Data Protection Statement under the General Data Protection Regulation (GDPR)

I.    Name and address of the controller
The party responsible (the "controller") within the meaning of the General Data Protection Regulation, other national data protection laws in force in EU Member States, and further data protection legislation is:

Rhein-Nadel Automation GmbH
Reichsweg 19-23
52068 Aachen
Germany
Phone: +49 241 5109-137
E-mail: DV@RNA.de
Website: www.RNA.de

II.    Contact information of the data protection officer

DATAIX GmbH
Bischof-Hemmerle-Weg 9
52076 Aachen
E-Mail: RNA@dataix.gmbh

III.    General information on data processing

1.    Scope of personal data processing
On principle, we collect and use personal data from our users only to the extent required for providing a functional website and presenting our contents and services. Personal user data is collected and used, as a rule, only with the user's consent. An exception applies where such consent cannot be obtained beforehand for factual reasons and processing of the data is permitted by law. 

2.    Legal basis of personal data processing
To the extent that we obtain the data subject's consent to personal data processing operations, the legal basis for the processing of personal data is Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is prerequisite to the performance of a contract to which the data subject is party, Art. 6 (1)(b) of the GDPR forms the legal basis. This also holds true for processing operations necessary for carrying out pre-contractual steps.
To the extent that processing is required to fulfill a legal obligation incumbent on our company, Art. 6 (1)(c) of the GDPR forms the legal basis.
If processing is necessary to safeguard a legitimate interest held by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject , Art. 6 (1)(f) of the GDPR forms the legal basis for such processing. 

3.    Data erasure and storage period
The data subject's personal data will be erased or blocked as soon as the purpose of storing it ceases to exist. Data may be stored beyond this period if permitted by European or national legislatures in Union directives, laws or other regulations to which the controller is subject. Data will also be blocked or erased if a storage time limit prescribed by the above-mentioned norms expires, save where a further storage of such data is prerequisite to the conclusion or fulfillment of a contract.

IV.    Provision of the website and log file generation

1.    Description and scope of data processing
Whenever our website is accessed, our system automatically captures data and information from the user's computer system. 
The following data are thus collected:

1.    Information about the browser type and version employed
2.    Operating system of the user's computer
3.    User's IP address Internet service provider 
4.    User's IP address
5.    Date and time of access
6.    Websites from which the user's system is referred to our site
7.    Name and URL of the accessed file
The data will also be stored in our system's log files. This does not apply to user IP addresses or other data that would make the user identifiable by reference thereto. Such data are not stored together with other personal user data.
 
2.    Legal basis of data processing 
The legal basis for the temporary storage of data is Art. 6 (1)(f) of the GDPR. 

3.    Data processing purpose
The system's temporary storage of the IP address is necessary to enable delivery of our website to the user's computer. To this end, the user's IP address must be stored for the duration of the session. 
It is in these purposes, moreover, that our legitimate interest in carrying out data processing under Art. 6 (1) (f) GDPR resides.

4.    Storage period
The data will be erased as soon as it is no longer necessary for achieving the purpose of its collection. In the case of data captured to provide the website, this will be the case upon termination of the respective session. 

5.    Objection and removal option
The collection of data for purposes of providing the website and the storage of data in log files are essential to the operation of the website. Consequently, the user has no option to object thereto. 

V.    Use of cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files stored in the web browser or saved in the user’s computer system by the web browser. When a user views a website, a cookie may be written into the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited. 
We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change. 

b) Legal basis of data processing 
The legal basis for processing personal data with the aid of cookies is Art. 6 (1)(f) GDPR.

c) Data processing purpose
The purpose of using strictly necessary technical cookies is to simplify the use of websites for users. Without the use of cookies, some functions of our website could not be made available. They require that the browser be recognized even after a page change.
The data collected by strictly necessary technical cookies is not employed to generate user profiles.
It is in these purposes, moreover, that our legitimate interest in carrying out data processing under Art. 6 (1) (f) GDPR resides. 

d) Storage period, objection and removal option
Cookies are stored on the user’s computer, which transmits them to our site. Thus, as a user you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies already stored can be deleted at any time. This can even be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.


VI.    Newsletter

Supplement – Data Privacy Statement for Newsletter (new section: VI. Newsletter)

 

VI. Newsletter

1.    Description and scope of data processing
On our website you have the option to subscribe to a free newsletter by which we will inform you about product innovations and special campaigns. When you sign up for your newsletter subscription, the data from the input screen will be transmitted to us. To receive the newsletter, it is sufficient to provide an e-mail address and language selection. The provision of any additional data is voluntary; this will be used to address you personally and to provide you with information more selectively.

Moreover, the following data will be collected in the registration process:

1.)    IP address of the accessing computer
2.)    Date and time of registration

In distributing our newsletter we rely on the so-called ‘double opt-in’ method. This means that we will only e-mail you the newsletter once you have expressly acknowledged that you agree to receive it. We shall then send you a confirmation e-mail in which you are requested to confirm, by clicking on the appropriate link, that you intend to receive newsletters in the future.

By activating the confirmation link you state your consent to our use of your personal data under Art. 6 (1)(a) of the General Data Protection Regulation (GDPR).

Our e-mail newsletter is distributed via technical service provider CleverReach GmbH & Co. KG of Mühlenstr. 43, 26180 Rastede, Germany (‘CleverReach’). CleverReach will use the personal data you have supplied to perform the distribution and statistical analysis of the newsletter on our behalf. For analytical purposes, the e-mails sent will contain so-called web beacons or tracking pixels. These enable the sender to determine whether a newsletter mail has been opened and which links, if any, the recipient has clicked on. Using the so-called conversion tracking method, it can also be analysed whether the user has taken a pre-defined action after clicking on a link in the newsletter.Furthermore, some technical information (e.g., download time, IP address, browser type and operating system) will be collected. The data is acquired in pseudonymised form only and will not be linked to any further personal data of yours. Any direct personal reference is excluded. This data is used for the sole purpose of carrying out a statistical analysis of newsletter campaigns. The findings gained through these analyses can be used to align future newsletters more closely with user interests.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe the newsletter.

We have concluded a data processing agreement with CleverReach whereby CleverReach is required to protect our customers' data and must not pass it on to third parties.

For further information on the data analytics conducted by CleverReach, click on this link:

https://www.cleverreach.com/en/features/reporting-tracking/.

The CleverReach data protection and privacy statement can be found here:

https://www.cleverreach.com/en/privacy-policy/.

2.    Legal basis of data processing
The legal basis for any and all processing of the data is Article 6 (1) (a) of the GDPR.

3.    Data processing purpose
The e-mail address is requested for the purpose of delivering the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or of the e-mail address employed, as well as to personalize the newsletter.

4.    Storage period

The data will be erased as soon as it is no longer necessary for achieving the purpose of its collection. Once you have unsubscribed, your e-mail address will be promptly deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or a legally permitted further use of your data has been reserved by our site, about which we shall inform you in this declaration.

5.    Objection and removal option
You may unsubscribe at any time, e.g., via the link at the end of each newsletter. Alternatively, you may send your unsubscription request by e-mail to DV@RNA.de anytime.

This also gives you the option to revoke consent to the storage of personal data collected in the registration process.

VII.    Contact form and e-mail contact

1.    Description and scope of data processing
Our website comprises a contact form that can be used to get in touch with us electronically. If a user avails himself/herself of this option, the data entered in the input screen will be transmitted to us and stored. This data consists of the following: title, first name, last name, street, postal code/city, phone number, telefax number, e-mail.

Moreover, the following data will be collected in the registration process:
1.    IP address of the accessing computer
2.    date and time of registration
During the sending operation you will be asked to consent to the processing of this data, reference being made to this data protection statement.

Alternatively, contact can be made via the e-mail address provided. In this case, the personal user data transmitted with the e-mail will be stored. 

No data will be passed on to any third parties in this context. This data is used only for processing the conversation.

2.    Legal basis of data processing 
The legal basis for processing data is Art. 6 (1)(a) GDPR if the user has given consent.

The legal basis for processing data transferred as part of sending an e-mail is Art. 6 (1)(f) GDPR. If e-mail contact is made in the aim of concluding a contract, an additional legal basis for processing is constituted by Article 6 (1)(b) GDPR.

3.    Data processing purpose
Any processing of personal data from the input screen exclusively serves our own purpose of handling your communication. If you get in touch by e-mail, moreover, it is this fact in which the legitimate interest in carrying out data processing resides.
Any other personal data processed during the sending operation serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4.    Storage period
The data will be erased as soon as it is no longer necessary for achieving the purpose of its collection. With personal data from the contact form input screen and those sent by e-mail, this will be the case when the given conversation with the user is finished. The conversation is finished if and when it is evident from the circumstances that the matter in question has been conclusively resolved. 

Any additional personal data collected during the sending process will be erased after a period of seven days at the latest.

5.    Objection and removal option
The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via e-mail, he/she can object to the storage of his/her personal data at any time. In this case the conversation cannot be continued.

The revocation of consent and the objection to storage must be directed in text form to the controller see (I).

All personal data stored in the process of contacting us will then be erased.

VIII.    Rights of the data subject

You enjoy extensive rights regarding the processing of your personal data. 
First of all, you have an extensive access to information right and may request that your personal data be corrected and/or erased and/or blocked, as the case may be. You may also demand that processing be restricted, and you have a right to object as well as a right to data portability.
To exercise any of your rights and/or to obtain more detailed information in this regard, contact us at DV@RNA.de.

Moreover, you have the right to lodge a complaint with a supervisory authority.
If you have any questions, comments or enquiries concerning the collection, processing and use of your personal data as practiced by our company, please also get in touch with us using the contact information provided.

IX.    Use of Google Fonts

This website uses Google Fonts. If your usual place of residence is in the European economic zone or Switzerland, you will - unless otherwise stipulated in special terms and conditions - be provided with the services of Google Ireland Ltd. („Google“), a company registered and operating under Irish law (register number: 368047, registered address: Gordon House, Barrow Street, Dublin 4, Ireland). 
A current extract of Google’s Terms of Service and information about its Privacy Policy can be found under:
https://policies.google.com/privacy?
https://policies.google.com/terms

Due to the use of Google Fonts in our web pages, fonts are downloaded from Google servers with the objective of enhancing the layout of our website. Data processing is carried out on the basis of a weighing of interests, our own interest being to provide an appealing web page design (Art. 6(1)(f) GDPR).

As Google operates servers all over the world, it cannot be excluded that personal data continue to be transmitted to Google LLC, headquartered in the USA.
 
Google is certified under the EU-US-Privacy Shield. You can consult a current certificate under https://www.privacyshield.gov/list. The EU-US Privacy Shield is an informal agreement in the field of data protection law that was negotiated from 2015 to 2016 between the European Union and the United States of America. It comprises a series of pledges made by the US Federal Government and a resolution by the European Commission. On 12 July 2016, the Commission decided that the provisions of the Privacy Shield comply with the data protection level set by the European Union. Since this date, the agreement can be applied.