Data Protection
Preamble
With this privacy policy, we want to inform you about the types of personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This declaration applies to all processing of personal data we carry out – whether in the context of our services or especially on our websites, in mobile applications, and in external online presences such as social media profiles (hereinafter collectively referred to as "online offer").
The terms used are gender-neutral.
Status: January 7, 2025
Responsible Party
RSD Industrietechnik GmbH
Anton-Forster-Str. 2
92708 Mantel
Authorized Representative: Ronny Schäfers
Email Address: info@rsd-vertrieb.de
Phone: +49 (0)9605 / 92 48 100
Overview of Processing
The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects.
Types of Data Processed
Inventory data
Contact data
Content data
Usage data
Meta, communication, and procedural data
Log data
Categories of Data Subjects
Communication partners
Users
Purposes of Processing
Communication
Security measures
Reach measurement
Tracking
Target group formation
Organizational and administrative procedures
Feedback
Marketing
Profiles with user-related information
Provision of our online offer and user-friendliness
Information technology infrastructure
Relevant Legal Bases
The following overview provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If specific legal bases are relevant in individual cases, we will inform you about them in this privacy policy.
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR): The processing is necessary for the performance of a contract with the data subject or for the implementation of pre-contractual measures taken at the request of the data subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR): The processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override.
National Data Protection Regulations in Germany
In addition to the GDPR, national data protection regulations apply in Germany, particularly the Federal Data Protection Act (BDSG). This includes specific regulations on rights of access, deletion rights, objection rights, the processing of special categories of personal data, and transfers and automated decisions, including profiling. The data protection laws of the federal states may also apply.
Note on the Applicability of the GDPR and Swiss DSG
These data protection notices inform both according to the GDPR and the Swiss Data Protection Act (DSG). For better understanding, terms of the GDPR are used. For example, the term "processing" is used instead of "handling," and "personal data" instead of "personal data." The legal meaning of the terms remains according to the Swiss DSG.
Security Measures
We take technical and organizational measures to ensure an appropriate level of protection for personal data. These measures take into account the state of the art, implementation costs, and the nature, scope, and purposes of the processing. The aim is to protect the rights and freedoms of natural persons.
Measures include, in particular:
Ensuring the confidentiality, integrity, and availability of data, e.g., by controlling access to data (physically and electronically) and their input, transfer, and separation.
Procedures to ensure the exercise of data subject rights, deletion of data, and response to threats.
Consideration of data protection in the development and selection of technologies (data protection by design and by default).
Securing Online Connections with TLS/SSL Encryption Technology (HTTPS)
To protect data from unauthorized access, we use TLS/SSL encryption. This technology encrypts data transmitted between the website/app and the user's browser or between servers. TLS (as an evolution of SSL) guarantees the highest security standards. The presence of an SSL/TLS certificate is indicated by "HTTPS" in the URL, signaling that data is encrypted and securely transmitted.
International Data Transfers
Data Processing in Third Countries
If data is processed in third countries (outside the EU/EEA) or transferred to persons or organizations there, this is done in accordance with legal requirements. The basis can be an adequacy decision (Art. 45 GDPR), standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or other legally necessary circumstances (Art. 49 para. 1 GDPR).
Detailed information on third-country transfers and adequacy decisions is available on the EU Commission's website:
EU Commission – International Data Protection
Under the "Data Privacy Framework" (DPF), the level of data protection for certain US companies has been recognized as secure by the EU Commission's adequacy decision of July 10, 2023. A list of certified companies can be found on the US Department of Commerce's website:
Data Privacy Framework (English)
General Information on Data Storage and Deletion
We delete personal data in accordance with legal requirements as soon as the underlying consents are revoked or there are no longer any legal grounds for processing. This applies in particular if the original purpose of the processing ceases to exist or the data is no longer needed. Exceptions apply if legal provisions or special interests require longer retention.
Data that must be retained due to commercial or tax law requirements or for legal prosecution or protection of the rights of others will be archived accordingly. Our data protection notices contain specific information on individual processing operations, including retention and deletion periods.
If multiple retention periods exist, the longest period always applies. If a period does not explicitly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurs. For ongoing contractual relationships, the period begins with the termination of the contract.
Data retained due to legal requirements is processed exclusively for the purposes that justify their retention.
Retention and Deletion of Data – General Periods under German Law
10 years: Retention obligation for books and records, annual financial statements, inventories, management reports, opening balances, and related organizational documents and invoices (§ 147 para. 3 in conjunction with para. 1 no. 1, 4, 4a AO, § 14b para. 1 UStG, § 257 para. 1 no. 1, 4, para. 4 HGB).
6 years: Retention obligation for business documents such as received and sent commercial letters, time sheets, calculation documents, or price markings (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2, 3, para. 4 HGB).
3 years: Data relevant for considering potential warranty or damage claims and related inquiries, based on the regular limitation period (§§ 195, 199 BGB).
Rights of Data Subjects
Data subjects have the following rights under the GDPR, particularly arising from Articles 15 to 21 GDPR:
Right to object: You can object to the processing of your data at any time for reasons arising from your particular situation if the processing is based on Art. 6 para. 1 lit. e or f GDPR, including profiling. In the case of processing for direct marketing, you have the right to object to this processing at any time.
Right to withdraw consent: You can withdraw given consents at any time.
Right of access: You have the right to confirm whether data concerning you is being processed and to obtain further information and a copy of the data in accordance with legal requirements.
Right to rectification: You can request the completion or correction of your data.
Right to deletion and restriction of processing: You can request the deletion of your data or alternatively the restriction of processing under legal requirements.
Right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
Right to lodge a complaint with a supervisory authority: You can lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
Provision of the Online Offer and Web Hosting
We process users' data to provide our online services. The IP address is processed as it is necessary to transmit the content and functions of our online offers to the browser or the device used.
Types of Data Processed
Usage data (e.g., page views, duration of visit, click paths, intensity and frequency of use, device types and operating systems, interactions with content and functions)
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)
Log data (e.g., log files of logins, data retrievals, or access times)
Categories of Data Subjects
Users (e.g., website visitors or users of our online services)
Purposes of Processing
Provision of the online offer and ensuring user-friendliness
Operation and provision of the technical infrastructure (e.g., servers, IT systems)
Implementation of security measures
Storage and Deletion
Data is stored or deleted in accordance with the information in the section "General Information on Data Storage and Deletion."
Legal Basis
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Collection of Access Data and Log Files
Accesses to our online offer are logged in the form of "server log files." These contain, for example, the address and name of the accessed websites or files, date and time of access, transferred data volumes, messages about successful retrievals, information about the browser and operating system, referrer URL (previously visited page), IP addresses, and the requesting provider.
Server log files serve both security purposes, such as preventing overloads or attacks (e.g., DDoS attacks), and the stability and load of the servers.
Legal Basis
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Storage Duration
Log data is stored for a maximum of 30 days and then deleted or anonymized unless longer storage is required for evidence purposes. In such cases, the data is retained until the incident is clarified.
Service Provider – ALL-INKL.COM
We use the services of ALL-INKL.COM – Neue Medien Münnich (Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) for the provision of IT infrastructure, such as storage space and computing capacity.
Legal Basis
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Further Information
Website: ALL-INKL.COM
Privacy Policy: ALL-INKL.COM Privacy Information
A data processing agreement is provided by the service provider.
Use of Cookies
Cookies store and read information on users' devices and can perform various functions, such as improving security, user-friendliness, or analyzing visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain users' consent. In cases where consent is not required, we rely on legitimate interests if storing and reading information is necessary to provide explicitly requested content or functions. This includes, for example, storing preferences or ensuring the functionality and security of the offer. Consent can be revoked at any time. We provide transparent information about the use and scope of the cookies used.
Legal Basis
Personal data processed via cookies is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR) or our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Storage Duration of Cookies
Temporary cookies (session cookies): These are deleted as soon as the user leaves the website and closes the browser or app.
Permanent cookies: They remain stored even after closing the browser and can store, for example, the login status or preferred content. Without specific information on the storage duration, these cookies are valid for up to two years.
Right to Withdraw and Object (Opt-out)
Users can withdraw given consents at any time or object to the processing of their data in accordance with legal requirements. This is possible via the privacy settings of the browser.
Types of Data Processed
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers)
Categories of Data Subjects
Users (e.g., website visitors, users of online services)
Further Information on Cookies and Consent Management
To manage cookie consents, we use a consent management system. This allows users to give, manage, or withdraw their consent for the use of cookies and similar technologies. Consents are stored to avoid repeated queries and to provide legal evidence. Storage occurs server-side and/or in an opt-in cookie with a storage duration of up to two years.
Contact and Inquiry Management
When you contact us (e.g., by mail, email, phone, contact form, or social media) or communicate within existing user and business relationships, we process the information you provide to the extent necessary to handle your inquiry or perform requested measures.
Types of Data Processed
Inventory data: Full name, home address, contact information, customer number, etc.
Contact data: Postal and email addresses, phone numbers
Content data: Textual or pictorial messages, information about authorship, time of creation
Usage data: Page views, duration of visit, click paths, used device types, operating systems, interactions
Meta, communication, and procedural data: IP addresses, timestamps, identification numbers, involved persons
Categories of Data Subjects
Communication partners
Purposes of Processing
Communication
Organizational and administrative processes
Collection of feedback
Optimization of user-friendliness and provision of our online offers
Storage and Deletion
Data is stored and deleted in accordance with the information in the section "General Information on Data Storage and Deletion."
Legal Bases
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
Fulfillment of contractual and pre-contractual obligations (Art. 6 para. 1 sentence 1 lit. b) GDPR)
Further Details on Processes and Services
Contact Form
For inquiries via the contact form, email, or other communication channels, we process the personal data provided exclusively to handle the inquiry. Typically, this includes information such as name, contact information, and other provided information. We use this data exclusively for communication and the respective purpose of handling the inquiry.
Legal Bases
Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR)
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
Web Analysis, Monitoring, and Optimization
Web analysis, also known as reach measurement, serves to analyze visitor flows on our website. Pseudonymous data about behavior, interests, or demographic information such as age or gender is collected. With the analysis, we recognize, for example, at what times our offer is particularly frequently used, which content is particularly popular, or needs to be optimized.
Additionally, we can use test procedures such as A/B testing to test and improve different versions of our online offer.
For these purposes, usage profiles are created, and information is stored and retrieved in browsers or devices. Collected data includes visited pages, used functions, technical details (e.g., browser, operating system), and usage times. If we have consent, location data can also be processed.
IP addresses are pseudonymized using an IP masking procedure, so the identity of the users is not disclosed. No clear data such as names or email addresses are stored, only pseudonymous information.
Legal Bases
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR (interest in an efficient and user-friendly website)
Types of Data Processed
Usage data (e.g., page views, duration of visit, click paths, device types)
Meta, communication, and procedural data (e.g., IP addresses, timestamps)
Categories of Data Subjects
Users of our website and online services
Purposes of Processing
Reach measurement
Creating user profiles
Improving user-friendliness and providing the online offer
Storage Duration
Cookies can be stored on users' devices for up to two years. Exact information on the storage duration can be found in the specific information of the respective cookies.
Security Measures
IP masking (pseudonymization of the IP address)
Further Information on Services and Processes
Google Analytics
We use Google Analytics to analyze the use of our online offer. A pseudonymous user ID is used, which does not contain personal data such as names or email addresses. This ID allows the assignment of usage data to a device to gain insights into page views, interactions, and search behavior.
Google Analytics anonymizes IP addresses in the EU and does not store them in full. Pseudonymous user profiles are created using cookies. Processing takes place exclusively on EU servers before the data is forwarded to Analytics servers.
Provider
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal Bases
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)
Further Information
Privacy Policy: Google Privacy Policy
Opt-Out: Google Analytics Opt-Out
Google Tag Manager
We use Google Tag Manager for central management of website tags. No user profiles are created, no cookies are stored, and no independent analyses are conducted. Data processing takes place exclusively in connection with the integrated services.
Provider
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal Bases
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)
Further Information
Privacy Policy: Google Privacy Policy
Presences in Social Networks (Social Media)
We operate online presences in various social networks to communicate with users active there and to provide information about our company.
We point out that user data may also be processed outside the European Union. This can make it more difficult to enforce user rights.
As a rule, user data within social networks is processed for purposes such as market research and advertising. For example, profiles can be created from the usage behavior and interests of users, which are then used to place targeted advertisements within and outside the platforms. Cookies are often stored on the users' devices, containing information about usage behavior and interests. These usage profiles can also be created across devices, especially if users are members of the respective platforms and are logged in.
For detailed information on the processing processes and opt-out options, we refer to the privacy policies of the respective platform operators.
For information requests and the assertion of data subject rights, we recommend contacting the providers directly, as they have sole access to the user data and can take appropriate measures. If you still need assistance, we are available to help.
Types of Processed Data:
Contact Data: e.g., postal and email addresses, phone numbers
Content Data: e.g., messages, posts, and information about their creation (authorship, time)
Usage Data: e.g., page views, duration of stay, click paths, usage intensity, used devices, operating systems, interactions with content
Affected Persons:
Users: e.g., visitors of websites and online services
Purposes of Processing:
Communication
Feedback: e.g., via online forms
Public Relations
Retention and Deletion:
Deletion is carried out in accordance with the information in the section "General Information on Data Retention and Deletion."
Legal Bases:
Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
Notes on Processing Procedures and Services:
Social Network: Functions such as sharing photos/videos, sending messages, commenting, and subscribing to profiles
Service Provider: Meta Platforms Ireland Limited, Dublin, Ireland
Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
Privacy Policy: https://privacycenter.instagram.com/policy/
Basis for Third Country Transfers: Data Privacy Framework (DPF)
Facebook Pages
Joint Responsibility: With Meta Platforms Ireland Limited for the collection (not further processing) of data from visitors to our Facebook page ("Fanpage")
Information Includes: Usage and device information (e.g., IP addresses, operating systems)
Service Provider: Meta Platforms Ireland Limited, Dublin, Ireland
Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
Privacy Policy: https://www.facebook.com/privacy/policy/
Basis for Third Country Transfers: Data Privacy Framework (DPF)