Information on the processing of personal data
Basic information according to Articles 13/14 GDPR
1.1 NAME AND ADDRESS OF CONTROLLER
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
REO AG
Brühler Strasse 100
42657 Solingen
Tel.: 0049-(0)2 12-88 04-0
Fax: 0049-(0)2 12-88 04-188
info(at)reo.de
1.2. NAME OF DATA PROTECTION OFFICER
Jens Maleikat
Bohnen IT GmbH
Hastener Strasse 2
42349 Wuppertal
Tel.: +49 (202) 24755 – 24
E-mail:jm(at)bohnensecurity.it
1.3. SUPERVISORY AUTHORITY
If you believe that the processing of your personal data by REO AG is not lawful, you can lodge a complaint with any data protection supervisory authority. The competent supervisory authority under Article 55 GDPR is the
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de
1.4. YOUR RIGHTS
In accordance with the statutory provisions, you as the data subject have the right to receive information free of charge at any time about your data stored by REO AG.
In addition, you can assert your rights to rectification, deletion or restriction of processing or the right to object (see point 3) against REO AG at any time. This also applies to a right to data portability.
If you have provided us with your personal data on the basis of consent, you could revoke this consent at any time for the future.
2.0 General information on data processing
2.1 INTERNET PRESENCE
2.1.1 PROCESSING OF COMMUNICATION DATA
Each time a user accesses a page from the REO AG website and each time a file is retrieved, access data about this process is stored in a log file on our server.
Each record consists of:
the page from which the file was requested (referrer URL)
the name of the file
the date and time of the request (time stamp)
the amount of data transferred
the access status (file transferred, file not found, etc.)
a description of the type of internet viewing programme used (e.g. Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, Apple Safari, Opera etc.)
We store IP addresses in server log files for a period of one week. This data is stored for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Article 6(1)(c) GDPR.
2.1.2 PROCESSING OF DATA
If the opportunity for the input of personal or business data (email addresses, name, addresses) is given, e.g. by using our contact form, the input of these data takes place voluntarily, pursuant to Article 6(1)(a) GDPR or on the basis of a contractual relationship pursuant to Article 6(1)(b) GDPR. Here too, your data will be treated confidentially and will not be passed on to third parties without your consent. There is also no linking with the above-mentioned communication data.
2.1.3 DATA RECIPIENTS
As a matter of principle, we do not pass on your data to third parties unless you have consented to this. However, for the hosting and maintenance of our website and the dispatch of our newsletter, we rely on the use of service providers whom we oblige to comply with the legal requirements by means of order processing.
2.2.1 Contact form and e-mail contact
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input screen will be transmitted to us and stored.
The following data is also stored at the time the message is sent:
(1) the IP address of the user
(2) the date and time of the registration
For the processing of the data, your consent is obtained as part of the submission process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2.2.2 LEGAL BASIS OF THE DATA PROCESSING
The legal basis for the processing of the data is Article 6(1)(a) GDPR if the user has given their consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
2.2.3 PURPOSE OF THE DATA PROCESSING
The processing of personal data from the e-mail serves us solely to process the contact.
2.2.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
2.2.5 POSSIBILITY OF OBJECTION AND REMOVAL
The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case. More on this under point 3.
2.2.6 COOKIES
Our internet pages use “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Article 6(1)(a) GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this privacy policy and, if necessary, request your consent.
2.2.7 Google Analytics
If you have consented, this website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can also prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Demographics data in Google Analytics
This website uses the “demographics data” function of Google Analytics in order to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be created that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objecting to data collection”.
Storage period
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
Legal basis
Since a corresponding consent was requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; the consent can be revoked at any time.
Passing on data
The transfer of data to the USA by Google Analytics is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
2.2.8 Social media
The social media links integrated on our site are not integrated via a social plugin. The embedded graphics only contain an HTTP link to our social media pages. When you access our site, no direct connection is established with the servers of Facebook, LinkedIn, Xing etc..
2.2.9 PLUGINS AND TOOLS
Videos are linked on our website. If you follow the link, you will be taken to the web pages of the Google service YouTube. These are simple http links. When you access our site, no direct connection is therefore established with YouTube’s servers.
For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
2.3 CUSTOMER ADVICE AND SUPPORT
2.3.1 PURPOSE OF THE DATA PROCESSING
REO AG collects your data for the purpose of executing the contract, for the fulfilment of its contractual and pre-contractual obligations and for direct advertising.
The collection and processing of data is necessary for the performance of a contract-based business relationship.
In order to initiate and maintain a business relationship and for the purpose of advertising, we collect the following information:
title, first name, last name, a valid e-mail address, address, telephone number (landline and/or mobile).
The collection of this data takes place
to be able to identify you as our customer;
to be able to advise and inform you appropriately;
for correspondence with you;
for the processing of orders;
for invoicing;
for the handling of any warranty and guarantee claims that may exist;
for the coordination of maintenance measures;
for product information and information about events.
In addition, we process the date of birth within the scope of training measures for the purpose of unique identification.
2.3.2 LEGAL BASIS OF THE DATA PROCESSING
The data processing is carried out in accordance with Article 6(1)(b) GDPR for the aforementioned purposes for the mutual fulfilment of obligations and for the appropriate processing of the business relationship as well as for the purposes in accordance with Article 6(1)(f) GDPR.
2.3.3 STORAGE OF DATA
The personal data collected by us for the maintenance of the business relationship will be stored until the end/termination of the business relationship and then deleted, unless we are obliged to store the data for a longer period of time in accordance with Article 6(1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)) or you have consented to storage beyond this in accordance with Article 6(1)(1)(a) GDPR.
2.3.4 Disclosure of data to third parties
In the event of order processing for the installation, expansion and renovation of fire protection equipment, as well as the sale, installation, maintenance and repair of fire extinguishers and fire protection accessories, we reserve the right to pass on our data to business partners for the purpose of fulfilling the contract.
In the event of an enquiry which we are unable to process, we will pass on your data to a trusted partner who can serve your needs.
2.3.5 RIGHT OF OBJECTION
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation.
More on this under point 3.
NEWSLETTER
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Article 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Article 6(1)(f) GDPR.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Send in Blue
The newsletter is sent by a commissioned service provider. The provider is Sendinblue GmbH Köpenicker Str. 126 10179 Berlin (hereinafter: “Sendinblue”). Sendinblue is a service that organises and analyses newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on Sendinblue’s servers in Germany.
Our newsletters sent with Sendinblue allow us to analyse the behaviour of newsletter recipients. Among other things, it can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of conversion tracking, it can also analyse whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. For more information on data analysis through CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
The data processing is based on your consent (Article 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation. In the context of a business relationship, we inform you within the scope of our legitimate interest according to Article 6(1)(f) GDPR.
If you do not want any analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please refer to CleverReach’s privacy policy at: https://de.sendinblue.com/legal/privacypolicy/?tid=331633683717
INFORMATION ABOUT YOUR RIGHT TO OBJECT UNDER ARTICLE 21 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR, profiling does not take place.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to processing of data for direct marketing purposes
In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without formalities and should preferably be addressed to:
REO AG
Brühler Strasse 100
42657 Solingen
Tel.: 0049-(0)2 12-88 04-0
Fax: 0049-(0)2 12-88 04-188
info(at)reo.de