Data Protection

Statement of usage of the website

We at Rhenoflex GmbH take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. Personal data is collected on this website only to the technically necessary extent. In no case is the collected data sold or otherwise disclosed to third parties. The following declaration gives you an overview of how we ensure this protection and what type of data is collected for which purpose.

I. Name and address of the controller
The controller for the purposes of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Rhenoflex GmbH
Giulinistrasse 2
67065 Ludwigshafen
Germany
Phone: 0621-5709-03
Email: info@rhenoflex.com
Website: www.rhenoflex.com

II. Name and address of the data protection officer
The data protection officer of the controller is:
CAD – Institut für Compliance, Arbeitsrecht und Datenschutz [Institute for Compliance, Labor Law and Data Protection]
Ms. Jasmin Fladung
PO Box 140 152
67021 Ludwigshafen
Germany
Phone: 0621-685 833 57
Email: cad@institut-cad.de
Website: www.institut-cad.de
 
III. General information on data processing
1. Scope of the processing of personal data
In principle, we process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of the personal data of our users generally takes place only with the consent of the user. An exception applies in such cases where prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.
 
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to the processing of personal data, Article 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our undertaking is subject, Article 6 (1) (c) GDPR serves as the legal basis. In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary for the purposes of the legitimate interests pursued by our undertaking or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, then Article 6 (1) (f) GDPR serves as the legal basis for the processing.
 
3. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, it may be stored if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. A blocking or erasure of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or execution of a contract.
 
IV. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected here:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The IP address of the user
(4) Date and time of access
(5) Website previously accessed by the user’s system
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
 
2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
 
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To this end, the user’s IP address must be stored for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website. In addition, the data is used by us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also constitute our legitimate interest in the processing of data pursuant to Article 6 (1) (f) GDPR.
 
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that an assignment to the accessing client is no longer possible.
 
5. Possibility of objection and removal
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

V. Use of cookies
a) Description and scope of the data processing
Our website uses cookies. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. When accessing our website, the user is informed of the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this connection, reference is also made to this Privacy Policy.
 
b) Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 (1) (a) GDPR if the user has given his or her consent.
 
c) Purpose of data processing
The use of the analysis cookies takes place for the purposes of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used, enabling us to continuously optimize our offer. These purposes also constitute our legitimate interest in the processing of data pursuant to Article 6 (1) (f) GDPR.
 
e) Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted by it to our sits. As the user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.
 
VI. Email contact
1. Description and scope of the data processing
On our website, contact is possible via the email address provided. In this case, the user’s personal data transmitted via email will be stored. No data is disclosed to third parties in this context. The data is used exclusively for processing the conversation.
 
2. Legal basis for the data processing
The legal basis for the processing of the data transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the email contact is aimed at entering into a contract, then Article 6 (1) (b) GDPR is the additional legal basis for the processing.
 
3. Purpose of data processing
When initiating contact via email, this also constitutes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
 
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For the personal data sent via email, this is the case when the respective conversation with the user has ended. The conversation has ended when the circumstances indicate that the matter in question has been finally clarified.
 
5. Possibility of objection and removal
The user has the opportunity to revoke his or her consent to the processing of personal data at any time. If the user initiates contact with us via email, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation can no longer be continued. All personal data stored in the course of the initiation of contact will be deleted in this case.
 
VII. Newsletter
1. Description and scope of the data processing
On our website, there is the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. For the processing of the data, your consent is obtained during the registration process and reference is made to this Privacy Policy. In connection with the processing of data for the sending of newsletters, no data is disclosed to third parties. The data is used exclusively for sending the newsletter.
 
2. Legal basis for the data processing
The legal basis for the processing of the data after the user signs up for the newsletter is Article 6 (1) (a) GDPR if the user has given his or her consent.
 
3. Purpose of data processing
The collection of the user’s email address serves to deliver the newsletter.
 
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The user’s email address is accordingly stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after a period of seven days.
 
5. Possibility of objection and removal
The subscription to the newsletter may be canceled by the user concerned at any time. A corresponding link can be found for this purpose in each newsletter.
 
VIII. Application
1. Description and scope of the data processing
We process the data you have provided to us in connection with your application in order to assess your suitability for the position (or other open positions in our undertakings, where applicable) and to carry out the application process.
 
2. Legal basis for the data processing
The legal basis for the processing of your personal data in this application process is primarily Section 26 of the German Federal Data Protection Act (BDSG) in the version valid from 25 May 2018. According to that provision, the processing of data is permissible that is required in connection with the decision to establish an employment relationship. Should the data be necessary for legal prosecution after completing the application process, data processing may be carried out on the basis of the requirements of Article 6 GDPR, in particular for the pursuit of legitimate interests pursuant to Article 6 (1) (f) GDPR. Our interest then consists in the establishment or defense against claims.
 
3. Purpose of data processing
We process the data you have provided to us in connection with your application in order to assess your suitability for the position (or other open positions in our undertakings, where applicable) and to carry out the application process.
 
4. Duration of storage
Data of applicants will be deleted after 6 months in the event of rejection. In the event that you have consented to the further storage of your personal data, we will include your data in our applicant pool. Data is deleted there after one year. If you have been awarded the contract for a job as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
 
5. Possibility of objection and removal
The user has the opportunity to revoke his or her consent to the processing of personal data at any time. If the user initiates contact with us via email, he or she may object to the storage of his or hers personal data at any time. In such a case, the conversation can no longer be continued. All personal data stored in the course of the initiation of contact will be deleted in this case.
 
IX. Google Analytics
1. Scope of the processing of personal data
Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the United States and stored there. However, if IP anonymization is activated on this Website, Google will truncate your IP address beforehand within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address transmitted by Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this Website to the fullest extent possible. You may also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de): You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Disable Google Analytics. For more information about Terms of Use and Privacy, please visit http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/. Please note that Google Analytics has been extended on this website by the code “gat._anonymizeIp();” in order to ensure an anonymous collection of IP addresses (so-called IP masking). (Source: http://www.datenschutzbeauftragter-info.de)
 
2. Legal basis for the use of Google Analytics
The legal basis for the use of Google Analytics is Section 15 para. 3 of the German Telemedia Act (TMG) or Article 6 (1) (f) GDPR.
 
3. Purpose of data processing
The processing of data collected by Google Analytics is used for statistical purposes. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in the processing of data pursuant to Article 6 (1) (f) GDPR. The anonymization of the IP address sufficiently takes the interest of the users in their protection of personal data into account.
 
4. Duration of storage
The data will be deleted as soon as they are no longer needed for our recording purposes.
 
5. Possibility of objection and removal
Cookies are stored on the user’s computer and transmitted by it to our sits. As the user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.
 
X. Rights of the data subject
If your personal data is processed, you are the data subject for the purposes of the GDPR and you have the following rights vis-à-vis the controller:
 
1. Right to be informed
You may ask the controller to confirm if personal data concerning you is processed by us.
Where there is such processing, you can request to be informed by the controller of the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed,
(3) the planned period for which the personal data concerning you will be stored, or if specific information is not possible, the criteria used to determine that period;
(4) the existence of the right to request rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or to object to processing;
(5) the existence of a right to lodge a complaint with a supervisory authority;
 
You have the right to request information about whether the personal data concerning you are transferred to a third country or an international organization. In this connection, you can request to be informed of the appropriate safeguards in accordance with Article 46 GDPR in connection with the transfer.
 
2. Right to rectification
You have a right to obtain from the controller the rectification of inaccurate personal data and/or to have incomplete personal data completed. The controller must make the rectification without undue delay.
 
3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs your personal data for the purposes of processing, but you require the data for the establishment, exercise or defense of legal claims, or
(4) if you have objected to the processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
 
If the processing of personal data concerning you has been restricted, such data – with the exception of their storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
 
4. Right to erasure
a) Erasure obligation
You may request the erasure from the controller of personal data concerning you without undue delay and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:
(1) Personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
 
b) Information to third parties
Where the controller has made the personal data concerning you public and it is obliged to erase the personal data pursuant to Article 17 (1) GDPR, it, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions
The right to erasure does not exist to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or [sic]
 
5. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of your person or for the establishment, exercise or defense of legal claims. If you object to the processing for direct marketing purposes, personal data concerning you will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
 
6. Right to withdraw data protection consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
 
7. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.


Statement for Customers and Other Data Subjects

With this Data Privacy Statement, we inform you, our customers, about the processing of your personal data by us and about the rights to which you are entitled in accordance with the EU Data Protection Regulation (GDPR) applicable as of 25 May 2018. This statement will be updated as and when required and published.
 
1. Who is responsible for data processing and whom can I contact?
Rhenoflex GmbH
Giulinistraße 2, D-67065 Ludwigshafen
Phone: 0049-(0)621 5709 03
Fax: 0049-(0)621 5709 6321
Email address: info@rhenoflex.com
 
2. Name and address of the Data Protection Officer
CAD – Institut für Compliance, Arbeitsrecht und Datenschutz
Frau Jasmin Fladung
Postfach 140 152
67021 Ludwigshafen
Germany
Phone: 0049-(0)621 -685 833 57
Email: cad@institut-cad.de
Website: www.institut-cad.de
 
3. Which sources and which data do we use?
We process personal data that we receive from our customers or other data subjects in the course of our business relationship.
 
In addition, we process personal data - to the extent necessary for the performance of our contractual obligations - which we legitimately obtain from publicly accessible sources (e.g. debt registers, land registers, trade and association registers, the press, the Internet) or which are legitimately transmitted to us by other companies of the Rhenoflex GmbH or by other third parties (e.g. an authority, a commercial credit agency). We specifically process the following relevant personal data:

  • Master data of the customer and the contact persons named by the customer (e.g. name, address and contact details of the contact person, bank details)
  • Data in connection with the execution of orders and contracts
  • Tax-relevant data (tax identification numbers)
  • Correspondence with the customer
  • Advertising and sales data (e.g. products which are potentially interesting for the customer)
  • Data gained in the course of contractual performance
  • Information about your financial standing (e.g. data on creditworthiness, scoring or rating data, origin of assets)
  • Documentary data (e.g. quality management, audits)
  • and other data comparable with the above categories.

Hence, we only process personal data of our customers and other data subjects insofar as this is necessary to carry out the business relationship and the agreed contents and services.

4. For which purpose do we process your data? (Purpose of the data processing) and on which legal basis?
We process personal data in accordance with the provisions of the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act. Below we inform you about for what and on which legal basis we process data of our customers.
 
a. for the fulfilment of contractual obligations – Art. 6(1b) GDPR
The data is processed for the execution of our contracts with our customers or for the implementation of pre-contractual measures upon request. The purposes of data processing depend in the individual case on the product concerned and the contract documents as well as the general terms and conditions.
 
b. in the context of balancing of interests – Art. 6(1f) GDPR
As and when necessary, we process your data beyond the actual fulfilment of the contract for the purpose of protecting our own legitimate interests or the legitimate interests of third parties. This is done for the following purposes:

  • Consultation of and data exchange with credit agencies (e.g. SCHUFA/credit bureau) to determine creditworthiness and default risks in lending business and the requirements of the garnishment protection account and the basic account
  • Reviewing and optimizing of methods for needs analysis for the purpose of addressing customers directly, customer canvassing or market and opinion research provided that you have not objected to the use of your data
  • Prevention and investigation of criminal offences, CCTV surveillance for the protection of householder's rights, for the collection of evidence in connection with robberies and fraud offences, or in proof of money-orders and in-payments e.g. at ATMs. (cf. also § 4 German Federal Data Protection Act)
  • Measures for building and plant safety (e.g. access controls), - measures for securing householder's rights
  • Measures for business management and further development of services and products, - risk management in the group
  • In order to manage effective handling of complaints and to be able to respond to the needs of our customers in the long term and to improve our standards
  • Measures taken for quality management and the adaptation of products to our business partners and other customers in the supply chain

Our interest in the processing of data is based on the respective purposes and is otherwise of an economic nature (efficient performance of tasks, sales and marketing, avoidance of legal risks). As far as the specific purpose permits, we process customer data in a pseudonymized or anonymized way.

c. upon your consent – Art. 6(1a) GDPR
Provided you have given us your consent to process personal data for specific purposes (e.g. sharing of data within the Rhenoflex group, Evaluation of sales figures for marketing purposes, photographs in the context of events, newsletter dispatch etc.), the lawfulness of this processing is regarded as given on the basis of your consent. A consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of a consent is only effective for the future and does not affect the legality of the data processed up to the revocation.
 
d. on account of statutory regulations – Art. 6(1c) GDPR or in the public interest (Art. 6(1e) GDPR
In addition, as Rhenoflex GmbH we are subject to various legal obligations, i.e. legal requirements (e.g. compliance with the Working Hours Act) as well as regulatory requirements (e.g. compliance with GDPR).  The purposes of the data processing include the assessment and control of risks within the Rhenoflex GmbH and within  the Rhenoflex group.
 
5. Who will receive my data?
Within the Rhenoflex GmbH  those departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it. Service providers and vicarious agents engaged by us may also receive data for these purposes, provided they safeguard banking secrecy in particular. These are companies in the categories of production technology and production-securing services, IT services, logistics, printing services, telecommunication, debt recovery, consulting and sales and marketing.
With regard to the transfer of data to recipients outside Rhenoflex GmbH it should first be noted that we as Rhenoflex GmbH are obliged to maintain confidentiality about all customer-related facts and assessments of which we may obtain knowledge.
We may only disclose information about our customers if this is a statutory requirement, if the customer has given his consent or if we are entitled to provide such information. Under these pre-conditions, recipients of personal data may be, for example:

  • processors engaged by us (Art. 28 GDPR) especially in the areas of IT services, logistics and printing services, who process your data on our behalf in accordance with our instructions
  • partners in credit card business (e.g. American Express, Tchibo, Deutsche Bahn, TUI), - service providers that we call upon in the context of our relationships with processors

6. Will data be transferred to a third country or an international organization?
Should we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been acknowledged by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contract clauses) are in place.
 
You will find detailed information on this and on the data protection level of our service providers in third countries here: (link to the appropriate guarantees). You can also request this information under the contact details given above. This means:
 
Data is only transmitted to countries outside the EU or the EEA (so-called third countries) if this is necessary or legally required for the purpose of performing the tasks, in cases where the user has given us his or her consent or in the context of tasks performed by a processor. An adequacy decision of the EU Commission exists in cases where data is transmitted to the third countries of the service providers or the third parties.
 
The transfer of data to the third countries of the service providers or third parties takes place on the basis of EU standard contractual clauses for compliance with the data protection level by means of suitable and adequate guarantees.
 
Furthermore, it is planned to transfer data to bodies in third countries in the following cases:

  • If necessary in individual cases, your personal data may be transferred in accordance with the European data protection level to an IT service provider in the USA or another third country for the purpose of ensuring IT operations.
  • Personal data of parties interested in banking products may be processed in the USA as well, provided they have given their consent, in the context of a CRM system.
  • With the consent of the data subject or on the basis of legal regulations to combat money laundering, terrorist financing and other criminal acts as well as in the context of a balancing of interests personal data (e.g. legitimation data) are transmitted in individual cases in accordance with the data protection level of the European Union.

7. How long will my data be stored?
We delete your personal data as soon as they are no longer required for the above-mentioned purposes. After termination of the contractual or service relationship, your personal data will be stored as long as we are legally obliged to do so. This results regularly from the legal obligations to produce proof and to preserve records as stipulated inter alia in the Commercial Code and in the Tax Code. Accordingly, the storage periods are up to ten years. It can also happen that personal data is stored for the period during which claims can be asserted against us (statutory period of limitation of three or up to thirty years). In addition, purposes may arise for us from the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The periods specified there for storage and documentation are generally two to ten years.
 
8. What privacy rights do I have?
Every data subject has a right to obtain information and access under Art. 15 GDPR, the right to have data rectified under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR, and the right to data portability under Art. 20 GDPR. As for the right to obtain information and access and the right to erasure the restrictions pursuant to §§ 34 and 35 Federal Data Protection Act are applicable. Furthermore, there is a right to lodge a complaint with a supervisory authority in charge of data protection (Art. 77 GDPR in conjunction with § 19 Federal Data Protection Act). You may revoke your consent to the processing of personal data given to us at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect for the future. Processing that has taken place before the date of the revocation is not affected by the revocation.
 
9. Is there an obligation for me to provide data?
In the context of our business relationship you are obliged to provide the data which is required for the establishment, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually not be able to enter into, execute and terminate a contract with you.
 
10. To what extent is there an automated decision-making?
In principle, we do not use fully automated decision making for the purpose of establishing and executing the business relationship as under Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you specifically about this and about your rights in this regard insofar as this is required by law.
 
11. Does profiling take place?
We partly process your data in an automated mode with a view to evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

  • We use evaluation instruments in order to be able to provide you with targeted information and advice on products. These instruments facilitate demand-oriented communication and advertising, including market and opinion research.
  • We use scoring in the context of assessing your creditworthiness. This is how the probability is calculated with which a customer will meet his payment obligations as provided in a contract. The calculation may include, for example, income situation, expenditures, existing debts, occupation, employer, length of employment, experience gained in the course of the business relationship so far, contractual repayment of previous loans, and information from credit agencies. Scoring is based on a recognized and proven mathematical-statistical procedure. The calculated score values support us in our decision-making in the context of product contracts and are included in the ongoing risk management.
  • On grounds of legal and regulatory requirements we are obliged to combat money laundering, terrorist financing and asset-endangering crimes. This includes evaluation of data (inter alia payment transactions). These measures are meant for your protection at the same time.

Information about your case-by-case right to object pursuant to Art. 21 DGPR
You have the right to object at any time for reasons arising from your particular situation to the processing of your personal data, which are collected pursuant to Art. 6(1)(e) GDPR (Processing of data in the public interest) and Art. 6(1)(f) GDPR (Processing of data on the basis of a balancing of interests); this also refers to a profiling based on this regulation within the meaning of Art. 4(4).
If you object, we will no longer process your personal data, unless we can substantiate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing. If you object to processing of data for purposes of direct marketing we will no longer process your personal data for these purposes.
Recipient of an objection
The objection can be made form-free with the subject "objection" stating your name, your address and your date of birth and should be addressed to:
Rhenoflex GmbH, Personalabteilung, Giulinistraße 2, D-67065 Ludwigshafen