TREATMENT OF PERSONAL DATA ON THE WEBSITES
www.riedhammer.de - www.riedhammer.com - www.riedhammer-gmbh.de - www.riedhammer.biz - www.riedhammer.info - riedhammer.de
of RIEDHAMMER GmbH
with legal address in Nürnberg - Klingenhofstr. 72 - 90411 Tel: +49-911-52180, Fax: +49-911-5218231, Email: firstname.lastname@example.org (following, also "the COMPANY")
General Management: Matthias Uhl, Stefano Lanzoni
Data Protection Officer: Mr. Hermann Keck, Keck-DSB GmbH – Datenschutz und Sicherheit, Albrecht-Dürer-Weg 6, 91320 Ebermannstadt, Tel.: +499194-7245915, E-Mail: email@example.com
This page includes the descriptions of the management methods for the aforementioned Websites (hereafter referred to as “Site”) with specific reference to the processing of personal data by visitors who view the Websites (hereafter referred to as "Users" or "User" when referring to a single individual).
Personal data is “any information pertaining to a natural person that is or can be identified (“Data Subject”); natural persons are identifiable if they can be identified directly or indirectly, with particular reference to identifying elements such as name, identification number, location data, online ID or one or more elements that are characteristics of their physical, physiological, genetic, psychological, economical, cultural or social identity”.
Processing means “any operation or set of operations performed with or without the help of automated processes and applied to personal data or set of personal data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by means of transmission, dissemination or any other type of distribution, comparison or interconnection, limitation, deletion and destruction”.
The sites of the COMPANY may contain links to websites of third parties, to be useful to the User: the COMPANY does not control nor is responsible in any way for these sites, their content and/or the processing of Personal Data that these sites apply and/or perform.
CONTACT DATA OF CONTROLLER AND DATA PROTECTION OFFICER
The Controller according to the General Data Protection Regulation (GDPR) and applicable national data protection laws and regulations of the member states is the COMPANY as defined in the header above.
If the COMPANY has assigned a Data Protection Officer, contact data are found in the header.
The COMPANY only processes personal Data of its users as far as it is necessary for providing a fully functional Site. Processing of personal data only occurs after explicit consent of the user. An Exception applies when a prior consent is not possible due to practical reasons or when the processing of Data is permitted by law. The Data will be subject to processing by the COMPANY, according to the limits set out by the applicable legislation, for the following purposes:
- allow performing operations that are strictly associated with and instrumental in managing our relationship with you, such as answering queries received via our contact modules; recording and processing your requests for technical support; recording and processing your applications as suppliers of the COMPANY; allowing access to reserved sections of the Site (such as those of the Customer Area or the Supplier Area) and provide support to recover login data for your account; ensuring the finalisation of sales agreements for goods and/or services, managing and fulfilling orders; ensuring delivery of purchased products and checking the trend of relationships (Supply of services);
- allow proper performance of contractual obligations taken by the COMPANY toward the User and vice versa (Contractual obligations);
- allowing fulfillment of the obligations set out by laws, regulations and European Union directives, or provisions required by authorities set out by the law and supervisory and control entities, as well as fulfilling accounting and taxation requirements (Legal obligations); finding information required to identify unusual activities, frauds and/or abuses when using the Site (Security);
- performing commercial information activities via e-mail, if you are using a service on the Site or are proceeding or have proceeded to purchase goods or services from the COMPANY, by means of emails about the same type of products and/or services (Soft Spam);
- providing information about our products and/or services as well as promotional and commercial activities, by means of automatic systems without the input of an operator (e.g. emails; measuring your satisfaction
Personal Data processed by means of the Site fall within the following categories.
- Personal data, contact data and any other particular category of Personal Data
Depending on the services required by the User, the COMPANY may request information, such as: Supplier code assigned by the COMPANY, Company name, Name of the inquirer, Company role of the inquirer, Country, Telephone, Fax, Company e-mail, etc.
Further data may be collected during the management of each relationship through the Site or can comprise data the User decides to provide to the COMPANY by means of the Contact Us area of the Site.
Some sections of the Site contain free-text fields that can be used to provide information to the COMPANY that may contain Personal Data. Since these are free-text fields, you may decide to communicate (even inadvertently) special categories of Personal Data, such as Data that disclose political opinions, religious or philosophical beliefs or trade union membership , as well as genetic Data, biometric Data to uniquely identify a natural person, Data pertaining to health, sexual life or sexual orientation.
The COMPANY asks you not to disclose any of these Data types. Since providing this information is totally optional, if you decide to do so, the COMPANY can choose whether to proceed with processing of entered data belonging to the special categories listed above, or to process that information only with your explicit authorisation and in compliance with current regulations.
- Personal Data of other people
As mentioned in the previous paragraph, since any type of message can be entered in the free-text fields of the Site, they may indeed contain Personal Data of other people involved. In any case you decide to share this data with the COMPANY, you will be considered as independent Controller and as such you will take on all obligations and legal responsibilities pertaining to this. Therefore, in this regards, the User provides the broadest indemnity against any claim, request, refund or damage due to processing, etc. that may come to the COMPANY from people whose Personal Data have been forwarded by you in breach of applicable personal data protection regulations. Since, in this case, the COMPANY does not collect the information directly from the Data Subjects (but from you indirectly), you ensure that this specific processing is based on the authorisation of these Data Subjects or on another suitable legal basis that authorises processing of this information.
- Navigation data and cookies
Information technology systems and software procedures used to operate the Site acquire some Personal Data during their normal operation, whose transmission is implicit in using Internet communication protocols. This information is not collected by the COMPANY to be associated with identified Data Subjects, but it may, by its very nature, allow identifying users through processing or association with Data held by third parties.
This category of Data includes IP addresses or domain names of computers used by Users connecting with the Site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to send the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters about the operating system and software environment of the User.
This Data is used only for anonymous statistical information about use of the Site, to check its proper operation and to identify any unusual activity and/or abuses.
Data preceded by an asterisk (*) within the Site are considered by the COMPANY to be necessary and indispensable to fulfil the relevant purposes. The following are the legal bases used by the COMPANY to process your Personal Data, according to the purposes listed under the previous Section (“Purpose of processing and processed Personal Data”).
Provision of Personal Data and their processing for the purposes associated with the Supply of Services and other Contractual obligations is strictly functional to perform the required service and to properly perform the contractual relationship signed with you, respectively; therefore they are a necessary condition to establish the contractual relationship. The legal basis for processing personal data due to contractual obligations is provided by Article 6, Paragraph 1, Subparagraph b of the GDPR. Consequently, failure to provide Personal Data required for this purpose, or the provision of wrong data, will make it impossible for the COMPANY to perform the Service and the contractual relationship and will entitle the COMPANY to refuse to perform them or to stop their performance.
The provision of Personal Data and their processing for the purposes of the Legal Obligations is required by the COMPANY to meet the relevant legal obligations. The legal basis for processing personal data to meet legal requirements is provided by Article 6, Paragraph 1, Subparagraph c of the GDPR. When you provide Personal Data to the COMPANY, it needs to process it in compliance with applicable laws that may include storing them or communicating them to pertinent authorities for compliance with taxation, customs or other obligations.
Provision of Personal Data and their processing for the purposes of Security, is based on the commitment of the COMPANY to identify and prevent illegal behaviours and to ascertain responsibility in the event of any cybercrime against the Site or third parties, therefore they are a necessary condition to navigate the Site. The legal basis for processing personal data to protect vital interests of a natural person is provided by Article 6, Paragraph 1, Subparagraph d of the GDPR. Consequently, failure to provide Personal Data required for this purpose will make it impossible for the COMPANY to provide access to the Site.
The provision of Personal Data and relevant processing for the purposes of Soft Spam is based on the interest of the COMPANY to send you marketing communications via email pertaining to similar products and services to those you have already purchased and/or used by means of the Site. You can stop receiving these communications, without any consequence (other than no longer being able to receive similar communications by the COMPANY) by means of the specific link in the footer of each of the emails that you receive for this purpose. The legal basis for processing personal data for Marketing reasons is provided by Article 6, Paragraph 1, Subparagraph f of the GDPR. The COMPANY undertakes to comply with further relevant legislation, in particular the Law against Unfair Competition (UWG) when processing Data for aforementioned purposes.
Personal Data will be provided to personnel of the COMPANY employed to develop and manage the Site, who is authorised to process them in order to fulfil the previously described purposes and who is committed to confidentiality or has received a suitable legal confidentiality obligation according to GDPR.
Personal Data processed for the previously described purposes can be shared, used and transferred within the corporate affiliation to SACMI for internal accounting and administrative purposes. In this case, the COMPANY ensures that Data will be processed by these subjects in compliance with applicable regulations. Therefore transfers are made by means of suitable guarantees, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission or other suitable guarantees.
These companies act as independent Controllers who process the data as strictly necessary for the aforementioned purposes and provide you with specific information on how they potentially carry out the Data processing within this Data Protection Declaration.
Personal Data will be supplied to third parties, called Processors, since they process Data on behalf of the COMPANY (e.g. companies managing and fulfilling sales orders, companies with whom it is necessary to interact to provide Services, such as hosting providers, providers of emailing services or other companies tasked with technical maintenance, including maintenance of network equipment and electronic communication networks, software developers, companies providing the payment technological platform and gateway for product orders in the sector of e-payments, payment service providers and e-payment service providers). Personal Data that is strictly required to perform commercial operations or required Services may be shared with third parties with whom the COMPANIES has agreements for services that are functional to its operations (such as product delivery companies, auditing firms, people, firms or professional offices that provide support and consultancy services in the fields of administration, law, taxation, financial services and debt collection services, for the purpose of providing these Services).
Finally, Personal Data will be communicated, upon request, to the relevant authorities (e.g. in the event of frauds and/or abuses when using the Site), to financial offices or to other Public Institutions according to the provisions of current regulations.
There will not be any additional transfer of Data to third parties not mentioned in this Declaration. STORAGE OF PERSONAL DATA
Personal Data processed for the purposes of Supply of Services and Contractual Obligations will be stored by the COMPANY for the time that is strictly required to perform the requested Service and to properly fulfill our contractual relationship with you.. In[FG2] any case, since this Personal Data is processed to provide Services and to allow the contractual relationship to be fulfilled, the COMPANY may store them for a longer period, in particular as necessary in order to protect the interests of the COMPANY from any liability pertaining to the Services. Data will be deleted at the end of this period.
Your requests and the Data contained within them collected by means of the Contact Us area of the Site will be kept only for the time required to allow the COMPANY to identify proper fulfillment of the request. After this period, Data that allows identification, even if indirectly, of a natural person (such as name, surname, email) will be made anonymous and will be stored, in aggregate form, for statistical purposes.
Personal Data processed for the purpose of Legal Obligations will be stored by the COMPANY for the period set out by specific legal applications or by applicable regulations.
Personal data processed for the purpose of Security will not last more than 6 months, except when it is used to ascertain responsibility for any cybercrime against the Site or third parties (e.g. to protect from legal actions by providing this data to the relevant Authorities).
Personal Data processed for the purpose of Soft Spam will be stored by the COMPANY until you will request to stop their processing by means of the link in the footer of each Soft Spam email sent.
Personal Data processed for the purpose of Marketing will be stored by the COMPANY until you withdraw your authorisation to do so. After withdrawing your authorisation, the COMPANY will no longer use your Personal Data for this purpose, but will still be able to store them, particularly when necessary to protect the interests of the COMPANY against any liability based on this processing.
Since you are the Data Subjects of the Data processing according to GDPR, you have the right, at any time, to:
- request access to your Personal Data (and/or a copy of this Personal Data) as well as to further information on the processing in progress free of charge;
- ask to correct or update your Personal Data processed by the COMPANY, when incomplete or not up to date;
- request your Personal Data to be deleted from the COMPANY databases, when l
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
(2) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing
(3) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2)
(4) the personal data have been unlawfully processed
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
(6) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)
- request that processing of your Personal Data by the COMPANY is limited when.
(1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
(4) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
- exercise your right to Data portability, i.e. obtaining a copy of Personal Data managed by the COMPANY and pertaining to you in a structured, commonly used and machine-readable format, or to request it to be transferred to a different Controller as far as technically feasible;
- oppose processing of your Personal Data, using a legal basis for your particular situation which you believe would prevent the COMPANY from processing your Personal Data;
- withdraw your authorisation for Marketing purposes without indicating the reasons or oppose processing for Soft Spam purposes for the future. Remember that the authorisation given for Marketing communications covers not only communications sent by means of automatic systems without operator intervention (such as emails or SMS) but also traditional contact methods such as the phone or postal service. You can always withdraw authorisation to processing also separately, for example deciding to receive these communications only by means of automatic systems such as email or SMS but not through the postal service or phone and vice versa. The revocation of consent does not affect the legality of processing of data due to consent up to the time of this revocation.
The COMPANY wishes to inform you that Personal Data you supply can be modified at any moment, by means of the relevant sections within the Site or by writing to the email address: firstname.lastname@example.org
Other rights can be exercised by writing to the email address: email@example.com
You can also stop receiving Soft Spam by means of the relevant link in the footer of every received email (by means of the “Delete” button).
The COMPANY wishes to inform you that you always have the right to complain to the relevant Control Authority, if you believe that treatment of your Data is contrary to actually applicable regulations pertaining to the protection of personal data. The responsible Control Authority for the COMPANY is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
Tel.: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
What are cookies?
For further information on cookies and their general functions, visit the information Website, allaboutcookies.org
Why do we use them and what is the purpose?
Cookies have several functions. They help website managers understand how users use the actual website, they allow the user to navigate the various website pages more efficiently, and they help to remember expressed preferences, etc. Cookies also provide information of a commercial nature and, for example, this information helps the website manager to understand which products interest the User the most, as well as which of these products is the most important.
The legal basis for processing of Data by means of Cookies is Article 6, Paragraph 1, Subparagraph f of the GDPR.
What type of cookies do we use?
Cookies that may be used on our Website fall within the categories illustrated as follows.
Temporary and permanent cookies
Cookies may expire at the end of a navigation session that is established as the time period between the user opening a window and closing it, or they may be kept for a longer period of time.
Temporary cookies – They are deleted and disappear from the device when the User leaves the website and closes the program used for navigation; they expire when the browser session ends and so they are not kept for a long period of time.
Permanent cookies – They remain on the device, even after the User has left the website, until they are deleted or until they reach their potential expiry date set by the website manager.
First party and third party cookies
There are "first party" and "third party" cookies based on the Website or the domain/webserver.
First party cookies are cookies that are directly set by the Websites visited by the User or the Website when the address is typed in by the User (displayed in the URL window).
Third party cookies are cookies set by a website that is different to the one visited by the User. Third party cookies are relevant in cases when the User visits a website and a third party, with respect to the manager of the website visited, sets a cookie using said website, i.e. cookies of sites or web servers other than the Site, belonging to third parties.
With regards to these cookies, these third parties generally are Controllers of data processing independent of the COMPANY (and use the data they collect for their purposes and according to their own terms) or can operate as Processors for the COMPANY (i.e. they process Personal Data on behalf of the COMPANY).
Cookie Technology for performance and functionality
Based on the purposes pursued, cookies used on Websites can differ and fall within three further categories, illustrated as follows.
Strictly necessary cookies, so called “technical” cookies, are essential to navigate the Sites you are visiting and to use some functions. Some online services required by the User (e.g. accessing reserved areas) may not be supplied without these cookies. This type of cookie on our Websites does not collect any personal information from the User that may identify the User in any way simply through the cookies.
Performance cookies collect anonymous information and this allows us to understand how Users interact with our Websites. For example, they tell us which websites are visited more often, the time spent on the website, potential error messages, etc. The performance cookies that we use only collect information anonymously and on an aggregate basis. They are used to improve the running of the websites and User navigation experience. For information on how to cancel or manage performance cookies, please refer to the relevant section on this page.
Functionality cookies: they allow our Websites to record User choices (such as the size of the text viewed, language preference, country location, etc.) and provide functionality based on User choices. In some cases, cookies may also be used to provide online service (e.g. offering a live chat service) or to avoid offering services or messages that the User has already refused in the past. Our Websites set this type of cookie on the navigation device used by the User in a fully anonymous manner and you shall not be able to identify it. For information on how to cancel or manage performance cookies, please refer to the relevant section on this page. Please be reminded that, if the User deletes this type of cookie then selected preferences and/or settings shall not be memorised for future visits.
Third party statistical/analytics cookies without identification purposes: use of Google Analytics with IP masking and no cross-checking with other data held by the third party.
The COMPANY uses the services of Google Analytics provided by Google Inc. to manage Sites with IP masking and no cross-checking with other data held by the third party, i.e. Google Inc.).Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics issues cookies that generate information about the use of the Site by the User. The Data generated by Cookies are usually being transferred to a server from Google in the USA. The USA is a third country with poor data protection security. Though, Google Inc. is certified under the US-EU data protection agreement “Privacy Shield” and undertakes to comply with the EU-Data protection regulations. These cookies can be likened, in compliance with the current regulation, to technical cookies, since they meet the following conditions: measures taken to decrease their identification power by masking parts of the IP (as described in this link: https://support.google.com/analytics/answer/2763052?hl=i); the third party is committed to use these cookies only to provide the service, to store them separately and not to “enhance” them or “cross-check” them with other information it has. In this regards, the COMPANY has not linked Google Analytics to any other additional service by Google and no marketing or data sharing option has been activated with Google. Furthermore, an add-on can be installed on the browser to disable Google Analytics (https://tools.google.com/dlpage/gaoptout).
For comprehensive information, we have provided a table below that indicates the name, Controller, purpose, duration and method for each cookie where their use may be disabled:
Social buttons and widgets
It is also possible to find social buttons/widgets on our Websites or specific "buttons" that depict the social network icons (for example, Facebook, Twitter, YouTube, Google Plus, etc.). These "buttons" allow the Users who are navigating the Websites to reach and interact with social networks directly with one "click". By clicking on Social buttons/widgets, the social network obtains data relating to the User visit. Aside from these cases where the User can share his or her own navigation data spontaneously with preselected social networks with one click, the COMPANY does not share any User navigation information or data obtained through the Websites with social networks that are accessible through Social buttons/widgets. For further information, refer to the privacy policies of the specific social networks that may be accessed through our Websites using the social buttons.
We integrated Social-Plugins of the following companies into our Site:
Our Website provides Plugins of YouTube run by Google. Provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
When visiting our Website,a connection to the servers of YouTube is automatically established. When you are at the same time logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal account. This can be prevented by logging out from YouTube before your visit on our Website. More information can be found in the data protection declaration of YouTube under the following link:
How to manage or delete cookies
Most Internet browsers are initially set to accept cookies automatically. The User may modify these settings in order to block cookies or be warned every time cookies are sent to the navigation device. Furthermore, at the end of each navigation session, the User may delete the cookies that were collected from his or her device.
You can prevent the collection and storage of Data by Google Analytics by appropriately adjusting your Browser Software. Furthermore, you can prevent the collection and processing of Data (including IP-address) by Google by downloading and installing the Browser-Plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
By this, an Opt-Out-Cookie will be placed on your device. Should you some time delete cookies, you have to click this link again.
More information about the deactivation of the various cookie types can be found throughout this declaration.
If the User uses various devices to visit and access Websites (for example, computer, smartphone, tablet, etc.), then the User is responsible for ensuring that each browser of each device is set to reflect his or her expressed preferences regarding cookies. For more information on managing cookies, please refer to the page http://www.allaboutcookies.org/manage-cookies/
Select the following links to access specific instructions for managing cookies through some of the main navigation programs.
Microsoft Windows Explorer
If the User does not use any of the aforementioned browsers then the User may, in any case, select "cookies" in the relevant section of the guide to see where the cookies folder is located.
You can also manage your choices about third-party cookies by means of online platforms such as AdChoice.
Information Requirements according to Art. 12, 13 et seq. of GDPR for applicants (m/f)[FG4]
[FG1] [FG1]Applications for jobs at Riedhammer are adressed at firstname.lastname@example.org
Deleted this section and added some specific Data protection provisions for applicants at the end of document.
[FG2] [FG2]Riedhammer does not have a Login-Function on the Website.
[FG3]Riedhammer website only provides YouTube Plugins
[FG4]Riedhammer does not have a separate career platform for applications, so redulations for applicants must be included into the Data Protection regulations.