1.1 This Privacy Statement and general data privacy information applies to the processing of data RIWOspine GmbH, Pforzheimer Straße 32, 75438 Knittlingen, E-Mail: firstname.lastname@example.org as the controller as defined in Article 4 of the EU General Data Protection Regulation (hereinafter, the “GDPR”). You can contact our data protection officer via e-mail at email@example.com or at our postal address marked Attention: Data Protection Officer.
1.2 Protecting your personal data is important to us, in particular, protecting your personal rights when we process and use your personal data. Below, we inform you about the collection of personal data when you use the Web Portal. The term personal data includes all data relating to you personally, for example, your name, postal address, e-mail address, and user behavior.
2. Automated Data Collection and Processing
2.1 As with every other web service, our server collects information automatically and stores it temporarily in server log files unless you deactivate such collection. If you view content in our Web Portal, we collect the following data which for technical reasons we need if we are to display the contents of the Web Portal to you and to ensure the stability and security thereof (legal basis: Article 6 (1) f) of the GDPR):
- the IP address of the computer from which the inquiry is sent;
- the file inquired about by the client;
- the http response code;
- the Internet page from which you are visiting (referrer URL);
- the date and time the server inquiry is sent;
- the type and version of the browser used; and
- the operating system on the computer sending the inquiry.
No server log files are evaluated in association with an individual person. The provider is not able to allocate the data to any specific person or persons at any time. The data is not merged with data from any other sources.
This website uses technology provided by etracker GmbH (http://www.etracker.com) to collect and store data for marketing and optimisation purposes. These data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. The cookies enable the recognition of the Internet browser. The data collected using eTracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The collection and storage of data can be revoked at any time with effect for the future.
We use eTracker to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. The collected data is stored permanently and analyzed pseudonymously. The legal basis for the use of eTracker is Art. 6 para. 1 sentence 1 lit. f GDPR.
Information of the third-party provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; www.etracker.com/de/datenschutz.html. The legal basis for the use of eTracker is Art. 6 para. 1 sentence 1 lit. f GDPR.
2.3 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter, “Google”). Google Analytics uses small text files, referred to as cookies, which are saved on your computer to facilitate analysis of your website use. The information generated by cookies regarding your use of this website typically is transmitted to and saved on a Google server located in the United States. If and when IP anonymization is activated on this website, Google will truncate your IP address for transmission among member states of the European Union or to other member states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and then truncated. At the request of the operator of this website, Google will use the information to evaluate your use of this website, to compile reports on website activity, and to provide the operator of this website with other services relating to website activity and Internet use.
According to Google, the IP address transmitted from your browser as part of Google Analytics will not be merged with any other data held by Google.
You may refuse the saving of cookies by selecting the appropriate settings in your browser software; however, please note that if you do so you may not be able to use the full functionality of this website. In addition, you can object to Google’s collection of data generated by cookies which data relates to your use of this website (including your IP address) as well as to Google’s processing of the data. To do so, download and install the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the addendum _anonymizeIp(). This means that IP addresses are truncated before being processed and cannot be associated with individual persons. In the event a personal association to you of any data collected in connection with you is possible, such association is excluded without delay and the personal data is erased immediately.
We use Google Analytics regularly to analyze and enhance the use of our website. The resulting statistics allow us to improve our offerings and make them more interesting for you, the user. In exceptional cases in which personal data is transmitted to the United States, Google is bound by the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. The legal basis of our use of Google Analytics is Article 6 (1) p. 1 f) of the GDPR.
3. Collection and Processing of Data Provided on a Voluntary Basis
3.1 General contact
Generally, your provision of your personal data to us through our Web Portal (your last name, first name, e-mail address and/or postal address) is voluntary. This data is used to manage your contract, process your inquiries and/or your orders, perform our own market research or opinion polls, and make decisions regarding the advertising materials we send out by mail and/or e-mail. The personal data you provide will not be used in any other way; in particular, it will not be transmitted to third parties for advertising purposes, market research or opinion polls. We will erase the data collected from you when saving such data no longer is required or, depending on statutory retention obligations, we will restrict the processing of such data. The legal basis for this is Article 6 (1) b) of the GDPR or Article 6 (1) f) of the GDPR.
With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your used IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your data for the purpose of sending you the newsletter (legal basis is Art. 6 Par. 1 S. 1 lit. a DSGVO).
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can cancel your subscription by clicking on the link provided in every newsletter e-mail or by sending an e-mail to firstname.lastname@example.org.
3.3 Data processing within the scope of contractual performance
Personal data of our customers, clients, interested parties and other contractual partners (uniformly referred to as "contractual partners") are processed in accordance with Art. 6 para. 1 lit. b. GDPR. This takes place within the framework of our contractual or precontractual services towards our contractual partners. The data processed here, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history). We only process special categories of personal data if these are components of commissioned or contractual processing. As a matter of principle, these data are not passed on to third parties, unless they are required for the prosecution of our claims pursuant to Art. 6 para. 1 lit. f. GDPR is required or there is a legal obligation in accordance with Art. 6 para. 1 lit. c. GDPR.
The data will be deleted if the data is no longer required for the fulfilment of contractual or statutory duties of care or for the handling of any warranty and comparable obligations, whereby the requirement to store the data is checked every three years; in all other respects, the statutory storage obligations apply.
3.4 Electronic job application
Within the scope of our career page you can apply for speculative or specific job offers by e-mail. Your data (name, e-mail address, contact details, application documents) will only be processed within the scope of the respective job advertisement (Art. 6 para. 1 lit. b) DSGVO, § 26 BDSG) or within the scope of your consent for use for further job offers (Art. 6 para. 1 lit. a) DSGVO). If you have given us your consent to process your application data, you can do so at any time.
Note on sensitive data: We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data submitted by you to us, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, memberships in a trade union or political party or about sex life.
The data transmitted will be deleted in the event of rejection or negative notification of your application no earlier than 3 months after the end of the application procedure. This does not apply if legal provisions oppose the deletion or if further storage is necessary for the purpose of providing evidence or if you have agreed to longer storage
4. Transmission to Third Parties
4.1 To the extent you provide us with personal data, we will not transmit any such personal data to any third party, except
- to the extent you consented to such transmission (see 3.2 above): When data is collected you will be informed of the recipient or categories of recipients;
- as part of the processing of your inquiries and/or your orders and your use of our services: to subcontractors commissioned by us to whom we transmit only such data as is required to fulfill the respective assignment and such contractors shall use such data for specific purposes only;
- as part of processing activities pursuant to Article 28 of the GDPR: to external service providers whom we have selected diligently and have commissioned and who are bound by our instructions and by the provisions of the GDPR and are controlled on a regular basis; and
- in compliance with legal obligations: to parties authorized to obtain such personal data.
4.2 This website uses social plugins. Social plugins are web applications that connect this website to selected social networks. However, the social plugins are not directly integrated, but must first be activated by a separate click. Only with this activation a connection to the social network is established, regardless of whether you actually click on the social plugins. Through this connection your IP address and user data of the respective social network can be transmitted to it. For details on the social plug-ins used, please refer to section 6.
- transient cookies (see 6.2 below) and
- persistent cookies (see 6.3 below).
5.2 Transient cookies are erased automatically when you close your browser. Transient cookies include, but are not limited to, session cookies which save session IDs that can be used to associate diverse requests from your browser with one joint session. In this way, your computer is recognized when you return to the Web Portal. Session cookies are deleted when you log out or close your browser.
5.3 Persistent cookies are erased automatically after a predefined period of time, which period of time may vary depending on the cookie. You can delete persistent cookies in the security settings of your browser at any time.
5.4 You can configure your browser settings to meet your needs such that, for example, acceptance of third-party cookies or of all cookies is refused. Please note that in this case you may not be able to use all the functions of the Web Portal.
6. Social Media
On our website you will find links to the social network YouTube. The following data protection information applies to this:
We use the video service of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube") to display our videos. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
If YouTube videos are embedded directly on our website, the content of the embedded video is transmitted directly from YouTube to your browser. At the same time, certain data is transmitted from your browser to YouTube. This happens regardless of whether you click on the video or not. We have no influence on the amount of data YouTube collects in this way. According to our current state of knowledge, this is the following data, especially for the presentation of the embedded YouTube videos:
- visited page on our website containing the video,
- the data generally transmitted by your browser (IP address, browser type and version, operating system, time),
- for registered and logged in Youtube and Google users, their Google user ID.
Embedded YouTube videos can also be hidden by browser add-ons, so that no data collection by YouTube takes place. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (even for not logged in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
For further information on the purpose and scope of data collection and its processing by YouTube, please refer to the data protection declaration. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7. Duration of storage
Your data will only be used as long as it is necessary for the existing customer relationship, unless you have given us your consent or we have a legitimate interest in further processing. In this case we process your data until you revoke your consent or until you object to our legitimate interests. Irrespective of this, we are obliged to store your address, payment and order data for a period of ten years on the basis of commercial and tax regulations.
8. Your Rights
8.1 You have the following rights vis-à-vis us regarding your personal data. You have the right to
- rectify or erase,
- restrict processing,
- object to processing, and
Please forward all inquiries in writing to RIWOspine GmbH, Pforzheimer Straße 32, 75438 Knittlingen, E-Mail: email@example.com. Alternatively, you can use the contact form.
8.2 In addition, you have the right to lodge a complaint with a data protection supervisory authority if you are not satisfied with our processing of your personal data.