Privacy Policy

Thank you for visiting our websites www.rud.com and slingandlashing.rud.com. This Data Protection Policy provides users with information about the nature, scope and purposes of the processing of personal data on this website and the websites, mobile applications and external online presences, such as social media profiles, connected to it.

Website data protection policy and also information about the data subjects according to Articles 13 and 14 EU, Data Protection Directive (GDPR)

1 Controller

RUD Ketten Rieger & Dietz GmbH u. Co. KG

Friedensinsel

D-73432 Aalen

Tel.: +49 7361 504-0

E-mail: rudketten@rud.com

You can reach our data protection officer at datenschutz@rud.com.

2 Processing of personal data

2.1 What are personal data?

Personal data comprise any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, Article 4(1), GDPR.

2.2 Legal bases

Personal data on this website are processed in compliance with the relevant data protection regulations (in particular GDPR and BDSG (German Data Protection Act)) and on the basis of legal permission.

Personal data shall only be processed:

  • With the consent of the user in accordance with Article 6(1), Sentence 1, point (a), GDPR,
  • To honour a contract or implement pre-contractual measures in accordance with Article 6(1), Sentence 1, point (b), GDPR,
  • To honour legal obligations in accordance with Article. 6(1), Sentence 1, point (c), GDPR, or
  • To safeguard justified interests of the Controller in accordance with Article 6(1), Sentence 1, point (f), GDPR.

2.3 Forwarding data

If personal data are forwarded to other persons or companies in the course of processing, this is done in compliance with the legal requirements and after entering into corresponding contracts or agreements.

2.4 Data processing in third countries

In the event that the forwarding of personal data to a so-called “third country” (i.e. to a state outside the European Union or the European Economic Area) is absolutely necessary, this will only take place if there is a recognised level of data protection or on the basis of special guarantees, certifications or binding internal data protection requirements within the meaning of Articles 44 – 49, GDPR.

2.5 Storage period

Unless otherwise stated in this Data Protection Policy, personal data shall be erased as soon as the purpose of the processing no longer applies or the consent on which the processing is based has been withdrawn. If legal storage obligations or limitation periods prevent erasure, the personal data concerned may only be processed for commercial or tax law purposes or for the purpose of asserting, exercising or defending legal claims.

2.6 Data subject rights

The user has the right to:

  • Confirmation as to whether their own personal data are being processed and receive information about such data and receive further information and a copy of such data, Article 15, GDPR
  • Completion of own personal data or correction of incorrect own personal data, Article 16, GDPR
  • Erasure of own personal data if there is a reason for erasure mentioned therein, Article 17, GDPR
  • Restriction of the processing of own personal data, if there is a reason mentioned therein, Article 18, GDPR
  • Transfer of own personal data to another controller, Article 20, GDPR
  • Complain to a supervisory authority if he or she believes that the processing of personal data concerning him or her violates applicable laws, Article 77, GDPR

Responsible supervisory authority:

The State Commissioner for Data Protection of the German federal state of Baden-Wuerttemberg

PO Box 10 29 32

D-70025 Stuttgart

Telefon: +49 711/61 55 41–0

Telefax: +49 711/61 55 41–15

poststelle@lfd.bwl.de

https://www.baden-wuerttemberg.datenschutz.de

 

The user has the right to withdraw given consent at any time with effect for the future, Article 7(3), GDPR.

The user has the right to object at any time to the future processing of data relating to him/her in accordance with Article 21, GDPR. You may, in particular, object to processing for direct marketing purposes.

3 Processing personal data on this website

As a rule, users may use the website without providing any personal information. This does not apply to information that is automatically collected each time the website is accessed (so-called server log files). These include:

  • File name of the requested file
  • End device used (mobile device or PC/laptop)
  • Browser type/version
  • JavaScript activation
  • Cookie activation
  • Referring URL
  • IP address
  • Duration of access
  • Number of pages accessed
  • Click path

The legal basis for the processing of personal data in this context is Article 6 (1), Sentence 1, point (f), GDPR, as the possibility of technical administration and ensuring the security of the website is in the controller’s legitimate interest. The purposes of the processing are to facilitate use of the website (connection establishment), system security, technical administration of the network infrastructure and website optimisation. The stored data shall be erased after seven days unless there is a justified suspicion of unlawful use based on specific indications that render further examination necessary. The controller is not able to identify users as data subjects based on the stored information.

In exceptional cases it may be necessary to provide personal information for individual website functionalities. Further information about this can be found under the point Individual Functionalities.

4 Cookies

The website uses Cookies. Cookies are small files that are stored on the user’s terminal (PC, smartphone or the like). 

Session Cookies are deleted when the browser session is closed. Other Cookies (Persistent Cookies) are automatically deleted after a set period of time, which may vary depending on the Cookie.

Users can influence the use of Cookies. Most browsers have an option that restricts or completely prevents the storage of Cookies. In addition, users can delete the Cookies in the security settings of their browser at any time. Further information about this can be found at the German Federal Office for Information Security.

Necessary Cookies

These Cookies are absolutely necessary for websites and their functions to work properly. Without these Cookies, certain functionalities cannot be provided.

The data processed via Necessary Cookies are required for the stated purposes to safeguard the controller’s justified interests in accordance with Article 6 (1), Sentence 1, point (f), GDPR.

Non-essential Cookies

These Cookies facilitate,

  • The improvement of comfort and performance of websites, for example, to save language settings,
  • The collection of information about how users use websites, for example, to identify particularly popular areas of the website,
  • The tracking of users’ visits and activities on websites, for example, to provide targeted advertising and promotions.

The processing of personal data by way of non-essential Cookies for the aforementioned purposes may only occur with the consent of the users in accordance with Article 6(1), Sentence 1, point (a), GDPR.

The controller currently uses the following Cookies for the following purposes:

Necessary

Description of the Cookie

Purpose and function of the Cookie

Expiry date

CookieConsent

Stores the user’s consent status for Cookies on the current domain.

1 year

fe_typo_user

Retains the user’s states for all page requests.

Session

TS#

Used to ensure website security and fraud detection.

Session

wc_cart_hash_#

 

Persistent

wc_fragments_#

 

Session

CONSENT

Used to determine whether the visitor has accepted the marketing category in the Cookie banner. This Cookie is necessary for the website’s compliance with the GDPR.

2 years

addToHomeScreen

Save page to home screen

Session

_ga

Registers a unique ID that is used to generate statistical data about how the visitor uses the website.

399 days

_ga_#

Collects data about how many times a user has visited a website, as well as data for the first and last visit. Used by Google Analytics.

399 days

_gat

Used by Google Analytics to limit the request rate

1 day

_gid

Registers a unique ID that is used to generate statistical data about how the visitor uses the website.

1 day

_pk_id#

Captures statistics about user visits to the website, such as the number of visits, average time spent on the website and which pages were read.

1 year

_pk_ses#

Used by Piwik Analytics Platform to track page views of the visitor during the session.

1 Tag

yt-player-headers-readable

Used to determine optimal video quality based on the visitor’s terminal and network settings.

Persistent

cip

Used to present relevant content and advertising to the visitor - The service is provided by third parties that enable real-time bids for advertisers.

Session

DEVICE_INFO

Used to track user interaction with embedded content.

179 days

VISITOR_INFO1_LIVE

Attempts to estimate user bandwidth on pages with embedded YouTube videos.

179 days

YSC

Registers a unique ID to keep statistics of videos from YouTube that the user has watched.

Session

yt.innertube::nextId

Registers a unique ID to keep statistics of videos from YouTube that the user has watched.

Persistent

yt.innertube::requests

Registers a unique ID to keep statistics of videos from YouTube that the user has watched.

Persistent

ytidb::LAST_RESULT_ENTRY_KEY

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Persistent

yt-remote-cast-available

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Session

yt-remote-cast-installed

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Session

yt-remote-connected-devices

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Persistent

yt-remote-device-id

Stores user preferences when retrieving a YouTube video embedded on other web pages

Persistent

yt-remote-fast-check-period

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Session

yt-remote-session-app

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Session

yt-remote-session-name

Stores user preferences when retrieving a YouTube video embedded on other web pages.

Session

5 Individual functionalities

The functionalities used on the website are operated on the basis of the user’s consent in accordance with Article 6(1), Sentence 1, point (a), GDPR, or based on the controller’s legitimate interest in accordance with Article 6(1), Sentence 1, point (f), GDPR. The controller’s legitimate interest lies in ensuring the purposeful design and continuous optimisation of the website. The purpose of data processing and categories of personal data are described in the context of the respective functionality.

5.1 Google Analytics

The website uses Google Analytics, a reach analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Analytics uses Cookies that enable the responsible party to analyse the users of the website. In this process, personal data (IP address), among other things, is forwarded to Google servers outside the EU and stored there. The website controller has activated the so-called “IP anonymisation” to ensure the protection of users’ personal data. This means that the IP addresses of users within the EU are only processed by Google in shortened form - i.e. anonymised. Only in exceptional cases will the entire IP address be sent to a Google server outside the EU and shortened there. The forwarded IP address will not be merged with other Google data.

Google will use the data collected on behalf of the controller for the purpose of evaluating the activities of website users, compiling reports on website activity and providing other services relating to website activity and internet usage to the controller.

The user can prevent the collection and use of their data by Google by downloading and installing the following browser plugin:  http://tools.google.com/dlpage/gaoptout?hl=de.

Google’s data protection policy is available at https://policies.google.com/privacy.

5.2 Google Tag Manager

The website uses the Google Tag Manager of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Website tags can be managed via an interface by way of the Google Tag Manager. The Google Tag Manager itself is a Cookie-less domain and does not collect any personal data. It triggers other tags, which in turn may collect personal data.

The Google Tag Manager itself does not access such data. If a deactivation is processed on either domain or Cookie level, then this remains valid for all tracking tags that have been implemented with Google Tag Manager.

Google’s data protection policy is available at https://policies.google.com/privacy.

5.3 Google Ads

The website uses Google Ads of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Ads, which also integrates the DoubleClick advertising network, is a Google advertising network for targeted advertising campaigns on the internet. Individualised user profiles (e.g. according to characteristics, habits, interests, topics and keywords) are created for website visitors by way of Cookies. An identification number (ID) is assigned to each user to check the ads that were displayed and the ads that were called up. Very precise predictions can be made about the interests of the users based on the assignment of Cookies and identification number (ID). Therefore, advertisers have the option of placing interest-related advertisements in real time.

The information contained in the Cookies is forwarded to Google servers outside the EU, among others, and stored there.

The user can prevent the collection of the data generated by the Cookies and the forwarding of the data to Google, as well as the processing of this data by Google, by downloading and installing the DoubleClick deactivation extension: https://www.google.com/settings/ads/onweb.

Google’s data protection policy is available at ttps://policies.google.com/privacy.

5.4 Google Maps

The website uses the map service Google Maps of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). This allows interactive maps to be displayed directly on the website and enables the user to use the map function conveniently.

In this context, it is necessary to store the user’s IP address. The information obtained in this way is usually forwarded to a Google server outside the EU and stored there. This takes place regardless of whether the user is logged into his/her Google account or not. Google stores the user data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of the website.

If the user is logged into his/her Google account, the data shall be assigned to the account. An allocation can be prevented by the user logging out of his/her Google account beforehand.

Google’s data protection policy is available at https://policies.google.com/privacy.

5.5 Google Web Fonts (local hosting)

The website uses Google Web Fonts of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”) for the uniform display of fonts. Google Fonts Web are installed locally. In that respect, a connection to Google servers is not established.

Further information on Google Web Fonts is available at ttps://developers.google.com/fonts/faq and at https://policies.google.com/privacy?hl=de.[JTH1] 

5.6 Facebook Fanpage

The controller operates several Facebook fan pages of its own, which can be accessed at:

Facebook is a social media network of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Meta”).

The controller’s own processing of personal data on the Facebook fan page is based on Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to offer customers, interested parties and users up-to-date information and interaction options.

When calling up the Facebook fan page, the general terms and conditions as well as the data policy of Meta apply, over which the controller has no influence. Data may, in particular, also be processed by Meta outside the European Union. Meta’s data policy for Facebook products is available at ttps://de-de.facebook.com/policy.php.

When visiting the Facebook fan page, statistical information about the use of the Facebook fan page is created by way of Cookies. If the user is logged into his or her Facebook account when calling up the Facebook fan page, the statistics are collected across all devices. Further information is available at https://de-de.facebook.com/help/pages/insights. The controller has no influence on the generation and presentation of these so-called “page insights.” The data provided by Meta include: Total number of page views, “Like” votes, page activity, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, origin in terms of country and city, language, calls and clicks in the shop, clicks on route planners and clicks on telephone numbers. Further information is available at ttps://www.facebook.com/legal/terms/page_controller_addendum.

The controller is aware that the data are processed by Meta at least for the purposes of advertising, the creation of user profiles and market research.

If users do not want to receive the data processing described, the connection between the user’s Facebook account and the Facebook fan page can be disconnected via the “I no longer like this page” or “Do not subscribe to this page” options.

Objections (so-called opt-outs) can be set at

https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3D.

Meta’s data protection officer responsible for Facebook products can be reached at ttps://www.facebook.com/help/contact/540977946302970.

5.7 Twitter

The controller operates its own channel on the short messaging service Twitter, which can be accessed at: https://twitter.com/rudketten. D

The site and its technical functionality is provided by Twitter, Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA (here in after referred to as “Twitter”).

The controller’s processing of personal data on Twitter is based on Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to offer customers, interested parties and users up-to-date information and interaction options.

When calling up Twitter, the general terms and conditions as well as the data protection guideline of Twitter apply, over which the controller has no influence. Twitter’s data protection guideline is available at https://twitter.com/de/privacy.

The controller points out to users that they use the short message service offered and its functions at their own responsibility. This applies, in particular, to use of the interactive functions (e.g. sharing, rating).

The data collected when using the service are processed by Twitter and may be forwarded to countries outside the European Union. This includes the IP address, the application used, details of the end device used (including device ID and application ID), information on websites called up, location and mobile phone provider. Such data are assigned to the data of the Twitter account or the user’s Twitter profile. The controller has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of such data to third parties. Information about what data are processed by Twitter and for what purposes can be found at ttps://help.twitter.com/de/managing-your-account/accessing-your-twitter-data.

The controller does not collect or process any data from the use of the short message service.

Users have options to restrict the processing of data in the general settings of their Twitter account and under the “Data protection and security” item. Furthermore, users of mobile devices (smartphones, tablet computers) can restrict Twitter’s access to contact and calendar data, photos and location data etc. in the settings options there. However, this depends on the operating system used. Further information about this can be found at: https://support.twitter.com/articles/105576.

5.8 LinkedIn

The controller operates its own page on LinkedIn, which can be accessed at: https://www.linkedin.com/company/rud-ketten-rieger-&-dietz-gmbh-u-co-kg. The page and its technical functionality is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

The personal data on the LinkedIn page are processed on the basis of the controller’s legitimate interests in accordance with Article 6(1), point (f), GDPR, to provide information about the services offered by the controller and contact customers, interested parties and users who are active there.

When calling up the LinkedIn page, the terms and conditions and data processing guidelines of LinkedIn apply, over which the controller has no influence. In that respect, data may also be processed outside the European Union. LinkedIn’s data protection policy is available at ttps://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

When visiting the LinkedIn site, LinkedIn collects personal data of the users (e.g. by way of the use of Cookies). This also applies if you do not have a LinkedIn account or are not logged in to LinkedIn. Information about data collection and further processing by LinkedIn is available at ttps://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

If the user is logged in to his/her LinkedIn account when calling up the LinkedIn page of the responsible party, LinkedIn is able to track whether and how users use this website. Based on this data, LinkedIn can assign the user’s behaviour to a specific LinkedIn account. Only the public profile of the user on LinkedIn is visible to the controller. The information that can be viewed depends on the selected profile settings.

If users do not wish to have the data processing described, they should log out of LinkedIn or deactivate the “stay logged in” function, delete the Cookies on their device and close and restart their browser.

5.9 XING

The controller operates its own page on Xing, which can be accessed at: https://www.xing.com/pages/rudkettenrieger-dietzgmbhu-co-kg.

The page and its technical functionality is provided by XING SE, Dammtorstraße 30, D-20354 Hamburg, Germany (hereinafter referred to as “Xing”).

Xing’s own processing of personal data on the Xing page is based on the legitimate interests of the controller in accordance with Article 6(1), point (f), GDPR, to provide information there about the offer and to contact the customers, interested parties and users active there.

When calling up the Xing page, the terms and conditions and data processing guidelines of Xing apply, over which the controller has no influence. In that respect, data may also be processed outside the European Union. Xing’s data protection policy can be found at https://privacy.xing.com/de/datenschutzerklaerung.

When visiting the Xing site of the controller, Xing collects personal data of the users (e.g. by way of use of Cookies). This also applies if the user does not have a Xing account or is not logged in to Xing. Information about data collection and further processing by Xing can be found at ttps://privacy.xing.com/de/datenschutzerklaerung.

If the user is logged into his or her Xing account when calling up the Xing page, Xing is able to track whether and how users use this website. Based on this data, Xing can assign the user’s behaviour to a specific Xing account. Only the public profile of the user on Xing is visible to the controller. The information that can be viewed depends on the selected profile settings.

If users do not wish to have the data processing described, you should log out of Xing or deactivate the “stay logged in” function, delete the Cookies on your device and close and restart their browser.

5.10 YouTube

The website uses YouTube, an internet video portal of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

The controller operates the following channels on YouTube:

YouTube enables video publishers to post video clips for free and other users to view, rate and comment on those video clips for free. Further information about YouTube is available at www.youtube.com/yt/about/de. Each time a website is accessed on which a YouTube video has been integrated, the user’s browser is automatically prompted to download a representation of the corresponding YouTube video from YouTube. As part of this technical procedure, Google receives information about which specific website is visited by the user.

Insofar as the user is logged into YouTube at the same time, Google recognises which specific website the user is visiting when a website containing a YouTube video is called up. This occurs regardless of whether the user clicks on a YouTube video or not. This information is collected by Google and assigned to the user’s YouTube account. If the user does not want such information to be forwarded to Google, the forwarding can be prevented by logging out of YouTube before accessing the website.

Google’s data protection policy is available https://policies.google.com/privacy.

5.11 Telephone conferences, online meetings, video conferences and/or webinars

For conference calls, online meetings, video conferences and/or webinars, the controller uses “Microsoft Teams,” a service provided by Microsoft Ireland, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (hereinafter referred to as “Microsoft”).

Personal data are processed on the basis of the controller’s legitimate interest in accordance with Article 6(1), point (f), GDPR, in the effective conduct of telephone conferences, online meetings, video conferences and/or webinars. Insofar as personal data of the controller’s employees are processed, Art. 6 Abs. 1 lit. b, f DSGVO , German Data Protection Act, forms the legal basis for the data processing.

Telephone conferences, online meetings, video conferences and/or webinars can be participated in via the respective app as well as the respective browser-based version. We would like to point out that use of the browser-based versions is generally more data protection-friendly than use of the app-based versions. The scope of the personal data processed depends on the information you provide before or when participating in a telephone conference, online meeting, video conference and/or webinars.

The following personal data may be processed:

  • User details: display name, email address (optional), profile picture (optional), preferred language
  • Meeting metadata: Title, date, time, location, meeting details if applicable, meeting ID and device/hardware information
  • Text, audio and video data: Users may have the option to use the chat function during conference calls, online meetings, video conferences and/or webinars. Insofar, the text entries made by the user are processed to display and, if necessary, record them. To enable the display of video and the playback of audio, the data from the microphone of the terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. Users can turn off or mute the camera or microphone themselves at any time.

Microsoft Teams is part of Microsoft Office 365. If users have a Microsoft Office 365 account and are logged into it, personal data may be stored at Microsoft in the context of telephone conferences, online meetings, video conferences and/or webinars. The scope and duration of the storage depends on the respective settings in the user account, over which the controller has no influence.

Telephone conferences, online meetings, video conferences and/or webinars are not recorded. Chat contents are not logged.

An appropriate level of data protection is guaranteed on the one hand by entering into the so-called EU standard contractual clauses. As supplementary protective measures, we have configured the respective applications as strictly as possible from a data protection point of view.

Further-reaching information about data protection and data security can be found at:

https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

5.12 EasyLife 365

To implement internal compliance guidelines for the collaboration software “EasyLife 365”, the controller uses a governance tool provided by EasyLife 365 AG, Schochenmühlestrasse 6, 6340 Baar, Switzerland (hereinafter referred to as “EasyLife”).

The personal data are processed on the basis of the controller’s legitimate interest in accordance with Article 6 (1), point (f), GDPR, in a secure and location-independent collaboration with business partners or customers. 

External users receive an invitation by email to the controller’s required internal collaboration opportunities. This contains a link that can be used to confirm the invitation. After confirming the invitation, external users are requested to give their consent to the processing of their profile data (e.g. company, name, business address, telephone number, email address and photo) and their activity data (e.g. data about their access, usage and contents). These data are processed within the framework of the required collaboration opportunities and deleted as soon as the external user’s access is deleted.

Further information on data protection at EasyLife is available at https://www.easylife365.cloud/web/privacy/

5.13 TeamViewer

For support and remote maintenance purposes, the controller uses “TeamViewer,” a service of TeamViewer Germany GmbH (hereinafter referred to as “TeamViewer”).

The personal data are processed on the basis of the controller’s legitimate interest in accordance with Article 6(1), point (f), GDPR, in the effective performance of IT support and remote maintenance work. Insofar as personal data of the controller’s employees are processed, Art. 6 paragraph 1 lit. b, f DSGVO, German Data Protection Act, forms the legal basis for the data processing.

When using TeamViewer, a connection to the TeamViewer servers is established. In addition to the IP address, the location and the MAC address of the user as well as the beginning and end of the TeamViewer session are forwarded to TeamViewer. In the course of IT support and remote maintenance work, it is generally possible for the person responsible to take note of the content accessed by the user on his or her computer. We therefore recommend that you close all programs and windows that are not required for IT support or remote maintenance before using TeamViewer.

Further information about data protection with TeamViewer can be found at: https://www.teamviewer.com/de/privacy-policy

5.14 Establishing contact

When contacting the controller (for example, by e-mail or contact form), the information provided by the requesting user is processed to the extent necessary to respond to the contact request and any measures requested.

The legal basis for the processing of personal data in this context is Article 6(1), point (f), GDPR, because it is in the controller’s legitimate interest to answer enquiries.

The data provided by the enquiring user in the course of contacting us shall only be forwarded with the user’s consent within the meaning of Article 6(1), point f, GDPR.

5.15 Snow chain advisor and webshop

The website offers users the opportunity to configure and order snow chains for a specific vehicle via the snow chain advisor (schneekettenberater.rud.com).

In the process, personal data related to the order are processed, e.g. company/first name, surname, street, house number, postcode, town, country, e-mail address, different shipping address if applicable and payment data. For payment by credit card, entry of the complete credit card data are required, i.e. name of the cardholder, credit card number, validity and CVC code. For payment by direct debit, the account holder, the account number, the bank code and the bank name are required.

The controller processes personal data for the purpose of processing the order in the webshop on the basis of Article 6(1), Sentence 1, point (b), GDPR. Furthermore, the controller processes personal data for the assessment of creditworthiness as well as notification of indications for determining the creditworthiness of customers by informa HIS GmbH, Kreuzberger Ring 68, D-65205 Wiesbaden (hereinafter “informa”) on the basis of Article 6(1), points (b) and (f), GDPR.

  • In this context, personal data collected by informa in respect of the application, implementation and termination of the contractual relationship as well as data about non-contractual or fraudulent behaviour shall be forwarded.
  • The exchange of data with informa is also aimed at honouring legal obligations to conduct creditworthiness checks (Sections 505a, 506 BGB (German Civil Code)).
  • informa processes the data received and also uses such data for profiling purposes (scoring) to provide third parties with information to assess your creditworthiness.
  • Further information about informa’s activities can be found at ttps://www.informa-his.de/haeufige-fragen.

5.16 Scrolling catalogue

For the interactive presentation of extensive product catalogues, the controller uses the “flip catalogue,” a service of COMINTO GmbH, Klosterstraße 49, D-40211 Düsseldorf, Germany. The flip page catalogues are hosted and managed directly by the person responsible. Within certain flip catalogues, the controller uses Google Analytics, a reach analysis service provided by Google Ireland Limited. Further information about the data processing with Google Analytics can be found in section 5.1 of this Data Protection Policy. Users have the option of making individual settings and create bookmarks within the flip page catalogues. Both individual settings and bookmarks are stored in the local storage of the terminal used by the user.

6 Further data processing

6.1 Contractual relationships

The processing of personal master data, contract data and payment data is required to establish and/or implement contractual relationships with customers. The legal basis for the processing is Article 6(1), Sentence 1, point (b), GDPR.

The controller processes customer and prospect data for evaluation and marketing purposes. The legal basis for the processing is Article 6(1), Sentence 1, point (f), GDPR. The processing is geared towards the controller’s legitimate interest to further develop the range of services and provide targeted information about this.

Personal data are only further processed on the basis of consent within the meaning of Article 6(1), Sentence 1, point (a), GDPR or as part of honouring legal obligations within the meaning of Article 6(1), Sentence 1, point (c), GDPR.

6.2 Employment relationships

The website offers applicants the opportunity to apply to the controller by e-mail or by post. In doing so, personal data related to the specific application are processed, e.g. general personal data, information about school, professional and further education as well as other information submitted by applicants.

The controller processes personal data for the purpose of performing the application procedure as well as the processing of the employment relationship, if such a relationship is established, on the basis of Article 88, GDPR, in conjunction with Article 6 parapraph. 1 lit. b, f GDPR. Furthermore, personal data may be processed if this is necessary to honour legal obligations (Article 6(1), point (c), GDPR) or for the defence of asserted legal claims against the controller (Article 6(1), point (f), GDPR). The legitimate interest is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

Personal data are stored for the aforementioned purposes for as long as is necessary to honour these purposes. For the purpose of defending asserted legal claims from the application procedure against the controller, personal data shall be stored for a maximum of 6 months and then erased.

The application may be included in an applicant pool if no employment relationship is currently under review. In the event of inclusion, all documents and details from the application shall be transferred to the applicant pool to contact applicants in the event of suitable vacancies. Inclusion in the applicant pool only takes place on the basis of consent within the meaning of Article 6(1), Sentence 1, point (a), GDPR. Granting consent is voluntary and is not related to the current application process. The data subject may withdraw his/her consent at any time. In this case, the data shall be erased from the applicant pool provided there are no legal reasons for storage. The data from the applicant pool shall be stored for a maximum of 2 years and then erased.

The provision of personal data in the context of application procedures is neither required in a legal nor contractual sense. Therefore, applicants do not undertake to furnish any information. However, provision of personal data is required for the decision on an application or entering into a contract in relation to an employment relationship. If applicants do not provide personal data, the controller cannot make a decision on the establishment of an employment relationship. You are recommended to provide personal data only that are necessary in this context as part of the application.

6.3 Extranet

The extranet is used for the exchange of information between the controller and its customers. The information exchanged is usually technical and not personal data. The legal basis for the processing is Article 6(1), Sentence 1, point (b), GDPR.

A user account is created for each user of the extranet. Users can log into the extranet after entering their username and password and gain access to applications relevant to them. If a user has forgotten his or her password, he or she can renew it using a corresponding function. The following personal data are processed in conjunction with a user account for the extranet: Username, password, e-mail address, customer number and department/cost unit. For the purpose of the technical support of the extranet, the controller forwards data to supporting service providers, if necessary, which he/she has selected carefully. Guarantees are in place such that all service providers comply with the data protection and data security requirements. If a user account is terminated, the data it contains shall be erased, subject to any statutory storage obligations.

The controller currently uses the following Cookies on the extranet for the following purposes:

Necessary

Description of the Cookie   

Purpose and function of the Cookie

Expiry date

ASPSESSIONIDSCWSACBA

Authentication of the user

Session

HASH_ASPSESSIONIDSCWSACBA

Authentication of the user

Session

HASH_co_Sid

Authentication of the user

Session

co_Lang

The language set by the user is stored in the language Cookie. The ISO key of the selected language is stored as the value (de, en, fr ...). The “first party” type Cookie does not contain any user-related information.

Session

co_Layout

The layout Cookie saves the layout set by the user for the respective portal and is of the “first party” type. The value of the Cookie contains the responsible party but no personal data of the user. The GUID appended to the Cookie name is used to identify the layout (each layout in the extranet has a unique identifier in the form of a GUID).

1 Jahr

co_Sid

A session ID is assigned to uniquely identify the session of a user (guest or authenticated). This is randomly generated on the server side and kept there for the duration of the session. The session ID is stored in a Cookie so that this session can also be assigned to the client (browser). The Cookie only contains the session ID and no other personal information. The validity of the Cookie is limited to the duration of the session, i.e. it is not stored persistently. The Cookie is also only sent back to the extranet page visited.

Session

 

6.4 Whistleblowing system

For confidential communication with whistleblowers within the meaning of the German Whistleblower Protection Act (HinSchG), the controller uses “preeco | hinweisgeber,” a digital whistleblower system of preeco GmbH, Magirus-Deutz-Straße 14, D-89077 Ulm, Germany (hereinafter referred to as “preeco”).

To maintain confidentiality within the meaning of Section 8, German Whistleblower Protection Act (HinSchG), whistleblowers may generally use the whistleblower system without providing personal information. This does not apply to information as defined in Section 3 of this Data Protection Policy. Information provided via the whistleblower system is exchanged in encrypted form. It is, therefore, impossible for unauthorised persons to view the content.

If whistleblowers wish to receive a personal reply, they must state their name. Such data are then available to the department responsible for processing the report.

If whistleblowers wish to reply without disclosing their identity, they must not enter a name and must also not activate the “No access requested” checkbox. The system assigns a process-related “token” to the respective tip. Communication now takes place via a “digital mailbox” to which whistleblowers have access with their password and the “transaction token.” If whistleblowers lose their access data, access to the mailbox is no longer possible.

If whistleblowers do not wish to receive a reply, they must activate the checkbox “No access requested.” In this case, there is no possibility to contact the whistleblower, confirm receipt of the report or provide information on the progress or completion of the report.

Depending on the content of the submitted report and any accompanying documents, it cannot be ruled out that personal data of the whistleblower or of other persons named in the report shall be processed. Article 6(1), Sentence 1, point (c), GDPR, forms the legal basis for the processing in conjunction with Section 10, HinSchG (German Whistleblower Protection Act). Further information on data protection at preeco is available at  https://www.preeco.de/datenschutzhinweise.

7 Processing security

The Website uses the TLS (Transport Layer Security) procedure in conjunction with the highest encryption level supported by the browser used. Whether an individual web page of the website is transmitted in encrypted form can be recognised in the address bar of the browser by the prefix and/or the closed padlock symbol.

The controller uses technical and organisational security measures to protect the personal data it manages against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures are continually improved in line with technological developments.

8 Validity and up to date nature of the Data Protection Policy

The Data Protection Policy is currently valid and dated 20.01.2023.

Due to ongoing legal and technical developments, the controller reserves the right to update this Data Protection Policy at any time.