On 25th May 2018, the new General Data Protection Regulation (GDPR) has come into force. This directive takes care that the dealing with personal data becomes safer and more transparent. In the following you get to know, which information are collected and how these are dealt with at the rescue-tec GmbH & Co. KG.
I. Fundamentals to this document
In the following, we would like to point out by a simple quotation in brackets, due to which provision the data processing is legitimate in case the respective procedure leads to processing of personal data.
The abbreviation GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679).
II. Basics of data protection
Subject of the data protection are personal data (hereinafter referred to as data). These are information which refer to an identified or identifiable natural person.
As far as we obtain an approval by the concerned person for processing operations with regard to personal data, Art. 6 (1) a) GDPR is the legal basis for the processing of personal data.
Concerning the processing of personal data necessary for the fulfilment of a contract to which the concerned person is contractual party, Art. 6 (1) b) GDPR is the legal basis. This also applies for processing operations, which are necessary for pre-contractual measures.
As far as a processing of personal data is necessary for the fulfilment of a legal obligation our company is subject to, Art. 6 (1) c) GDPR is the legal basis.
In case vital interests of the concerned person or another natural person require a processing of personal data, Art. 6 (1) d) GDPR is the legal basis.
In case the processing is necessary for safeguarding legitimate interests of our company or a third party, and the interests, fundamental rights and freedoms of the concerned person does not override the aforesaid interest, Art. 6 (1) f) GDPR is the legal basis for the processing.
The personal data of the concerned person will be erased or blocked, as soon as the purpose of the storage lapses. Furthermore, a storage may occur when required by the European or national legislator in regulations, statutes or other provisions in Union legislation, to which the responsible is subjected. Blocking or erasure of data will be carried out as well in case of expiry of a storage period determined by the said provision, unless the maintenance of storage is necessary for the purpose of a contract conclusion or fulfilment of a contract.
III. Visiting our website
1. Servers operated by us
In case of visiting our website, we obtain your complete IP-address by your EDP. Only with such IP-address we are able to transfer the data of our website to you in order that the website is shown to you (Art. 6 para. 1 b and f GDPR). The temporary storage of the IP-address by the system is necessary to make a transfer of the website to your computer possible. It may be necessary to store your IP-address for the duration of the session. Since you have requested the website, this is a matter of mutual legitimate interest. We have to transmit your IP address to the internet providers in order to make the website data being transmitted to you.
There is no option for filing an objection, because these procedures are essential for the operation of the website. In case you want to raise objections, please do not visit our website.
By requests of the website the rescue-tec GmbH & Co. KG obtains usage data, which are stored for the purpose of security and may allow for an identification (e. g. date, time of day and viewed pages). Rescue-tec GmbH & Co. KG analyses these data in order to get to know about user habits and produce statistics (Art. 6 (1) f GDPR). Our legitimate interest is the optimization of our offer and sales promotion. There will be no personalized exploitation. The statistical evaluation of anonymized datasets remains reserved.
2. Servers operated by others
This website uses etracker technology (www.etracker.com) to collect and store data for marketing and optimization purposes. Anonymised usage profiles can be generated from these data. Cookies may be used for this purpose. Cookies are small text files which are stored locally in the browser storage of a website visitor. They enable the recognition of the browser on subsequent visits. The data collected with etracker technology will not be be used to identify a visitor of the website and will not be aggregated with personal data without the explicit consent of the visitor.The collection and storage of data may be refused by a visitor at any time, at which point no further data will be collected.
IV. Data processing at registration and order
1. Signing up for the shop
When signing up for our shop, we will collect the following data from you in order to provide a customer account for orders (Art. 6 (1) b GDPR) and to transmit advertising to you (Art. 6 (1) b, f GDPR):
- First name, last name
- Zip Code, place
- E-mail address
- Name 2: (e.g. authority / organization)
- Name 3: (e.g. department / addition)
- Value added tax identification number
- Phone / fax / mobile
These data will be stored the entire time, as long as you maintain the registration, as well as beyond it for such time determined by the law and for the period of time we could need the data due to possible disputes with you. The legal basis is Art. 6 (1) b), f) GDPR. Our legitimate interest is the provability of events.
We will also use your data from the registration in order to transmit advertising to you e.g. in form of our equipment manual on the mailing route.
You may object to the further usage of your data at any time by notice to us. After receipt of your objection we will cease the further transmission of advertisements, including our equipment manual, without undue delay.
When you do not agree with providing the mandatory details, we cannot accept your registration request and cannot enter into a corresponding contract with you. Then you are not able to order anything from us.
For implementation of a first order, we need at least the further following data in order to be able to conclude and implement the contract (Art. 6 (1) b) GDPR):
Mandatory details for an order
- Name (preferably first name, last name)
- Zip code, place
Further details concerning the address
- Deviating address for delivery
- E-mail address
- VAT number
- Bank details
- Personal remarks about the order
We store these data together with the data about the products ordered by you, the point of time of the order, the data concerning your payment (method of payment, as the case may be the account, paid amounts, time specification, which we obtain from your bank), data of commissioning (place, ID number, time specification), data about dispatch and receipt (shipping providers, parcel number, time specifications about the parcel).
In case you execute rights for withdrawal, exchange goods or assert warranty claims, we store further data therefore, such as your dispatch (shipping provider, parcel number, time specifications with regard to the parcel), receipt at our place (place, ID number, time specification), condition of the goods as well as – as the case may be – data of the further shipping to you, as indicated in the paragraph before concerning the order.
We store these data in order to be able to execute and enforce the contract with you, to have evidence for the steps leading to the execution of the contract, to be able to offer you a history of order, to fulfil legal duties, to transmit the data to third parties to the extent described in the following and to the purpose of evaluation as already described above for being able to provide you an optimized user experience (Art. 6 (1) b), c), f) GDPR). Our legitimate interest is the preservation of evidence, increase of customer satisfaction, optimization of offers and sales promotion.
We store your data according to the legal retention obligation, currently 10 years.
These data we will transmit to third parties for execution of the orders:
- Payment data to our payment service provider, who possibly have to transmit the data to further banks, e.g. for being able to collect receivables by direct debits at your bank
- Shipping data to the shipping and parcel service provider; may be also to our upstream suppliers, in case they will deliver the goods directly to you (drop shipment)
- Data of order to a collection service provider, lawyers and courts in case disputes occur with respect to the order respectively the payment
3. Credit assessment in the order procedure
Our company regularly assesses your creditworthiness in case of contract conclusion and in certain cases, in which a legitimate interest is given, also concerning established customers. Therefore, we work together with the Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany, from whom we obtain the data needed therefore. On behalf of Creditreform Boniversum, we inform you already in advance according to Art. 14 GDPR:
The Creditreform Boniversum GmbH is a consumer credit agency. It operates a database, in which information concerning the creditworthiness of private persons are stored. On this basis, Creditreform Boniversum provides information concerning the creditworthiness to their customers. Among these customers, there are e. g. credit institutions, leasing companies, insurance companies, telecommunication companies, companies of receivables management, mail order companies, wholesale companies and retail companies as well as other companies, which provide services or deliver goods. In the frame of the legal provisions, a part of the data available in the information database are also used for supply to other company databases, inter alia for usage for address trade purposes.
In the database of Creditreform Boniversum, especially information concerning the name, the address, the date of birth, as the case may be the e-mail address, payment behavior and ownership structures of persons are stored. The purpose of processing the stored data is providing information about the creditworthiness of the person in question. Legal basis for the processing is Art. 6 (1) f GDPR. Pursuant to this, information about these data must only be provided in case a customer credibly demonstrates a legitimate interest. As far as data are transmitted to countries outside of the EU, this takes place on the basis of the so called “standard contract clauses”, which you may see under the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32001D0497&from=EN
or may ask to be sent to you from there.
The data will be stored as long as the knowledge about them is necessary for the fulfilment of the purpose of their storage. Principally, the knowledge is necessary initially for 3 years. After expiry, it will be assessed whether a storage is further on necessary, otherwise the data will be erased exactly to the date. In case of completion of issues, the dates will be erased 3 years after completion exactly to the date. Entries in the record of debtors will be erased after 3 years from the day of the order of entry exactly to the date pursuant to § 882e ZPO (= German Code of civil procedure).
Legitimate interests in the meaning of Art. 6 (1) f GDPR may be: credit decisions, establishing business, shareholding structures, claim, assessment of creditworthiness, insurance contract, enforcement disclosure.
You have the right to receive information from Creditreform Boniversum GmbH about the data stored there and concerning you. As far as the data concerning you and stored there are inaccurate, you have the right to rectification or erasure. In case it cannot be found out whether the data are correct or inaccurate, you have the right to blocking the data until verification. In case your data is incomplete, you may claim for completion of them.
As far as you have consented to the processing of the data stored at the Creditreform Boniversum, you have the right to revoke your consent at any time. The revocation does not affect the legality of the processing of data implemented due to the consent until its revocation.
In case you have objections, wishes or complaints with reference to data protection, you may approach the data protection officer of the Creditreform Boniversum at any time. He will support you in all questions of data protection quickly and trustfully. You may also complain about the processing of data by Boniversum at the state representative for data protection, competent in your federal state.
The data which Creditreform Boniversum has stored about you, are taken out of publicly accessible sources, from collection agencies and their customers.
In order to describe your creditworthiness, Creditreform Boniversum creates a score value to your data. This score value is founded on data concerning your age and sex, address and partially data of payment experience. These data are variously measured in the score value calculation. The customers of Creditreform Boniversum use the score values as tool assisting the implementation of own credit decisions.
Right to objection:
The processing of the data stored at the Creditreform Boniversum takes place due to mandatory grounds worth being protected, which regularly override your interests, rights and freedoms or serves the assertion, execution or defense of legal rights. You may object to the processing of your data towards the Creditreform Boniversum only in special situations which happen to you and have to be proved. In case such special grounds are verifiably established, the data will not be processed there any further. In case you object to processing your data for reasons of marketing and advertising, the data will not be processed for these purposes any longer.
Responsible in the meaning of Art. 4 No. 7 GDPR is Creditreform Boniversum GmbH, Hellersbergstr. 11, D-41460 Neuss. Your contact person in our company is the Consumer Service, Tel.: 02131 36845560, Fax: 02131 36845570, e-mail: firstname.lastname@example.org. You may contact the data protection officer in charge under the following contact data: Creditreform Boniversum GmbH, Datenschutzbeauftragter, Hellersbergstr. 11, D-41460 Neuss, e-mail: email@example.com.
4. Transmission of negative data and scoring
We point out that we transmit data about out-of-court respectively court recovery measures in case of overdue receivables to the Creditreform Limburg Schmitt KG, Pariser Str. 2, D-65552 Limburg (Art. 6 (1) f) GDPR). Our legitimate interest is the maintenance of a creditworthiness information system in favor of all companies linked to the Creditreform. As far as such data are collected out of other contractual relationships at Creditreform, we may obtain information thereabout, as well (Art. 6 (1) f) GDPR). Our legitimate interest is the avoidance of enforcement measures against debtors known to be unable to pay. The aforementioned transmissions of data must take place only as far as it is admissible after consideration of all affected interests. When providing information, Creditreform may in addition provide their contractual partners with a value of likelihood concerning the assessment of credit risk, calculated out of their data pool (Score procedure). Further information you may see above in the paragraph “further usage of data in the order procedure” as well as under www.creditreform.de.
When voluntarily using our guestbook function, you have to enter your name and your e-mail address as well as your assessment. For the name, you may also use a pseudonym.
We process and store your entries unlimited in time, in order to show it (except of the e-mail address) on the website in our guestbook (Art. 6 (1) b, f GDPR). Our legitimate interest is the information of website visitors concerning our performances.
You may later object to the storage and publication at any time.
VI. Cookies at the visit of our website
During an online session, text information is collected in cookies and put on the hard disc of the user in a special file in ASCII-format (cookie.txt). The www-browser of the user controls where the cookie is stored at the user. Cookies are information, which will be sent back to the server at the next online visit. It can only be read by the server which has put it down before.
We divide cookies into the following categories:
Type A – Indispensable cookies
These cookies are mandatory for correct work of websites and their function. Without such cookies the user specific functions described below cannot be provided.
Type B – Function cookies
These cookies enable the improvement of comfort and performance of websites and providing various functions. For instance, information for identifying your shopping cart or your comparison list can be stored in function cookies.
Type C – Performance cookies
These cookies collect information about how you use websites. Performance cookies e. g. provide us assistance in identifying particularly popular areas of our internet offers. Thereby we are able to adjust the contents of our website more aimed on your needs and thereby improve our offer for you. Some of the information collected with these cookies are non-personal, others are personal. Further information concerning the collection and evaluation of information is provided in other paragraphs of our data protection declaration.
||Beschreibung, welchen Zweck das Cookie hat
Duration of session
|Serves for authentication of the session. The XTCsid is a value generated by chance which is used by the server in order to clearly identify the session of the user.
Duration of session
|Contains Base64-coded data of the current visitor session (referrer, number of pages, number of seconds since commencement of the session), used for purposes of personalization.
|Cookie-identification, eTracker analytics.
|Identification whether the depth of scrolling is measured at the visitor. More information
Most browsers automatically accept cookies. You may prevent the storage of cookies on your device by choosing the browser setting “accept no cookies”. Cookies already stored on your device, you may erase at any time. For the most common PC/notebook-browsers you may find the procedure under the following Links:
MOZILLA FIREFOX, GOOGLE CHROME, MICROSOFT INTERNET EXPLORER, APPLE SAFARI
Please see the instructions of your browser respectively the producer of your device to find out about how erasure of cookies work on your mobile device.
VII. E-mail newsletter
When you sign on to our newsletter, we use the data necessary therefore and having been provided by you separately, in order to supply our newsletter periodically to you (Art. 6 (1) b, f GDPR). Without your e-mail address we cannot enter into an agreement with you about the e-mail newsletter. Our legitimate interest is the demonstration of our offer towards you.
Concerning e-mail newsletter, after signing on an assessment is implemented without undue delay whether the recipient of the e-mail actually wishes to be supplied with information via e-mail under the noticed e-mail address. In the e-mail sent therefore, the recipient has to click on a link for confirmation, which is differed from other confirmation links by a reference information and is therefore personal. Therefore, the reference information is stored additionally to your personal data and serves for the investigation, which registration for newsletter has been confirmed to what time (Art. 6 (1)b), c), f) GDPR). Our legitimate interest is the avoidance of newsletter supply to persons who do not want to receive the newsletter. The storage will be maintained as long as you receive the newsletter plus that time, in which we could need the data for evidence of having been allowed to supply the newsletter, e.g. expiry of limitation period for possible claims.
a) Cancellation of e-mail newsletter
You may cancel the newsletter (objection) at any time either via a message to the contact option described below or via a link dedicated for that in the e-mail newsletter or, when you are registered in the online-shop with your e-mail address, on our website after login under YOUR ACCOUNT.
b) Usage of data for e-mail advertising without newsletter registration and your right to object
In case we have obtained your e-mail address in context to the sale of a product or a service and you have not objected, we reserve the right to send regularly offers for similar products like the already purchased out of our assortment (Art. 6 (1) a), b), f) GDPR, § 7 para. 3 Gesetz gegen den unlauteren Wettbewerb (= Unfair competition Act). Our legitimate interest is to initiate purchase contracts with you again.
You may object against this use of your e-mail address at any time via a message to the contact option described below or via a link dedicated for that in the e-mail newsletter without causing other costs than those for transmitting according to the basis tariffs.
VIII. Transmission of personal data to third parties
For other purposes the rescue-tec GmbH & Co. KG will not transmit your data to third parties except you explicitly consent thereto.
The rescue-tec GmbH & Co. KG stores your data on especially protected servers in Germany. Access to them is possible only for a few persons, being authorized by the rescue-tec GmbH & Co. KG and take in charge the technical, commercial or editorial maintenance of the servers.
X. Your rights to information, correction, blocking, deletion, completion, restriction and data portability
You obtain without giving reasons information free of charge about your personal data stored at us. Within the frame of your rights according to the law you may make us block, correct or erase the personal data stored at us.
Furthermore, you have the right to demand completion of incomplete data and in the cases regulated by the law to demand restriction of the processing. Then you also have the right for data portability as far as we have determined Art. 6 para. 1 a or b GDPR in this declaration and the processing is implemented by automated process.
We explain your rights in particular as follows:
1. Right to information
You are entitled to require a confirmation by the controller about whether personal data concerning you are processed by us. In case such processing occurs, you may require from the responsible person the following information:
(1) The purpose of processing the personal data;
(2) The categories of personal data being processed;
(3) The receiver respectively the categories of receivers, towards which the personal data concerning you have been disclosed or will be disclosed;
(4) The intended duration of the storage of the personal data concerning you or, in case specific information about it are not possible, criteria for determination of storage duration;
(5) The existence of a right to rectification or erasure of personal data concerning you, of a right for restriction of processing by the controller or of a right to raise objections against the processing;
(6) The existence of the right of appeal at a supervisory authority;
(7) All available information about the origin of the data, in case the personal data have not been collected from the affected person;
(8) The existence of automated decision-making including profiling according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the aspired affection of such processing for the affected person.
You are entitled to claim information about whether the personal data concerning you are transmitted in a third county or to an international organization. In this context you may claim becoming informed about appropriate safeguards according to Art. 46 GDPR in context with the transmission.
2. Right to rectification
You shall have the right to obtain from the controller the rectification and/or completion, as far as the processed personal data concerning you are inaccurate or incomplete. The controller shall implement the rectification without undue delay.
3. Right to restriction of processing
Under the following conditions you may demand restriction of the processing of the personal data concerning you:
(1) When you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) The controller no longer needs the personal data for the purpose of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
(4) You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where the processing of the personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. In case you have obtained restriction of processing according to the conditions above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase
You shall have the right to obtain from the controller the erasure of the personal data concerning you without undue delay, and the controller shall have the obligation to erase such data without undue delay in case one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
b) Information to third parties
In case the controller has disclosed personal data concerning you and is obliged to erasure of such data pursuant to Art. 17 para. 1 GDPR, he shall implement appropriate measures, taking into account the available technology and implementation costs, also of technical kind, in order to inform such persons responsible for the data processing, that you as concerned person have claimed from them to erase all links to these personal data or of copies or replications of these personal data.
The right to erasure shall not apply to the extent that processing is necessary
(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of authority vested in the controller;
(3) For reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and lit. i as well as Art. 9 para. 3 GDPR;
(4) For achieving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise or defence of legal claims.
5. Right to notification
In case you have asserted the claim to rectification, erasure or restriction of procession to the controller, the controller shall communicate these rectification or erasure or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform you on request about those recipients.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) The processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR; and
(2) The processing is carried out by automated means.
In exercising your right to data portability, you furthermore shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected hereby.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. General information about your right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.
We shall no longer process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or serve the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You shall have the right to revoke your declaration of consent under data protection law at any time. The revocation shall not affect the legitimacy of processing carried out on the basis of the consent until its revocation.
9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply, if the decision
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or lit. g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in paragraph (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
XI. Links to other websites
The websites of the rescue-tec GmbH & Co. KG contain, as the case may be, links to other websites. The rescue-tec GmbH & Co. KG has no influence on the editorial content of foreign websites and on the issue whether the operator of it complies with the provisions of data protection.
XII. Data protection officer
If you have questions concerning data protection, please contact our data protection officer.
Data protection officer of rescue-tec
In case of complaints concerning data protection, you may approach our data protection officer or address the supervisory authority. Notwithstanding any other administrative or judicial remedy you may have, you shall have such right for complaint at a supervisory authority, especially in the Member State of your residence, your place of work or at the place of the alleged violation, when you are of the opinion that the processing of personal data concerning you would violate the GDPR. The supervisory authority to which the complaint is addressed will inform the complainant about the status and the results of the complaint including the option of a judicial remedy pursuant to Art. 78 GDPR.
XIV. Responsible authority
The responsible authority is the operator of this website according to the imprint.
The data protection declaration is currently valid and is dated 25th May 2018.
Due to the further development of our website or the implementation of new technologies it may become necessary to change the data protection declaration. We reserve to change the data protection declaration at any time with effect for the future. We recommend to read the current data protection declaration from time to time again.