +49 9221 807-66314
Email: datenschutz@raps.com
IV. Purposes and legal basis for data processing
1. Accessing and visiting our website – server log files
In order to provide the website from a technical perspective, we need to process certain information that is automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time you access our website and is automatically stored in what are known as server log files. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under certain conditions, may at least theoretically allow for an association with your person. Beyond the aforementioned purposes, we use server log files exclusively for the needs-based design and optimisation of our website, purely for statistical purposes and without any reference to your person.
The access data collected when you use our website is retained only for as long as is necessary to achieve the purposes set out above. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
Where you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of access data is Article 6(1)(b) of the GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. Furthermore, in this case, Article 6(1)(f) of the GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functional and user-friendly website, as well as to ensure the security of our systems.
2. Contact form
If you send us enquiries via the contact form, your message (comment), including the contact details you provide there, will be stored by us and processed accordingly for the purpose of processing and responding to your enquiry, as well as in the event of any follow-up questions. We do not pass this data on to third parties unless this is necessary for the processing and response to your enquiry or you have given us your consent to do so.
If you contact us within the framework of an existing contractual relationship
or contact us in advance to obtain information about our range of services or other services, the data and information you provide will be processed for the purpose of processing and responding to your enquiry in accordance with Article 6(1)(b) of the GDPR (legal basis). Furthermore, to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the proper handling of customer/contact enquiries.
The data you enter in the contact form will remain with us until the purpose for data storage/processing no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
3. Use of cookies and related functions/technologies
We use so-called cookies on parts of our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective and secure, and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a unique string of characters that enables your browser to be identified unambiguously when you visit the website again.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit or your browser session (so-called transient cookies). Other cookies remain stored on your device for a specified period or until you delete them (so-called persistent cookies). These cookies enable us to recognise your browser on your next visit. We are happy to provide further information on the functional cookies used upon written request. Please contact us using the contact details provided above.
You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. You can usually find instructions on how to disable cookies via the ‘Help’ function in your web browser. Disabling cookies may restrict the functionality and/or full availability of this website. For further cookie-specific settings and deactivation options, please also refer to the individual explanations below regarding the specific cookies used during your visit to our website and the associated functions/technologies.
Some of the cookies we use on our website are provided by third parties who help us analyse the impact of our website content and the interests of our visitors, measure the performance of our website, or place targeted advertising and other content on our or other websites. On our website, we use both first-party cookies (visible only from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).
Where the processing of information on your device is strictly necessary to enable you to use our website as you have expressly requested, the storage of information on your device or access to information already stored on your device is carried out on the basis of Section 25(2)(2) of the Telecommunications and Digital Services Data Protection Act (TDDDG). Any further processing of information on your device is carried out on the basis of your consent in accordance with Section 25(1) TDDDG.
The legal bases of the GDPR set out in this privacy policy then apply to the further processing of the personal data obtained in this way. In the case of necessary cookies, this is based on Article 6(1)(b) of the GDPR for the provision of the information service and Article 6(1)(c) of the GDPR to fulfil our legal obligations, in particular to provide you with a simple and documented option to grant or withhold your consent to cookies. In the case of functional cookies and analytics/marketing cookies, this is based on your consent in accordance with Article 6(1)(a) of the GDPR.
You may withdraw any consent you have given us at any time, for example by deactivating the relevant options in the overview below of the specific cookie-based tools/plugins used, or by opening the cookie settings by clicking on the fingerprint button (at the bottom left of the website) and making changes there. You can also object to processing based on legitimate interests by adjusting the relevant settings.
Specifically, the following cookie-based tools/plugins are used on this website:
Google Analytics & Google Tag Manager
Description: This website uses features of the web analytics service Google Analytics and Google Tag Manager. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses cookies (first-party cookies) that enable an analysis of your use of the website. Google uses the information generated by the cookies on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with further services relating to website and internet usage. This enables us to improve the quality of our website and its content. Based on statistical analyses, we learn how the website is used and can thus continuously optimise our offering.
The information generated by the Google Analytics cookies regarding your use of this website (for example, the time, location and frequency of your visits to the website, including your IP address) is transmitted to a Google server in the USA and stored there.
Google Tag Manager itself does not process any personal data; it controls the triggering of other tags. Non-essential tags are only loaded once consent has been given. (Legal basis: Section 25(1) of the German Telemedia Act (TDDG) in conjunction with Article 6(1)(a) of the General Data Protection Regulation (GDPR).)
The transfer of data to Google LLC, based in the USA, and to service providers integrated by Google LLC takes place on the basis of the so-called EU Standard Contractual Clauses. We have set the retention period for such data at Google to 14 months at user and event level (the shortest possible setting option).
IP anonymisation
We have enabled the IP anonymisation feature on this website. This means that Google truncates your IP address within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA, thereby anonymising it. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
Objection to data collection
We use Google Analytics with your consent. You can withdraw your consent at any time by
- using the button (fingerprint) displayed at the bottom left of this website to manage your cookie settings,
- preventing the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent,
- download and install the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout or click on this link to prevent future collection by Google Analytics on our website. This will place an opt-out cookie on your device. Please note that you mustactivate the opt-out cookie in every browser you use on all your devices and may also need to reactivate it if you ever delete all cookies in a browser.
Further information on the terms of use and privacy policy of Google Analytics can be found at www.google.com/analytics/terms/de.html, https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer. The use of Google Maps is in the interest of presenting our online services in an appealing manner and ensuring that the locations specified on our website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
Further information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
Digital Data Solutions
On our website, we use the “Cookie First” application from Digital Data Solutions (Digital Data Solutions B.V., Plantage Middenlaan 42a, Amsterdam 1018DH (NL)). This is a plugin that can be used to obtain consent for the use of cookies and/or tracking technologies. “Cookie First” does not itself collect any personal data. Details about this tool can be found at https://cookiefirst.com/de/.
4. Services requiring registration – newsletters, webinars, events
a. General
If you wish to use the (personalised or paid) offers and services available on the website, we may require further information from you in order to provide these services and for billing purposes.
This includes, in particular, your name, your (valid) email address and other details (address, telephone number, etc.) that allow us, for example, to verify that you are the owner of the email address provided or that the owner consents to receiving the relevant services, so that we can provide the services you have requested and ultimately invoice you correctly. Entering a valid email address is required so that we can prevent fraudulent registrations – for example, for newsletters.
Where you have given your consent, the legal basis for the processing of your data is Article 6(1)(a) of the GDPR. If the registration serves to fulfil a contract or to take steps prior to entering into a contract, the legal basis for the processing of your data is Article 6(1)(b) of the GDPR.
Data processing is also carried out on the basis of our legitimate business interest pursuant to Article 6(1)(f) of the GDPR for the purpose of ensuring the smooth and easy processing of your order, the efficient handling of any enquiries, the tailored design of our offers, product information for advertising and customer care.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was processed. Even after the contract has ended, there may still be a contractual or legal requirement to store the contractual partner’s personal data. In this case, there is no right to erasure, but under certain circumstances a right to restrict data processing.
b. Newsletter
Through our website, we offer you the opportunity to subscribe to our newsletter. In doing so, we process the contact details you provide, as well as information regarding the topics you have selected for which you wish to receive updates.
This data processing is carried out on the basis of your consent in accordance with Article 6(1)(a) of the GDPR (legal basis). You may withdraw your consent at any time, e.g. by unsubscribing from the newsletter via the link provided at the end of each newsletter. The lawfulness of any data processing operations that have already taken place remains unaffected by the withdrawal.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that enables the organisation and analysis of newsletter distribution. The data you provide for the purpose of subscribing to the newsletter (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.
The newsletters we send via CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter and how often each link in the newsletter was clicked. With the help of so-called conversion tracking, we can also analyse whether a predefined action (e.g. purchasing a product on this website) took place after clicking on a link in the newsletter. For further information on data analysis via CleverReach newsletters, please visit: www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is carried out on the basis of your consent (Article 6(1)(a) of the GDPR). You may withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of any data processing operations that have already taken place remains unaffected by this withdrawal.
If you do not wish your data to be analysed by CleverReach, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list once you have unsubscribed. Data stored by us for other purposes remains unaffected by this.
Once you have unsubscribed from the newsletter mailing list, your email address may be stored on a blacklist by us or the newsletter service provider, if this is necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with any other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). There is no time limit on storage in the blacklist. You may object to this storage provided that your interests override our legitimate interest.
For further details, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/.
c. Webinars
You can register for webinars on our website. When you register for a webinar, we collect certain data to enable you to take part in the webinar.
Hosting a webinar involves significant financial costs. Therefore, you can only participate in a webinar in return for providing various personal data, which may also include consent to receive marketing communications. Please refer to the registration form and the scope of the declaration of consent you provide when registering for the relevant webinar for details of the specific types of data required.
In this context, we also process your data for marketing purposes. The legal basis for the processing of the data, subject to your consent, is Article 6(1)(a) of the GDPR. The provision of your data is neither required by law nor by contract. Failure to provide your data will result in you being unable to participate in the webinar.
We store the personal data collected in connection with your registration for the purpose of processing your registration and running the webinar. This data will be deleted once the webinar has been completed. If you have given us your consent to receive marketing communications, your data will be deleted as soon as it is no longer required to fulfil the purpose of its processing, but at the latest upon withdrawal of your consent, provided that there is no legitimate interest in retaining it further.
Services and service providers used:
Webinar partner: Paule Porter Cinematography, Friedrich-Puchta-Straße 19, 95444 Bayreuth, Germany. They are responsible for the technical implementation of the webinar. Website: www.pauleporter.de; Privacy policy: www.pauleporter.de/datenschutz.
The service provider is YouTube; see IV. paragraph 6.
d. Event registration
You can register for our events on our website. To do so, we use either a printed registration form or our RAPS participant management tool. As part of the registration process, we process your data for the purposes of providing contractual services, invoicing and delivering customer services.
e. Participant management tool
For registration for some of our events, we will use the RAPS internal participant management tool, a service provided by Digital Born, Bayreuther Str. 9, 95482 Gefrees.
Here, the data is stored within Germany in compliance with the provisions of the GDPR.
f. Our own printed registration forms
For some of our events, you also have the option of registering as a guest using our own registration form.
If you order as a guest, you must re-enter your details in full for every order. When registering for our events via the guest access, we are required to collect your first name and surname, your company affiliation, as well as your valid email address, telephone number and postal address.
5. Purpose of processing, retention period
This data is processed for the purpose of identifying you as our contractual partner and for processing your order. The data processing is carried out at your request and is necessary, in accordance with Article 6(1)(b) of the GDPR, for the fulfilment of the order and for pre-contractual measures.
The personal data collected for the order will be stored until the expiry of the statutory warranty period and then deleted, unless we are obliged to store it for a longer period under Article 6(1)(c) of the GDPR due to tax and commercial law retention and documentation obligations, or you have consented to further storage under Article 6(1)(a) of the GDPR.
6. RAPS Online Shop (shop.raps.com)
The following information relates exclusively to our RAPS Online Shop in the B2B sector.
Customer account, registration & identity service
To use the customer area, we process registration/account data (e.g. company name, address, VAT number, email address, telephone number) as well as roles/authorisations. We use Microsoft Entra External ID for login and account security.
Order and Shipping Processing (B2B)
For quotations, orders, invoicing, delivery and customer service, we process, in particular, order, invoice and delivery data. Shipping provider: UPS (receipt of necessary delivery data for dispatch).
Legal basis: Article 6(1)(b) of the GDPR (account/order processing), Article 6(1)(f) of the GDPR (account security).
Transactional emails (contract-related communication)
For certain actions (e.g. registration/double opt-in, password reset, order/dispatch confirmation, invoice), we send transactional emails to the address you have provided.
Legal basis: Article 6(1)(b) of the GDPR; in individual cases, Article 6(1)(f) of the GDPR (security/abuse notifications).
The emails are sent via an email service provider acting as a data processor (Article 28 of the GDPR).
Recipients / Categories of Recipients
In addition to the categories of service providers listed in Section V of this Privacy Policy, the following further categories of service providers are used specifically for the online shop:
- Service providers for hosting/shop operation (e.g. data centre, reverse proxy, shop software maintenance)
- Email service providers (sending of transactional emails)
Furthermore, you will find further information regarding the processing of your data within the context of existing contractual relationships in our Customer Privacy Policy.
7. Other purposes of processing
Compliance with legal requirements: We also process your personal data in order to comply with other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. In doing so, we process your personal data in accordance with Article 6(1)(c) of the GDPR (legal basis) to fulfil a legal obligation to which we are subject.
Law enforcement: We also process your personal data to assert our rights and enforce our legal claims. We also process your personal data to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In doing so, we process your personal data to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes, or we prevent or investigate criminal offences (legitimate interest).
Consent: Where you have given us your consent to process personal data for specific purposes (e.g. sending you information materials and offers), the lawfulness of this processing is based on your consent. You may withdraw your consent at any time.
Please note that withdrawal of consent only applies from the point in time of withdrawal onwards and does not affect any processing carried out prior to that time.
8. Our social media presence
This privacy policy applies to the following social media accounts
https://www.facebook.com/rapsgewuerze
https://www.facebook.com/rapsodyofspices
https://www.instagram.com/raps_career
https://www.instagram.com/rapsodyofspices
https://www.xing.com/pages/rapsgmbh-co-kg
https://www.linkedin.com/company/raps-gmbh-co-kg
https://www.youtube.com/@raps-gewuerze
https://www.youtube.com/@raps-spices-international
Data processing by social networks
We maintain publicly accessible profiles on social networks. You can find a list of the specific social networks we use below.
Social networks such as Facebook, LinkedIn, etc. are generally able to analyse your user behaviour in detail when you visit their website or a website featuring integrated social media content (e.g. ‘Like’ buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection.
If you are logged into your social media account and visit our social media page, the operator of the social media portal can link this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the relevant social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of social media platforms can create user profiles that record your preferences and interests. This enables interest-based advertising to be displayed to you both on and off the respective social media platform. If you have an account with the relevant social network, interest-based advertising may be displayed on all devices on which you are currently logged in or have previously been logged in.
Please also note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Legal basis
Our social media presence is intended to ensure the widest possible online reach. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Any analytics processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks.
Data controller and exercising your rights
When you visit one of our social media pages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability and the right to lodge a complaint) against both us and the operator of the relevant social media portal (e.g. against Facebook).
Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.
Retention period
Data collected directly by us via our social media presence will be deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence over the storage period of your data stored by the operators of social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Your rights
You have the right at any time to obtain information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to object, the right to data portability and the right to lodge a complaint with the relevant supervisory authority. Furthermore, you may request the rectification, restriction, erasure and, under certain circumstances, the restriction of the processing of your personal data.
9. Social media platforms in detail
We have a Facebook fan page. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Meta’). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement via the following link: www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: www.facebook.com/settings.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have an Instagram profile. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: www.facebook.com/legal/EU_data_transfer_addendum, help.instagram.com/519522125107875 and de.facebook.com/help/566994660333381.
For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following
www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.de.linkedin.com/legal/privacy-policy.
YouTube
Our website uses plugins from the YouTube video platform to embed videos and play them directly on our website. The provider of the video platform is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). YouTube is an affiliate of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
YouTube videos are embedded in what is known as “enhanced privacy mode”, which, according to the provider, only triggers the storage of user information once the video(s) are played. However, the enhanced privacy mode does not necessarily prevent data from being passed on to YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
When you play embedded videos on our website, a connection is established with YouTube’s servers and data is transmitted. We have no control over the scope or content of the data transmitted to YouTube – and, where applicable, to YouTube’s partners – when the plugin is activated. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent abusive behaviour. In doing so, YouTube uses cookies to collect information about user behaviour, provided you have consented to the use of these cookies. The cookies remain on your device until you delete them. You can prevent YouTube from storing cookies by adjusting the settings in your browser software (see above).
If you are logged into your YouTube account, you allow YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before clicking the play button.
The legal basis for the initial collection and/or storage of data is Section 25(2)(2) of the TTDSG, as the processing of the data is strictly necessary to enable us to provide the use of our website that you have expressly requested (e.g. with YouTube videos). The legal basis for the initial collection and/or storage of other data that is not technically necessary is the user’s consent in accordance with Section 25(1) of the TTDSG. Further data processing in connection with the integration of YouTube is necessary for the needs-based design of our website. This also constitutes our legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR.
Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/technologies/product-privacy
V. Recipients of data
Within RAPS, access to your data is granted to those departments that require it to fulfil our contractual and legal obligations. Service providers and agents engaged by us (e.g. IT/technical service providers, delivery companies, waste disposal companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account data protection regulations. In some cases, the recipients receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are likewise obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases, we transfer personal data to our advisers in legal or tax matters, whereby these recipients are bound by special confidentiality and secrecy obligations due to their professional status.
VI. Data transfers to third countries
When using the tools mentioned above, we may transfer your IP address to third countries. This data transfer is based on the so-called ‘EU Standard Contractual Clauses’ for the transfer of personal data to processors in third countries, or on the EU-US Privacy Shield. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations, unless expressly stated otherwise in this privacy policy.
VII. Duration of data storage
We process and store your personal data initially for the period during which the respective purpose of use requires such storage (see above regarding the individual processing purposes). This may also include the periods during which a contract is being negotiated (pre-contractual legal relationship) and during the performance of a contract. On this basis, personal data is regularly deleted in the course of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:
- Fulfilment of statutory retention obligations arising, for example, from the German Commercial Code (Sections 238, 257(4) HGB) and the German Fiscal Code (Section 147(3), (4) AO). The retention and documentation periods specified therein are up to ten years.
- Preservation of evidence, taking into account the limitation periods. Under Sections 194 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, although the standard limitation period is three years.
VIII. Data Security
We protect personal data using appropriate technical and organisational measures to ensure an adequate level of protection and to safeguard the privacy rights of data subjects. The measures taken serve, amongst other things, to prevent unauthorised access to the technical equipment we use and to protect personal data from unauthorised disclosure to third parties. In particular, for security reasons and to protect the transmission of confidential content, such as your contact enquiries sent to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is therefore not possible to guarantee complete protection of data against access by third parties.
IX. Your rights as a data subject
Subject to the legal requirements, you have the following rights as a data subject:
Right of access: You are entitled at any time, pursuant to Article 15 of the GDPR, to request confirmation from us as to whether we are processing personal data concerning you; if this is the case, you are also entitled, pursuant to Article 15 of the GDPR, to obtain information regarding this personal data as well as certain further details (including the purposes of processing, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfers to third countries, the appropriate safeguards) and to receive a copy of your data. The restrictions of Section 34 of the Federal Data Protection Act (BDSG) apply.
Right to rectification: You are entitled, pursuant to Article 16 of the GDPR, to request that we rectify the personal data we hold about you if it is inaccurate or incorrect.
Right to erasure: You are entitled to request that we erase personal data concerning you without undue delay, subject to the conditions set out in Article 17 of the GDPR. The right to erasure does not apply, inter alia, where the processing of personal data is necessary, for example, to comply with a legal obligation (e.g. statutory retention obligations) or to establish, exercise or defend legal claims. Furthermore, the restrictions set out in Section 35 of the Federal Data Protection Act (BDSG) apply.
Right to restriction of processing: You are entitled, subject to the conditions set out in Article 18 of the GDPR, to request that we restrict the processing of your personal data.
Right to data portability: You are entitled, subject to the conditions set out in Article 20 of the GDPR, to request that we provide you with the personal data concerning you that you have supplied to us in a structured, commonly used and machine-readable format.
Right to withdraw consent: You may withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of consent given to us prior to the entry into force of the GDPR, i.e. before 25 May 2018. Please note that the withdrawal only takes effect for the future. Processing that took place prior to the withdrawal is not affected by this. To withdraw your consent, an informal notification, e.g. by email, sent to us is sufficient.
Right to object: You are entitled, under the conditions set out in Article 21 of the GDPR, to object to the processing of your personal data, in which case we must cease processing your personal data. The right to object applies only within the limits set out in Article 21 of the GDPR. Furthermore, our interests may override the cessation of processing, meaning that we are entitled to process your personal data despite your objection. We will take immediate account of any objection to direct marketing activities without further weighing up the existing interests.
Right to lodge a complaint with a supervisory authority: You have the right to object at any time to the processing of your data carried out on the basis of Article 6(1)(f) of the GDPR (data processing based on a balancing of interests) if there are grounds for doing so arising from your particular situation. In particular, you may lodge a complaint with the supervisory authority responsible for us, the Bavarian State Commissioner for Data Protection, Wagmüllerstr. 18, 80538 Munich, or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Other enquiries: Our Data Protection Officer is available to assist you with any further questions or concerns regarding data protection. Such enquiries, as well as the exercise of your rights as set out above, should, where possible, be sent in writing to our address given above or by email to datenschutz@raps.com.
X. Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with full access to our website or respond to your enquiries. Personal data that we do not strictly require for the processing purposes mentioned above is marked accordingly as voluntary information.
XI. Automated decision-making / profiling
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).
XII. Can this privacy policy change?
The ongoing development of the internet and our website may also affect our privacy policy. We reserve the right to amend this online privacy policy from time to time in the future to ensure it complies with current legal requirements or to reflect any additions or changes to our website. The current version of this privacy policy applies to your visit; you can access it on every subpage via the ‘Privacy’ link.
Date: May 2026