Raw36

Data Policy

Privacy Policy

Effective Date: September 28, 2024

Table of Contents

  • Controller

  • Overview of Processing Activities

  • Relevant Legal Bases

  • Security Measures

  • General Information on Data Retention and Deletion

  • Rights of Data Subjects

  • Business Services

  • Business Processes and Procedures

  • Use of Cookies

  • Contact and Inquiry Management

  • Social Media Presence

  • Changes and Updates

  • Definitions of Terms


Controller

Raw36 GmbH
Lüpertzender Straße 55,
41061 Mönchengladbach, Germany

Email Address: maxrilling@raw36.com
Phone: +49 1520 33 60 876
Imprint: Impressum


Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects.

Types of Processed Data:

  • Inventory data

  • Payment data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta, communication, and procedural data

Categories of Data Subjects:

  • Service recipients and clients

  • Prospective clients

  • Communication partners

  • Users

  • Business and contractual partners

Purposes of Processing:

  • Performance of contractual services and fulfillment of contractual obligations

  • Communication

  • Office and organizational procedures

  • Organizational and administrative procedures

  • Feedback

  • Provision of our online offering and user-friendliness

  • Public relations

  • Business processes and economic procedures


Relevant Legal Bases

According to GDPR, we provide an overview of the legal bases on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country or ours. If special legal bases are applicable, we will inform you in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided these interests do not override the rights and freedoms of the data subject.

National Data Protection Regulations in Germany:
In addition to the GDPR, national regulations apply in Germany, particularly the Federal Data Protection Act (BDSG), which contains specific rules on data access rights, deletion rights, and the processing of special categories of personal data.


Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the latest technology, implementation costs, nature, scope, context, and purposes of processing, and the varying likelihood and severity of risk to the rights and freedoms of natural persons.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, and by ensuring data input, transfer, and backup. Additionally, we have procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats.

IP Address Masking:
If we or our service providers process IP addresses and a full IP address is not necessary, the IP address will be shortened (IP masking). The last digits or parts of the IP address are removed or replaced to prevent personal identification.

TLS/SSL Encryption:
We use TLS/SSL encryption (HTTPS) to protect the data transmitted between our online services and the users.


General Information on Data Retention and Deletion

We delete personal data in accordance with legal requirements as soon as the consent is withdrawn or there is no longer a legal basis for processing. This includes cases where the purpose for which the data was processed is no longer relevant. Exceptions apply if legal retention obligations require us to keep the data for a longer period.

For example, data that must be retained for tax or commercial reasons may be archived.

Specific retention and deletion times are indicated in the privacy notice for each processing activity. If multiple periods apply, the longest retention period is followed.


Rights of Data Subjects

Under the GDPR, you have various rights, particularly under Articles 15 to 21:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data.

  • Right to Withdraw Consent: You have the right to withdraw any consent given at any time.

  • Right of Access: You have the right to obtain confirmation about whether personal data concerning you is being processed and to request information about such data.

  • Right to Rectification: You have the right to request the correction of incorrect or incomplete personal data.

  • Right to Erasure and Restriction of Processing: You have the right to request that your data be deleted or the processing be restricted in accordance with legal requirements.

  • Right to Data Portability: You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe the processing of your data violates the GDPR.


Business Services

We process data from our contractual and business partners, such as customers and prospective clients, in the context of business relations. This includes fulfilling our contractual obligations, responding to inquiries, and maintaining communication.

Processed Data:

  • Inventory data (e.g., names, addresses)

  • Payment data (e.g., bank details, payment history)

  • Contact data (e.g., email addresses, phone numbers)

  • Contract data (e.g., subject matter, terms)

Purposes of Processing:

  • Performance of contractual obligations

  • Communication

  • Organizational and administrative purposes


Use of Cookies

We use cookies to enhance user experience and analyze traffic. Cookies are small files stored on your device that can store information such as login status, preferences, or tracking information.


Contact and Inquiry Management

When contacting us via email, phone, or other channels, your information is processed to respond to your inquiries.


Social Media Presence

We maintain social media profiles and process data to communicate with users and provide information. Please note that data may be processed outside the EU by the platform operators.


Changes and Updates

We may update this privacy policy from time to time in response to legal changes or changes in our processing activities. The latest version will be available on our website.


Definitions of Terms

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Controller: The entity responsible for determining the purposes and means of processing personal data.

  • Processing: Any operation performed on personal data, including collection, storage, and deletion.