Data protection policy

I. Name and address of the responsible party

The responsible party in regard to the General Data Protection Regulation as well as other national data protection regulations is:

ruhlamat GmbH
Executive officers: Karl Mack, Thomas Mack
Sonnenacker 2
99834 Gerstungen OT Marksuhl
Germany

Tel: +49 36925 929 - 0
Fax: +49 36925 929 - 111
E-Mail: info(at)ruhlamat.de
www.ruhlamat.de

II. Name and contact of the data controller

The responsible data controller is:

Matthias Dick
Adress: see above
Tel: +49 152 09886434


E-Mail: datenschutz(at)ruhlamat.de

III. General information about data processing

1. Scope of processing personal data

We process personal information of our users only when it is required to provide a functional website, content and services. The processing of personal data takes place after the user has given consent. An exception applies to those cases where prior consent is not possible due to practical reasons and data processing is allowed in accordance with regulations.

2. Legal basis for processing personal data

Insofar as we obtain consent from a person for processing personal data, Article 6, Paragraph 1 of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For processing personal data necessary to fulfill a contract of which the data subject is a party, Article 6, Paragraph 1 of the GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing personal data is required, our company is subject to Article 6, Paragraph 1 of the GDPR, which also serves as legal basis.

In the event that vital interests of the data subject or another natural person require processing personal data, Article 6, Paragraph 1 of the GDPR is the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article 6, Paragraph 1 of the GDPR is the legal basis for processing.

3. Data deletion and storage duration

The personal data of the person in question will be deleted or become inaccessible as soon as the purpose for storage is fulfilled. In addition, such storage may be required by European or national regulators in accordance with EU regulations, laws or other rules to which we are subject. Blocking or deleting data also takes place when the storage period prescribed by the previously mentioned regulations expires, unless there is further need of the data to conclude or fulfill a contract.

IV. Website access and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the requesting computer system.

The following data are collected at this time:

  1. Information about the browser type and version
  2. The operating system of the user
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the system of the user accessed our website
  7. Websites that are accessed by the user's system through our website

The data are also stored in the log files of our system. Storage of these data together with other personal data of the user does not occur.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6, Paragraph 1 of the GDPR.

3. Purpose of data processing

It is necessary for the system to temporarily store the user’s IP address to provide the website to the computer of the user. For this purpose, the user's IP address must be kept for the duration of the session.

To ensure the functionality of the website, the data are stored in log files. Additionally, the data serve to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in processing data is in accordance with Article 6, Paragraph 1 of the GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of collecting data to access the website, the data are deleted when the respective session is completed.

If the data are stored in log files, deletion occurs after no more than seven days. Longer storage is possible. In this case, the IP address of the user is deleted or distorted, so that an assignment of the requesting client is no longer possible.

5. Possibility to decline

The collection of data for website access and the storage of data in log files is essential for the operation of the website. There is consequently no possibility to decline on the part of the user.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser and / or the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a character string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser be identified even after changing sites.

The following data are stored and transmitted in cookies:

  1. Language settings
  2. Log-in information

In addition, we use cookies on our website that allow an analysis of user browsing behavior.

In this manner, the following data can be transmitted:

  1. Search terms entered
  2. Frequency of page views
  3. Use of website features

The data of users collected in this way are pseudonymized by technical precautions. Therefore, assigning the data to the requesting user is not possible. The data will not be stored together with other user personal data.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this data protection policy. In this context, there are also instructions on how to prevent saving cookies in the browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent is obtained to process personal data used in this context. There is also a reference to this data protection policy.

b) Legal basis for data processing

The legal basis for processing personal data using technologically necessary cookies is Article 6, Paragraph 1 of the GDPR.

The legal basis for processing personal data using cookies for analysis purposes is the consent of the user in accordance with Article 6, Paragraph 1 of the GDPR.

c) Purpose of data processing

The purpose of using technologically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a site change.

We require cookies for the following applications:

  1. Transfer of language settings
  2. Storage of search terms

The user data collected through technologically necessary cookies will not be used to create user profiles.

The use of the analytical cookies is for the purpose of improving the quality of our website and its content. Through analytical cookies, we learn how the website is used and can thus constantly optimize it.

The following data are recorded:

  1. Origin (country and city)
  2. Language
  3. Operating system
  4. Device (PC, tablet or smartphone)
  5. Browser and all add-ons used
  6. Resolution of the computer
  7. Visitor source (Facebook, search engine or referring website)
  8. Which files have been downloaded?
  9. Which videos have been watched?
  10. Were banner ads clicked?
  11. Where did the visitor go? Did they click on other pages of the portal or did they completely leave?
  12. How long did the visitor stay?

For these purposes, our legitimate interest in processing personal data is in accordance with Article 6, Paragraph 1 of the GDPR.

e) Duration of storage, declining and removal possibilities

Cookies are stored on the computer of the user and are transmitted to us by it. Therefore, users have full control over their use of cookies. By changing the settings in their Internet browser, users can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also occur automatically. If cookies are disabled for our website, it may not be possible to use all website functions.

VI. Contact form and e-mail

1. Description and scope of data processing

A contact form is available on our website that can be used for electronic contact. If a user utilizes this option, the data entered in the input mask will be transmitted to us and saved. These data are:

  • Name
  • Company
  • Street
  • Postal code
  • City
  • E-mail
  • Phone
  • Message

At the time of sending the message, the following data are also stored:

  1. The IP address of the user
  2. Date and time of registration

For processing data in this context, user consent is obtained and users are referred to this data protection policy.

Alternatively, contact using the provided e-mail address is also possible. In this case, the personal data transmitted via e-mail will be stored.

In this context, there is no disclosure of data to third parties. The data are used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing data is user consent in accordance with Article 6, Paragraph 1 of the GDPR.

The legal basis for processing data transmitted during the course of sending an e-mail is Article 6, Paragraph 1 of the GDPR. If the e-mail aims to conclude a contract, then additional legal basis for the processing is Article 6, Paragraph 1 of the GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves only to process the request. In the case of contact via e-mail, this also includes the required legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner.

Additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Declining and removal possibilities

The user has the possibility at any time to revoke their consent for processing personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

Removal and other requests may be addressed in writing to:

ruhlamat GmbH
Sonnenacker 2
99834 Gerstungen OT Marksuhl
Germany
info@ruhlamat.de

All personal data stored during the course of contact will be deleted in this case.

VII. Web analytics by Google Analytics

1. Scope of processing personal data

We use the open-source software tool Google Analytics on our website to analyze the surfing behavior of our users. The software sends a cookie to the user’s computer (for cookies see above). If single pages of our website are loaded, then data are stored as previously described in 5c.

The software runs exclusively on the servers of our website. Storage of the personal data of our users only takes place on our servers. A transfer of the data to third parties does not take place.

The software is set so that IP addresses are not completely saved: The last three digits are deleted. In this way, it is not possible to assign the shortened IP address to the requesting computer.

2. Legal basis for processing personal data

The legal basis for processing user personal data is Article 6, Paragraph 1 of the GDPR.

3. Purpose of the data processing

The processing of user personal data enables us to analyze the surfing behavior of our users. By analyzing this data, we are able to compile information about the use of individual components of our website. This helps us to constantly improve our website as well as its user-friendliness. For these purposes, our legitimate interest lies in processing the data in accordance with Article 6, Paragraph 1 of the GDPR. The anonymization of the IP address sufficiently takes into account the interest of users to protect personal data.

4. Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes, but at the latest after 2 months.

5. Declining and removal possibilities

Cookies are stored on the computer of the user and are transmitted to us by it. Therefore, users have full control over their use of cookies. By changing the settings in their Internet browser, users can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also occur automatically. If cookies are disabled for our website, it may not be possible to use all website functions.

Our users are able to opt out of the analysis process on our website. To do this, the appropriate link must be followed. This will save another cookie on the system, which signals our system not to save user data. If the user at any point deletes the corresponding cookie from their system, the opt-out link must again be followed to not take part in the analysis process.

VIII. Rights of the data subject

The following list includes all rights of people concerned according to the GDPR. Rights that have no relevance for the website do not need to be mentioned. In that regard, the listing may be shortened.

People whose personal data are processed have the following rights according to the GDPR:

1. Right to access personal data

Users may ask the data controller to confirm if personal data concerning them has been processed.

If such data are available, users can request information from the controller about the following:

  1. The purposes for which the personal data are processed.
  2. The categories of personal data that are processed.
  3. The recipients or categories of recipients to whom the personal data relating to the user have been disclosed or are still being disclosed.
  4. The planned duration of storage of personal data or, if specific information is not available, criteria for determining the duration of storage.
  5. The existence of the right to rectification or erasure of personal data, the right to restriction of processing by the controller or the right to object to such processing.
  6. The existence of the right of appeal to a supervisory authority.
  7. All available information on the source of the data if the personal data were not collected from the data subject.
  8. The existence of automated decision-making including profiling under Article 22, Paragraphs 1 and 4 of the GDPR and, at least in these cases, meaningful information about the logic involved, the scope and intended impact of such processing on the data subject.

Users have the right to request information about whether their personal information was shared with a third country or an international organization. In this context, users can request to be informed of the appropriate guarantees in accordance with Article 46 of the GDPR in connection with the transmission.

2. Right to rectification

Users have the right to rectification and / or completion, if the personal data is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing

Users may request restriction of processing personal data under the following conditions:

  1. If the user contests the accuracy of personal information for a period of time that enables the controller to verify the accuracy of the personal information.
  2. The processing is unlawful and the user refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
  3. The controller no longer requires personal data for the processing purposes, but the user needs them to assert, exercise or defend legal claims.
  4. If the user objected to the processing pursuant to Article 21, Paragraph 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the person responsible prevail over the user’s reasons.

If the processing of personal data concerning a user has been restricted, this data may only be used—apart from storage—with the user’s consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

If processing has been restricted due to the aforementioned conditions, the controller will inform the user before the restriction is lifted.

4. Right to erasure

a) Erasure liability

The user may require the controller to delete their personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. The user revokes their consent to the processing according to Article 6, Paragraph 1 of the GDPR and there is no other legal basis for the processing.
  3. In accordance with Article 21, Paragraph 1 of the GDPR, the user objects to the processing and there are no other justifiable reasons for the processing, or the user objects to the processing according to Article 21, Paragraph 2 of the GDPR.
  4. The user’s personal data have been processed unlawfully.
  5. The deletion of personal data concerning the user is required to fulfill a legal obligation under EU law or the law of a member state to which the controller is subject.
  6. The personal data concerning the user were collected in relation to information society services according to Article 8, Paragraph 1 of the GDPR.

b) Information to third parties

If the controller has made the user’s personal data public and is required to erase it in accordance with Article 17, Paragraph 1 of the GDPR, the controller must take appropriate measures—taking into account available technology and implementation costs, including technical means—to inform data controllers, who process the personal data that have been identified as being affected, to erase all links to such personal data or copies or replications of such personal.

c) Exceptions

The right to erasure does not exist if the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation required by the law of the EU or of a member state to which the controller is subject, or to carry out a task of public interest or to exercise official authority delegated to the controller;
  3. for reasons of public interest in regards to public health pursuant to Article 9, Paragraph 2 (h and i) and Paragraph 3 of the GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89, Paragraph 1 of the GDPR, to the extent that the law referred to in Subparagraph (a) is likely to render impossible or seriously affect the objectives of the processing, or
  5. to assert, exercise or defend legal claims.

5. Right to information

If the user has asserted their right of rectification, erasure or restriction of processing to the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed of the correction or erasure of the data or restriction of processing, unless it proves to be impossible or involves a disproportionate effort.

The user has the right to be informed by the controller about these recipients.

6. Right to data transfer

The user has the right to receive personal information they provided to the controller in a structured, common and machine-readable format. In addition, they have the right to transfer this data to a third party without hindrance by the controller who received the personal data, provided that

  1. the processing is based on consent according to Article 6, Paragraph 1 (a) or Article 9 Paragraph 2 (a) of the GDPR or based on a contract pursuant Article 6, Paragraph 1 (b) and
  2. the processing takes place using automated procedures.

In exercising this right, the user can have their personal data transferred directly from the controller to another party, insofar as this is technically feasible. Freedoms and rights of other people must not be affected.

The right to data transfer does not apply to processing personal data necessary for performing a task in the interest of the public or in the exercise of official authority delegated to the controller.

7. Right to object

The user has the right at any time, for reasons that arise from their particular situation, to object to the processing of their personal data in accordance with Article 6, Paragraph 1 (e or f) of the GDPR; this also applies to profiling based on these regulations.

The controller will no longer process the user’s personal data unless the controller can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the user, or the processing is for the purpose of asserting, exercising or defending legal claims.

If the user’s personal data are processed for direct advertising purposes, the user has the right to object at any time to the processing of their personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If the user objects to processing for direct advertising purposes, their personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, the user has the option to object through automated procedures that use technical specifications in the context of the usage of information society services.

8. Right to revoke the data-protection consent

The user has the right to revoke their data-protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until its revocation.

9. Automated decision on individual basis, including profiling

The user has the right to not be subjected to a decision based solely on automated processing—including profiling—that will have legal effect or similarly affect the user in such a manner. This does not apply if the decision:

  1. is required to conclude or fulfill a contract between the user and controller,
  2. is permissible on the basis of EU or member State regulations to which the controller is subject, and that the regulations contain adequate measures to safeguard the rights and freedoms as well as legitimate interests of the user or
  3. is with the expressed consent of the user.

However, these decisions must not be based on special categories of personal data according to Article 9, Paragraph 1 of the GDPR, unless Article 9, Paragraph 2 (a or g) applies and reasonable measures have been taken to protect the rights and freedoms as well as legitimate interests of the user.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the user, to which at least the right to obtain intervention of a person by the controller to express the user’s position and objection to the decision.

10. Right to complain to a supervisory authority

Regardless of any other administrative or judicial remedy, the user has the right to complain to a supervisory authority, in particular in the member state of their residence, place of work or place of alleged infringement, if the user believes that the processing of their personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 of the GDPR.