Information ondata protection
The protection of your personal data is important to us, and we want you to feel secure when visiting our website. We comply with the provisions of data protection law, in particular the EU General Data Protection Regulation ("GDPR").
In this privacy statement, we explain to you what information (including personal data) we process when you visit and use our website www.rst-rostock.com ("Website").
We would like to point out that security gaps can occur during data transmission on the inter-net (e.g. communication by e-mail). It is not possible to completely protect data from access by third parties.
I. Who is responsible for data protection?
Responsible for the processing of personal data within the meaning of data protection law:
Contact details of the data protection officer:
II. What data do we process?
You can access our website without providing any personal information (such as name, postal address or e-mail address). However, to enable you to access our website, we need to collect and store certain information.
- Log files: We collect information about you when you use this website. We automatically collect information about your usage patterns and your interaction with us and register information about your computer or your mobile device. We collect, store and use data about each access on our website (so-called server log files). Access data includes the name and URL of the retrieved file, date and time of retrieval, transferred data volume, notification of successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider. We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit in some places (e.g. when registering, logging in, clicking links, etc.).
- Contact: If you contact us via one of the options offered on our website, we will process all personal data contained and indicated in your message in order to process your enquiry and respond to it.
- Marketing Activities: When you visit our website, there will be cookies set by the technologies of Google Inc. ("Google"), that are used for general marketing, retargeting and statistical purposes. These cookies can trigger personalized advertising on external websites. Also, with this procedure we generate exclusively anonymous user data. Most browsers are automatically set to accept cookies. If you wish, however, you can configure your browser by changing your browser settings so that cookies are restricted or completely blocked.
- Plugins and Tools
III. For what purpose and on which legal basis do we process your data?
- Any personal data contained in the log files will be processed in order to enable you to use our website; processing will be carried out in accordance with Article 6 Para. 1 f) GDPR in order to safeguard our legitimate interest in operating our website.
- The data collected via cookies (including web analysis services, plugins and tools) and the pseudonymised user profiles may be processed for advertising and market research purposes as well as for the purpose of userfriendly design of our website on the basis of Article 6 Para. 1 f) GDPR in order to safeguard our legitimate interest in an analysis of the use and in a userfriendly design of our website.
- The data provided in connection with the subscription to the newsletter will be pro-cessed on the basis of Article 6 para. 1 a) GDPR (consent).
- Data processing for answering a request is based on Article 6 (1) f) GDPR to protect our legitimate interest in establishing and maintaining business contacts. If your request relates to the conclusion of a contract or to precontractual measures, we process your personal data on the basis of Article 6 paragraph 1 b) GDPR.
- We may also process the personal data processed in connection with your use of our website in order to fulfil legal obligations to which we are subject; this is done in ac-cordance with Article 6 (1) c) GDPR.
- If necessary, we process personal data not only for the above-mentioned purposes but also to safeguard our legitimate interests or the interests of third parties; this is done on the basis of Article 6 para. 1 f) GDPR. Our legitimate interests include asserting legal claims and defending our interests in litigation, preventing and resolving criminal of-fences, and managing and developing our business, including risk management.
IV. Do I have to provide data?
The information required for ordering the newsletter is marked as mandatory in the cor-responding section of this website (e.g. in the corresponding online form). In order to be able to respond to a request addressed to us, we need at least your name and information on how we can contact you (e.g. postal address or e-mail address). We will not be able to process your request if we are not provided with the required information.
If we collect additional personal data from you, we will inform you whether the provision of this data is based on a legal or contractual obligation or a requirement necessary for the conclusion of a contract. In this regard, we usually identify the information that can be voluntarily provided and the provision of which is not based on the above obligations or is not necessary for the conclusion of a contract.
V. Who is the recipient of my data?
Usually, your personal data is processed in our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. A role and authorization concept restricts access within our company to the functions required for the respective processing purpose and to the scope required in this respect.
To the extent permitted by law, we may also disclose your personal data to third parties outside of our company. In particular, the following persons may belong to these external recipients:
- Companies that belong to our group of companies, insofar as they are involved in the processing of enquiries or orders,
- Service providers commissioned by us who provide services for us on the basis of a separate contract, which may also include the processing of personal data, as well as all subcontractors commissioned by our service providers with our consent,
- shipping companies involved in processing your order,
- credit institutions involved in the processing of payments,
- non-public and public authorities to the extent that we are obliged by law to transmit your personal data.
VI. Is automated decision making used?
In connection with the operation of our website, we do not normally use automated de-cision making (including profiling) within the meaning of Article 22 GDPR. If we use such procedures in special cases, we will inform you separately to the extent required by law.
VII. Are data transmitted to countries outside the EU/EEA?
As part of our web analytics services, plugins and tools as well as in connection with the use of our website and contacting us, information may be transmitted to recipients in "third countries", in particular the USA. "third countries' means countries outside the European Union or the European Economic Area for which the level of data protection cannot easily be considered comparable to that of the European Union. Insofar as the information transferred also includes personal data and we are not obliged to transfer the data due to a legal obligation, we will ensure before the transfer that the required appropriate level of data protection in the respective third country or by the recipient in the third country is complied with. In particular, this can take the form of an "adequacy decision" by the European Commission ensuring that an adequate level of data protection has been established for a given third country as a whole. Such a decision of adequacy exists in relation to Israel. Alternatively, we may also transfer data in particular pursuant to "EU standard contractual clauses" agreed with or for recipients in the United States, if and to the extent required by applicable data protection laws. Upon request, we will be happy to provide you with more information about the appropriate and reasonable safeguards for maintaining an adequate level of data protection; the appropriate contact information can be found at the top of this privacy notice. Information on the participants in the EU-US Privacy Shield can be found at: www.privacyshield.gov/list; for information on the EU standard contractual clauses please visit: http://eur-lex.europa.eu and for information on the adequacy decisions please visit: https://ec.europa.eu.
VIII. How long will my data be stored?
Usually, we store your personal data as long as we have a justified interest in the storage and this interest outweighs your interest in discontinuing the storage. We may also continue to store the data without legitimate interest if we are legally obliged to do so (e.g. to fulfil archiving obligations). We will delete your personal data as soon as the data is no longer required for the fulfilment of the processing purpose or its storage is otherwise prohibited by law.
The personal data that we must store in order to fulfil our archiving obligations will be stored until the respective archiving obligation expires. If we only store personal data for the fulfilment of archiving obligations, the data is generally blocked so that it can only be accessed if it is necessary for the purpose of the archiving obligation.
IX. What rights do I have?
The following rights apply only:
- for data subjects who are located in the EU and whose personal data are processed by us as described above, insofar as the processing activities are connected with the offer of goods or services or insofar as the behaviour of the data subjects is monitored, insofar as their behaviour takes place within the EU;
- for data subjects whose personal data are processed as part of the activities of the RST Rostock System-Technik GmbH, regardless of whether the processing takes place in the EU or not.
a) The right of objection under Article 21 GDPR
You have the right at any time to object to the processing of your personal data on the basis of Article 6 (1) e) or 1 f) GDPR for reasons relating to your particular situation; this also applies to profiling on the basis of these provisions. Should you object to the processing, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which take precedence over your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling, insofar as this is in connection with direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
b) Further rights
As a data subject, you have the following rights:
- Access/Information about your stored personal data, Article 15 GDPR
- Rectification of inaccurate or incomplete data, Article 16 GDPR
- Erasure of personal data, Article 17 GDPR
- Restriction of processing, Article 18 GDPR and
- Data portability, Article 20 GDPR
You can revoke your consent to the data processing granted to us at any time with effect for the future. A notification by e-mail is sufficient for this purpose. The legality of any data processing carried out before your revocation remains unaffected by the revocation. Furthermore, data processing may be continued despite your revocation of consent if another legal basis (e.g. Article 6 para. 1 b) GDPR or Ar-ticle 6 para. 1 f) GDPR) has been proven.
In order to exercise your rights, you can contact us at any time, e.g. by using one of the contact options listed at the beginning of this information on data protection.
In addition, you have the right to lodge a complaint with the supervisory authority responsible for data protection, Article 77 GDPR.