data protection

Data protection

 

1. General information

1.1 Objectives and responsibility

  1. This privacy policy informs you about the type, scope and purpose of the processing of personal data in relation to our online offering rembe-grounding.com/ and the associated websites, functions and content (hereinafter jointly referred to as "online offering" or "website").
  2. The provider of the online offer and responsible for data protection is REMBE® GmbH Safety + Control (Gallbergweg 21‎, 59929 Brilon, Germany) - hereinafter referred to as "provider", "we" or "us".
  3. Our data protection officer is: Sven Meyzis - IT.DS Consulting (Telephone: 0049 40-21091514 / Email: meyzis@itdsb.de).
  4. The term “user” includes all customers and visitors to the online offering.

1.2 Legal basis

Generally, we collect and process personal data based on the following legal bases:

  1. Consent in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation (GDPR). Consent is any voluntary, specific, informed and unambiguous expression of will in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.
  2. Necessity for the performance of the contract or for carrying out preparatory measures in accordance with Article 6 paragraph 1 letter b of the GDPR, i.e. the data is necessary so that we can fulfil our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
  3. Processing to fulfill a legal obligation pursuant to Article 6 paragraph 1 letter c GDPR, i.e., for example, if processing of the data is required by law or other regulations.
  4. Processing to safeguard legitimate interests pursuant to Article 6 paragraph 1 letter f of GDPR, i.e. that processing is necessary to safeguard the legitimate interests of ours or those of third parties, unless the interests or fundamental rights and freedoms of yours which require protection of personal data prevail.

The specific legal bases for each processing operation are set out in the following sections.

1.3 Rights of data subjects

You have the following rights with regard to data processing by us:

  1. Right to lodge a complaint with a supervisory authority pursuant to Article 13 paragraph 2 letter d) GDPR and Article 14 paragraph 2 letter e) GDPR
  2. Right to information according to Article 15 GDPR
  3. Right to rectification pursuant to Article 16 GDPR
  4. Right to erasure (“right to be forgotten”) according to Article 17 GDPR
  5. Right to restriction of processing pursuant to Article 18 GDPR
  6. Right to data portability according to Article 20 GDPR
  7. Right to object according to Article 21 GDPR

Note: Users can object to the processing of their personal data in accordance with the statutory provisions at any time with effect for the future. The objection can be made in particular against processing for direct marketing purposes.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

1.4 Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

1.5 Security of processing

  1. We have implemented appropriate technical and organizational security measures (TOMs) that correspond to the state of the art. This protects the data we process from accidental or intentional manipulation, loss, destruction and unauthorized access.
  2. The security measures include in particular the encrypted transmission of data between your browser and our server.

1.6 Data transfer to third parties, subcontractors and third-party providers

  1. Personal data will only be transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for billing purposes or for other purposes if the transfer is necessary to fulfill contractual obligations to the user.
  2. If we use subcontractors for our online offering, we have taken appropriate contractual precautions and appropriate technical and organizational measures with these companies.
  3. If we use content, tools or other resources from other companies (hereinafter referred to jointly as " third-party providers ") and their registered office is in a third country, it can be assumed that data will be transferred to the countries in which the third-party providers are based. We only transfer personal data to third countries if there is an appropriate level of data protection, the consent of the user or other legal permission.

2 Processing within the scope of our online offering

2.1 Requests for quotation

  1. Our webshop uses the Shopify platform, which is developed and operated by Shopify Inc. (1266 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5) (hereinafter "Shopify"). We have concluded a data protection agreement with Shopify. We have also chosen the "Hosting in the EU" option.
  2. We currently use Shopify exclusively to record requests for quotes and for you to contact us. Therefore, the data you enter in the inquiry form or contact form is not currently stored in Shopify. Shopify simply sends the data provided by email to our customer service representatives. You will receive a copy of the email. Details on sending emails can be found in section 4.
  3. The use of Shopify is based on the balancing of interests in accordance with Article 6 paragraph 1 letter f of the GDPR.

Our legitimate interests lie in being able to sell our products online quickly, easily and securely. We also want to make it easier for you to use our webshop and make your visit more attractive. With the help of Shopify, we learn how our webshop is used and can therefore continually optimize our offering and better tailor it to your needs and interests.

When you visit our webshop, you will be informed about the storage of cookies by Shopify on your device via a cookie notice. You can find further details in Section 3 "Cookie Policy".

  1. For more information, please see Shopify’s privacy policy at: https://www.shopify.com/legal/privacy
  2. Shopify loads additional external services, including:

Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall). The data transfer between your browser and our servers flows through Cloudflare's infrastructure and is analyzed there to ward off attacks. Cloudflare uses cookies to enable you to access our website. Cloudflare is used in the interest of secure use of our website and to ward off harmful attacks from outside. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

The CDN server is located in Canada.

For more information, see the Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy .

  1. Other services within Shopify include:
  2. Shopify CDN
  3. Shopify Cloud
  4. Google Fonts
  5. “G:Request a Quote” for providing shopping cart functionality.

2.2 Consent management

  1. This website uses Avada's cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection regulations. The provider of this technology is AVADA Commerce, Pte. Ltd. (headquarters: 1 Sophia Rd, Peace Centre, Singapore, 228149, website: https://avada.io/) - hereinafter "Avada".
  2. When you enter our website, the following personal data is transferred to Avada:
  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website
  1. Furthermore, Avada stores a cookie in your browser in order to be able to assign the consent granted or its revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Avada cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.
  2. Avada is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 Clause 1 Letter c of GDPR.

2.3 Live Chat

  1. It is possible for you to chat live with our customer service representatives. For this purpose, we use the third-party provider Social Intents, LLC., 4880 Lower Roswell Rd, Suite 165-112, Marietta, GA 30068 (USA). The live chat functionality uses artificial intelligence (ChatGPT). If you do not want the resulting data processing, you can alternatively contact us by phone or email.
  2. When you use our live chat, the following information will be processed:
  • E-mail address
  • Telephone number
  • Surname
  • Text messages
  • Date and time of your last activity
  1. Cookies are also used to operate the chat function. The cookies enable the recognition of the visitor's Internet browser in order to distinguish between individual users of the chat function on our website. To avoid cookies being stored, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies can mean that the chat function on our website can no longer be used.
  2. If the information collected when using our live chat system is personally identifiable (e.g. chat name, email address or chat content), the processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.
  3. The processing of your IP address as well as the date and time of your contact serves to prevent misuse of the chat function and to ensure the security of our information technology systems. This is the necessary legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f) GDPR.
  4. If you contact us via the chat function in connection with the use of our web shop and the answer to your request serves to initiate a contract with us, the processing will be carried out in accordance with Art. 6 Para. 1 lit. b) GDPR for the purpose of carrying out pre-contractual measures.
  5. In addition, we have a legitimate interest pursuant to Art. 6 (1) (f) GDPR in integrating such functionality via a third-party provider in order to be able to offer comprehensive and fast customer support.
  6. Further information about Social Intents and their privacy policy can be found via the following links: https://help.socialintents.com/article/83-whats-social-intents-eu-gdpr-compliance and https://www.socialintents.com/privacy.html

2.4 Sending emails

  1. We use Google services to send emails. The legal basis is our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
  2. The emails sent contain your personal data and product information. The emails are automatically deleted from Google after 30 days.
  3. Further information about the service provider Google can be found at https://policies.google.com/privacy?hl=de&gl=DE and at https://policies.google.com/terms?hl=de&gl=DE

2.5 Content Delivery Network

  1. Our website uses a content delivery network ("CDN") of the technology service provider BunnyWay doo (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia / website: https://bunny.net) - hereinafter "Bunny".
  2. A CDN is an online service that is used to deliver static website data through a network of servers distributed worldwide and connected via the Internet. This essentially involves your IP address and the data from your browser in order to be able to transmit the website data to you. The purpose of the processing is to optimize the loading speeds of our online presence.
  3. Legal basis and legitimate interests: The processing is carried out on the basis of our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the speed, security and stability of our online presence by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services.
  4. For more information about privacy at Bunny, please visit https://bunny.net/privacy

2.6 Links to other websites

  1. While using some of our services, you will automatically be redirected to other websites.
  2. Please note that this privacy statement does not apply there. The privacy statement of the linked website may differ significantly from this one.

3 Cookie Policy

3.1 General information

  1. Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
  2. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

3.2 Cookie overview, objection

  1. A current overview of the cookies used on this website can be found in the consent management platform "Avada" (see paragraph 3 "Consent management").
  2. You can also manage your individual consents and preferences there.

4 Changes to the privacy policy

  1. We reserve the right to change this privacy policy in order to adapt it to changes in the law or to changes in data processing.
  2. If the consent of the users is required or if parts of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
  3. Users are asked to regularly inform themselves about the contents of this privacy policy.

Status: May 2024