Data Policy
Privacy Policy
Effective Date: September 28, 2024
Table of Contents
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
General Information on Data Retention and Deletion
Rights of Data Subjects
Business Services
Business Processes and Procedures
Use of Cookies
Contact and Inquiry Management
Social Media Presence
Changes and Updates
Definitions of Terms
Controller
Raw36 GmbH
Lüpertzender Straße 55,
41061 Mönchengladbach, Germany
Email Address: maxrilling@raw36.com
Phone: +49 1520 33 60 876
Imprint: Impressum
Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects.
Types of Processed Data:
Inventory data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication, and procedural data
Categories of Data Subjects:
Service recipients and clients
Prospective clients
Communication partners
Users
Business and contractual partners
Purposes of Processing:
Performance of contractual services and fulfillment of contractual obligations
Communication
Office and organizational procedures
Organizational and administrative procedures
Feedback
Provision of our online offering and user-friendliness
Public relations
Business processes and economic procedures
Relevant Legal Bases
According to GDPR, we provide an overview of the legal bases on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country or ours. If special legal bases are applicable, we will inform you in the privacy policy.
Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided these interests do not override the rights and freedoms of the data subject.
National Data Protection Regulations in Germany:
In addition to the GDPR, national regulations apply in Germany, particularly the Federal Data Protection Act (BDSG), which contains specific rules on data access rights, deletion rights, and the processing of special categories of personal data.
Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the latest technology, implementation costs, nature, scope, context, and purposes of processing, and the varying likelihood and severity of risk to the rights and freedoms of natural persons.
These measures include ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, and by ensuring data input, transfer, and backup. Additionally, we have procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats.
IP Address Masking:
If we or our service providers process IP addresses and a full IP address is not necessary, the IP address will be shortened (IP masking). The last digits or parts of the IP address are removed or replaced to prevent personal identification.
TLS/SSL Encryption:
We use TLS/SSL encryption (HTTPS) to protect the data transmitted between our online services and the users.
General Information on Data Retention and Deletion
We delete personal data in accordance with legal requirements as soon as the consent is withdrawn or there is no longer a legal basis for processing. This includes cases where the purpose for which the data was processed is no longer relevant. Exceptions apply if legal retention obligations require us to keep the data for a longer period.
For example, data that must be retained for tax or commercial reasons may be archived.
Specific retention and deletion times are indicated in the privacy notice for each processing activity. If multiple periods apply, the longest retention period is followed.
Rights of Data Subjects
Under the GDPR, you have various rights, particularly under Articles 15 to 21:
Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data.
Right to Withdraw Consent: You have the right to withdraw any consent given at any time.
Right of Access: You have the right to obtain confirmation about whether personal data concerning you is being processed and to request information about such data.
Right to Rectification: You have the right to request the correction of incorrect or incomplete personal data.
Right to Erasure and Restriction of Processing: You have the right to request that your data be deleted or the processing be restricted in accordance with legal requirements.
Right to Data Portability: You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe the processing of your data violates the GDPR.
Business Services
We process data from our contractual and business partners, such as customers and prospective clients, in the context of business relations. This includes fulfilling our contractual obligations, responding to inquiries, and maintaining communication.
Processed Data:
Inventory data (e.g., names, addresses)
Payment data (e.g., bank details, payment history)
Contact data (e.g., email addresses, phone numbers)
Contract data (e.g., subject matter, terms)
Purposes of Processing:
Performance of contractual obligations
Communication
Organizational and administrative purposes
Use of Cookies
We use cookies to enhance user experience and analyze traffic. Cookies are small files stored on your device that can store information such as login status, preferences, or tracking information.
Contact and Inquiry Management
When contacting us via email, phone, or other channels, your information is processed to respond to your inquiries.
Social Media Presence
We maintain social media profiles and process data to communicate with users and provide information. Please note that data may be processed outside the EU by the platform operators.
Changes and Updates
We may update this privacy policy from time to time in response to legal changes or changes in our processing activities. The latest version will be available on our website.
Definitions of Terms
Personal Data: Any information relating to an identified or identifiable natural person.
Controller: The entity responsible for determining the purposes and means of processing personal data.
Processing: Any operation performed on personal data, including collection, storage, and deletion.