Information for customers, interested parties, suppliers and other external persons

in accordance with Article 13 GDPR

Version 2.0, dated: 2023-02-23

We take the protection of your personal data very seriously. We process your data in accordance with the provisions of the EU General Data Protection Regulation (GDPR). In the following we inform you according to Art. 12 and Art. 13 GDPR about the processing of your data.


Who is the responsible party? (art. 13 para. 1 lit. a,b GDPR)

Responsible for data processing is the following processor:

Riege Software International GmbH
Otto-Hahn-Str. 4
40670 Meerbusch

P: +49 2159 9148 0
F: +49 2159 9148 11


Your questions regarding data protection can be sent to:

Riege Software International GmbH
Attn. The Data Protection Officer
Otto-Hahn-Str. 4
40670 Meerbusch

P: +49 2159 9148 0
F: +49 2159 9148 11


What are the purposes and on which legal basis do we process your personal data? (art. 13 para. 1 lit. c,d and para. 2 lit. f GDPR)

We only process data that we have collected from you as part of the respective business transaction, e.g., to prepare an offer, to conclude and implement contracts, to issue invoices for general inquiries, for procurement purposes. The legal basis is Art. 6 GDPR. The purposes of the processing depend on your request or the respective business transaction.

Depending on the type of business transaction or your request, we store your data to the extent necessary within the scope of earmarking and customary market practice in our communication and merchandise management systems.

We only process your data for the purpose of providing information and advice on products and services, as well as for market research and customer satisfaction analysis and for passing it on to third parties if we have received your consent to do so (according to Art. 6 para. 1 lit. a).

If necessary, we process your data to protect our legitimate interests or those of third parties in accordance with Article 6 Paragraph 1f GDPR, for example for the assertion of legal claims and defense in legal disputes or for ensuring IT operations and security.

In order to comply with legal requirements, we may or must, if necessary, process your data and pass it on to third parties (according to Art. 6 para. 1 lit. c).

We do not use your data in any way for automated decision-making or profiling.


Who receives your personal data? (Art. 13 para. 1 lit. e,f GDPR)

As a matter of principle, we do not pass on personal data to third parties unless you have given your consent, there is a legal obligation, or we have a legitimate interest. We have a legitimate interest if we exchange or jointly process data between the Riege affiliates within the group of companies.

We process your data within the EU. If we outsource parts of the data processing to service providers by way of commissioned processing, we conclude corresponding contracts for commissioned processing with these suppliers in accordance with Article 28 GDPR. If the processors are active for us in a third country, your personal data will be processed in accordance with the provisions of Art. 44ff. GDPR – in accordance with the provisions of the GDPR and the (German) Federal Data Protection Act (BDSG).


How long is the data stored? (Art. 13 para. 2 lit. a GDPR)

The legislator has issued a wide range of retention obligations and periods.

In principle, we only store your data for as long as is required by law (e.g., 10 years for company accounting documents). After the retention periods have expired, the corresponding data is routinely deleted in accordance with data protection regulations if they are no longer required, for example to fulfill the contract. We store data that we process based on your consent until revoked or as long as the data is required. We store data that we process because of a legitimate interest for as long as the legitimate interest exists.

Commercial or financial data from a completed financial year will be deleted after a further ten years in accordance with the legal provisions unless longer retention periods are prescribed or necessary for legitimate reasons. If data are not subject to specific retention periods, they will be deleted when the purposes for which they were processed no longer apply.


Which rights do you have? (Art. 13 para. 2 lit. b,c,d,e GDPR)

As the data subject whose data we process, you have the following rights:

  • In accordance with Art. 15 GDPR, you have the right to be informed. This means that you can request confirmation from us as to whether personal data relating to you is being processed by us.
  • According to Art. 16 GDPR you have the right to rectification. This means that you can ask us to correct incorrect personal data concerning you.
  • In accordance with Art. 17 GDPR, you have the right to erasure ("right to be forgotten"). This means that you can ask us to delete your personal data immediately - unless we cannot delete your data, for example because we have to comply with statutory retention requirements.
  • In accordance with Art. 18 GDPR, you have the right to restrict processing. This means that we are practically no longer allowed to process your personal data - apart from storing it.
  • In accordance with Art. 20 GDPR, you have the right to data portability. This means that you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another person responsible.
  • In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time for the future.
  • According to Art. 13 GDPR in conjunction with Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority. 

If you wish to exercise your rights, please contact the data protection officer in writing (by post or email, see above for contact details).


Supervisory authority

(State Data Protection Authority for the German state of North Rhine-Westphalia)
Landesbeauftragte für Datenschutz und Informationsfreiheit
Home address: Kavalleriestr. 2 – 4, 40312 Düsseldorf
Postal address: Postfach 20 04 44, 40102 Düsseldorf
P: +49 (0) 211/38424-0

You only have to provide us with the personal data that is necessary for our communication with you or for the fulfillment of contractual obligations or which we are legally obliged to collect (e.g., financial laws, tax laws). Otherwise, we cannot communicate with you, and cannot and must not enter into / perform a contract with you.


Information about your right to object according to Art. 21 General Data Protection Regulation (GDPR)

You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data relating to you, which is based on Article 6 para. 1 lit. f GDPR (data processing on the basis of a balance of interests). This also applies to any profiling based on this provision within the meaning of Art. 4 no. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for data processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made informally and should preferably be addressed to our data protection officer.


If you have any further questions regarding data protection, please feel free to contact our data protection officer using the contact details above.