Privacy Policy

Thank you for visiting our websites www.rud.com and slingandlashing.rud.com. This Data Protection Policy provides users with information about the nature, scope and purposes of the processing of personal data on this website and the websites, mobile applications and external online presences, such as social media profiles, connected to it.

 

Website data protection policy and also information about the data subjects according to Articles 13 and 14 EU, Data Protection Directive (GDPR)

 

1 Controller

RUD Ketten Rieger & Dietz GmbH u. Co. KG

Friedensinsel

D-73432 Aalen

Tel.: +49 7361 504-0

E-mail: rudketten@rud.com

You can reach our data protection officer at .

 

2 Processing of personal data

2.1 What are personal data?

Personal data comprise any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, Article 4(1), GDPR.
 

2.2 Legal bases

Personal data on this website are processed in compliance with the relevant data protection regulations (in particular GDPR and BDSG (German Data Protection Act)) and on the basis of legal permission.

Personal data shall only be processed:

• With the consent of the user in accordance with Article 6(1), Sentence 1, point (a), GDPR,
• To honour a contract or implement pre-contractual measures in accordance with Article 6(1), Sentence 1, point (b), GDPR,
• To honour legal obligations in accordance with Article. 6(1), Sentence 1, point (c), GDPR, or
• To safeguard justified interests of the Controller in accordance with Article 6(1), Sentence 1, point (f), GDPR.

2.3 Forwarding data

If personal data are forwarded to other persons or companies in the course of processing, this is done in compliance with the legal requirements and after entering into corresponding contracts or agreements.
 

2.4 Data processing in third countries

In the event that the forwarding of personal data to a so-called “third country” (i.e. to a state outside the European Union or the European Economic Area) is absolutely necessary, this will only take place if there is a recognised level of data protection or on the basis of special guarantees, certifications or binding internal data protection requirements within the meaning of Articles 44 – 49, GDPR.
 

2.5 Storage period

Unless otherwise stated in this Data Protection Policy, personal data shall be erased as soon as the purpose of the processing no longer applies or the consent on which the processing is based has been withdrawn. If legal storage obligations or limitation periods prevent erasure, the personal data concerned may only be processed for commercial or tax law purposes or for the purpose of asserting, exercising or defending legal claims.
 

2.6 Data subject rights

The user has the right to:

• Confirmation as to whether their own personal data are being processed and receive information about such data and receive further information and a copy of such data, Article 15, GDPR
• Completion of own personal data or correction of incorrect own personal data, Article 16, GDPR
• Erasure of own personal data if there is a reason for erasure mentioned therein, Article 17, GDPR
• Restriction of the processing of own personal data, if there is a reason mentioned therein, Article 18, GDPR
• Transfer of own personal data to another controller, Article 20, GDPR
• Complain to a supervisory authority if he or she believes that the processing of personal data concerning him or her violates applicable laws, Article 77, GDPR

Responsible supervisory authority:

The State Commissioner for Data Protection of the German federal state of Baden-Wuerttemberg

PO Box 10 29 32

D-70025 Stuttgart

Telefon: +49 711/61 55 41–0

Telefax: +49 711/61 55 41–15

 

https://www.baden-wuerttemberg.datenschutz.de

 

The user has the right to withdraw given consent at any time with effect for the future, Article 7(3), GDPR.

The user has the right to object at any time to the future processing of data relating to him/her in accordance with Article 21, GDPR. You may, in particular, object to processing for direct marketing purposes.

 

3 Processing personal data on this website

As a rule, users may use the website without providing any personal information. This does not apply to information that is automatically collected each time the website is accessed (so-called server log files). These include:

• File name of the requested file
• End device used (mobile device or PC/laptop)
• Browser type/version
• JavaScript activation
• Cookie activation
• Referring URL
• IP address
• Duration of access
• Number of pages accessed
• Click path

The legal basis for the processing of personal data in this context is Article 6 (1), Sentence 1, point (f), GDPR, as the possibility of technical administration and ensuring the security of the website is in the controller’s legitimate interest. The purposes of the processing are to facilitate use of the website (connection establishment), system security, technical administration of the network infrastructure and website optimisation. The stored data shall be erased after seven days unless there is a justified suspicion of unlawful use based on specific indications that render further examination necessary. The controller is not able to identify users as data subjects based on the stored information.

In exceptional cases it may be necessary to provide personal information for individual website functionalities. Further information about this can be found under the point Individual Functionalities.

 

4 Cookies

The website uses Cookies. Cookies are small files that are stored on the user’s terminal (PC, smartphone or the like). 

Session Cookies are deleted when the browser session is closed. Other Cookies (Persistent Cookies) are automatically deleted after a set period of time, which may vary depending on the Cookie.

Users can influence the use of Cookies. Most browsers have an option that restricts or completely prevents the storage of Cookies. In addition, users can delete the Cookies in the security settings of their browser at any time. Further information about this can be found at the German Federal Office for Information Security.

 

Necessary Cookies

These Cookies are absolutely necessary for websites and their functions to work properly. Without these Cookies, certain functionalities cannot be provided.

The data processed via Necessary Cookies are required for the stated purposes to safeguard the controller’s justified interests in accordance with Article 6 (1), Sentence 1, point (f), GDPR.

 

Non-essential Cookies

These Cookies facilitate,

• The improvement of comfort and performance of websites, for example, to save language settings,
• The collection of information about how users use websites, for example, to identify particularly popular areas of the website,
• The tracking of users’ visits and activities on websites, for example, to provide targeted advertising and promotions.

The processing of personal data by way of non-essential Cookies for the aforementioned purposes may only occur with the consent of the users in accordance with Article 6(1), Sentence 1, point (a), GDPR.

The controller currently uses the following Cookies for the following purposes:

 

 

5 Individual functionalities

The functionalities used on the website are operated on the basis of the user’s consent in accordance with Article 6(1), Sentence 1, point (a), GDPR, or based on the controller’s legitimate interest in accordance with Article 6(1), Sentence 1, point (f), GDPR. The controller’s legitimate interest lies in ensuring the purposeful design and continuous optimisation of the website. The purpose of data processing and categories of personal data are described in the context of the respective functionality.
 

5.1 Google Analytics

The website uses Google Analytics, a reach analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Analytics uses Cookies that enable the responsible party to analyse the users of the website. In this process, personal data (IP address), among other things, is forwarded to Google servers outside the EU and stored there. The website controller has activated the so-called “IP anonymisation” to ensure the protection of users’ personal data. This means that the IP addresses of users within the EU are only processed by Google in shortened form - i.e. anonymised. Only in exceptional cases will the entire IP address be sent to a Google server outside the EU and shortened there. The forwarded IP address will not be merged with other Google data.

Google will use the data collected on behalf of the controller for the purpose of evaluating the activities of website users, compiling reports on website activity and providing other services relating to website activity and internet usage to the controller.

The user can prevent the collection and use of their data by Google by downloading and installing the following browser plugin:  http://tools.google.com/dlpage/gaoptout?hl=de.

Google’s data protection policy is available at https://policies.google.com/privacy.
 

5.2 Matomo

This website uses the open source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about how our website is used by its visitors. This allows us to determine, among other things, when which page views were made and from which region they come. We also collect various log files (e.g., IP address, referrer, browsers used, and operating systems) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analytics tool is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offerings and its advertising. If consent has been sought, processing will be carried out exclusively on the basis of Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be withdrawn at any time.

<div id="matomo-opt-out"></div>
<script src="https://analytics.rud.com/index.php?module=CoreAdminHome&action=optOutJS&divId=matomo-opt-out&language=auto&showIntro=1"></script>
 

5.3 Google Tag Manager

The website uses the Google Tag Manager of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Website tags can be managed via an interface by way of the Google Tag Manager. The Google Tag Manager itself is a Cookie-less domain and does not collect any personal data. It triggers other tags, which in turn may collect personal data.

The Google Tag Manager itself does not access such data. If a deactivation is processed on either domain or Cookie level, then this remains valid for all tracking tags that have been implemented with Google Tag Manager.

Google’s data protection policy is available at https://policies.google.com/privacy.
 

5.4 Leadinfo

The website uses the lead generation service of Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands (hereinafter referred to as "Leadinfo").
The service recognises visits to the website based on IP addresses and, if the user is a company, displays publicly available information such as the company name, address data or data from the commercial register to the controller. In individual cases, the correlation also concerns personal data of natural persons. In addition, Leadinfo evaluates user behaviour on the website in order to correlate IP addresses with companies and improve the services offered.
Objections (so-called opt-outs) can be set at www.leadinfo.com/en/opt-out
Leadinfo's privacy policy is available at https://www.leadinfo.com/de/datenschutz
 

5.5 Google Ads

The website uses Google Ads of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Ads, which also integrates the DoubleClick advertising network, is a Google advertising network for targeted advertising campaigns on the internet. Individualised user profiles (e.g. according to characteristics, habits, interests, topics and keywords) are created for website visitors by way of Cookies. An identification number (ID) is assigned to each user to check the ads that were displayed and the ads that were called up. Very precise predictions can be made about the interests of the users based on the assignment of Cookies and identification number (ID). Therefore, advertisers have the option of placing interest-related advertisements in real time.

The information contained in the Cookies is forwarded to Google servers outside the EU, among others, and stored there.

The user can prevent the collection of the data generated by the Cookies and the forwarding of the data to Google, as well as the processing of this data by Google, by downloading and installing the DoubleClick deactivation extension: https://www.google.com/settings/ads/onweb.

Google’s data protection policy is available at ttps://policies.google.com/privacy.
 

5.6 Google Maps
The website uses the map service Google Maps of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). This allows interactive maps to be displayed directly on the website and enables the user to use the map function conveniently.

In this context, it is necessary to store the user’s IP address. The information obtained in this way is usually forwarded to a Google server outside the EU and stored there. This takes place regardless of whether the user is logged into his/her Google account or not. Google stores the user data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of the website.

If the user is logged into his/her Google account, the data shall be assigned to the account. An allocation can be prevented by the user logging out of his/her Google account beforehand.

Google’s data protection policy is available at https://policies.google.com/privacy.
 

5.7 Google Web Fonts (local hosting)

The website uses Google Web Fonts of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”) for the uniform display of fonts. Google Fonts Web are installed locally. In that respect, a connection to Google servers is not established.

Further information on Google Web Fonts is available at ttps://developers.google.com/fonts/faq and at https://policies.google.com/privacy?hl=de.[JTH1] 
 

5.8 Facebook Fanpage

The controller operates several Facebook fan pages of its own, which can be accessed at:

• https://www.facebook.com/rudketten,
• https://www.facebook.com/TyreProtectionChains,
• https://www.facebook.com/rudschneeketten und
• https://www.facebook.com/forstketten.

Facebook is a social media network of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Meta”).

The controller’s own processing of personal data on the Facebook fan page is based on Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to offer customers, interested parties and users up-to-date information and interaction options.

When calling up the Facebook fan page, the general terms and conditions as well as the data policy of Meta apply, over which the controller has no influence. Data may, in particular, also be processed by Meta outside the European Union. Meta’s data policy for Facebook products is available at ttps://de-de.facebook.com/policy.php.

When visiting the Facebook fan page, statistical information about the use of the Facebook fan page is created by way of Cookies. If the user is logged into his or her Facebook account when calling up the Facebook fan page, the statistics are collected across all devices. Further information is available at https://de-de.facebook.com/help/pages/insights. The controller has no influence on the generation and presentation of these so-called “page insights.” The data provided by Meta include: Total number of page views, “Like” votes, page activity, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, origin in terms of country and city, language, calls and clicks in the shop, clicks on route planners and clicks on telephone numbers. Further information is available at ttps://www.facebook.com/legal/terms/page_controller_addendum.

The controller is aware that the data are processed by Meta at least for the purposes of advertising, the creation of user profiles and market research.

If users do not want to receive the data processing described, the connection between the user’s Facebook account and the Facebook fan page can be disconnected via the “I no longer like this page” or “Do not subscribe to this page” options.

Objections (so-called opt-outs) can be set at

https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3D.

Meta’s data protection officer responsible for Facebook products can be reached at ttps://www.facebook.com/help/contact/540977946302970.
 

5.9 Twitter

The controller operates its own channel on the short messaging service Twitter, which can be accessed at: https://twitter.com/rudketten. D

The site and its technical functionality is provided by Twitter, Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA (here in after referred to as “Twitter”).

The controller’s processing of personal data on Twitter is based on Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to offer customers, interested parties and users up-to-date information and interaction options.

When calling up Twitter, the general terms and conditions as well as the data protection guideline of Twitter apply, over which the controller has no influence. Twitter’s data protection guideline is available at https://twitter.com/de/privacy.

The controller points out to users that they use the short message service offered and its functions at their own responsibility. This applies, in particular, to use of the interactive functions (e.g. sharing, rating).

The data collected when using the service are processed by Twitter and may be forwarded to countries outside the European Union. This includes the IP address, the application used, details of the end device used (including device ID and application ID), information on websites called up, location and mobile phone provider. Such data are assigned to the data of the Twitter account or the user’s Twitter profile. The controller has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of such data to third parties. Information about what data are processed by Twitter and for what purposes can be found at ttps://help.twitter.com/de/managing-your-account/accessing-your-twitter-data.

The controller does not collect or process any data from the use of the short message service.

Users have options to restrict the processing of data in the general settings of their Twitter account and under the “Data protection and security” item. Furthermore, users of mobile devices (smartphones, tablet computers) can restrict Twitter’s access to contact and calendar data, photos and location data etc. in the settings options there. However, this depends on the operating system used. Further information about this can be found at: https://support.twitter.com/articles/105576.
 

5.10 LinkedIn

The controller operates its own page on LinkedIn, which can be accessed at: https://www.linkedin.com/company/rud-ketten-rieger-&-dietz-gmbh-u-co-kg. The page and its technical functionality is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

The personal data on the LinkedIn page are processed on the basis of the controller’s legitimate interests in accordance with Article 6(1), point (f), GDPR, to provide information about the services offered by the controller and contact customers, interested parties and users who are active there.

When calling up the LinkedIn page, the terms and conditions and data processing guidelines of LinkedIn apply, over which the controller has no influence. In that respect, data may also be processed outside the European Union. LinkedIn’s data protection policy is available at ttps://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

When visiting the LinkedIn site, LinkedIn collects personal data of the users (e.g. by way of the use of Cookies). This also applies if you do not have a LinkedIn account or are not logged in to LinkedIn. Information about data collection and further processing by LinkedIn is available at ttps://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

If the user is logged in to his/her LinkedIn account when calling up the LinkedIn page of the responsible party, LinkedIn is able to track whether and how users use this website. Based on this data, LinkedIn can assign the user’s behaviour to a specific LinkedIn account. Only the public profile of the user on LinkedIn is visible to the controller. The information that can be viewed depends on the selected profile settings.

If users do not wish to have the data processing described, they should log out of LinkedIn or deactivate the “stay logged in” function, delete the Cookies on their device and close and restart their browser.
 

5.11 XING

The controller operates its own page on Xing, which can be accessed at: https://www.xing.com/pages/rudkettenrieger-dietzgmbhu-co-kg.

The page and its technical functionality is provided by XING SE, Dammtorstraße 30, D-20354 Hamburg, Germany (hereinafter referred to as “Xing”).

Xing’s own processing of personal data on the Xing page is based on the legitimate interests of the controller in accordance with Article 6(1), point (f), GDPR, to provide information there about the offer and to contact the customers, interested parties and users active there.

When calling up the Xing page, the terms and conditions and data processing guidelines of Xing apply, over which the controller has no influence. In that respect, data may also be processed outside the European Union. Xing’s data protection policy can be found at https://privacy.xing.com/de/datenschutzerklaerung.

When visiting the Xing site of the controller, Xing collects personal data of the users (e.g. by way of use of Cookies). This also applies if the user does not have a Xing account or is not logged in to Xing. Information about data collection and further processing by Xing can be found at ttps://privacy.xing.com/de/datenschutzerklaerung.

If the user is logged into his or her Xing account when calling up the Xing page, Xing is able to track whether and how users use this website. Based on this data, Xing can assign the user’s behaviour to a specific Xing account. Only the public profile of the user on Xing is visible to the controller. The information that can be viewed depends on the selected profile settings.

If users do not wish to have the data processing described, you should log out of Xing or deactivate the “stay logged in” function, delete the Cookies on your device and close and restart their browser.
 

5.12 YouTube

The website uses YouTube, an internet video portal of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

The controller operates the following channels on YouTube:

• https://www.youtube.com/user/rudketten,
• https://www.youtube.com/user/RUDLiftingAndLashing,
• https://www.youtube.com/user/TyreProtectionChains,
• https://www.youtube.com/c/RUDSchneeketten1875 and
• https://www.youtube.com/user/RUDKetten1.

YouTube enables video publishers to post video clips for free and other users to view, rate and comment on those video clips for free. Further information about YouTube is available at www.youtube.com/yt/about/de. Each time a website is accessed on which a YouTube video has been integrated, the user’s browser is automatically prompted to download a representation of the corresponding YouTube video from YouTube. As part of this technical procedure, Google receives information about which specific website is visited by the user.

Insofar as the user is logged into YouTube at the same time, Google recognises which specific website the user is visiting when a website containing a YouTube video is called up. This occurs regardless of whether the user clicks on a YouTube video or not. This information is collected by Google and assigned to the user’s YouTube account. If the user does not want such information to be forwarded to Google, the forwarding can be prevented by logging out of YouTube before accessing the website.

Google’s data protection policy is available https://policies.google.com/privacy.
 

5.13 Telephone conferences, online meetings, video conferences and/or webinars

For conference calls, online meetings, video conferences and/or webinars, the controller uses “Microsoft Teams,” a service provided by Microsoft Ireland, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (hereinafter referred to as “Microsoft”).

Personal data are processed on the basis of the controller’s legitimate interest in accordance with Article 6(1), point (f), GDPR, in the effective conduct of telephone conferences, online meetings, video conferences and/or webinars. Insofar as personal data of the controller’s employees are processed, Art. 6 Abs. 1 lit. b, f DSGVO , German Data Protection Act, forms the legal basis for the data processing.

Telephone conferences, online meetings, video conferences and/or webinars can be participated in via the respective app as well as the respective browser-based version. We would like to point out that use of the browser-based versions is generally more data protection-friendly than use of the app-based versions. The scope of the personal data processed depends on the information you provide before or when participating in a telephone conference, online meeting, video conference and/or webinars.

The following personal data may be processed:

• User details: display name, email address (optional), profile picture (optional), preferred language
• Meeting metadata: Title, date, time, location, meeting details if applicable, meeting ID and device/hardware information
• Text, audio and video data: Users may have the option to use the chat function during conference calls, online meetings, video conferences and/or webinars. Insofar, the text entries made by the user are processed to display and, if necessary, record them. To enable the display of video and the playback of audio, the data from the microphone of the terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. Users can turn off or mute the camera or microphone themselves at any time.

Microsoft Teams is part of Microsoft Office 365. If users have a Microsoft Office 365 account and are logged into it, personal data may be stored at Microsoft in the context of telephone conferences, online meetings, video conferences and/or webinars. The scope and duration of the storage depends on the respective settings in the user account, over which the controller has no influence.

Telephone conferences, online meetings, video conferences and/or webinars are not recorded. Chat contents are not logged.

An appropriate level of data protection is guaranteed on the one hand by entering into the so-called EU standard contractual clauses. As supplementary protective measures, we have configured the respective applications as strictly as possible from a data protection point of view.

Further-reaching information about data protection and data security can be found at:

https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
 

5.14 TeamViewer

For support and remote maintenance purposes, the controller uses “TeamViewer,” a service of TeamViewer Germany GmbH (hereinafter referred to as “TeamViewer”).

The personal data are processed on the basis of the controller’s legitimate interest in accordance with Article 6(1), point (f), GDPR, in the effective performance of IT support and remote maintenance work. Insofar as personal data of the controller’s employees are processed, Art. 6 paragraph 1 lit. b, f DSGVO, German Data Protection Act, forms the legal basis for the data processing.

When using TeamViewer, a connection to the TeamViewer servers is established. In addition to the IP address, the location and the MAC address of the user as well as the beginning and end of the TeamViewer session are forwarded to TeamViewer. In the course of IT support and remote maintenance work, it is generally possible for the person responsible to take note of the content accessed by the user on his or her computer. We therefore recommend that you close all programs and windows that are not required for IT support or remote maintenance before using TeamViewer.

Further information about data protection with TeamViewer can be found at: https://www.teamviewer.com/de/privacy-policy
 

5.15 Establishing contact

When contacting the controller (for example, by e-mail or contact form), the information provided by the requesting user is processed to the extent necessary to respond to the contact request and any measures requested.

The legal basis for the processing of personal data in this context is Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to answer enquiries.

The data provided by the enquiring user in the course of contacting us shall only be forwarded with the user’s consent within the meaning of Article 6(1), point f, GDPR.
 

5.16 Snow chain advisor and webshop

The website offers users the opportunity to configure and order snow chains for a specific vehicle via the snow chain advisor (schneekettenberater.rud.com).

In the process, personal data related to the order are processed, e.g. company/first name, surname, street, house number, postcode, town, country, e-mail address, different shipping address if applicable and payment data. For payment by credit card, entry of the complete credit card data are required, i.e. name of the cardholder, credit card number, validity and CVC code. For payment by direct debit, the account holder, the account number, the bank code and the bank name are required.

The controller processes personal data for the purpose of processing the order in the webshop on the basis of Article 6(1), Sentence 1, point (b), GDPR. Furthermore, the controller processes personal data for the assessment of creditworthiness as well as notification of indications for determining the creditworthiness of customers by informa HIS GmbH, Kreuzberger Ring 68, D-65205 Wiesbaden (hereinafter “informa”) on the basis of Article 6(1), points (b) and (f), GDPR.

• In this context, personal data collected by informa in respect of the application, implementation and termination of the contractual relationship as well as data about non-contractual or fraudulent behaviour shall be forwarded.
• The exchange of data with informa is also aimed at honouring legal obligations to conduct creditworthiness checks (Sections 505a, 506 BGB (German Civil Code)).
• informa processes the data received and also uses such data for profiling purposes (scoring) to provide third parties with information to assess your creditworthiness.
• Further information about informa’s activities can be found at ttps://www.informa-his.de/haeufige-fragen.

6 Further data processing

6.1 Contractual relationships

The processing of personal master data, contract data and payment data is required to establish and/or implement contractual relationships with customers. The legal basis for the processing is Article 6(1), Sentence 1, point (b), GDPR.

The controller processes customer and prospect data for evaluation and marketing purposes. The legal basis for the processing is Article 6(1), Sentence 1, point (f), GDPR. The processing is geared towards the controller’s legitimate interest to further develop the range of services and provide targeted information about this.

Personal data are only further processed on the basis of consent within the meaning of Article 6(1), Sentence 1, point (a), GDPR or as part of honouring legal obligations within the meaning of Article 6(1), Sentence 1, point (c), GDPR.
 

6.2 Employment relationships

The website offers applicants the opportunity to apply to the controller by e-mail or by post. In doing so, personal data related to the specific application are processed, e.g. general personal data, information about school, professional and further education as well as other information submitted by applicants.

The controller processes personal data for the purpose of performing the application procedure as well as the processing of the employment relationship, if such a relationship is established, on the basis of Article 88, GDPR, in conjunction with Article 6 parapraph. 1 lit. b, f GDPR. Furthermore, personal data may be processed if this is necessary to honour legal obligations (Article 6(1), point (c), GDPR) or for the defence of asserted legal claims against the controller (Article 6(1), point (f), GDPR). The legitimate interest is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

Personal data are stored for the aforementioned purposes for as long as is necessary to honour these purposes. For the purpose of defending asserted legal claims from the application procedure against the controller, personal data shall be stored for a maximum of 6 months and then erased.

The application may be included in an applicant pool if no employment relationship is currently under review. In the event of inclusion, all documents and details from the application shall be transferred to the applicant pool to contact applicants in the event of suitable vacancies. Inclusion in the applicant pool only takes place on the basis of consent within the meaning of Article 6(1), Sentence 1, point (a), GDPR. Granting consent is voluntary and is not related to the current application process. The data subject may withdraw his/her consent at any time. In this case, the data shall be erased from the applicant pool provided there are no legal reasons for storage. The data from the applicant pool shall be stored for a maximum of 2 years and then erased.

The provision of personal data in the context of application procedures is neither required in a legal nor contractual sense. Therefore, applicants do not undertake to furnish any information. However, provision of personal data is required for the decision on an application or entering into a contract in relation to an employment relationship. If applicants do not provide personal data, the controller cannot make a decision on the establishment of an employment relationship. You are recommended to provide personal data only that are necessary in this context as part of the application. 
 

7 Processing security

The Website uses the TLS (Transport Layer Security) procedure in conjunction with the highest encryption level supported by the browser used. Whether an individual web page of the website is transmitted in encrypted form can be recognised in the address bar of the browser by the prefix and/or the closed padlock symbol.

The controller uses technical and organisational security measures to protect the personal data it manages against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures are continually improved in line with technological developments.
 

8 Validity and up to date nature of the Data Protection Policy

The Data Protection Policy is currently valid and dated 20.01.2023.

Due to ongoing legal and technical developments, the controller reserves the right to update this Data Protection Policy at any time.