Data protection
Privacy Policy of RAFI GmbH & Co. KG
1. Controller for Data Processing and Data Protection Officer and general Principles
(1) We, the RAFI GmbH & Co. KG, Ravensburger Straße 128-134, 88276 Berg / Ravensburg, Germany, Tel.: +49 751 89-0, Fax: +49 751 89-1300, E-Mail: info.heardquarters@rafi-group.com, operator of the websites, available at www.rafi-group.com (hereinafter referred to as „WEBSITE“), and controller for the processing of personal data of the users of our website (“You”) subject to Art. 4 No. 7 General Data Protection Regulation (GDPR) and other national data protection laws of the Member States and other data protection provisions.
(2) Our external Data Protection Officer is: Mr. Dr. Norbert Kuhn, Heustraße 3, 70174 Stuttgart, Germany, E-Mail: datenschutz@rafi.de.
(3) Hereinafter, in the context of our information obligations, we would like to inform you in detail, which data are processed when visiting our WEBSITE and the use of our other services and offers on our WEBSITE. Furthermore, we would like to inform you about the associated protective measures we have also taken in technical and organizational terms.
2. Processing of personal Data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that can be directly or indirectly assigned to your person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us only if and to the extent of which
- the processing of data is necessary to fulfill a legal obligation to which we are subject to (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual actions that you request (Article 6 (1) Subpar. 1 b) GDPR), or
- You have given us your consent to the processing of data for one or more specific purposes (Article 6 (1) Subpar. 1 a) GDPR), or
- the processing of data is necessary to ensure our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
(3) In the following provisions of this Privacy Policy, we describe on which of the legal bases listed in paragraph 2 we base the processing of your personal data in individual cases.
(4) In part, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected. Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. Further information can be obtained by stating your personal data or in the following provisions of this Privacy Policy. Insofar as our service providers or partners are based in a state outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the following provisions of this Privacy Policy.
(5) The extent and nature of the processing of your data differs depending on whether you visit our WEBSITE solely for the purpose of retrieving information (see the following Sect. 3) or make use of services offered by us (see the following Sect. 4).
3. Merely informative use of our WEBSITE
(1) In connection with the mere informational use of our WEBSITE, that is, if you do not use any of our services and offers on our WEBSITE or provide us with any other information, we will only collect those data that your internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the network access device of the respective requesting computer
- Date and time of the request (in GMT)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
(2) This information is technically necessary for us to enable you usage and functionality of our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete your data as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for the merely informative provisioning of our WEBSITE, the deletion takes place when the respective session has ended. A storage of your IP address takes up to seven days in complete, then in anonymous form. Your IP address will be reduced by the last octet (or a corresponding subsegment in the case of IPv6). The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our website and to avert dangers.
4. Other Features and Offers
In addition to the purely informational use of our WEBSITE, we offer various offers and functions (hereinafter also referred to as "Services") that you can use, if you are interested. To do this, you will generally need to provide other personal information that we use to provide the Service and for which the aforementioned data processing principles apply.
In detail, these are the following Services for which we process your personal data:
4.1 Ordering Brochures and Contact/Feedback
(1) If you contact us, e.g. when ordering our printed flyers, brochures and / or catalogs or to provide us with your feedback, the processing of your voluntarily communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via the contact form, e-mail or otherwise. The processing of your data is only for processing the contact as well as to prevent misuse and ensure the security of our information technology systems.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not prevent statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is the case when the conversation with you is over. In general, the conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2 Subscription to our Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our offers and activities. The advertised offers and activities are mentioned in the declaration of consent.
(2) The newsletter is sent via the technical service provider CleverReach GmbH & Co. KG (Mühlenstraße 43, 26180 Rastede, Germany; „CleverReach“). For this, it is necessary that we transfer your data given in the course of the newsletter registration to CleverReach. This data is stored on the servers of CleverReach in Germany or Ireland. Our legitimate interests lie in the use of a promotional, secure and user-friendly newsletter system. The legal basis for the use of CleverReach is Art. 6 (1) Subpar. 1 f) GDPR. Further information on data protection can be found in the CleverReach Privacy Policy at: www.cleverreach.com/en/datenschutz/.
(3) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address listed in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation.
(4) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately tagged data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for sending you the newsletter. The legal basis is Art. 6 (1) Subpar. 1 a) GDPR.
(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke by clicking on the link provided in each newsletter, by e-mail to info.heardquarters@rafi-group.com or by sending a message to the contact details mentioned in Sect. 1 at any time. You can also unsubscribe via this link: https://www.rafi-group.com/en/newsletter-unsuscribe-bye-bye/.
(6) We will delete your data as soon as it is no longer necessary to achieve the purpose of its collection, your e-mail address becomes unreachable or if you revoke your consent to the sending of newsletters. Your data is therefore stored as long as the subscription to the newsletter is active.
4.3 Customer / Supplier Account (RSN and RCN)
(1) If you are already a customer with us, we can create a customer account for you on request within our RAFI Customer Net (RCN), through which we store your data for later further inquiries about our products, in case you are already a customer with us.
(2) If we commission you as a supplier, we can create a user account for you on request within our RAFI Supplier Net (RSN), through which we store your data for future orders and inquiries about your products / services.
(3) Further information on the storage of your data, in particular for the exact purposes and the duration of the data storage can be found in the supplementary Privacy Policy for the customer account.
4.4 Use of our B2B online catalog
(1) If you wish to request certain products through our B2B Online Catalog, processing your request requires that you create a customer account, providing personal information that we need to process your request and that we may store for further inquiry. Mandatory information required for the creation of the customer account is marked separately, further information is optional. We also process the voluntary data you provided to process your inquiries. The legal basis for this is Art. 6 (1) Subpar. 1 (b) GDPR and Article 6 (1) Subpar. 1 (f) GDPR for the voluntary data you provided.
(2) The data you provide are revocably stored by us. All data can be changed in your customer area. You can also delete your customer account in the customer area at any time.
(3) We may also process the information you provide to inform you of other interesting offers or to provide you with technical information e-mails. The legal basis for this is Art. 6 (1) Subpar. 1 (f) GDPR.
(4) If you delete your customer account, all data stored about you will be deleted. If a complete deletion of your data is not possible or necessary due to legal reasons, we will block your data for further processing.
4.5 Application
(1) When you apply for a position in our company, we process the personal data that you provide us with, e.g. sent by e-mail. We do not require any information from you that is not usable under the General Equal Treatment Act (such as race, ethnic origin, religion or belief, age, sexual identity). We also do not ask you to submit any information on pregnancy, political views, philosophical or religious convictions and union membership.
(2) The processing of your personal data is for the sole purpose of staffing within our company. A transfer of your personal data will not take place, unless you have given us your consent. The legal basis for the processing of your personal data is Art. 6 (1) Subpar. 1 (b), Article 9 (2) (b), Art. 88 GDPR in conjunction with Section 26 FDPA.
(3) If we cannot offer you a position, we will delete your data no later than 6 months after completing the application process, unless you give us your consent that we may save the applicant details longer.
5. Cookies
(1) We use cookies for our WEBSITE. Cookies are small text files that are stored on your data storage device (e.g. hard drive, SSD) assigned to the browser you use and through which the place that sets the cookie (here through us), certain information flow. A cookie cannot run programs or automatically transfer malware to your computer. Cookies serve to make the internet offer more user-friendly and effective overall.
(2) Our WEBSITE uses persistent cookies. Persistent cookies are automatically deleted when you close the browser or log out. In particular, these include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our WEBSITE. The session cookies are deleted accordingly when you log out or close the browser.
(3) If personal data are processed by individual cookies, the processing is carried out in accordance with Art. 6 (1) Subpar. 1 b) GDPR either for the execution of the contract or in accordance with Art. 6 (1) Subpar. 1 f) GDPR for the protection of our legitimate interests in the best possible functionality of our WEBSITE as well as a customer-friendly and effective design of the page visit.
(4) You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. We point out that you may not be able to use all the features of our WEBSITE when cookies are deactivated.
(5) If you have an account with us (RAFI Supplier Net (RSN) or RAFI Customer Net (RCN)), we use permanent (persistant) cookies to identify you for follow-up visits. Otherwise, you would have to log in again for each visit. These are stored until either the storage purpose is obsolete or you request the deletion. You will receive information that is more detailed by agreeing to the subsequent Privacy Policy of the RSN and RCN.
6. Third-Party Contents
a) Web Fonts (Fonts from Fonts.com and Fonts.net)
This site uses so-called web fonts, which are provided by Fonts.net for the uniform presentation of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, JavaScript code is downloaded from Monotype Inc., Monotype, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Fonts.net). The use of web fonts is in the interest of a uniform and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 par. 1 f) GPDR.
If your browser does not support web fonts, your computer will use a default font. If you have activated JavaScript in your browser and have not installed a Java Script Blocker, your browser may transfer personal data to Fonts.net. For more information, see the Fonts.net Privacy Policy: www.monotype.com/legal/privacy-policy/.
b) YouTube
(1) We have incorporated videos from YouTube into our online offering, which are stored on www.YouTube.com and are directly playable from our WEBSITE. These are all included in the "extended privacy mode", i.e. that no data about you as a user will be transferred to YouTube, if you are not playing the videos. Only when you play the videos, the data mentioned in the next paragraph will be transmitted. We have no influence on this data transfer.
(2) By visiting our WEBSITE, YouTube receives the information that you have accessed the corresponding sub-page of our WEBSITE. In addition, the data mentioned under Sect. 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish your profile to be assigned on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our WEBSITE. You have the right to object to the creation of these user profiles, and you must address YouTube directly to exercise that.
(3) For more information on the purpose and scope of your data collection and processing by YouTube, please read the Privacy Policy. There you will also get further information about your rights and settings options for the protection of your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
c) etracker
The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.
Further information on data protection with etracker can be found here.
7. Data Security
(1) We use technical and organizational security measures in order to protect accruing or collected personal data against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons in particular. Our security measures are continuously improved in line with technological developments.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize the secure transfer by the protocol name "https: //" in the URL line.
8. Your Rights
(1) With regard to the processing of personal data concerning you, you are entitled to the rights listed below in a)-h) under the legal preconditions. Please contact the Data Protection Officer or us for this. The contact details can be found under Sect. 1.
a) Right to Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or objection to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) - f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Consultation
According to Art. 19 GDPR we communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to Objection
As far as we base the processing of your personal data on the balance of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform us or the Data Protection Officer about your objection under the contact data mentioned in Sect. 1.
h) Right to revoke the Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us, at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 GDPR. Please contact a supervisor in the Member State of your place of residence, your work place or the location of the potential breach. An overview can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
9. Amendments to the Privacy Policy
We reserve the right to change this Privacy Policy at any time with future effect. A current version is available on our WEBSITE. Please visit the WEBSITE regularly to find out about the applicable Privacy Policy.
Effective: April 01st, 2021