Data Protection Policy

Data Protection Policy

1. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:

Rhenus SE & Co. KG
Rhenus Platz 1
59439 Holzwickede
Germany
Phone: +49 (0)2301 29-0
Email: info@de.rhenus.com
Website: www.rhenus.com

 

VIII. Contact form and email contact

 

1. Description and scope of managing the data

There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:

• Subject
• Your name
• Your e-mail address
• Your message

Your consent to process the data is obtained as part of the sending procedure and reference is made to this data protection declaration.

Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.

No data is forwarded to third parties in conjunction with this. The data is exclusively used to process the conversation.

 

2. The legal basis for processing the data

Article 6 Para. 1 a) of the GDPR forms the legal basis for processing the data, provided that the user has given consent for this.

Article 6 Para. 1 f) of the GDPR forms the legal basis for processing the data that is transmitted when an email is sent. If the email contact is aimed at signing an agreement, Article 6 Para. 1 b) of the GDPR forms an additional legal basis for processing the data.

 

3. The purpose of processing the data

Any processing of the personal data from the input form is solely for the purpose of processing the first contact. If contact is made in the form of an email, there is also a legitimate and necessary interest in processing the data.

The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems.

 

4. The length of time that data is stored

The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.

The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.

 

5. Opportunity to object and to have the data removed

Users have the opportunity of cancelling their consent for the personal data to be processed at any time. If users make contact with us by email, they can object to any storage of their personal data at any time. If this is the case, the conversation cannot be continued.

All the personal data, which is stored as part of the contact making procedure, is then deleted in this case.

 

USING COOKIES

1. Description and scope of the data processing

We use cookies to improve the quality of the structure and content of our website, and to enable user-oriented navigation that is as smooth as possible. Limited to the period of your visit, we set so-called session cookies. They are used to keep track of what content has been viewed from your PC while you continue browsing and also help to increase your browsing security. If you leave our website or do not click on it for a while, these short-lived cookies will be deleted.

Cookies cannot cause any damage to your PC. They do not pose a security threat in the sense of viruses or spying on your PC. You regulate the handling of cookies yourself. For approval, rejection, inspection and deletion, please use the help function of your browser.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies.

• Language

We also use cookies that enable an analysis of the user’s surfing behavior. This is only done with the express consent of the users. In this way, the following data can be transmitted:

• Entered search terms

2. The purpose and legal basis of data processing

The purpose of using strictly necessary cookies (technically necessary cookies) is to enable the use of websites for users. The legal basis for the processing of personal data using absolutely necessary cookies is Article 6 (1) (f) GDPR (balancing of interests).

Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We need cookies for the following applications:

• Adoption of language settings

The user data collected by technically necessary cookies will not be used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. The following analysis cookies are used:

• Remembering search terms

The legal basis for the processing of personal data using cookies that are not technically necessary (performance cookies) is Article 6 (1) (a) GDPR (consent).

3. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser or by using the cookie banner, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

 

NEWSLETTER

1. Description and scope of the data processing

Newsletters are sent on the basis of the user’s registration on the website:

On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. The following data is processed:

• your first name and surname
• your email address
• your company (optional)
• your phone number (optional)

In addition, the following data is collected during registration:

• the IP address of the computer making the request
• the date and time of registration

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

The newsletter is sent on the basis of the sale of goods or services:

If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.

There is no disclosure of data to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

The job newsletter is sent out on the basis of the offer of vacant vacancies for the Rhenus Group. With your selection of specific job criteria (career level, field of activity, society, country), we inform you weekly about new job offers in the form of a job newsletter.

2. The purpose and legal basis data processing

Newsletters are sent on the basis of the user’s registration on the website. The collection of the user’s e-mail address serves to deliver the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

The newsletter is sent on the basis of the sale of goods or services: The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG or Art. 6 para. 1 lit. f DSGVO.

3. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

The personal data collected as part of the registration process is usually deleted after a period of seven days.

4. Objection and removal options

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in each newsletter. This also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.

REGISTRATION

On our website, you have several options for jumping to various tools from the Rhenus Group. Some of these require logins/registrations. The respective data protection regulations can be found on the start pages of the tools.

CONTACT FORM AND EMAIL CONTACT

1. Description and scope of managing the data

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

• topic
• first name
• name
• e-mail address
• company name
• address of the company
• country/Region
• telephone number
• details about your delivery
• free text
• time of the request
• IP address

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

2. Purpose and legal basis for data processing

When you contact us, we process your personal data on the basis of the following legal bases for the following purposes:

The processing of personal data from the contact form or your e-mail serves us solely to process the contact and in the event of follow-up questions. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR, provided that your request is aimed at concluding a contract.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The legal basis for the processing of personal data is Article 6 (1) (f) GDPR.

3. Duration of storage and possibility of objection

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no legal obligations to retain them. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

4. Recipients of the data

In our contact form you can select on which topic you would like to make an enquiry. Inquiries on the subject of „General“ are handled by the central department. If necessary, we will forward your enquiry to the responsible Rhenus company for internal processing. This processes the data you provide in order to contact you for an enquiry.

Enquiries on all other topics are automatically forwarded to the stored contact e-mail of the relevant Rhenus company for internal processing and processed there. This processes the data you provide in order to contact you for an enquiry.

5. Possibility of objection and removal

In the case of Art. 6 para. 1 lit. f DSGVO, you can object to the processing of your personal data at any time. We would like to point out that in this case your request cannot be processed further. You can declare your objection by sending an e-mail to our e-mail address given above.

 

 

DATA TRANSFER TO THIRD PARTIES

Our website also contains third-party services (for example: Google Analytics, Google reCAPTCHA, Google Maps API). If you give your consent as part of our cookie banner, we will transfer data to the respective provider (e.g. your IP address) to the extent necessary.

If you consent to the activation of these services by as part of our cookie banner, it cannot be ruled out that personal data may be transferred to providers in countries outside the European Economic Area (EEA) which, from the point of view of the European Union („EU“), do not guarantee an „adequate level of protection“ for the processing of personal data in accordance with EU standards. Possible risks that cannot currently be ruled out are in particular:

– Your personal data could possibly be disclosed by the third-party service providers to other third parties beyond the actual purpose, e.g. Use your data for advertising purposes.

– You may not be able to assert or enforce your rights to information against the third-party providers in the long term.

– There may be a higher probability that incorrect data processing may occur because the technical and organizational measures taken by third-party providers to protect personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.

– The risk of data transfer to the USA lies in the relatively easy access to data by US authorities, as well as in the fact that EU citizens would not have effective legal remedies against the far-reaching access powers of US authorities to personal data.

Please take this fact into account before giving your consent and thus enabling the transmission of your data.

For more information, please refer to our cookie banner.

The same applies to the social media profiles operated by us when you visit our pages with the respective social media provider (Facebook, Instagram, LinkedIn).

GOOGLE ANALYTICS 4

This website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).

Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

The following visitor data, which is not assigned to a person, can be collected:

• Acquisition (= source of visitors, e.g. Google search, direct entry);
• User behaviour (pages visited, bounce rate, links clicked);
• Geographical data (country, region, city, language);
• Technology (browser, device category mobile / desktop, screen resolution, device model, operating system).

We use Google Analytics 4 for the following purposes: tracking user behaviour in order to derive optimisation potential (ROI maximisation), reporting website performance, monitoring the success of campaigns. The legal basis is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

In addition, Google Analytics 4 is integrated via server-side tag management, i.e. the visitor data is not transferred directly to Google Analytics 4. The data is first transmitted to a so-called tagging server (via Google Cloud) in Germany and from there transferred to Google Analytics 4 in a controlled manner (i.e. no personal/demographic data).

Recipients of the data may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR).;
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA;
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA:

For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

The data sent by us and linked to cookies are automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by not giving your consent to the setting of the cookie or downloading and installing the browser add-on to deactivate Google Analytics HERE.

For more information on Google Analytics‘ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

 

LINKEDIN

Our website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company (hereinafter referred to as „LinkedIn“), Wilton Plaza, Wilton Place, Dublin 2, Ireland. We are jointly responsible for the processing of the data with LinkedIn. The agreement pursuant to Art. 26 GDPR can be found here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn’s data protection officer can be contacted via the following link: https://www.linkedin.com/help/linkedin/ask/ppq. The contact details of our data protection officer can be found in Section II of this Privacy Policy.

Personal data is processed and stored on the LinkedIn platform if you do not have a LinkedIn account yourself. Even in the case of a temporary visitor, personal data such as the IP address, the browser type, the operating system, information on previously accessed websites, the location, the mobile phone provider, the device used, the search terms used and cookie information are processed. In addition, LinkedIn transmits data to third countries, in particular the USA. This data transfer is secured by standard contractual clauses of the EU Commission.

1. Company profile on LinkedIn

We have a LinkedIn company profile. You can access our company profile regularly on the Internet at any time, regardless of whether you have created a user account on the corresponding platform yourself or not. If you are logged into your LinkedIn account, LinkedIn can assign this to your user account. In both cases, however, your data will be processed by LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. If you post or comment on your data publicly on our LinkedIn profile, it will be visible to other registered and unregistered visitors to our LinkedIn profile worldwide.

On our LinkedIn company profile, you also have the option of reacting to our posts, writing comments, creating a post on our site yourself or sending us private messages. All data provided by you in this context will be processed by us. We process your personal data on the basis of our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR, provided that your request is aimed at concluding a contract.

In general, we receive the following data from you:

• Information about the profile of the user;
• Information you provide in your message or comment to us;
• If you have responded to our post and type of response, or you have shared or commented on it;
• Mode of interaction.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no legal obligations to retain them. For the personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

2. LinkedIn Insight Tag

The LinkedIn Insight Tag is a small JavaScript code snippet that we use on our website. The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps and page views. LinkedIn does not share any personal data with us. We are only provided with summarized data as page insights, which makes it impossible for us to draw conclusions about individual persons or members. In doing so, we can obtain the following information such as industry, job title, company size, career level and location of website visitors.

The processing of the data via the Page Insights is carried out by LinkedIn and us as joint controllers within the meaning of the GDPR. The purpose of this data processing is exclusively the evaluation and analysis of the actions and activities on our LinkedIn company profile as well as the improvement based on this data. The legal basis for the processing of personal data is Article 6 (1) (a) GDPR.

This data is encrypted, anonymized within 7 days and the anonymized data is deleted within 90 days.

3. LinkedIn Ads

We have integrated LinkedIn Ads on our website. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and thus display targeted advertisements on LinkedIn. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to LinkedIn, possibly also to the USA. The use of LinkedIn Ads is based on your consent in accordance with Art. 6 (1) (a) GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no legal obligations to retain them. The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn.

4. Possibilities of objection and rights of data subjects

LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored on LinkedIn, you can log out of LinkedIn before visiting our website.

In addition, you can deactivate the cookies here, regardless of whether you are a LinkedIn member: Opt-Out.

As part of the joint responsibility with LinkedIn, you can assert your rights as a data subject in accordance with Art. 15, 16, 17, 18, 20, 21 GDPR both with LinkedIn and with us. LinkedIn assumes the fulfillment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of the rights of data subjects. If you wish to exercise your rights as a data subject, please contact LinkedIn directly.

For more information, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy

 

XING AND KUNUNU

1. a) Xing

Rhenus maintains a profile on the social network XING, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. We have no knowledge of the content of the transmitted data or its use by XING.

We may learn the following categories of information when you interact with our site:

• first and last name
• gender
• email addresses
• phone numbers
• job title and company
• place: City and country
• information that you send us in your message
• if you like our contributions or if you have commented or shared them.

To prevent XING from collecting the above-mentioned data, log out of XING. We process your personal data on the basis of our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR, provided that your request is aimed at concluding a contract.

For the purpose and scope of data collection and the further processing and use of data by XING, as well as your rights in this regard and setting options for protecting your privacy, please refer to the XING data protection information https://www.xing.com/privacy.

b) Kununu

We operate a profile at kununu. kununu is an application of the XING service. This page is the responsibility of Kununu (kununu GmbH represented by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany). The current data protection information for XING and its application kununu can be found at https://www.kununu.com/de/info/datenschutz.

 

GOOGLE MAPS (INCL. GOOGLE FONTS)

Our website uses Google Maps to visually display geographical information. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). By integrating Google Maps, a direct connection is established between Google’s servers and your browser. This enables Google Maps to be displayed. By integrating and using Google Maps, your IP address as well as information on the use of the maps is transmitted to Google. In addition, Google processes the search terms you enter on the Google Maps map as well as your current location, provided you have granted your express consent via the Google Maps application. Moreover, Google Maps embeds Google Fonts. These are fonts from Google. To display Google Fonts on the Google Maps map, a connection is also established from your browser to the Google server. Your IP address is transmitted to Google in this process.

The legal basis for processing of the personal data is your consent according to Article 6 para. 1 lit. a) GDPR. You can revoke your consent for the future at any time by deselecting the corresponding category in the cookie banner. You can find the “Cookie settings” at the bottom of the footer on this website.

For detailed information on data processing by Google refer to Google’s privacy policy: http://www.google.com/privacypolicy.html. The additional Terms of Use for Google Maps/Google Earth also apply.

 

GOOGLE ADSERVICES AND GOOGLE ADWORDS CONVERSION

This website uses functions of the service „Google Ads“ (formerly Google AdWords), a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as „Google“). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called „AdServers“. For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC.

These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies allow Google to recognize your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers‘ websites. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

In the context of processing by Google Ads, data may be transmitted to the USA. The following recipients may be, among others, Google LLC. and Alphabet Inc. The security of the transmission is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR.

For more information about data processing by Google, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en.

GOOGLE FONTS

We use the Google Fonts service on our website. The provider is Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. The service allows us to use external fonts.

When you visit our site, your browser loads the required fonts directly from a Google server into your browser cache in order to display texts and fonts correctly. This transmits to the server which of our Internet pages you have visited. Your IP address is also stored by Google.

The legal basis for the use of Google Fonts is consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox). If the browser does not support Google Fonts or prevents access, the text will be displayed in a standard font.

Information on the privacy policy of Google Fonts can be found at: https://developers.google.com/fonts/faq#Privacy

GOOGLE TAG MANAGER

This website uses functions of the „Google Tag Manager“ service of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally and via a user interface. We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and processes even personal data only for technically necessary purposes. The Google Tag Manager itself does not store any data. This ensures that other components are loaded, which in turn may collect data. The Google Tag Manager does not access this data. Please note that American authorities, such as intelligence agencies, may have access to personal data due to American laws. For more information about Google Tag Manager, please refer to Google’s privacy policy.

https://policies.google.com/privacy?hl=en&gl=de

ONETRUST CMP

On our website, we use the cookie management platform called OneTrust to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider is OneTrust Technology Limited (hereinafter „OneTrust“), 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK).

By incorporating a JavaScript code, a banner is displayed to users when the page is accessed, which gives the user the opportunity to give or reject his consent to the setting of cookies for individual purposes or individual functions of our website. In doing so, the tool blocks the setting of all cookies requiring consent until the respective user gives appropriate consent. This ensures that cookies requiring consent are only set on the user’s respective device if there is an existing legal basis.

In order for OneTrust to be able to individually record or log the consent settings made by the user, the following user information is collected by the tool when our website is accessed:

IP address (only temporarily to display the correct banner depending on the access location);

• The respective consent settings of the user, whereby we cannot trace which natural person is behind the user.
• OneTrust is used to obtain the legally required consent for the use of cookies. The legal basis is Article 6 (1) (c) GDPR.

We have concluded a contract for order processing with OneTrust. This is a contract required by data protection law, which ensures that One Trust processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. We would like to point out that your data may be transferred to the USA.

The collected data will be stored until you request us to delete it or delete the OneTrust cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of OneTrust cookies can be found in the OneTrust privacy policy at

https://www.onetrust.com/privacy/.

 

THE RIGHTS OF DATA SUBJECT

1. Right of access

You may request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you can request the following information from us:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data, if the personal data are not collected from the data subject;

You can get a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the further copies.

2. Right to rectification

You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

4. Right to erasure

You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:

(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;

(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;

(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;

(4) the personal data related to you has been processed illegally;

(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;

(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.

1. a) Exceptions

The right to deletion does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, or

(5) to establish, exercise or defend legal claims.

5. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. The right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for the processing which outweigh your interests or if we need your data to assert, exercise or defend legal claims

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

7. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. The right to lodge a complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.