Data protection information in accordance with the EU General Data Protection Regulation for "natural persons"
On May 25, 2018, the EU General Data Protection Regulation ("DSGV") came into force. This has significantly strengthened data protection for data subjects in the European Union.
The DSGV aims to harmonize the provisions throughout the European Union (“EU”), strengthen the rights of data subjects and place greater responsibility on the person responsible for data processing. The DSGV applies to all natural persons who are in a business relationship with us, either directly or as employees or authorized representatives of legal entities ("Affected Persons", "Customers").
We take our customers' privacy seriously. So that you can better classify the individual aspects and effects of the DSGV, we give you an overview of the processing of your personal data by Rinke-Weine and your extended rights resulting from data protection law. Please pass this information on to current and future employees and authorized representatives. If you need a PDF copy of this data protection notice, we will be happy to send it to you by post or e-mail.
1. Who is responsible for the processing?
Responsible body is:
Main street 4th
Phone: (+49) 151 183 05335
Fax: (+49) 651 9935 838
2. Which sources and data do we use?
As the responsible body, we process personal data (hereinafter also "data") that we receive from our customers as part of our business relationship. In addition, we process - to the extent necessary for the provision of our services - data that we legitimately receive from third parties (e.g. to execute orders, to fulfill contracts) or from publicly accessible sources (e.g. commercial register, internet) or on the basis of your consent to have.
Relevant data that are processed by us include:
Name, address, contact details (phone, email address, gender), data from the fulfillment of contractual obligations (e.g. for payments), order data and other data similar to the categories mentioned, of which we become aware in the course of the business relationship, provided this data is required for the provision of our services or for contract processing.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process the aforementioned personal data in accordance with the provisions of the DSGV and the Federal Data Protection Act.
(1) To fulfill contractual obligations
If necessary, we process your data to provide our services (dispatch and order processing, order and invoicing, invoice monitoring, dunning, invoice processing and handling of suppliers). Data is processed to provide the aforementioned services, in accordance with a contract or order, or as part of pre-contractual measures. For example, if you give us your business card, we will assume that you are interested in initiating a contract or contacting us. We therefore process this data if necessary and use the contact information to contact you.
(2) If the processing of personal data is necessary for reasons of compliance with legal obligations to which we are subject:
We are subject to various legal obligations, i.e. legal requirements, for example for the preparation of annual financial statements. The processing of personal data may be necessary for this purpose.
(3) If the processing of personal data is necessary for the purpose of legitimate interests
If necessary, we process your data beyond the actual fulfillment of the contract to safeguard our legitimate interests or those of third parties. Examples:
Improvement of products and services
Enforcement of legal claims and defense in legal disputes
Guarantee of IT security and IT operations
Risk management and controlling
Consultation and data exchange with debt collection agencies or service providers to whom we assign claims
Compilation of statistics
Marketing of our products (provided that this does not include profiling)
4. Who will get my data?
Within Rinke-Weine, those persons have access to your data who need it to fulfill our contractual or legal obligations. Service providers and vicarious agents used by us can also receive data for this purpose. The data will only be forwarded to service providers if they themselves are subject to a duty of confidentiality (e.g. tax consultants), or if service providers or vicarious agents commissioned by us guarantee the requirements of the DSGV.
In such a case, we act as the person responsible for data processing at all times.
Under these conditions, recipients of personal data can be:
public bodies and institutions (e.g. if there is a legal obligation)
Companies that we entrust with IT maintenance / IT applications
Other institutions and processors to whom we transfer personal data in order to carry out the business relationship with you, for example:
Archiving, document processing, purchasing / procurement, customer management, accounting, marketing, media technology, website management, space management, controlling, collection, sales of receivables, telephony
Other data recipients can be those bodies for which you have given your consent to the transfer of data.
5. Are data transferred to a third country?
A data transfer to countries outside the EU or the EEA (so-called third countries) only takes place if this is necessary for the execution of your orders (e.g. delivery of goods to a third country) or if you have given us your consent.
6th Which means of communication do we use?
We also use electronic means, for example e-mail or cloud services, to pass on or process personal data in order to achieve the purposes mentioned in section 3.
7. How long will my data be stored?
We process personal data of data subjects as long as this is necessary for the purposes described in section 3. It should be noted that our business relationships are designed for longer periods of time.
If the data are no longer required to fulfill contractual or legal obligations, they will be deleted, unless their further processing is necessary for a limited period of time for the following purposes:
(1) Fulfillment of statutory retention requirements
(2) Preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. Of the German Civil Code, these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
8. What data protection rights do I have?
Every person concerned has the right to information, the right to correction, the right to deletion, the right to restriction of processing, the right to object and the right to data portability. The restrictions according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.
9. Information on your right to object
(1) Right to object to data processing for direct marketing purposes
In individual cases we process your personal data to carry out direct marketing (e.g. newsletters). You have the right to object to the processing of your personal data for marketing purposes of the aforementioned type at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
(2) Individual right of objection
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is carried out to safeguard the legitimate interests of the data controller.
If you object, we will no longer process your personal data unless we can demonstrate compelling, legitimate reasons for further processing that outweigh your rights and freedoms, or in cases where the processing is enforcement, exercising or Serves defense of legal claims. The objection can be made informally and should be made by email or telephone if possible (contact details under section 1).
10. Am I obliged to provide data?
As part of our business relationship, you must provide the personal data that is necessary for the establishment, implementation of a business relationship and the fulfillment of the associated obligations, or which we are legally obliged to collect. Without this data, we are fundamentally not in a position to maintain a business relationship with you or to enter into a business relationship with you, or to process orders. If you do not provide the required data or object to their further processing, we cannot enter into / continue the business relationship or process orders / orders.
11. To what extent is there automated decision-making (including profiling)?
We do not use fully automated decision-making to establish and implement the business relationship, and we do not process your data automatically with the aim of evaluating certain personal aspects (profiling). If we use these procedures in individual cases, we will inform you about this separately, provided this is required by law.
12. Data protection information when accessing our website / making contact using the contact form on the website
(1) Access data / server / log files
When our website is accessed, the provider or the web space provider collects data on each access (so-called server log files). The access data includes: name of the accessed website, file, date, time of access, amount of data transferred, notification of successful access, browser type including browser version, operating system of the user, referrer URL (the previously visited page), IP address.
The provider uses the aforementioned data only for statistical purposes, security and to optimize the offer. However, the provider reserves the right to check the data retrospectively if, based on specific indications, there is a legitimate suspicion of illegal use. Personal data will only be processed by the provider for the purposes mentioned under 3 and in accordance with the provisions of the DSGV.
When contacting us by email (for example using the contact form on the website), the user's data will be processed for the purpose of processing the request / order.
(3) Integration of services and content from third parties
It can happen that third party content such as YouTube, Google Maps, RSS feeds or graphics are integrated from other websites. This assumes that the aforementioned third-party providers can see the IP address of the user. We have no control over whether third-party providers should not only use the IP address to deliver the content, but store it for statistical purposes.
Cookies are small files that make it possible to store specific information related to the device on the access device of the user (PC, smartphone). They serve the user-friendliness of websites and thus the users (for example by storing login data). But they also serve the statistical recording of the website usage (for example to improve the offer). Most browsers have an option that restricts or deactivates the storage of cookies.
(5) Google Analytics
When the cookie anonymization is activated, which is active on this website, the full IP address is usually not transferred to the USA, but shortened beforehand. Users can prevent the storage of cookies by setting their browser software accordingly. In this case, it may not be possible to display all of the contents of this website. Users can also prevent Google from collecting the data generated by cookies and processing it by Google by installing a browser plug-in.