P R I V A C Y P O L I C Y
1) Introduction and Contact Data of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how we handle your personal data when using our website. Personal data includes all data with which you can be personally identified.
1.2 The controller for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Thorsten Knickenberg, Gladbacher Str. 15, 40219 Düsseldorf, Germany, Tel.: +4917664653547, Email: thorsten.knickenberg@rmu-support.com The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for mere informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Used browser
- Used operating system
- Used IP address (possibly in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to check the server log files subsequently if there are specific indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
3) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device and allow us to save page settings (so-called "persistent cookies"). In the latter case, you can find out the storage duration in the cookie settings of your web browser. If personal data is processed by some of the cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of a contract, on the basis of Art. 6(1)(a) GDPR in the case of consent given, or under Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the site visit. You can configure your browser to notify you about the setting of cookies and decide on a case-by-case basis or block the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be restricted.
4) Contact
4.1 Microsoft Bookings
For the provision of an online appointment booking function, we use the services of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For the purpose of scheduling appointments, first and last name as well as email address (and possibly the phone number if a phone appointment is desired) are collected in accordance with Art. 6(1)(b) GDPR and transmitted to the provider based on our legitimate interest in effective customer management and efficient appointment scheduling and stored there. After the appointment or after the agreed-upon appointment period has expired, your data will be deleted by the provider. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Privacy Shield Framework, which ensures compliance with the European data protection level.
4.2 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the "Business Version" of WhatsApp for this purpose. If you contact us via WhatsApp for a specific business purpose (such as a placed order), we store and use the mobile number you use on WhatsApp as well as your first and last name according to Art. 6(1)(b) DSGVO to process and respond to your inquiry. Based on the same legal basis, we may ask you for further details (order number, customer number, address, or email address) via WhatsApp to associate your request with a specific transaction. If you use our WhatsApp contact for general inquiries (such as about our range of services, availability, or our website), we store and use the mobile number you use on WhatsApp as well as your first and last name according to Art. 6(1)(f) GDPR based on our legitimate interest in providing the requested information efficiently and promptly. Your data will only be used for the purpose of responding to your inquiry via WhatsApp. There is no transfer of data to third parties. Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device that only stores the WhatsApp contact details of users who have contacted us via WhatsApp. This ensures that each person whose WhatsApp contact details are stored in our address book has consented to the transmission of their WhatsApp phone number from the address books of their chat contacts by accepting the WhatsApp terms of use on their device according to Art. 6(1)(a) GDPR at the first use of the app. Transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded. For the purpose and scope of data collection and further processing and use of data by WhatsApp, as well as your related rights and privacy protection settings, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy. As part of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA. For data transfers to the USA, the provider has joined the EU-US Privacy Shield Framework, which ensures compliance with the European data protection level.
4.3 When contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form is apparent from the respective contact form. This data is stored and used exclusively for the purpose of processing your request or contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request according to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your inquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no legal retention obligations preventing deletion.
5) Comment Function
As part of the comment function on this website, in addition to your comment, information on the time of creation of the comment and the commentator name chosen by you is stored and published on this website. Furthermore, your IP address is logged and stored. This storage of the IP address is for security reasons and to be able to take action in the event that the person concerned violates the rights of third parties or posts unlawful content through a submitted comment. We require your email address to contact you in case a third party should object to your published content as unlawful. Legal bases for the storage of your data are Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.
6) Use of Customer Data for Direct Marketing
Sending the email newsletter to existing customers. If you have provided us with your email address when purchasing goods or services, we reserve the right to send you offers for similar goods or services from our range via email on a regular basis without seeking separate consent from you in accordance with § 7(3) UWG. Data processing is based solely on our legitimate interest in personalized direct marketing according to Art. 6(1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send emails for this purpose. You have the right to object to the use of your email address for the above-mentioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the beginning. You will only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
7) Site Functionalities
7.1 LinkedIn Plugins
On our website, plugins of the social network of the following provider are used: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. These plugins enable direct interactions with content on the social network. To enhance data protection during your visit to our website, the plugins are initially deactivated by using a "2-click" or "Shariff" solution implemented on the site. This integration ensures that when you visit a page of our website that contains such plugins, no connection is made to the provider's servers. Only when you activate the plugins and give your consent to transmit data in accordance with Art. 6(1)(a) GDPR will your browser establish a direct connection to the provider's servers. Regardless of whether you are logged into an existing user profile, certain information about your device (including your IP address), browser, and history of pages visited may be transmitted to the provider and processed there.
If you are logged into an existing user profile on the provider's social network, information about interactions performed by the plugins is also published there and displayed to your contacts. You can revoke your consent at any time by deactivating the plugin that has been activated by clicking on it again. However, revoking your consent does not affect data that has already been transferred to the provider. Data may also be transferred to: LinkedIn Inc., USA. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. The provider relies on standard contractual clauses of the European Commission for data transfers to the USA, which are intended to ensure compliance with the level of European data protection.
7.2 Google Maps
This website uses an online mapping service provided by the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. When you access the subpages that contain the Google Maps map, information about your use of our website (such as your IP address) is transmitted to servers of Google and stored there, which may also involve transmission to servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data is directly associated with your account. If you do not wish this association with your profile on Google, you must log out before activating the button. Google stores your data (even for users not logged in) as user profiles and evaluates them. Collection, storage, and evaluation are carried out in accordance with Art. 6(1)(f) GDPR based on Google’s legitimate interest in displaying personalized advertising, market research, and/or the demand-oriented design of Google websites. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option to completely deactivate the Google Maps web service by disabling JavaScript in your browser. Google Maps and thus the map display on this website cannot be used in this case. If legally required, we have obtained your consent according to Art. 6(1)(a) GDPR for the processing of your data described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the procedure described above for making an objection. The provider has joined the EU-US Privacy Shield Framework for data transfers to the USA to ensure compliance with the European data protection level.
7.3 Google Customer Reviews (formerly Google Certified Merchant Program)
We work with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you may be asked if you would like to participate in a Google email survey. If you give your consent in accordance with Art. 6(1)(a) GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The rating you provide will then be summarized with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. As part of using Google Customer Reviews, personal data may also be transmitted to the servers of Google LLC. in the USA. You can revoke your consent at any time by notifying the data controller or Google. The provider has joined the EU-US Privacy Shield Framework for data transfers to the USA to ensure compliance with the European data protection level.
7.4 Microsoft Teams
To conduct online meetings, video conferences, and/or webinars, we use the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes various data, with the extent of the processed data depending on the data you provide before or during your participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your registration data (name, email address, phone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)). In processing personal data necessary for the performance of a contract with you (this also applies to processing operations required for the implementation of pre-contractual measures), Art. 6(1)(b) GDPR serves as the legal basis. If you have given us consent to process your data, processing is based on Art. 6(1)(a) GDPR. You can revoke any consent given at any time. Otherwise, the legal basis for data processing when conducting online meetings, video conferences, or webinars is our legitimate interest according to Art. 6(1)(f) GDPR in the effective performance of the online meeting, webinar, or video conference. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. The provider has joined the EU-US Privacy Shield Framework for data transfers to the USA to ensure compliance with the European data protection level.
7.5 Job Applications via Email
On our website, we currently advertise open positions in a separate section where interested parties can apply via email to the provided contact address. Applicants must provide all personal data necessary for a thorough assessment, including general information such as name, address, contact details, as well as performance-related evidence and, if applicable, health-related information. Details about the application can be found in the job posting. After receiving the application via email, the data is stored and evaluated exclusively for the purpose of processing the application. If there are follow-up questions, we will use either the email address or phone number of the applicant. Processing is based on Art. 6(1)(b) GDPR (or § 26(1) BDSG in Germany), in which case the processing of the application process is considered to be the initiation of an employment contract. If special categories of personal data in the sense of Art. 9(1) GDPR (e.g., health data such as information about severe disabilities) are requested from applicants as part of the application process, the processing is done in accordance with Art. 9(2)(b) GDPR, so that we can exercise rights arising from labor law and social security and social protection law and fulfill our related obligations. Alternatively or cumulatively, the processing of special data categories may also be based on Art. 9(1)(h) GDPR if it is for occupational medicine or health care purposes, for assessing the applicant's ability to work, for medical diagnostics, treatment or care in the health or social sector, or for managing health or social care systems. If there is no selection of the applicant, or if an applicant withdraws their application prematurely, their submitted data and all electronic correspondence, including the application email, will be deleted no later than after 6 months following notification, unless there are legitimate interests on our part, for example, to answer any follow-up questions regarding the application and, if necessary, to comply with our obligations for proof based on equal treatment of applicants regulations. In case of a successful application, the provided data will be processed based on Art. 6(1)(b) GDPR (when processing in Germany in conjunction with § 26(1) BDSG) for the purpose of conducting the employment relationship.
8) Data Subject Rights
8.1 The current data protection law grants you the following rights with regard to the processing of your personal data by the controller (rights of data subjects), with reference to the legal basis for the respective conditions for exercising these rights:
- Right to information according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to information according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to withdraw consent granted according to Art. 7(3) GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF AN INTERESTS BALANCE, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA TO OPERATE DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF RELEVANT PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THE RIGHT OF OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING YOUR DATA FOR DIRECT MARKETING PURPOSES.
9) Duration of personal data storage
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and, if applicable, additionally based on the respective legal retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent pursuant to Art. 6(1)(a) of the GDPR, the data concerned is stored until you withdraw your consent.
If there are legal retention periods for data processed in the context of legal obligations based on Art. 6(1)(b) of the GDPR arising from contractual or contract-like obligations, this data is routinely deleted after the retention periods expire, provided it is no longer necessary for the fulfillment or initiation of a contract, and/or there is no longer a legitimate interest on our part in further storage.
When personal data is processed based on Art. 6(1)(f) of the GDPR, this data is stored until you exercise your right of objection under Art. 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
For the processing of personal data for the purpose of direct marketing based on Art. 6(1)(f) of the GDPR, this data is stored until you exercise your right of objection under Art. 21(2) of the GDPR.
Unless otherwise indicated in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or processed in any other way.
Platform of the EU Commission for online dispute resolution: https://ec.europa.eu/odr
We are neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board.