Privacy


In the following, we will inform you about the nature, scope and purpose of the collection and use of personal data on our website. In terms of content, we are guided by the EU General Data Protection Regulation (GDPR), because the data protection provisions of the German Telemedia Act (TMG) are unlikely to be applicable from 25.05.2018.

General data protection notices

The company responsible for this website (and the general contact details) can be found in our imprint.

Would you like to contact our data protection officer specifically? Then write him an email to datenschutzbeauftragter.rheingold-gmbh@securedataservice.de. You can also reach Mr. Nicholas Vollmer by phone (+49 (0)2166 / 96523-30) or by post (Priorstra. 63, D-41189 Mönchengladbach). Your request will be treated confidentially.
Our data protection officer is not responsible for ensuring that their specific concerns are met (information, etc.); rather, it is at your disposal for confidential questions and general legal matters.

You have the right to complain to the competent data protection supervisory authority in accordance with Article 77 GDPR. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf, GERMANY, Tel. +49 (0)211 / 38424-0, www.ldi.nrw.de.

You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Of course, you have numerous personal rights that we would like to fulfill:

Information

We comply with the obligation to provide information in the data protection declaration available here.
Correction
You can request a correction of incorrect data.
Deletion
You can request the deletion of your data, unless the numerous exceptions to the GDPR do not apply.
Restriction of processing
You can request that your data is no longer actively used (e.g. if you doubt the accuracy of the data).
Right to object to our “legitimate interests”
If, in your individual case, there are overriding interests that outweigh our operational interests, you may object to the processing. In many cases, this can be done via an opt-out.
Data portability
If you actively provide data and the legal basis for the processing of the (a) your consent or (b) our contractual relationship, you may request that we provide you with this data in electronic form.

Retrieving information from the website

As part of the normal “surfing” on our website, the following data are collected and used in your sense for the delivery of websites:

Date and time (Here we can make a time assignment and use this to locate e.g. technical problems.
IP address (The collection of the IP address is necessary for the web server to send you the desired data.)
The requested data (Which file do you request? What subdirectory is it in?)
The port through which you request the data (this information is automatically sent by your browser. This port will give you the web page you want.)
The referring website (Some browsers also send the URL of the previously used web page each time they are retrieved.)
Name of the browser you use to browse the Internet (this information is automatically sent by your browser. We may use this information to make the content visually optimal. Your browser may also send other information, e.g. about installed programs)
The status of the retrieval (Here we can see if the desired website exists and could be successfully delivered to you.)
Miscellaneous: For the sake of completeness, it should be mentioned that your browser may send additional data to our web server (name of browser, screen resolution, etc.). Of course, we have no influence on this.

The data described above is stored in the Web server’s memory for a fraction of a second. This process is technically absolutely necessary to make a website available, so we have a “legitimate interest” within the meaning of Article 6 (1f) GDPR. The web server is located at a European operator.

Due to the nature of the Internet, this data is necessarily processed on a large number of servers until your request arrives on our web server; therefore, it is also possible to collect and use it in “third countries” (e.g. the USA). Our company has no influence on this process.

Our website works internally SSL-encrypted. In this respect, the operators of worldwide web servers have no insight into the transported content.

The above data is additionally stored in the form of log files for a limited time in order to be able to analyze possible technical problems (or hacker attacks). We keep these log files for 5 days. If there are no problems (or hacker attacks), no one looks into these files. These log files are important to prove criminal conduct to law enforcement agencies; in this respect, we have a ‘legitimate interest’ within the meaning of Article 6 (1f) GDPR.

Contact

Using the contact form, you can request information quickly and without red tape. Please understand that we request your specific contact details; Experience has shown that we can only provide you with specific information.

The collection of data in this regard is based on our “legitimate interest” within the meaning of Article 6 (1f) GDPR, because a smooth contact favors our business purposes. If a contractual relationship were to arise from the contact form, the (pre-)contractual performance of tasks within the meaning of Article 6 (1b) GDPR should also be mentioned as the legal basis. If you do not want to provide us with this data in the contact form, please contact us by phone.

(To be mentioned in passing: The previously existing obligation to give consent to the contact form does not exist (more) because the underlying section 12 para. 1 TMG is no longer applicable).

The entry of your data into the contact form takes place SSL-encrypted and is therefore confidential. However, the data of the contact form will be forwarded unencrypted by e-mail to our company. In this respect, no confidentiality is guaranteed as a whole. However, if full confidentiality is important to you, please send us an e-mail (our email server supports TLS encryption, if YOUR email server supports it as well).

After the e-mail with the contact form data is sent, no data remains on the Web server.

If you wish to delete the resulting e-mail, please let us know. Unless there are any important reasons (e.g. laws), we will be happy to respond to your request.

Cookies

Cookies are small text files that are stored on your hard drive by your browser. This is useful for a variety of purposes in order to adapt a website to the users.

Turning off and deleting cookies is an important issue. A general guide can be found here. We also recommend the website www.youronlinechoices.com.

There are different types of cookies in terms of storage time and access rights:

a) Own cookies with short duration (“session cookies”)

These cookies are not critical under data protection law and are usually used for the pure design of our own website. The legal basis is our “legitimate interest” within the meaning of Article 6 (1f) GDPR. These cookies are deleted as soon as you close the browser. In particular, these are:

We do not use such cookies.

b) Own cookies with a longer term

These cookies allow us to recognize your browser in the long term. This allows us to customize the content “tomorrow” or “next” week.

We do not use such cookies.

d) Third-party long-term cookies

These cookies are readable and writable by ourselves and also by other websites. This means that other services can also access this data. This is particularly interesting for adapted advertising and for the connection to “social networks”.

Google Analytics

As part of the pseudonymised user profiles of our website, cookies are set by Google. This is only for our internal evaluation (see below).

DoubleClick.net (Google Group)
We consider it to be our legitimate interest within the meaning of Article 6 (1f) GDPR that your visit to our website will result in you seeing advertising from us in the Google advertising network. This is done within Google’s DoubleClick advertising network. Concrete information and shutdown options can be found here

Google writes: We use cookies to make ads more appealing to users and more valuable to publishers and advertisers. Cookies are usually used to select user-relevant ads, improve campaign performance reporting, or avoid a user seeing the same ads multiple times. Google uses cookies such as the NID and SID cookies to customize advertisements in Google products such as Google Search. For example, we use such cookies to track your latest searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. In this way, we can display customized advertising on Google. We also use cookies for advertisements that we display in various places on the web.
The most important ad preset cookie for websites that are not owned by Google is called “IDE”. It is stored for two years and can be used by other Google websites to display appropriate advertisements. Google accesses this cookie from servers around the world. This cookie is not assigned to you and is not sold to third parties (says Google).

Statistical analysis of the use of our website (Google Analytics)

It is of great economic importance for our company that we can statistically evaluate the use of our website by our visitors. We are not interested in evaluating the behaviour of an individual. Rather, it is about overarching statistical aspects: on which side do visitors “enter” our site? How many clicks does an average visitor make?

You may have heard about the position paper of the German Data Protection Conference, where the topic of “consent” in connection with “tracking mechanisms and user profiles” is also briefly mentioned in paragraph 9.

As far as we understand (and not just ours), the above position paper does not mean that we need to obtain consent for our internal website usage statistics. We share the view of the Article 29 Working Group in Working Paper-194 (in Chapter 4.3 on page 10) that there is no risk to your rights and freedoms if you proceed carefully. In the above DSK position paper, the supervisory authorities have also explicitly endorsed this European understanding of the law.

Rest assured that these statistics are not, as a result, in any form personal. These statistics are of great importance to our company and we see them as a legitimate interest within the meaning of Article 6 (1f) GDPR; if you would like to object to this, we will of course be happy to offer you an opt-out option.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”),1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Detailed information can be found here.

Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity and other services relating to website activity and internet usage. to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by using the browser plug-in available at the following link. download and install: http://tools.google.com/dlpage/gaoptout?hl=de.

Google Maps

We offer you a convenient way to plan your journey to our company. For this purpose, we use an API of the map service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. As soon as you visit this page, your IP address will be sent to Google. This is an American company; data is sent to non-European countries (Google participates in the EU-US PrivacyShield). If you enter your own data in this card (e.g. your own place of residence), this data will also be transmitted. Google provides information here. We see this service as a “legitimate interest” within the meaning of Article 6 (1f) GDPR.

Newsletter

With the following information we inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedure as well as your objection rights. By subscribing to our newsletter, you agree to the reception and the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically defined in the context of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.

Double-opt-in and logging: The registration for our newsletter takes place in a so-called double-opt-in procedure. That is, After registration, you will receive an e-mail requesting confirmation of your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the login and confirmation date, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.

The sending of the newsletter and the associated success measurement are based on the consent of the recipients in accordance with Art. 6 Abs. 1 lit. a, Art. 7 GDPR in accordance withSection 7 para. 2 No. 3 UWG or on the basis of the legal authorisation in accordance with Section 7 para. 3 UWG.

The registration procedure is logged on the basis of our legitimate interests in accordance with the Art. 6 Abs. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users and also allows us to prove consent.

Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store the e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

Newsletter – Mailchimp

The newsletters are sent via the mailing service provider “MailChimp”, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus provides a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is based on our legitimate interests in accordance with Art. 6 Abs. 1 lit. f GDPR and an order processing contract in accordance with Art. 28 Abs. 3 p. 1 GDPR.

The shipping service provider may use the data of the recipients in a pseudonymous form, i.e. without assignment to a user, for the optimization or improvement of its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write it down or to pass the data on to third parties.

Newsletter – Measure of success

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved from its server when the newsletter is opened from our server or if we use a mail order service provider. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.

This information is used to improve the technical quality of the services based on the technical data or the target groups and their reading behaviour based on the locations (which can be determined by means of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

We hereby provide you with all information about the data processing of our company.
This covers the corresponding obligations under Articles 13, 13a 14, 15, 26 and 30 of the GDPR.

Training/seminars/further education

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Winning, tying and training employees and interested parties

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing permissible?- Employment relationship (Section 26 BDSG)
Treaty (according to Article 6 (1b) GDPR)
Explanation of the majority of legal bases:
Affected data categories under the contract: name, training data, contact details (name, tel, e-mail, address, …), bank and/or credit card details, receipts
The following data categories are attributable to the employee’s relationship: name, training data, contact details (name, tel, e-mail, address, …)

Are there legal or contractual requirements? What would follow if you didn’t provide your data? (See Article 13 (2e) GDPR)
Without the data, the contract with the customers cannot be fulfilled.

Who are the authorized recipients (both internal and external)?
Human Resources Department; Academy; File destruction service providers; Employee training by external companies

When will the data be deleted?
10 years after survey (within the academy)
2 years from the survey (as part of the Academy Information Event)
5 years from the survey (in the context of employee training)

What categories of data are processed?
Name, training data
Bank and/or credit card details
Documents (invoices, credit memos, reminders, travel expenses …)
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Study participants
Interested in training at the Academy
Employees

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Accounting

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Performing operational accounting (handling of incoming and outgoing invoices. Audit. Dunning. Assignment. Preparation of monthly and annual financial statements. transfers)

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de
What is the legal basis? Why is this processing allowed? Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR) Employment relationship (Section 26 BDSG)

Explanation of the majority of legal bases:
In the employment relationship, the following categories of data are affected: payroll data, contact details. All other categories of data are of legitimate interest.

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Right to profit, work and cost efficiency

Who are the authorized recipients (both internal and external)?
Accounting; External service providers / support staff / technicians; External accounting; Service provider for accounting and payroll; Bank

When will the data be deleted?
10 years after the end of the calendar year (according to Section 147 (3) of the Tax Code)

What categories of data are processed?
Transfer data
Accounting data
Foreign exchange
Bank and credit card details
Documents (invoices, credit memos, reminders, travel expenses …)
Salary data

Which people are affected?
Free contractors
Employees
Customers
Suppliers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

COMPUTER administration

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Administration of the company’s it-service (user management, support, backup, maintenance, etc.)

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Ensuring data protection and (information) security

Who are the authorized recipients (both internal and external)?
IT consultant; IT department; Human resources

When will the data be deleted?
10 years after the end of the calendar year (according to Section 147 (3) of the Tax Code)

What categories of data are processed?
Total e-mail traffic
Total Internet use
Date the computer logs on and logs off
Log data (technical)
Usage data (date and type of use)
Directory service (MS Active Directory, LDAP, …)

Which people are affected?
Employees
Interested parties
Customers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Fieldwork

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Preparation, scheduling and conducting of interviews, recruitment of subjects, programming of a user interface for subjects

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Treaty (according to Article 6 (1b) GDPR)

Are there legal or contractual requirements? What would follow if you didn’t provide your data? (See Article 13 (2e) GDPR)
Without the data, the subject contract cannot be fulfilled.

Who are the authorized recipients (both internal and external)?
Project staff; Almost all rheingold employees have (read) access; Contacter ; IT department; Field Institute; Kontakter

When will the data be deleted?
3 months after the end of the project

What categories of data are processed?
Pictures
Characteristics
Contact details (name, tel, e-mail, address, …)
Correspondences
Video

Which people are affected?
Subjects
(Potential) Subjects

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Communication

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Exchange and transfer of information (e-mails, telephone, Internet, letters, data exchange) and the appropriate management and logging.

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Right to profit, work and cost efficiency

Who are the authorized recipients (both internal and external)?
All employees of rheingold

When will the data be deleted?
Never

What categories of data are processed?
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Contacts
Free contractors
Employees
Customers
Suppliers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Controlling/ Monitoring

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Reporting, documenting and analyzing (sales, customer behavior, etc.)

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Law/Duty to Controlling or Quality Management

Who are the authorized recipients (both internal and external)?
All employees; IT department; IT service providers

When will the data be deleted?
Never (No deletion of project data is foreseen)

What categories of data are processed?
Customer
Interview data
Contact details (name, tel, e-mail, address, …)
Project data

Which people are affected?
Interviewer
Kontakter
Subjects

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Customer Relationship Management

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Comprehensive management of existing customers (customer acquisition and retention); Organization of the Congress

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Right to advertising (see recital 47 GDPR)

Who are the authorized recipients (both internal and external)?
Head of Division / Head of Division; Accounting; Operators

When will the data be deleted?
5 years after survey
10 years after the end of the year (tax-relevant data) in the context of the distribution of publications)
immediately after the end of the contract (employee within the framework of the website)
There is no storage of tracking data (cookies) for website visitors
10 years at the end of the year (within the framework of the congress organization)

What categories of data are processed?
Publication recipients
Image data, tracking data (cookies) for visitors (not stored)
Participants
E-mail (date, recipient, text, attachments)
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Buyers and prospective buyers of specialist literature
Mailing list
Other contacts
Employees
Website visitors

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Advertising

What is the purpose of this processing?
Attracting and retaining customers (awakening of interest in new products and services)

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Right to advertising (see recital 47 GDPR)

Who are the authorized recipients (both internal and external)?
Head of Division / Head of Division; Operators

When will the data be deleted?
The contact details for the newsletter are cleaned up after each shipment, there is no deletion period.

What categories of data are processed?
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Interested parties
Contacts
all contacts stored in Outlook
Service provider
Customers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de. You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Surveillance

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Opto-Electronic Monitoring
Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)
Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Law/Duty to Controlling or Quality Management

Who are the authorized recipients (both internal and external)?
IT department; Police
When will the data be deleted?
5 days after survey (exception: incidents have been documented)

What categories of data are processed?
Video

Which people are affected?
Employees in the security area
Video surveillance sufferers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Documentation of information, deletion and other requests

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
People can exercise their personal rights. The fulfillment is documented in order to be able to provide proof later if necessary.
Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)
Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Defending claims for damages. Proof of data protection compliance.

Who are the authorized recipients (both internal and external)?
Management

When will the data be deleted?
3 years after the corresponding contact by the person
What categories of data are processed? Master data (name, e-mail if applicable, etc.)
Information data (personal data, if any, which need to be provided)
Legitimation data (copy of identity card, if applicable)

Which people are affected?
Persons exercising their personal rights (information, deletion, etc.)
The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de. You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties

No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Applications

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Administration of applications

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de
Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Employment relationship (Section 26 OF the German German Civil Code)

Who are the authorized recipients (both internal and external)?
Human Resources Department; File Destruction Service Providers

When will the data be deleted?
6 months after rejection, with the written consent of the applicant also longer. What categories of data are processed?

Application data
E-mail (date, recipient, text, attachments)
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Applicants

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)

You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may have revoke your consent or there is no other legal basis (more), (c) You have rightly objected, (d) the data has been processed unlawfully, (e) the deletion is required by law, (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. On our part, we are weighing up whether we have compelling reasons for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority of your choice. The contact details of the competent supervisory authority are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties

No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Internship (students)

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Insight into the professional life or completing the student internship

Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de
Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de
What is the legal basis? Why is this processing allowed?
Employment relationship (Section 26 OF the German German Civil Code)

Who are the authorized recipients (both internal and external)?
Departments; Traineeship officer; Human Resources Department; File Destruction Service Providers

When will the data be deleted?
10 years after the end of the employment relationship and the calendar year concerned (according to Section 147 (3) of the Tax Code)

What categories of data are processed?
Internship data

Which people are affected?
Pupils and studentsThe right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.
The right to “data portability” (see Article 20 GDPR)

You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.
The right to “complaint” (see Article 77 GDPR)

You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties

No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.

Telephony (landline)

In the following we will inform you in detail about all important details of this data processing. We refer to all information requirements arising from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Calling in-house and on landlines
Who is responsible for this processing?
rheingold GmbH & Co. KG
Address: Kaiser-Wilhelm-Ring 46, 50672 Cologne
Phone: 0221/912777-0
Fax: 0221/912777-55
Internet: www.rheingold-online.de
Email: rheingold@rheingold-online.de

Who is appointed as an operational data protection officer? (See Article 37 GDPR)
SecureDataService, Dipl. Ing. – (FH) Mr President, I would like to Nicholas Vollmer; Data Protection Auditor (TÜV); Priorstraße 63; 41189 Mönchengladbach; +49 (0)2166/965233-0; data protection officer rheingold-gmbh[äät]securedataservice.de

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)
Specifically, what are the “legitimate interests” pursued by the person responsible? (See Article 13 (1d) GDPR)
Generally necessary measures for the organisation of the company

Who are the authorized recipients (both internal and external)?
Accounting; IT department; File Destruction Service Providers

When will the data be deleted?
Immediately after collection (individual proofs of connection)

What categories of data are processed?
Telephony data
Itemised
Usage data (date and type of use

Which people are affected?
Employees
Customers
Suppliers

The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “correct” incorrect data (see Article 16 GDPR)
You have the right to rectify incorrect data. Please contact us.

The right to “delete your data” (see Article 17 GDPR)
You have a right to erasure of your data, provided that (a) the data is no longer necessary; (b) You may be have revoked your consent or there is no other legal basis (more) (c) you have rightly objected, (d) the data have been processed incorrectly; (e) the deletion is required by law; (f) the data are from children and are to be deleted. Please note that in accordance with Article 17 (2) GDPR may not be erased.

The right to “restriction of processing” (see Article 18 GDPR)
You have a right to “block” your data, provided that (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us, (d) you still need the data due to legal claims.

The right to “opposition to processing” (see Article 21 GDPR)
You have the right to object to the processing, if there are reasons for this from your SPECIAL SITUATION. For our part, we are weighing up whether we have compelling grounds for processing worthy of protection.

The right to “revoke consent” (see Article 7 (3) GDPR)
You have a right to withdraw consents (if this is relevant to the processing described here). The revocation is only valid for the future.

The right to “data portability” (see Article 20 GDPR)
You have a right to hand over your data, provided that (a) the legal basis is based on consent or a contract; (b) you have provided this data by yourself, (c) the data is processed automatically. If these conditions are met, you may also request that we pass on the data to a recipient of your choice.

The right to “complaint” (see Article 77 GDPR)
You have the right to complain to a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we cannot help you, you can still contact the supervisory authority afterwards.

Data collection by third parties

NetCologne (telephone provider) provides the connection data

Is profiling taking place? Are personal aspects analyzed or predicted? Is there an automated case decision? (See Article 4 No 4 GDPR)
No, this is not happening.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this is not happening.

Are there several persons responsible for a “joint responsibility”? (See Article 26 GDPR)
No, there is only one person named above.