Further Information

Important information on the processing of personal data at RAPS GmbH & Co. KG

We attach great importance to the protection and security of personal data. We process your personal data in connection with our contractual customer and/or supplier relationship, or a potential customer or supplier relationship, in compliance with the relevant data protection regulations. In particular, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) insofar as we process personal data.

For further information on the specific handling of personal data, please refer to the attached privacy policy. There you will also find details of who data subjects can contact if they have any questions or require assistance.

Privacy Notice in accordance with the EU General Data Protection Regulation

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation is:
RAPS GmbH & Co. KG
Adalbert-Raps-Str. 1
95326 Kulmbach
Germany
Phone: +49 9221 807-0
Fax: +49 9221 807-100
Email: info@raps.com 

The data protection officer of the controller is:
RAPS GmbH & Co. KG
Datenschutzbeauftragter
Adalbert-Raps-Str. 1
95326 Kulmbach
Germany
Phone: +49 9221 807-106
Fax: +49 9221 807-66314
Email: datenschutz@raps.com 

II. Source and types of data processed

We process personal data that we receive from you in your capacity as a representative or authorised agent of a legal entity (prospective customer, customer and/or supplier).
Relevant personal data relating to the authorised representative or agent may include or consists of:
Surname, first name and contact details (telephone number and email address).
Upon conclusion of a contract and use of services, further personal data may be collected, processed and stored in addition to the aforementioned data. This essentially comprises:
Details and records of customer requirements, contractual agreements and, where applicable, declarations of consent for marketing activities.

III. Use of modern documentation technologies for data processing

To continuously improve the quality of our customer service and ensure comprehensive documentation of our joint projects, we use the AI-powered Sales Assistant.
Following a client meeting, our consultants often document the outcomes of discussions and agreed actions via voice input using the AI-powered Sales Assistant. Voice inputs are converted into text via an interface and subsequently transferred to our CRM system. 
We guarantee that your data is processed exclusively on EU servers. Your data is not passed on to third parties for AI training purposes. Voice recordings are deleted after transcription, so that only the factual report remains.

IV. Legal basis and purpose of processing

We process the personal data mentioned above in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
a. To fulfil contractual obligations (Article 6(1)(b) GDPR)
The processing of personal data is carried out for the provision of services within the framework of the performance of contractual obligations. Further details regarding the purpose of data processing can be found in the relevant contractual documents and terms and conditions.  
b. On the basis of legal requirements (Article 6(1)(c) GDPR)
RAPS is also subject to various legal obligations, i.e. statutory requirements (e.g. tax and commercial law, the German Fiscal Code). 
c. On the basis of a balancing of interests (Article 6(1)(f) GDPR)
Where necessary, we process your data beyond the actual performance of the contract to safeguard the legitimate interests of ourselves or third parties. Examples:
• Asserting legal claims and defending against legal disputes,
• Use of modern documentation technologies for professional business operations
• Ensuring the IT security and IT operations of the RAPS Group,
• Prevention of criminal offences,
• Video surveillance to enforce property rights,
• Measures for building and facility security (e.g. access controls)
d. On the basis of your consent (Section 25(1) TDDDG, Article 6(1)(a) GDPR)

Insofar as the processing of information on your device is strictly necessary to enable the use of our website that you have expressly requested, the storage of information on your device or access to information already stored on your device is carried out on the basis of Section 25(2)(2) of the Telecommunications and Digital Services Data Protection Act (TDDDG). Any further processing of information on your device takes place on the basis of your consent in accordance with Section 25(1) of the TDDDG.
Where you have given us your consent to process personal data for specific purposes (e.g. sending information materials), the lawfulness of this processing is based on your consent. The legal basis in this case is Article 6(1)(a) of the GDPR. Consent given may be withdrawn at any time. Please note that the withdrawal only takes effect for the future and does not affect processing carried out up to that point.

V. Disclosure of data

Within RAPS, access to your data is granted only to those departments that require it to fulfil our contractual and legal obligations. Service providers engaged by us (e.g. freight forwarders) and vicarious agents (e.g. IT service providers acting as data processors, waste disposal companies) may also receive data for these purposes, provided they comply with and guarantee the data protection requirements arising from the General Data Protection Regulation and other data protection provisions.

VI. Data transfers to third countries or to an international organisation

Data will only be transferred to entities outside the EU or the EEA (so-called third countries) where this is necessary for the performance of the customer’s or supplier’s orders or where required by law (customs regulations). Where service providers in third countries are used for which no adequacy decision has been issued by the European Commission, they are additionally obliged to comply with European data protection standards through an agreement incorporating EU standard contractual clauses or on the basis of the EU-US Privacy Shield.

VII. Duration of data storage

We process and store your personal data for as long as you are authorised to represent the relevant legal entity in dealings with us. If the data is no longer required to fulfil contractual or legal obligations, it will be deleted on a regular basis, unless its temporary further processing is necessary for the following purposes:
• To fulfil commercial and tax law retention obligations arising from the German Commercial Code and the German Fiscal Code. The retention and documentation periods specified therein are up to ten years.
• Preservation of evidence within the framework of the statute of limitations.
Under Sections 194 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, although the standard limitation period is three years.

VIII. Rights vis-à-vis the controller

Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, and the right to object under Article 21 of the GDPR. Furthermore, there is a right to lodge a complaint with a data protection authority under Article 77 of the GDPR in conjunction with Section 19 of the BDSG.

IX. Obligations towards the controller

Within the framework of our business relationship with the legal entity you represent vis-à-vis us, you must provide us with the personal data necessary for the establishment and performance of a representation/power of attorney and the fulfilment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally have to refuse to accept you as an authorised representative or revoke an existing power of attorney.

Date: May 2026 ***