The following information provides an initial overview of what happens with your personal data when you access our website on www.raps.com. Personal data is any data that may lead to your personal identification. You can find explicit information on privacy, the individual procedures of processing and your rights as data subjects in our privacy notice stated under this short overview.
Who is responsible for data processing?
Data processing on our website is done by the website operator, RAPS GmbH & Co. KG, Adalbert-Raps-Str. 1, 95326 Kulmbach, telephone: 09221 807-0, e-mail: info@raps.com (hereinafter “RAPS”) as the data owner. You can contact our data protection officer via e-mail to datenschutz@raps.com.
How do we collect your data?
On the one hand, we collect your data as you provide them, e.g. data that you enter in a contact form or that you provide in connection with your participation in an event, a webinar or to receive our newsletter. Other data is automatically collected by our IT systems when you access our website. This mainly applies to technical data (e.g. internet browser, operating system or timestamp of accessing the site). Such data is automatically collected as soon as you access our website.
What do we use your data for?
Part of your data is collected and used to ensure smooth delivery of our website. Other data may be used to contact you, to provide website functions (e.g. embedded videos) or to possibly analyze your user behavior as well to conduct an event or a webinar and to send out our newsletter.
What rights do you have in connection with your data?
At all times, you have the right to free of charge information regarding e.g. the origin, recipient and purpose of your personal data that we have saved. You also have the right to request rectification, restriction of processing or erasure of such data. To exercise any of these rights or for all other questions regarding privacy, you may contact us or our data protection officer at any time via the address stated above. Furthermore, you have the right to file a complaint with the competent supervisory authority.
Do we use cookies and analytics tools?
When accessing our website, certain cookies will be used, e.g. to perform a purely statistical evaluation of our users’ surfing behavior. This analysis of your surfing behavior is regularly conducted on an anonymous basis and backtracking it to you as a person is not possible. You are free to choose if you want to enable/disable the corresponding analytics processes and to consent to the corresponding tracking. More detailed information can be found in the following privacy policy.
In its role as operator of the website www.raps.com, RAPS GmbH & Co. KG (hereinafter “RAPS”) takes privacy protection very seriously. We treat personal data confidentially and according to the legal privacy protection provisions and in line with the present privacy policy. The legal bases especially stem from the General Data Protection Regulation (GDPR) as well as from the Bundesdatenschutzgesetz (BDSG, DE-Federal Data Protection Act).
In connection with your using this website and depending on the type and scope of your usage, we process various personal data. Persona data is information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered identifiable, when they can be identified either directly or indirectly (e.g. via the allocation of an online identifier). This includes information like name, address, telephone number and date of birth.
The present privacy policy serves as your information according to art. 12 ff. GDPR on how we treat personal data in connection with the usage of our website. It especially explains which data we collect and what we use them for. It also tells you how this is done and for which purpose.
This privacy policy explicitly relates to the data processing that occurs when you visit our website at www.raps.de . RAPS also considers any data processing beyond website-specific processing to be very important. Therefore, we kindly ask you to also consider our “Privacy notice according to the EU General Data Protection Regulation” (information sheet for customers, suppliers and RAPS‘ business partners/contacts), where it applies to you. To access the privacy notice in its currently valid form, please click here.
The party responsible, also known as the controller, is the natural person or legal entity with the capacity to either alone or together with others decide on the purposes and means of processing personal data (e.g. names, e-mail addresses or similar). The controller within the meaning of the GDPR and the currently applicable national data protection legislation (namely BDSG) as well as other data protection provisions is:
RAPS GmbH & Co. KG
Adalbert-Raps-Str. 1
95326 Kulmbach
Tel.: +49 9221 807-0
Fax: +49 9221 807-100
e-mail: info@raps.com
In our company, we have appointed a data protection officer. Their contact details are:
RAPS GmbH & Co. KG
Data Protection Officer
Adalbert-Raps-Str. 1
95326 Kulmbach
Tel.: +49 9221 807-106
Fax: +49 9221 807-66314
e-mail: datenschutz@raps.de
For the technical delivery of our website, it is necessary that we process certain information automatically provided by your browser, in order for our website to be visible within your browser and for you to use the website. This information is automatically collected every time you access our website, and it is saved in so-called server log files. This data is comprised of:
- browser type and version
- operating system used
- referring URL
- host name of accessing computer
- time of server request
- IP address
For technical reasons, it is necessary to save the access data mentioned above for the delivery of a functional website and to ensure system security. This also applies to saving your IP address, which is done out of necessity, and which under further prerequisites at least theoretically may allow for an allocation to you personally. For purposes going beyond those mentioned above, we only use server log files in a purely statistical way to set up and optimize our internet offer according to the users‘ needs and without any backtracking to you personally.
Access data collected in connection with your using our website shall only be saved for the period in which this data is necessary to achieve the purposes mentioned above. Our web server saves your IP address for the purposes of IT security for a maximum of 7 days.
Insofar as you visit our website to gather information on our products and services or to use them, the basis for such temporary saving and processing of access data is art. 6 (1) b GDPR (legal basis), which allows data processing to perform a contract or to complete pre-contract steps. In this case, art. 6 (1) f GDPR also serves as a legal basis for the temporary saving of technical access data. Our legitimate interest in this case is the ability to provide you with a technically functional and user-friendly website as well as to ensure the security of our systems.
If you use our contact form to request information, your message/communication (comment) will be saved inclusive of the contact data you provided, to process and answer your request and to further process in case of follow-up questions. We will not share this data with third parties, unless such sharing is necessary for the processing and answering of your contact request or in case you have provided consent.
Where you contact us in connection with an existing contract relationship or you contact us in advance to inquire about our portfolio or our other services, we will process the data and information you provided to process and answer your contact request according to art. 6 (1) b GDPR (legal basis). Furthermore, to protect our legitimate interest according to art. 6 (1) f GDPR by providing an appropriate response to your customer/contact request.
The data you entered in the contact form will remain with us until the purpose of saving/processing such data no longer applies (e.g. after having completed the processing of your request). Mandatory legal provisions– especially retention periods – remain unaffected.
In part, our website uses a technology known as cookies. Cookies do not harm your system and do not contain any viruses. Cookies are used to make our internet presence more user-friendly, effective and secure and to enable certain functions. Cookies are small text files that are placed on your device and that are saved by your browser. A cookie contains a characteristic sequence of characters to enable a unique identification of your browser when you access the website again at a later stage.
Most of the cookies we apply are so-called “session cookies”, i.e. they will be deleted at the end of your visit or your browser session (known as transient cookies). Other cookies remain on your device for a predetermined period, or they are saved until you actively delete them (known as persistent Cookies). Via these cookies we can recognize your browser when you revisit our website in the future. Upon written request, we will gladly provide additional information on the functional cookies used. Please use the contact data stated above for corresponding requests.
You may change the settings in your browser, in order to be informed about cookies which are to be placed on your device, and you can consent to cookies only in individual cases, you can exclude cookies for specific cases or in general and you can have cookies automatically deleted when you close your browser. You can regularly use the “Help” function of your internet browser to obtain information on how to deactivate cookies. Deactivating cookies can lead to the functionality and/or the full accessibility of this website being limited. For additional setting and deactivation options in connection with cookies, please also have a look at the individual explanations on the cookies specifically used to access our website and their corresponding functions/technologies.
Some of the cookies used on our website originate from third parties who help us analyze the effect of our website content and the interest of our visitors, measure the service and performance of our website or place customized advertisements and other content on our and other websites. Our website places both first party cookies (only visible from the domain you currently visit) as well as third party cookies (visible across domains and regularly used by third parties).
Where any processing of information on your device is absolutely necessary to enable your desired usage of our website, this information will be saved on your device or information already saved on your device will be accessed according to art. 25 (2) no. 2 of the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG, DE-Telecommunications Digital Services Data Protection Act). Any further processing of data on your device is done with your consent according to art. 25 (1) TDDDG.
The legal bases according to GDPR as stated in this privacy policy then apply to the further processing of the so obtained personal data. In connection with necessary cookies, this is done based on art. 6 (1) b GDPR to deliver the information offered and according to art. 6 (1) c GDPR, to comply with our legal obligations, especially to provide you with an easy and documented option for granting or withholding your cookie consent. In connection with functional cookies and cookies for analytics/marketing, this is done based on your consent according to art. 6 (1) a GDPR.
You may withdraw any consent you have given at any time, e.g. by individually deactivating the cookie-based tools/plugins as they appear in the following overview or by accessing the cookie settings with a click on the fingerprint button (bottom left corner of the website) to apply any changes. With the corresponding settings you may also object to data processing based on legitimate interests.
In detail, the present website uses the following cookie-based tools/plugins:
Google Analytics
Description: This website uses functions offered by the web analysis service Google Analytics. The corresponding provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The party responsible for users inside the EU/the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland (“Google”). Google Analytics uses cookies (first party cookies), enabling the analysis of how you use the website. Google applies the cookie-generated information on our behalf to evaluate the website usage, to compile reports on website activities and to perform additional services for us that are connected to the website usage and the surf behavior. This helps us to improve the quality of our website and its contents. Based on statistical analyses we learn about the way the website is being used, and this enables us to consequently optimize our offer.
The information on your usage of this website as gathered via the Google Analytics cookies (e.g. time, place and frequency of your accessing the website inclusive of your IP address) will be transferred to a Google server located in US and saved there. Transfer of data to Google LLC. with seat in the US as well as to the service providers embedded by Google LLC. is based on the so-called EU standard contractual clauses. We have set the term for saving the corresponding data with Google to 14 months both on a user and event level (shortest possible option).
IP anonymisation
For this website, we have activated the IP anonymization function. The purpose of this function is that Google shortens your IP address within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area prior to transferring it to the United States and is thus anonymized. Only on an exceptional basis, the full IP address will be transferred to a Google server located in the United States and is then shortened there.
Objection to data collection
We use Google Analytics with your consent. You may withdraw your consent granted, by
- Using the button shown in the bottom left corner (fingerprint) at the end of this website for your cookie settings,
- Preventing the saving of cookies via corresponding settings in your browser software; we do, however, point out that possibly not all functions of our website may be fully available to you,
- Downloading and installing the browser plugin available under this link: http://tools.google.com/dlpage/gaoptout?hl=de or to click on this link, to prevent any future data collection via Google Analytics on our website. Doing so will result in an opt-out cookie being placed on your device. Please note that you need to activate this opt-out cookie in all the browsers you use on all of your devices and that you possibly need to reactivate it, should you decide to delete all cookies stored in your browser.
Additional information on the terms of use and on privacy protection for or by Google Analytics is available at http://www.google.com/analytics/terms/de.html, https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/privacy?hl=de.
Google Maps
Via an API, this site uses Google Maps. The corresponding provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To use the Google Maps functions, your IP address needs to be saved. Usually, this information is transferred to a Google server located in the United States and saved there. The operator of this website does not have any influence on this data transfer.
Google Maps is used to provide an attractive delivery of our online offer and to easily find the locations indicated on our website. This constitutes a legitimate interest within the meaning of art. 6 (1) f GDPR.
Additional information on the treatment of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
Digital Data Solution
Our website uses the application “Cookie First” by Digital Data Solutions (Digital Data Solutions B.V., Plantage Middenlaan 42a, Amsterdam 1018DH (NL). This application is a plugin to obtain your consent for the placing of cookies and/or using tracking technologies. “Cookie First” itself does not collect any personal data. Details on this tool are available at https://cookiefirst.com/de/.
General
Should you want to make use of any (personalized or paid) offers or services available on the website, we possibly need additional information from you to provide these services, and also for billing purposes.
These especially include your name, your (valid) e-mail address as well as additional information (address, telephone number etc.), e.g. allowing us to verify you as the owner of the stated e-mail address or that the corresponding owner agrees to receive the corresponding services, so that the subscribed services can be provided correspondingly and lastly also be billed regularly. Entering a valid e-mail address is necessary in order for us to prevent any abusive registrations – e.g. for newsletters.
When your consent is available, the legal basis for data processing is art. 6 (1) a GDPR. Where registration is needed to perform a contract or to complete pre-contract steps, the legal basis for such data processing is art. 6 (1) lit. b GDPR.
Furthermore, data processing is based on our legitimate business interest according to art. 6 (1) f GDPR in order to ensure a smooth and simple processing of your order, an efficient processing of possible follow-up questions, a needs-based design of our offers, for product information in connection with advertisement and customer care.
The data will be deleted as soon as it is no longer needed to achieve the purpose of their processing. There may be a contractual or legal requirement to save the contract partner’s personal data also after the contract being terminated. In such a case, there is no right to erasure, but possibly a right to limit data processing.
Newsletter
Via our website, you have the option to register for our newsletter. In connection with this newsletter, we use the contact data provided as well as data on the topics selected, for which you want to receive the news.
The indicated data processing is based on your consent according to art. 6 (1) a DSGVO (legal basis). You may withdraw your consent at any time, e.g. by cancelling the newsletter via the link provided at the bottom of every newsletter. Such a withdrawal does not affect the legality of any prior data processing.
Webinars
Our website also lets you register for webinars. If you register for a webinar, we collect certain data to enable your participation in the webinar.
Making webinars available comes with a high expenditure. Consequently, you may only participate in a webinar for consideration by providing certain personal data, possibly in connection with your consent to receiving advertisement. Please see the registration form for the respective types of data to be provided as well as for the scope of the declared consent that you give in connection with your registration for the corresponding webinar.
In connection with these webinars, we also process your data for advertising purposes. When your consent is available, the legal basis for data processing is art. 6 (1) a GDPR. Such a provision of data is neither required by law nor by contract. Should you not provide the data required, this results in you not being able to participate in the webinar.
We save the personal data collected in connection with your registration to process your registration and to hold the webinar. After having concluded the webinar completely, this data will be deleted again. Where you have provided your consent for advertising, your data will be deleted as soon as it is no longer necessary to achieve the purpose of its processing, at the latest, however, after you have withdrawn your consent, unless there is a legitimate interest in further keeping them on file.
Services used and service providers contracted:
Webinar partner: Paule Porter Cinematography, Friedrich-Puchta-Straße 19, 95444 Bayreuth, Germany. Their task is to technically deliver the webinar. Website: www.pauleporter.de; privacy policy: www.pauleporter.de/datenschutz.
The service provider is YouTube, see IV. paragraph 6.
Events registration
You can use our website to register for our events. For this purpose, we use either a printed registration form or our RAPS participant management tool. In connection with the registration process, we process your data for the performance of the contract, for billing purposes, and for the delivery of customer services.
Participant management tool
The registration for some of our events is done via the proprietary RAPS participant management tool, which is a service offered by Digital Born, Bayreuther Str. 9, 95482 Gefrees.
When doing so, the data will be saved on German territory and in line with the GDPR provisions.
Our own printed registration form
For some of our events, you also have the option to register as a guest via our own registration form.
When ordering as a guest, you need to completely reenter your data with every new order. When registering for our events via the guest access, we will definitely collect your first and last name, your company affiliation as well as a valid e-mail address, telephone number and address.
Purpose of processing, duration of data storage
The processing of this data is done so that we can verify you as our contract partner and can process your order. Data processing is done after you have placed your order and thus is necessary according to art. 6 (1) b GDPR for the stated purposes of delivering your order and completing any pre-contract steps.
The personal data collected for the order will be saved until the legal warranty obligations have elapsed and will be deleted afterwards, unless we need to save this data for a longer period of time according to art. 6 (1) 1c GDPR to comply with retention and documentation obligations for tax and trade law purposes or in case you have consented to your data being saved beyond this term according to art. 6 (1) 1a GDPR.
Complying with legal provisions: We also process your personal data to comply with other legal obligations that possibly apply to us in connection with our business activity. This especially includes retentions periods according to trade, commercial and tax law. In this regard, we process your personal data according to art. 6 (1) c GDPR (legal basis) to comply with a legal obligation to which we are subject.
Enforcement of rights: We also process your personal data to assert our rights and to enforce our legal claims. Additionally, we process your personal data for our defense against legal claims. Lastly, we process your personal data, where this is necessary for the defense against or the prosecution of crimes. In this regard, we process your personal data to protect our legitimate interest according to art. 6 (1) f GDPR (legal basis), in so far as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate crimes (legitimate interest).
Consent: Where you have given consent to the processing of your personal data for specific purposes (e.g. sending you information material and offers), such consent serves as the legal basis for this type of processing. Any consent granted may be withdrawn at all times.
Please note that any withdrawal only applies to the future and does not affect any processing that has occurred prior to you withdrawing your consent.
This privacy policy applies to the following social media channels:
https://www.facebook.com/rapsgewuerze
https://www.facebook.com/rapsodyofspices
https://www.instagram.com/raps_career
https://www.instagram.com/rapsodyofspices
https://www.xing.com/pages/rapsgmbh-co-kg
https://www.linkedin.com/company/raps-gmbh-co-kg
https://www.youtube.com/@raps-gewuerze
https://www.youtube.com/@raps-spices-international
Data processing on social networks
We operate publicly accessible profiles on social networks. To get a detailed overview of the social networks we use, please see below.
Social networks like Facebook, LinkedIn etc. are usually capable of analyzing your user behavior in a very encompassing way when you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). Visiting our social media channels results in a vast number of processing activities with relevance from a privacy perspective.
When you are signed in to your social media account and visit our social media channel, the social media operator can assign this visit to your user account. Your personal data may, however, also be collected, in case you are not signed in or do not have an account with the respective social media platform. In this case, such data collection is e.g. done via cookies that are being saved on your device or by recording your IP address.
Operators of social media platforms use the correspondingly collected data to create user profiles that contain your preferences and fields of interest. This enables them to show advertisement based on your personal interest, both inside and outside of the respective social media environment. Where you have an account with the respective social network, such interest-based advertisement may appear across all your devices, on which you are currently or have been signed in.
Please also note that we cannot trace all processing activities on social media platforms. Depending on the individual provider it is possible that the operators of these social media platforms conduct additional processing activities. The corresponding details can be found in the terms of use and the privacy policy of the respective social media platform.
Legal basis
Our social media channels are intended to provide a relatively comprehensive online representation. This constitutes a legitimate interest within the meaning of art. 6 (1) f GDPR. The analysis procedures initiated by the social networks may be based on divergent legal bases as these are stated by the social network operators.
Responsibility and the asserting of rights
When you visit one of your social media channels (e.g. on Facebook), we and the operator of the social media platform are jointly responsible for the data processing activities triggered by your visit. You are generally entitled to assert your rights (to information, rectification, erasure, limitation of processing, data portability and complaint) both towards us as well as towards the operator of the respective social media platform (e.g. towards Facebook).
Please note that despite our shared responsibility with the operator of the social media platform, we cannot fully influence the data processing activities of the social media platforms. Our options mainly follow the company policies of the respective provider.
Duration of data storage
Data directly collected via our social media channels will be deleted from our systems as soon as you request such an erasure, withdraw your consent to save your data or the purpose for data storage no longer applies. Cookies saved remain on your device, until you actively delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We cannot influence the duration of your data being saved that the operators of social networks collect for their own purposes. Further details are available by directly contacting the social network operators (e.g. via their privacy policy, see below).
Your rights
At all times, you have the right to obtain information free of charge on the origin, the recipients and the purpose of your saved personal data. You also have a right to object, a right to data portability and a right to file a complaint with the competent supervisory authority. Additionally, you may request the rectification, barring, erasure and in certain cases a limitation of processing of your personal data.
The various social networks we use
We have a Facebook fan page. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (hereinafter Meta). According to Meta’s statement, the collected date is also transferred to the United States and other third countries.
Together with Meta we have entered into a Controller Addendum for the joint processing of data. This agreement stipulates, which data processing activities are our or Meta’s responsibility, when you access our Facebook page. You can access the agreement via the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You may individually change your advertising settings via your user account. Please click the following link and then sign in: www.facebook.com/settings .
Data transfers to the United States are based on the standard contractual clauses of the European Commission. For details, please see here: www.facebook.com/legal/EU_data_transfer_addendum
and de-de.facebook.com/help/566994660333381 .
We have our own profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland.
Data transfers to the United States are based on the standard contractual clauses of the European Commission. For details, please see here: www.facebook.com/legal/EU_data_transfer_addendum, help.instagram.com/519522125107875 and de.facebook.com/help/566994660333381.
Details on how they deal with personal data can be found in Instagram’s privacy policy at: help.instagram.com/519522125107875.
We have our own XING profile. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they deal with personal data can be found in Xing’s privacy policy at: privacy.xing.com/de/datenschutzerklaerung
We have our own LinkedIn profile. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland. LinkedIn uses advertising cookies. Should you wish to deactivate the LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Details on how they deal with personal data can be found in LinkedIn’s privacy policy at: www.de.linkedin.com/legal/privacy-policy .
YouTube
Our website uses plugins offered by the video platform YouTube to embed videos and to play them directly on our website. The provider of this video platform is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland (“YouTube”). YouTube is an affiliate company of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The embedding of YouTube videos is done via the so-called “privacy enhanced mode”, which according to the operator’s statement only triggers the storage of user information once the video is played. The privacy enhanced mode does, however, not necessarily exclude the sharing of data with YouTube partners. Correspondingly and independently of you actually watching a video, YouTube establishes a connection to the Google DoubleClick network.
When you activate any of the videos embedded on our website, this results in establishing a connection to the YouTube servers in order to start a data transfer. We cannot influence the scope, or the content of data being transferred to YouTube or additional YouTube partners, as the case may be, when the plugin is activated. The YouTube server i. a. receives information on the pages you have accessed. According to a YouTube statement, this information is used to compile video statistics, to improve user friendliness and to prevent abusive action. YouTube uses cookies to collect information on the user behavior, provided you have consented to the placing of cookies. These cookies remain on your device, until you actively delete them. Via the corresponding browser settings, you can prevent YouTube from saving cookies on your device (cf. above).
When you are signed in to your YouTube account, you enable YouTube to directly link your surfing behavior with your personal profile. You may prevent such a link by signing out of your YouTube account prior to activating the play button.
The legal basis for an initial read-out and/or storage of data is art. 25 (2) no. 2 TTDSG [DE-Telecommunications Telemedia Data Protection Act], as such data processing is absolutely mandatory for us to provide you with the explicitly desired usage of our website (i.e. for example with embedded YouTube videos). The legal basis for the initial read-out and/or storage of other, technically not necessary data is the user’s consent according to art. 25 (1) TTDSG. For the embedding of YouTube, additional data processing is necessary to ensure a needs-based delivery of our website. This also constitutes our legitimate interest in data processing according to art. 6 (1) f GDPR.
Additional information on how they deal with personal data can be found in YouTube’s privacy policy at: policies.google.com/technologies/product-privacy
Your data will be accessible to those positions within RAPS that have a need to access them for the performance of our contractual and legal obligations. Data may also be shared with our service providers and vicarious agents (e.g. technical service providers, shipping companies, waste management companies) for these purposes. According to the provisions of privacy legislation, we limit the sharing of your personal data to purely necessary. Partially, the recipients receive your personal data as contracted processors, and they are then closely bound to our instructions on how to deal with your personal data. Partially, the recipients act in their own privacy responsibilities, and they are then also obliged to comply with the GDPR and other provisions of privacy legislation.
Lastly and on an individual basis we share personal data with our consultants for legal or tax affairs, with these recipients having a special obligation to maintain information confidential and secret due to their professional standing.
In connection with the application of the above-mentioned tools we may transfer your IP address to third countries. Such data transfer is based on the so-called “EU standard contractual clauses” for transferring personal data to contracted processors in third countries or based on the EU US Privacy Shield. Furthermore, we do not transfer your personal data to countries outside of the EU or the EEA or to international organizations, insofar as this privacy policy does not explicitly state anything else.
We initially process and save your personal data for such a period, in which the respective usage purpose requires a corresponding storage (cf. above for the individual processing purposes). This may possibly also include periods for the preparation of a contract (pre-contractual legal relationship) and the performance of a contract. In connection with us complying with contractual and/or legal obligations, personal data is regularly deleted, unless there is a need for temporary further processing due to the following purposes:
- To comply with legal retention obligations, e.g. resulting from the Handelsgesetzbuch [DE-Code of Commerce] (art. 238, 257 (4) HGB) and the Abgabenordnung [DE-General Tax Code] (art 147 (3), 4 AO). The corresponding retention or documentation periods stated there may be for a term of up to ten years.
- To keep elements of evidence in connection with provisions on the statute of limitations. According to art. 194 ff. of the Bürgerliche Gesetzbuch (BGB, DE-Civil Code) these statutes of limitations may be up to 30 years, with the regular term for the statute of limitations being three years
We also protect personal data with technical and organizational measures to ensure an appropriate level of protection and to maintain the personality rights of the data subjects. The implemented measures i. a. prevent unauthorized access to the technical measures we use, and they protect the personal data from unauthorized access by third parties. For safety reasons and to protect the transfer of confidential content, e.g. contact requests you file with us as the website operator, this website uses SSL and/or TLS encryption. You can recognize an encrypted connection by looking for a chance in your browser’s address bar from “http://” to “https://” and via the padlock symbol shown in your browser bar. When SSL and/or TLS encryption is activated, third parties cannot access any data that you share with us. We do, however, point out that online data transfer (e.g. when communicating via e-mail) can be subject to security gaps. In so far, it is impossible to provide a comprehensive protection of data from being accessed by third parties.
According to the legal requirements, you as a data subject have the following rights:
Right to information: According to art. 15 GDPR, you have the right to request a confirmation, if we process your personal data; where this is the case, art. 15 GDPR also entitles you to request information on these personal data as well as certain other pieces of information (e.g. processing purposes, categories of personal data, categories of recipients, intended duration of storage, origin of data, application of automated decision-making and in case of data being transferred to third countries the appropriate guarantees) and to obtain a copy of your data. The limitation of art. 34 BDSG do apply.
Right to rectification: According to art. 16 GDPR, you have the right to request a rectification of your personal data saved with us, provided it is improper or faulty.
Right to erasure: According to art. 17 GDPR, you have the right to request the immediate erasure of your personal data. This right to erasure does i. a. not apply where the processing of personal data is necessary, e.g. to comply with a legal obligation (e.g. legal retention obligations) or to assert, exercise or defend legal claims. In addition, the limitations of art. 35 BDSG do apply.
Right to limit the processing: According to art. 18 GDPR, you have the right to request that we limit the processing of your personal data.
Right to data portability: According to art. 20 GDPR, you have the right to request that we provide you with the personal data that we have collected from you in a structured, common and machine-readable format.
Right to withdraw: You may withdraw your consent given for the processing of personal data at any time. This also applies to the withdrawal of declarations of consent given prior to the GDPR being applicable, i.e. prior to 25 May 2018. Please note that such a withdrawal only affects the future. Any processing done prior to your withdrawal remains unaffected. To declare your withdrawal of consent, a simple declaration, e.g. an e-mail, will suffice.
Right to object: According to art. 21 GDPR you have the right to object to the processing of your personal data, meaning that we will have to terminate the processing of your personal data. The right to object only applies within the limitations stated in art. 21 GDPR. It is also possible that our own interest opposes the termination of processing, which means that we may keep processing your personal data, despite your objection. We will consider any objection filed against possible measures of direct marketing without delay and without an additional weighing of existing interests.
Right to file a complaint with a supervisory authority: At any time, you have the right to file an objection to the processing of your data based on art. 6 (1) f GDPR (data processing based on a weighing of interests), where there is cause to do so resulting from your special situation. You may especially file a complaint with our competent supervisory authority, the Bavarian State Agent for Privacy, Wagmüllerstr. 18, 80538 München or any other competent supervisory authority. A list of supervisory authorities for privacy including their contact data is available at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Other affairs: Our data protection officer remains at your disposal for any additional privacy requests or affairs. Corresponding enquiries as well as any exercising of your rights mentioned above should be done in writing to our address as stated above or via e-mail sent to datenschutz@raps.com.
In general, you have no obligation to provide us with any of your personal data. Where you do not do so, however, we will not be able to deliver our full website to you without limitations or we may not be able to answer your enquiries. Personal data that we do not necessarily need for the processing purposes mentioned above have been marked as a voluntary indication.