Privacy policy & Disclaimer

In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European Data Protection Basic Regulation ‘GDPR’). This data protection declaration also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “processing” we refer to Art. 4 GDPR.

Name and contact details of the responsible person

Our responsible person(s) (hereinafter “responsible person”) within the meaning of Art. 4 fig. 7 GDPR is:
Eugen Riexinger GmbH & Co. KG
Egartenring 2
Bad Liebenzell
Managing Director: Markus Theobald

Commercial Register/No.: HRA 730837
Register court: Amtsgericht Stuttgart
Fax: +49 (0) 7052 930-33
E-mail address: info@riex.de

Data protection officer

Jens Schrodt
Max-Planck-Weg 3
71735 Eberdingen
Deutschland

datenschutz@riex.de
Fax: +49 (0) 7042 2881-75

Types of data, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. The types of data we process

Usage data (access times, websites visited etc.), inventory data (name, address etc.), contact data (telephone number, e-mail, fax etc.), payment data (bank data, account data, payment history etc.), communication data (IP address etc.).

2. Purposes of processing pursuant to Art. 13 para. 1 c) GDPR

Processing of contracts, technical and economic optimisation of the website, easy access to the website, fulfilment of contractual obligations, making contact in the event of legal complaints by third parties, optimisation and statistical evaluation of our services, support commercial use of the website, improve user experience, user-friendly design of the website, economic operation of the advertising and website, marketing / sales / advertising, compilation of statistics, prevention of SPAM and misuse, handling of an application process, customer service and customer care, handling contact requests, providing websites with functions and content, uninterrupted, secure operation of our website.

3. Categories of data subjects pursuant to Art. 13 para. 1 e) GDPR

Visitors/users of the website, customers, suppliers, interested parties, applicants, employees, employees of customers or suppliers.

The data subjects are collectively referred to as “users”.

Legal basis for the processing of personal data

In the following we inform you about the legal basis of the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 Para. 1 S. 1 lit. a) GDPR is the legal basis.
  2. If the processing is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, which take place at your request, Art. 6 Para. 1 S. 1 lit. b) GDPR is the legal basis.
  3. If the processing is necessary to fulfil a legal obligation to which we are subject (e.g. legal storage obligations), Art. 6 Para. 1 S. 1 lit. c) GDPR is the legal basis.
  4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) GDPR is the legal basis.
  5. If the processing is necessary to protect our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.

Disclosure of personal data to third parties and contract processors

Without your consent we do not pass on any data to third parties. Should this nevertheless be the case, then the passing on takes place on the basis of the aforementioned legal bases, e.g. with the passing on of data to on-line payment offerers for the fulfilment of contract or due to judicial arrangement or due to a legal obligation to the publication of the data for the purpose of the criminal prosecution, to the danger defence or to the penetration of the rights at the mental property.
We also use contract processors (external service providers, e.g. for the web hosting of our websites and databases) to process your data. If data is passed on to contract processors within the framework of an agreement on order processing, this is always done in accordance with Art. 28 GDPR. We select our contract processors carefully, check them regularly and have been granted the right to issue instructions with regard to the data. In addition, the contract processors must have taken appropriate technical and organisational measures and comply with the data protection regulations in accordance with BDSG n.F. and GDPR.

Transfer of data to third countries

The adoption of the European Data Protection Basic Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which the GDPR applies. Should processing by third parties take place outside the European Union or the European Economic Area, they must comply with the special requirements of Art. 44 et seq. of the Data Protection Act. GDPR. This means that the processing takes place on the basis of special guarantees, such as the official recognition by the EU Commission of a data protection level corresponding to the EU or the observance of officially recognised special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, fulfils these requirements

Deletion of data and storage duration

Unless otherwise expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies, unless its further storage is necessary for the purposes of proof or statutory storage obligations stand in the way of this. This includes, for example, obligations under commercial law to retain business letters in accordance with § 257 (1) HGB (6 years) as well as obligations under tax law to retain documents in accordance with § 147 (1) AO (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for the conclusion of a contract or for the fulfilment of the contract.

Existence of an automated decision making process

We do not use automatic decision making or profiling.

Provision of our website and creation of logfiles

  1. If you only use our website for information purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:

    • IP address;
    • Internet service provider of the user;
    • Date and time of the retrieval;
    • Browser type;
    • Language and browser version;
    • Content of the retrieval;
    • Timezone;
    • Access status/HTTP status code;
    • Amount of data;
    • Websites from which the request comes;
    • Operating system.

    These data will not be stored together with other personal data of yours.

  2. These data serve the purpose of the user-friendly, functional and safe delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
  3. The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 Para. 1 S.1 lit. f) GDPR, which also lies in the above purposes.
  4. For security reasons, we store this data in server log files for a storage period of 0 days. After this period has expired, the data will be deleted automatically, unless we need to keep it for evidence purposes in case of attacks on the server infrastructure or other legal violations.

Cookies

  1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser stores on your computer. When you call up our website again, these cookies provide information to automatically recognise you. The information obtained in this way serves the purpose of technically and economically optimising our web offers and enabling you to access our website more easily and securely. When you access our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage (“opt-out”) by means of a reference to our data protection declaration. Our website uses session cookies, persistent cookies and third-party cookies:
    • Session-Cookies: We use so-called cookies to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you call up our site again, these cookies provide information to automatically recognise you. The information obtained in this way is used to optimise our offers and make it easier for you to access our site. When you close your browser or log out, the session cookies are deleted.
    • Persistente Cookies: These are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
    • Cookies von Drittanbietern (Third-Party-Cookies): Depending on your preferences, you can configure your browser settings and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out at this point that you may not be able to use all the functions of this website. You can read more about these cookies in the respective privacy statements of the third party providers.
  2. The legal basis for this processing is Art. 6 Para. 1 S. lit. b) GDPR, if the cookies are set to initiate the contract, e.g. for orders, and otherwise we have a legitimate interest in the effective functionality of the website, so that in this case Art. 6 Para. 1 S. 1 lit. f) GDPR is the legal basis.
  3. Contradiction and opt-out:
    You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional limitation of our offers. You can object to the use of third-party cookies for advertising purposes by opting out of this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Processing of contracts

  1. We process inventory data (e.g. company, title/academic degree, names and addresses as well as contact data of users, e-mail), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who is the contractual partner; justification, content design and processing of the contract; checking the plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 Para. 1 S. 1 lit b) GDPR. The inputs marked as obligatory in online forms are necessary for the conclusion of the contract.
  2. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims (e.g. handing over to lawyer for collection) or for the fulfilment of the contract (e.g. handing over of the data to payment provider) or there is a legal obligation according to Art. 6 Para. 1 S. 1 lit. c) GDPR.
  3. We may also process the information you provide in order to inform you about other interesting products in our portfolio or to send you e-mails with technical information.
  4. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for inventory and contract data when the data is no longer required for the performance of the contract and no further claims can be asserted under the contract because they are time-barred (warranty: two years / standard limitation period: three years). We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, when the contract is terminated after three years, we restrict processing, i.e. your data will only be used to comply with legal obligations. Information in the user account remains in place until it is deleted.

Contact via contact form / e-mail / fax / mail

  1. When contacting us via contact form, fax, post or e-mail, your details will be processed for the purpose of processing the contact request.
  2. Legal basis for the processing of the data is in the presence of a consent of you Art. 6 Abs. 1 S. 1 lit. a) GDPR. Legal basis for the processing of the data, which are transmitted in the course of a contact inquiry or E-Mail, a letter or fax, is art. 6 exp. 1 S. 1 lit. f) GDPR. The responsible person has a justified interest in the processing and storage of the data, in order to be able to answer inquiries of the users, for the preservation of evidence for liability reasons and in order to be able to comply with if necessary with his legal storage duties with business letters. If the contact aims at the conclusion of a contract, so is additional legal basis for the processing Art. 6 Abs. 1 S. 1 lit. b) GDPR.
  3. We may store your details and contact request in our Customer Relationship Management System (“CRM System”) or a similar system.
  4. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when the circumstances indicate that the matter in question has been conclusively clarified. We store requests from users who have an account or contract with us for a period of two years after termination of the contract. In the case of legal archiving obligations, the deletion takes place after their expiration: end of commercial (6 years) and tax (10 years) retention obligation.
  5. You have at any time the possibility to revoke the consent according to Art. 6 Para. 1 S. 1 lit. a) GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of your personal data at any time.

Contact by telephone

  1. When contacting us by telephone, your telephone number will be processed to process the contact request and its processing and temporarily stored or displayed in the RAM / cache of the telephone device / display. The storage takes place for liability and safety reasons, in order to be able to lead the proof of the call as well as for economic reasons, in order to make a recall possible. In case of unauthorized advertising calls, we block the phone numbers.
  2. Legal basis for the processing of the telephone number is Art. 6 Para. 1 S. 1 lit. f) GDPR. If the contact aims at the conclusion of a contract, so is additional legal basis for the processing art. 6 exp. 1 lit. b) GDPR.
  3. The device cache stores the calls for 30 days and successively overwrites or deletes old data; if the device is disposed of, all data is deleted and the memory may be destroyed. Locked telephone numbers are checked annually for the necessity of being locked.
  4. You can prevent the phone number from being displayed by calling with the phone number suppressed.

Google Analytics

  1. We have integrated the website analysis tool “Google Analytics” (Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
  2. When you visit our website, Google places a cookie on your computer in order to analyse your use of our website. The data obtained is transferred to the USA and stored there. If personal data is transferred to the USA, Google’s certification in accordance with the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework) guarantees that the European data protection law is complied with.
  3. We have activated the IP anonymization “anonymizeIP”, whereby the IP addresses are further processed only shortened. On this website your IP address will therefore be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to and truncated by Google on servers in the United States. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage for the person responsible. In addition, we have activated the cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The use of Google Analytics serves the purpose of analysing, optimising and improving our website.
  4. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f) GDPR, which also lies in the above purposes.
  5. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after months. Data whose retention period has been reached is automatically deleted once a month.
  6. For more information about data usage at Google Analytics, click here: https://www.google.com/analytics/terms/de.html (Terms of use of Analytics), https://support.google.com/analytics/answer/6004245?hl=de (Analytics privacy policy) and Google’s privacy policy https://policies.google.com/privacy.
  7. Objection and “Opt-Out”: You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional limitation of our offers. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website and Google from processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en
  8. As an alternative to the above browser plugin, you can prevent Google Analytics from capturing data by clicking on this link. The click sets an “opt-out” cookie that prevents your data from being collected when you visit this website in the future. This cookie is only valid for our website and your current browser and is only valid until you delete your cookies. In this case you would have to set the cookie again.
  9. You can deactivate the cross-device user analysis in your Google account under “My data → personal data”.

YouTube videos

  1. We have integrated YouTube videos from youtube.com on our website using the embedded function, so that they can be accessed directly on our website. YouTube belongs to Google Ireland Limited, Register No: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the videos in the so-called “extended data protection mode” without using cookies to record the usage behaviour in order to personalise the video playback. Instead, the video recommendations are based on the video currently playing. Videos played in an embedded player in advanced privacy mode will not affect which videos you are recommended to watch on YouTube, and when you start a video (click on the video) YouTube will be notified that you have accessed the appropriate page on our website. The data obtained will be transferred to the USA and stored there. This is also done without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimisation of its websites.
  2. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f) GDPR, which also lies in the above purposes.
  3. You have the right to object to the creation of user profiles by Google. For this reason, please contact Google directly via the data protection declaration mentioned below. An opt-out objection regarding the advertising cookies can be made here in your Google account: https://adssettings.google.com/authenticated.
  4. Please refer to YouTube’s Terms of Use at https://www.youtube.com/t/terms and Google’s Advertising Privacy Policy at https://policies.google.com/technologies/ads for more information about Google’s use of cookies and its advertising technologies, storage time, anonymization, location data, functionality, and your rights. General privacy policy of Google: https://policies.google.com/privacy.
  5. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore required to comply with European privacy laws.

Google ReCAPTCHA

  1. On our website we have integrated the anti-spam function “reCAPTCHA” of “Google” (Google Ireland Limited, register no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland). By using “reCAPTCHA” in our forms we can determine whether the input was made by a machine (robot) or a human. When using the service, your IP address and any other data required for this may be transmitted to Google servers in the USA.
  2. The purpose of processing this data is to avoid spam and misuse as well as our economic interest in optimizing our website.
  3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f) GDPR, which also lies in the above purposes.
  4. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework). This ensures that European data protection law is complied with.
  5. You can find more information about Google ReCAPTCHA at https://www.google.com/recaptcha/ and in Google’s privacy policy at https://policies.google.com/privacy.

Google Maps

  1. On our website we have integrated maps from “Google Maps” (Google Ireland Limited, register no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland). This will allow us to display the location of addresses and directions directly on our website in interactive maps and allow you to use this tool.
  2. When you call up our website, where Google Maps is integrated, a connection is established to Google’s servers in the USA. Here your IP address and location can be transferred to Google. In addition, Google receives the information that you have visited the corresponding page. This also takes place without a user account with Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimisation of its websites.
  3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f) GDPR, which also lies in the above purposes.
  4. You have the right to object to the creation of user profiles by Google. For this reason, please contact Google directly via the data protection declaration mentioned below. An opt-out objection regarding the advertising cookies can be made here in your Google account: https://adssettings.google.com/authenticated.
  5. In the Google Maps Terms of Use at https://www.google.com/intl/de_en/help/terms_maps.html and in the Google Advertising Privacy Policy at https://policies.google.com/technologies/ads you can find more information about the use of Google cookies and their advertising technologies, storage time, anonymization, location data, functionality and your rights. General privacy policy of Google: https://policies.google.com/privacy.
  6. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore required to comply with European privacy laws.

Presence in social media

  1. We maintain profiles or fan pages in social media in order to communicate with the users who are connected and registered there and to inform them about our products, offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection laws. When you use and call up our profile in the respective network, the respective data protection notices and terms of use of the respective network apply.
  2. We process the data that you send to us via these networks in order to communicate with you and respond to your messages there.
  3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our public image for the purpose of advertising in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. If you have given your consent to the processing of your personal data to the person responsible for the social network, the legal basis is Art. 6 Para. 1 S. 1 lit. a) and Art. 7 GDPR.
  4. The data protection information, information and opt-out options of the respective networks can be found here:

Data protection for applications and in the application process

  1. Applications sent by electronic means or by post to the person responsible will be processed electronically or manually for the purpose of handling the application procedure.
  2. We expressly point out that application documents with “special categories of personal data” according to Art. 9 GDPR (e.g. a photo which gives conclusions about your ethnic origin, religion or marital status) are undesirable, with the exception of a possible severe disability which you would like to disclose freely. You should submit your application without this data. This has no effect on your chances of applying.
  3. Legal bases for the processing are Art. 6 Para. 1 S.1 lit. b) GDPR as well as § 26 BDSG n.F.
  4. If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completion of the application process, your application letter and documents will be deleted 6 months after the rejection has been sent in order to meet any claims and obligations to provide evidence under the AGG.

Rights of the data subject

  1. Contradiction or revocation against the processing of your data
    If the processing is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a), Art. 7 GDPR, you have the right to revoke the consent at any time. This does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
    If we base the processing of your personal data on a weighing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR, you may object to the processing. This is the case if the processing is not necessary in particular for the fulfilment of a contract with you, which is represented by us in each case with the following description of the functions. When such an objection is exercised, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we continue the processing.
    You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us about your advertising objection under the following contact data:

    Eugen Riexinger GmbH & Co. KG
    Garden ring 2
    Bad Liebenzell
    Managing Director Markus Theobald
    Commercial Register/No.: HRA 730837
    Register court: Amtsgericht Stuttgart
    Fax: +49 (0) 7052 930-33
    E-mail address: info@riex.de

  2. Right to information
    You have the right to request confirmation from us as to whether personal data concerning you will be processed. If this is the case, you have the right to information about your personal data stored with us according to Art. 15 GDPR. This includes in particular information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you.
  3. Right of rectification
    You have the right to rectify inaccurate or incomplete data in accordance with Art. 16 GDPR.
  4. Right to deletion
    You have a right to deletion of your data stored with us according to Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights to further storage oppose this.
  5. Right to Restriction
    You have the right to demand a restriction in the processing of your personal data if one of the conditions in Art. 18 Para. 1 lit. a) to d) GDPR is fulfilled:

    • if you dispute the accuracy of the personally identifiable information about you for a period of time that allows the data controller to verify the accuracy of the personally identifiable information;
    • the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
    • the data controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
    • if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the justified reasons of the person responsible outweigh your reasons.
  6. Right to data transferability
    You have a right to data transferability according to Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or request the transfer to another responsible person.
  7. Right of appeal
    You have the right to appeal to a regulatory agency. As a general rule, you can lodge a complaint with the supervisory authority, in particular in the Member State in which you are staying, at your place of work or at the place where the alleged infringement was committed.

Data security

In order to protect all personal data transmitted to us and to ensure that we and our external service providers comply with data protection regulations, we have taken appropriate technical and organisational security measures. This is why all data between your browser and our server is encrypted using a secure SSL connection.

Last update: 03.06.2019