Riege Software

Privacy Policy

General Introduction

We take the protection of your data very seriously and want to ensure your visit to our Internet page is secure. Our data protection practices comply in particular with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG). We would herewith like to inform you of the nature, scope and purpose of the processing of your personal data. To begin with, we would like to point out that this Privacy Statement solely refers to our own webpages and does not apply to any third-party webpages to which we may refer in the form of a link.

Object of protection

The object of this Privacy Statement is to protect personal data. This includes all information that refers to an identified or identifiable natural person (hereinafter referred to as the “data subject”). This includes, in particular, all information that allows conclusions to be drawn as to your identity (e.g. details such as your name, postal address, email address and telephone number).

Technical requirements

In order for you to be able to set up a connection to our website, your browser transfers specific data to the web server of our website. This is a technical requirement that allows the information you called up to be made available to you by our website. This is achieved by storing your IP address, the date and time of your request, your operating system type and other information which is then stored and used for a maximum period of 7 days. We reserve the right to store these data for a limited period in order to safeguard our legitimate interests so as to be able to derive information from personal data in the case of unauthorized access or the attempt to deliberately cause damage to our company through this route (Art. 6, para. 1 (f) GDPR). These data shall be solely stored or transferred for this and no other purpose, whereby we shall not inform you of this or ask for your consent in advance.

Cookies

Cookies are small text files that are stored by your browser on your computer or mobile terminal device to detect, for example, whether you visit the same webpages repeatedly from the same terminal device or browser. In general, we set cookies to analyze the interest in our website as well as to improve the user-friendliness of our website. In principle, however, you can also call up our website without using cookies.

As a rule, cookies can be deactivated or removed with the aid of special tools which are offered by most commercial browsers. For each browser that you use, you have to determine the settings separately and configure these individually. The different browsers offer a range of functions and options to this purpose.

For full and easy usage of our website, you should accept those cookies that allow the use of specific functions, resp. make it easier to use. You can review which cookies are used by us and to which purpose - and how long these are stored - in the following overview:

Cookie list

Name

Page

Function

Storage period

__hssc

www.riege.com

These cookies are used by HubSpot to track the identity of our visitors and their respective sessions.

30 minutes

__hssrc

Until the end of the session

__hstc

13 months

hubspotutk

Until the end of the session

_fbp

www.riege.com

This cookie is used to deliver personalized ads to users who have visited our website via a Facebook ad.

3 months

_ga

www.riege.com

These cookies are used by Google Analytics to collect information on how visitors use our website.

2 years

_gat_UA-53582688-2

Until the end of the session

_gcl_au

90 days

_gid

1 day

_dc_gtm_UA-53582688-2

www.riege.com

Certain data are only relayed to Google Analytics once a minute at the most. This cookie only exists for one minute. As long as this cookie is active, specific data transmissions are disabled.

1 minute

_pk_id#

www.riege.com

This collects statistics about the user's visits to the website, such as, for example, the number of visits, average time spent on the website and which pages were read.

1 year

_pk_ses#

www.riege.com

This is used by the Matomo analytics platform to track which pages the visitor calls up during his/her session.

Until the end of the session

_pk_uid

www.riege.com

This is used by the Matomo analytics platform to identify visitors that return to the website.

1 year

_uetsid

www.riege.com

These collect data on visitor behavior across multiple websites to be able to present more relevant ads. This also allows the website to limit the number of times the same ad is displayed..

1 day

_uetvid

1 year

cookieConsent

www.riege.com

This function is used to save your consent, respectively refusal, in accordance with our GDPR policy.

1 month

countryRedirect

www.riege.com

This function is designed to help you view the website in your own language and to display content that is important to you.

1 month

CRAFT_CSRF_TOKEN

www.riege.com

This protects both you as a user and ourselves from cross-site request forgery attacks

Until the end of the session

CraftSessionId

www.riege.com

Craft relies on PHP sessions to maintain sessions across web requests. This is done via the PHP session cookie. By default, this cookie is named “CraftSessionId” but can be renamed via the phpSessionId configuration setting.

Until the end of the session

__hs_cookie_cat_pref

www.riege.com

This is used to store information on the cookie categories to which the visitor has consented.

Until the end of the session

__hs_initial_opt_in

www.riege.com

This is used to prevent the banner from being continually displayed if the visitor is browsing in strict mode.

Until the end of the session

__hs_opt_out

www.riege.com

This is saved to ensure the visitor is not repeatedly asked to select cookies once he/she has already made a choice.

Until the end of the session

__hs_do_not_track

www.riege.com

This is used to prevent the tracking coder from sending any type of information to HubSpot.

Until the end of the session

messagesUtk

www.riege.com

This is a HubSpot cookie that is used to be able to recognize visitors in the message tool.

Until the end of the session

GeoMateRedirectOverride

www.riege.com

This function is designed to help you view the website in your own language and to display content that is important to you.

1 week

Mtm_consent_(removed)

www.riege.com

This is created as a reminder as to whether the user has provided (or withdrawn) his/her consent.

30 years

When you visit our website(s) for the first time, a pop-up window containing our Cookie Consent Manager is displayed. If you click on the “Settings” button, you will be redirected to the cookie settings. Here you can use the button to toggle between activating and deactivating the use of cookies to provide your consent to the processing of any data thus collected (Art. 6, para. 1 (a) GDPR). Please note that if you do not accept any cookies at all, certain features of our website may not be able to be used as we had originally intended. You can revoke your consent at any time with future effect and change your settings in our Consent Manager by clicking on the following button:

COOKIE SETTINGS

Cookie types

In order to be able to explain the most common cookie types in more detail, we have provided explanations of these in the following to help you to understand them:

1. Session cookies

The usage of session cookies allows users and the changes they make on a particular website to be identified. These cookies allow the website to track the movements of the users across individual pages so that information that has already been entered/stored does not have to be re-entered/stored again. Webshop shopping baskets are a good example of this. The session cookie stores the selected products in the shopping basket so that this contains the correct articles when payment is made at checkout. Session cookies are deleted when the user logs off or become invalid once the session has automatically expired.

2. Permanent or protocol cookies

A permanent or protocol cookie stores the user’s information and settings on the user’s computer for the duration of the period defined by the respective expiration date. This allows quicker and easier access as you do not, for example, have to repeat the language settings or re-enter your login data. These cookies are automatically deleted when the storage period expires.

3. Third-party cookies

As a rule, third-party cookies have no influence on the usage of the page as they do not originate from the operator of the website. They fulfill, for example, the purpose of collecting information for advertising purposes, personalized content and web statistics and for passing these on to the respective third-party provider.

4. Tracking cookies

Tracking cookies are special text files which open up the possibility of collecting data on the behavior of the Internet user. This is aimed at gaining information on what the user’s main points of interest are, for example, to be able to launch made-to-measure promotional offers. Therefore, tracking cookies are not only set during the login process but are automatically set whenever the website is visited.

The examples of the most common types of cookies in the above representation is intended to provide you with a global overview of this type of data collection. The information contained therein does not claim to be complete. As a result of technical developments in the IT sector, it is to be assumed that further cookie types will be developed during the course of time. Prior to using our website, please refer at regular intervals to the Privacy Statement on our website to find out about the latest changes.

Tracking tools (exports to third countries)

Our website makes use of functions provided by a range of different third-party web analysis services, such as Google. In the following, we shall explain in even more detail which individual services are involved and which data are analyzed.

Third country exports (risks)

Please note that when analyzed by such services (e.g. Google), your data may also potentially be transferred to third countries, such as the USA. The third country transfer of your data to countries such as the USA, where there is no GDPR-compliant or appropriate level of data protection, harbors certain risks which we would like to inform you about at this stage. National laws, such as the United States Foreign Intelligence Surveillance Act (FISA), may permit domestic authorities (in the USA) to access information available to a provider on your person without your knowledge or consent if the authority believes there is an occasion to do so. In addition, you may be restricted in enforcing your rights as a data subject according to Art. 15 ff. GDPR.

Although it is possible to agree upon standard contractual clauses (SCC) with the service providers listed below in accordance with Art. 46, para. 2 (c) GDPR, these SCC generally lack additional safeguards which ensure that the transfer of data to insecure third countries for the reasons mentioned above complies with the GDPR.

Therefore, by agreeing to the use of the analysis tools on our website, you automatically consent to the possible transfer of your data to a third country in accordance with. Art. 49, para. 1 (a) GDPR.

Use of Google Tag Manager

We use Google Tag Manager, a service provided by Google Inc., 1600 Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. Google Tag Manager can manage a broad range of different website tags used by marketers via one single interface. The tool (Tag Manager which implements the tags) is a cookie-free domain which does not collect any personal data. This solely activates tags that may, in turn, possibly collect data (please refer to the descriptions provided below on Google Analytics and Google Ads). However, Google Tag Manager does not actually access these data. If a deactivation takes place at domain or cookie level, this remains unchanged for all tracking tags implemented using Google Tag Manager.

Implementation of Google Analytics using the anonymization function

On our website, we implement Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter referred to as “Google”. Google Analytics uses cookies which allow your usage of our website to be analyzed. As a rule, the information created by these cookies on the usage of our online offer (e.g. when, where and how often you access our website, incl. your IP address) is transferred to and stored on a Google server in Ireland or the USA. You can find out more about the ensuing risks in our Privacy Statement further up on this page.

In order to eliminate the possibility of linking your IP address to your person, it is immediately shortened after its collection (e.g. through the deletion of the last 8 bits), thus rendering it anonymous.

Further information on the processing of personal data by Google can be found at https://policies.google.com/privacy?hl=en&fg=1

In this context, we have agreed upon a set of Data Processing Terms with Google which are equivalent to a commissioned data processing agreement pursuant to Art. 28 GDPR. This contract governs the responsibilities and obligations between Google and Riege, e.g. with regard to the enforcement of data subject rights (pursuant to Art. 15 ff GDPR) or the duty to inform (pursuant to Art. 13 GDPR).

Your consent pursuant to Art. 6, para. 1 (a) GDPR, which you can provide via our cookie banner, provides the legal basis for processing via Google Analytics. You can revoke this consent at any time with future effect (please see below).

If you wish to revoke your consent to the use of Google Analytics, please click on this link to prevent analysis data from being transferred to Google Analytics. The above link can also be used as an alternative to the browser add-on described above as it activates an “opt-out cookie” which is only valid for the browser and domain in question. If cookies are deleted in this browser, this cookie is also lost so that you will have to click on the link again.

Use of Google Ads conversion and remarketing

We use the online Google AdWords (Ads) advertising program provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

Conversion:

When you click on an ad placed by Google, a conversion tracking cookie is installed on your computer. These cookies expire after 30 days and are not used to identify you personally. The following analysis values: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (tag that the user no longer wishes to be addressed) are generally stored in this cookie.

Should you visit certain pages on our website before this cookie has expired, both Google and ourselves will be able to see that you have clicked on the ad before being redirected to this page. Each Google AdWords customer is allocated a different cookie. This means that it is impossible to track cookies across the websites visited by AdWords customers. The information collected by the conversion cookie serves to provide us with respective conversion statistics. Through this, we can find out the total number of users who clicked on our ad and were consequently redirected to a page configured with a conversion tracking tag.

Based on the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further usage of the data collected by Google through the deployment of this tool and would, therefore, like to take this opportunity to inform you about what we know: Through the integration of Ads Conversion, Google is informed that you have called up the respective section of our website or clicked on our ad. If you are registered with a Google service, Google can relate this visit to your account. Even if you are not registered with Google, respectively have not logged in, the possibility remains that the provider may learn of and store your IP address.

Remarketing:

We use the remarketing function of the Google Ads service. This remarketing function allows us to present ads on other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads”, or on other websites) to the users of our website based on their specific interests. In order to achieve this, the interaction of users on our website is analyzed, e.g. which offers the users have shown interest in, in order to be able to display targeted advertising on other websites to these users even after they have left our own website. To this effect, Google stores cookies on the terminal devices of those users who use specific Google services or visit certain websites within the Google Display Network. These cookies are used to record the visits of these users. These cookies are used to uniquely identify a web browser on a particular terminal device - not to identify the individual concerned.

The processing of personal data by way of the Google Ads functions described above takes place based on the consent you previously provided via our Consent Manager in accordance with Art. 6, para. 1 (a) GDPR. You can revoke this consent at any time with future effect. To do so, please click on the following link.

Use of “Facebook Pixels” and Facebook Custom Audiences

On our website, we use so-called “Facebook Pixels” provided by the Facebook social network which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”).

Using Facebook Pixels allows us to determine so-called “Custom Audiences”, i.e. personalized target groups, to which you are then assigned during the tracking process by way of these pixels. The Facebook advertising placed by us is then only displayed to those individuals who have been assigned to the target group in question. This is aimed at ensuring that you only see advertising for products and services in which you are actually interested. The purpose of this is to ensure that our advertising corresponds to the potential interests of the users and does not have a harassing effect on them. During data transmission, the Facebook pixel also passes on personal data directly to Facebook. You can discover exactly which data are involved in this process and for what other purposes Facebook processes these data via Facebook's Privacy Policy which can be found at https://www.facebook.com/policy.php. The processing and forwarding of the personal data of visitors to our website is carried out on the basis of Art. 6, para. 1 (a) GDPR based on the consent you provided voluntarily via our Consent Manager (cookie banner). You can revoke this consent at any time with future effect. To do so, please click on the following link.

Use of LinkedIn Insight Tags

We use LinkedIn Insight Tags on our website (via the Google Tag Manager). This is a service provided by LinkedIn Ireland Unlimited Company, Gardner House 2, Wilton PI, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

These tags are small snippets of code that we have added to our website to track conversions, retarget our website visitors and gain additional information on the individuals who view our advertising. Among other things, this helps us to shape advertising external to our website in a more target-oriented manner, thus improving the relevance of our ads.

This involves the recording of the referrer URL, IP address, device and browser properties as well as the time stamp and the processing of this information by LinkedIn as part of the analysis process. In this case, the IP addresses are shortened or hashed and the direct identifiers of LinkedIn members removed within seven days in order to pseudonymize the data. The remaining pseudonymized data are then deleted within 90 days. LinkedIn themselves do not share any personal data with us. Instead, they merely evaluate your data and send us statistical reports and messages (through which we can no longer identify you).

The processing and forwarding of the personal data of visitors to our website is carried out on the basis of Art. 6, para. 1 (a) GDPR based on the consent you provided voluntarily. You can revoke your consent at any time free of charge via our Consent Manager. To do so, please click on the following link.

LinkedIn members can also manage the use of their personal data for advertising purposes in their account settings via https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.

Further information on the processing of personal data by LinkedIn can be found in LinkedIn's Privacy Policy available at https://www.linkedin.com/legal/privacy-policy?.

Use of Matomo Analytics

Our website uses Matomo Analytics, an open source web analysis service. Matomo Analytics uses cookies to analyze the usage behavior of our website visitors. The information used for the purpose of analyzing the range of coverage and website optimization is stored in a cookie and transmitted to our server.

The cookie stores the following information:

- browser type / version,
- the operating system and device used,
- Referrer URL (the page visited before and after),
- the anonymized IP address,
- Time and geodata of the server request,
- Time spent on the page

Your IP address is immediately anonymized during this process so that you as a user remain anonymous to us. The processing takes place in accordance with Art. 6 Para. 1 a GDPR on the basis of your consent. You can revoke your consent at any time with effect for the future via our consent manager. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo Analytics does not collect any session data.

Warning: If you delete your cookies, this means that the opt-out cookie will also be deleted and you may have to reactivate it. You can prevent the use of cookies in advance by setting your browser software accordingly. However, in this case you may not be able to use all the functions of this website to their full extent.

HubSpot

We use the HubSpot service on our website for our online marketing activities and other purposes. This service allows us to cover various functions on our website, e.g. customer relationship management (CRM), newsletters and contact forms. Which functions, in particular, are concerned will be explained in more detail below.

HubSpot is a service offered by the provider HubSpot, Inc. in the USA (hereinafter referred to as “HubSpot”), with a European branch located in Ireland (HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland). We have closed a commissioned data processing agreement with HubSpot pursuant to Art. 28 GDPR, as well as so-called standard contractual clauses pursuant to Art. 46, para. 2 (c) GDPR, to ensure that the potential transfer of data to HubSpot servers located outside the European Union is subject to a level of protection corresponding to that provided by the European GDPR regulation. You can review the commissioned data processing agreement concluded with HubSpot here: https://legal.hubspot.com/dpa

All further details related to the processing of personal data by HubSpot and the companies affiliated with HubSpot can be found here: https://legal.hubspot.com/privacy-policy

Newsletter

If you wish to subscribe to our newsletter, you need to state your email address. You are free to enter all the other data on a voluntary basis. You will then receive an automated email containing a link which you can use to confirm that you are the owner of the email address provided and that you agree to receiving our newsletters in accordance with Art. 6, para. 1 (a) GDPR (double opt-in procedure). This process involves the storage of your IP address, the date and the time of your registration. These data are only collected for the purpose of being able to send you our newsletters and to document that we are accordingly authorized to do so. You can revoke your request to receive our newsletters and your consent to the storage of your email address at any time and with future effect. Respectively, you can unsubscribe from our newsletter via the unsubscribe link (opt-out procedure).

Additionally, newsletter tracking takes place when we distribute our newsletters. Our newsletters contain so-called web beacons. These are thumbnails that are generated individually for each recipient and then embedded in the emails. These pixels transmit technical information on your browser and system as well as your IP address and the time when the email was retrieved and also record when you opened our email and which links you called up.

This allows us to carry out statistical evaluations with regard to the success of the respective newsletter campaign. The aim of gaining and storing personal data obtained in this way is to optimize our newsletter distribution service and to be able to adapt it to the interests of the recipients. Tracking is done based on our legitimate interest as described above and in accordance with Art. 6, para. 1 (f) GDPR. If you wish to object to such tracking, you must unsubscribe from our newsletter subscription service. It is not possible to revoke/withdraw your consent separately.

Contact form

Our website contains a range of different contact forms that can be used for different purposes. On the one hand, you have the option of sending us a general contact request via a form located at https://www.riege.com/contact/. On the other hand, you can also use forms located in other sections, e.g. to request a demo version of our software or to send us a training request. Different data are processed depending on the type of request concerned. However, these options always include your personal contact details which we need in order to be able to contact you in response to your request. To ensure that your data are transferred securely, we use a connection which uses state of the art encryption with an SSL certificate during the transfer process. In order to process your personal data, we first obtain your consent to this processing in accordance with Art. 6, para. 1 (a) GDPR. You can revoke this consent at any time with future effect.

Surveys

We would like to conduct regular surveys, e.g. to evaluate the satisfaction levels of our customers with regard to our products and service. These surveys are emailed to existing customers both via our HubSpot CRM system and to subscribers of our newsletter. In addition to your email address, other personal contact data may also be processed within this context, provided that you have supplied us with these details on a voluntary basis. Processing only takes place based on your having previously provided your consent in accordance with Art. 6, para. 1 (a) GDPR. You can revoke this consent at any time with future effect. In order to do this, simply unsubscribe from our newsletter or send an email to dataprotection@riege.com.

Tracking

We use HubSpot for a range of purposes, including measuring reach and analyzing visitor behavior on our website. To achieve this, HubSpot’s tracking code has been installed on our website. This uses cookies for the tracking process. These are installed in your browser and store the following data:

- Domain
- User token
- Time stamp (of the first, previous and current visit)
- Number of page views
- Visitor ID (opaque GUID)

More information on the storage periods of the various cookies concerned can be found in our cookie list. When you call up our website, you are first asked by our Consent Manager to provide your consent pursuant to Art. 6, para. 1 (a) GDPR. No tracking cookies are installed by HubSpot without your consent - neither is an analysis of your website behavior performed by HubSpot.

You can revoke this consent at any time with future effect. To do this, please call up the [Cookie settings] again.

Use of embedded YouTube videos

We use YouTube to integrate videos to make our webpage attractive and informative for you.

As a rule, when you visit one of our pages which incorporates a YouTube plugin, a connection to the YouTube servers is established. However, we use a built-in 2-click solution on our webpage to prevent this from happening. All our videos have been embedded on our pages using this 2-click solution so as to ensure that your IP address is not actually transmitted to the YouTube servers until you actively click on the video in question. Should you refrain from doing this, however, no data will be sent to YouTube whilst you are visiting our website.

Accordingly, our legal basis for processing your data once you have activated the video is the consent you have provided in accordance with Art. 6, para. 1 (a) GDPR.

The company that operates YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

YouTube sets cookies to collect information on those who visit their Internet page. Among other things, YouTube uses these to record video statistics, to avoid and investigate cases of fraud and to improve user-friendliness. This may also result in a connection being made to Google’s DoubleClick Network. If you launch a YouTube video, this may initiate further data processing processes. We have no influence on this.

You allow YouTube to directly associate your surfing behavior with your personal YouTube profile, if you have a YouTube account and are logged in to this account when you call up our webpages. You can avoid this by logging out of your YouTube account.

More information on data protection at YouTube can be found in their Privacy Statement at: https://www.youtube.de/t/privacy

resp. at: https://policies.google.com/privacy?hl=de&gl=de

Further general information

Changes to this Privacy Statement

We check this Privacy Statement on a regular basis to ensure that it complies with the legal provisions, the jurisprudence and the statements of the supervisory authorities, as well as to align it to emerging trends and the technological state of the art. In this respect, we reserve the right to change this Privacy Statement in order to adjust it in line with new legal data protection requirements or other changes in the factual or legal circumstances. We kindly ask, therefore, that you always check the information in our Privacy Statement applicable at the time prior to using our website.

Who is responsible for the data processing? (Art. 13, para. 1 (a), (b) GDPR)

Riege Software International GmbH (“Riege”) is responsible for data processing on our webpage. Please refer to our Imprint for the respective contact details.

https://www.riege.com/imprint/

You can reach our Data Protection Officer at the following address:

Riege Software International GmbH (“Riege”)
To the Data Protection Officer
Otto-Hahn Straße 4
40670 Meerbusch
Germany
Email: dataprotection@riege.com
Tel: +49 (0)2159 9148-0

Who receives your personal data? (Art. 13, para. 1 (e), (f) GDPR)

We treat your personal data confidentially and never pass these on to third parties unless you have provided us with your consent to do so, where these are made available based on a legal or contractual commitment or where their forwarding is necessary in order to complete pre-contractual measures, resp. fulfill a contract. In individual cases, we may contract a processor to process your personal data (e.g. for hosting services or the administration of our webshop system). This would be carried out in accordance with Art. 28 GDPR and on the basis of a respective commissioned data processing contract.

How long are the data stored? (Art. 13, para. 2 (a) GDPR)

The legislator has imposed numerous retention periods and deadlines.

We only store your data as long as this is legally required.

Once these periods have lapsed, we delete the respective data as a matter of routine, in as far as they are no longer required with a view to fulfilling the contract. We store data that are processed based on your consent until this consent is revoked, resp. as long as these data are required. We store data that are processed based on a legitimate interest as long as this legitimate interest continues to exist.

In line with the legal provisions, commercial law data or financially-relevant data ensuing from a closed financial year are deleted after a further ten years have passed, in as far as no longer retention periods have been stipulated or are required for legitimate reasons. In as far as the data are not subject to specific retention periods, they are deleted when the purpose for which they were processed ceases to exist.

For which purposes and on which legal basis do we process your personal data? (Art. 13, para. 1 (c), (d) GDPR)

We have already outlined the purposes and legal basis for processing data. In addition, the following generally applies: Where required, we process your data to safeguard our legitimate interests or those of other third parties in accordance with Art. 6, para. 1 (f) GDPR, for example to establish legal claims or to defend ourselves in legal disputes or to uphold our IT operations or security.

We process your data for purposes of external communications and marketing on the basis of Art. 6, para. 1 (a) or (f) GDPR in cases where we have a legitimate interest in doing so, or where we have received your written consent to process your personal data. You have the right to revoke your consent at any time.

In order to be able to comply with legal obligations, we are allowed to, or must, where required, process your data and pass these on to third parties (in accordance with Art. 6, para. 1 (c)).

In no case shall we use your data in an automated decision-making process or for profiling purposes.

Furthermore, we use cookies to be able to offer you an improved service when using our webpage and to make this webpage easier for you to use (Art. 6, para. 1 (f) GDPR).

Which rights and obligations do you have? (Art. 13, para. 2 (b), (c), (d), (e) GDPR)

All data subjects have the following rights:

In accordance with Art. 15 GDPR, you have the right to receive information. This means that you can request confirmation from us as to whether your personal data are being processed by ourselves.
In accordance with Art. 16 GDPR, you have the right to rectification. This means that you can demand that we rectify any incorrect personal data concerning your person.
In accordance with Art. 17 GDPR, you have the right to erasure (“right to be forgotten”). This means that you can demand that we erase any personal data concerning your person without delay - unless we are unable to erase your data due to being required to observe, for example, legal retention periods.
In accordance with Art. 18 GDPR, you have the right to restriction of processing. This means that we are virtually no longer allowed to process your personal data - apart from storing these accordingly.
In accordance with Art. 20 GDPR, you have the right to data portability. This means that you have the right to receive the personal data concerning your person and that you have made available to us in a structured, commonly used and machine-readable format and to transmit these data to another controller.
In accordance with Art. 7, para. 3 GDPR, you have the right to withdraw any consent you have provided at any time with future effect.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the responsible supervisory authority.

In addition, you also have the right to object which we will be explaining in more detail at the end of this data protection information sheet.

If you would like to exercise any of your above rights, please contact our Data Protection Officer (see contact details listed above).

Responsible supervisory authority

State Data Protection Officer
North Rhine-Westphalia
Office address: Kavalleriestr. 2 - 4, 40213 Düsseldorf, Germany
Postal address: P.O. Box 20 04 44, 40102 Düsseldorf, Germany
Tel.: +49 (0)211 38424-0
Email address: poststelle@ldi.nrw.de

Information on your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)

You have the right to object, on grounds resulting from your particular situation, at any time to the processing of personal data concerning your person which is carried out based on Art. 6, para. 1 (f) GDPR (data processing based on the weighing up of legitimate interests); this also applies to profiling based on this provision as provided for in Art. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or where this processing is for the establishment, exercise or defense of legal claims.

Please direct your objection in writing (via email or post) to the attention of our Data Protection Officer (see contact details listed above).