DATA PROTECTION

DATA PROTECTION
We respect your privacy
DATA PROTECTION
We respect your privacy

INFORMATION TO BE PROVIDED PURSUANT TO ARTICLES 12 ET SEQ. OF THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

CONTROLLER AND SCOPE

The controller as referred to in the EU General Data Protection Regulation (GDPR) and other, national data protection laws of the member states as well as other regulations on data protection is

RSU Rating Service Unit GmbH & Co. KG
Karlstraße 35
80333 München
Tel +49/89/442340-0
Fax +49/89/442340-999
E-Mail: infos@rsu-rating.de

NAME AND ADDRESS OF DATA PROTECTION OFFICER

You can reach our data protection officer by e-mail at Datenschutzbeauftragter@rsu-rating.de, by regular mail by adding “der Datenschutzbeauftragte” to our postal address or by telephone at +49/89/442340-0.

TREATMENT OF PERSONAL DATA

The present text is to inform users about the nature, extent, and purpose of the processing of personal data by RSU Rating Service Unit GmbH & Co. KG, Karlstraße 35, 80333 München. The relevant statutory provisions on data protection are contained in the GDPR.

Since changes in legislation or to our internal processes may require us to amend this data protection statement from time to time, we would ask you to check this statement regularly.

“Personal data” as defined in Article 4 of the GDPR means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more specific properties. For example, personal data include the name, e-mail address, telephone number or IP address of an individual.

Information which we cannot connect to you (or which we could only connect to you at disproportionate cost), for example because it has been anonymized, is not personal data. Any processed personal data will be erased once the purpose of the processing has been achieved and there is no legal requirement to store the data any more.

RSU will only process personal data if this is legally permitted or the users agree to the collection of the data. If we process your personal data, the concrete operations, extent and purpose of and legal basis for the processing and the time for which the data are stored are stated below

ACCESS DATA/SERVER LOG FILES

RSU (or its web space provider) collects data on every instance in which the website is accessed (referred to as server log files). The data collected include: domain, IP address, name of website retrieved, file, date and time of retrieval, amount of data transmitted, information on success of retrieval, type and version of browser, user’s operating system, referrer URL (site previously visited) and requesting provider.

RSU only uses the log data for statistical evaluation in support of the operation, protection and optimisation of the website. However, RSU reserves the right to check the log files at a later time if there are specific indications of illegal use.

This processing of data is based on Article 6(1)(f) of the GDPR. It is necessary for maintaining a website and thus for pursuing legitimate interests of our company.

Recording the data required for operating the website and saving the data in log files is indispensable for operating an Internet page. For this reason, users cannot object to these actions. Your personal data will be erased as soon as they are no longer needed for the aforementioned purpose. If personal data are saved in log files, they are erased after three days. Data may be stored more extensively in individual cases if this is required by law.

CONTACTING RSU

If RSU is contacted by e-mail, user information is stored for the processing of the inquiry and in case further questions arise.

Your e-mail address is used to assign your message to its sender and to answer you. This processing of personal data is based on Article 6(1)(f) of the GDPR. Once the personal data gathered in this context are no longer needed, they will be erased or their processing will be restrict-ed if they must be stored by law. You may object to the future processing of your personal data at any time when contacting RSU by e-mail.

INCORPORATION OF THIRD-PARTY CONTENT AND SERVICES

Third-party content such as maps from Google Maps, RSS feeds or charts from other websites may be incorporated into this website. This always requires the providers of such content (referred to as “third-party providers” below) to know the IP addresses of the users to be able to send the content to the users’ browsers. The IP address is therefore necessary for presenting the content. While we try to incorporate only content whose providers use IP addresses only for transmitting the content, we have no way of preventing third-party providers from storing IP addresses, for example for statistical purposes. Where we know that a third-party provider stores IP addresses, we inform users accordingly.

Cookies

Cookies are small files that allow to store specific, device-related information on the users’ devices (PCs, smartphones, etc.). They help improve a website’s user friendliness, which is in the users’ interest. Some functions of our Internet page cannot be provided without the use of specific cookies needed for technical reasons. They also serve to gather and analyse statistical data on how a website is used, which helps improve that website. Users can influence the use of cookies. Most browsers provide an option to restrict or disable the storage of cookies. It should be noted, however, that the use of the website may be impaired and, in particular, the website may become less comfortable to use if cookies are disabled.

For the reasons explained above, the use of cookies is necessary for the purposes of our legitimate interests as referred to in Article 6(1)(f) of the GDPR. The personal data gathered will be erased as soon as they are no longer needed for these purposes, in particular when the cookies are disabled. If you have agreed to the use of cookies upon a note shown on our website (“cookie banner”), the legitimacy of the use of cookies is also governed by Article 6(1)(a) of the GDPR. Once the data provided to us via cookies are no longer necessary for the aforementioned purposes, they are erased. In individual cases, they may be stored more extensively if this is required by law.

Google Analytics

We use Google Analytics with this website, a Google Inc. (“Google”) web analysis service. Google Analytics uses cookies, i.e. text files stored on the user’s computer which allow to analyse how a website is used. The information on the users’ use of the website collected through cookies is usually sent to a server operated by Google in the USA and is stored there.

However, if IP anonymization is enabled for this website, the users’ IP addresses are shortened by Google for addresses from within the countries of the European Union or from other countries adhering to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address sent to a Google server in the USA and shortened there. IP anonymization is enabled for this website. Google has been tasked by the company operating this website with using the information gathered to analyse how the website is used by users, compiling reports on the activities occurring on the website and providing further services relating to the use of the website and of the Internet. We have a legitimate interest in processing data for these purposes. The legal basis for using Google Analytics is section 15, sub-section 3 (§ 15 Abs. 3) of the Ger-man Telemediengesetz (TMG) and Article 6(1)(f) of the GDPR. The data sent by us, which are linked to cookies, user identifiers (e.g. user IDs) or advertising IDs, are automatically erased after 14 months. Data whose maximum storage time has been reached are automatically erased once a month.

The IP address transmitted by the user’s browser for the purposes of Google Analytics will not be combined with other Google data. Users can prevent the storage of cookies by choosing the appropriate settings in their browsers; however, in that case the complete functionality of the website may not be available. Users can also prevent the retrieval of the data on their use of the website generated by a cookie (including their IP addresses) and the processing of these data by Google if they download and install the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de.

For further information on how Google uses data for advertising purposes as well as options regarding settings and possible objections, users should refer to the following websites: https://www.google.com/intl/de/policies/privacy/partners/ (“How Google uses data when you use our partners’ sites or apps”), https://www.google.com/policies/technologies/ads (“Advertising“), https://www.google.de/settings/ads (“Control the information Google uses to show you ads”) and https://www.google.com/ads/preferences/ (“Determine what ads Google can show you”).

As an alternative to the browser add-on or if using browsers on mobile devices, you can prevent the collection of data through Google Analytics on this website by clicking on the following link. This will cause an Opt-Out Cookie to be saved to your device. If you have deleted the cookies on your device, you need to click on the link again: https://tools.google.com/dlpage/gaoptout?hl=de

DIRECT MARKETING BY REGULAR MAIL

We process your personal data for purposes of direct marketing by regular mail. This is in our legitimate interest as referred to in Article 6(1)(f) of the GDPR, which is therefore the legal basis for the processing of your personal data in this context. Your personal data will be erased as soon as they are no longer necessary for the purpose for which they have been collected. This applies in particular if you object to our processing of your personal data.

Normally we collect the personal data from you directly. In addition we process data that we have obtained from publicly accessible sources and that we are permitted to process.

ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS

In the context of the establishment, exercise or defence of legal claims, we process your personal data to refute unfounded claims and enforce claims and rights. This is in our legitimate interest as referred to in Article 6(1)(f) of the GDPR. The legal basis for processing personal data in the context of the establishment, exercise or defence of legal claims is Article 6(1)(f) of the GDPR. Your personal data will be erased as soon as they are no longer needed for the purposes for which they have been collected. Since processing your personal data is indispensable in this context, you cannot object to it.

CATEGORIES OF RECIPIENTS

Within RSU Rating Service Unit GmbH & Co. KG, your personal data will be provided to those units that need them to achieve the purposes stated above. In addition, we make your personal data available to certain trustworthy recipients whose services we use (e.g. IT service providers). We have carefully selected and commissioned these recipients; they have agreed to comply with our instructions and are monitored on a regular basis.

EMPLOYMENT APPLICATIONS

We process the personal data of applicants during the application process. Applications can be submitted to us electronically by e-mail.

The data that you provide to us during the application process will be processed solely for the purposes of this process and will be made available only to the individuals directly involved. The data will not be passed on to any third parties. The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR in conjunction with Article 88 of the GDPR and § 26 of the Bundesdatenschutzgesetz. The data will be erased as soon as they are no longer needed for the purposes for which they have been collected and stored, need not be stored by law and are no longer required in connection with the protection and defence of potential legal claims. Applicants may withdraw their application at any time. If they do so, their application documents are disregarded in the further application process and are erased unless they must be stored by law.

RIGHTS OF THE DATA SUBJECT

If we process your personal data, you are a data subject and have the following rights with regard to the personal data concerning you:

  • Pursuant to Article 15 of the GDPR you are entitled to information about the personal data processed by us. In particular, you are entitled to information on the purposes for which the data are processed, the categories of personal data processed, the categories of recipients to which your data are or were disclosed, the period for which the data are intended to be stored, any existing right to rectification, erasure or restriction of processing, right to object and right to lodge a complaint, the source of your data if your data have not been collected at our company, and any transfer to a third country or an international organisation. You are also entitled to information about whether there is an automated decision-making system, including profiling, and to meaningful details on any such system.
  • Pursuant to Article 16 of the GDPR you are entitled to have any inaccurate personal data about you that we have stored corrected and to have any incomplete personal data about you that we have stored completed without undue delay.
  • Pursuant to Article 17 of the GDPR you are entitled to have your personal data stored by us erased unless processing the data is necessary for exercising freedom of speech and information, complying with legal obligations or establishing, exercising or defending legal claims or is in the public interest.
  • Pursuant to Article 18 of the GDPR you may restrict the way in which we can process your personal data if you contest the accuracy of the data, the data are processed unlawfully or we do not need the data any more and you object to their erasure because you need them for the establishment, exercise or defence of legal claims. This applies even if you have objected to the processing of your personal data on the grounds set forth in Article 21 of the GDPR.
  • Pursuant to Article 20 of the GDPR you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have the data transmitted to a different controller.
  • Pursuant to Article 7(3) of the GDPR you may withdraw your consent at any time, in which case we are prohibited from processing the data based on such consent in the future.
  • Pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, this may be the competent authority at your habitual residence, your place of work or our registered seat.The competent protection supervisory authority is:
    Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
    Promenade 27
    91522 Ansbach
    Germany
    Phone: +49 (0) 981 53 1300
    Fax: +49 (0) 981 53 98 1300
    E-Mail: poststelle@lda.bayern.de

RIGHT TO OBJECT

If your personal data are processed for the purposes of legitimate interests of our company in accordance with Article 6(1)(f) of the GDPR, you may object to the processing of your personal data pursuant to Article 21 of the GDPR on grounds relating to your particular situation or because you object to direct marketing activities. In the case of direct marketing you have a general right to object, with which we will comply without any need for you to invoke your particular situation. RSU will then stop processing these personal data unless RSU demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms in question or RSU needs to process the data for the establishment, exercise or defence of legal claims.

DATA SECURITY AND SAFEGUARDS

We undertake to protect your privacy and treat your personal data as confidential. To prevent any manipulation, loss or abuse of the data stored in our systems we take extensive technical and organisational precautions, which we check and update to state-of-the-art level on a regular basis. This includes the use of acknowledged encryption methods (SSL or TLS). However, please be aware that due to the structure of the Internet there may be persons or institutions outside our area of responsibility which disregard data protection rules or fail to observe the aforementioned precautions. In particular, third parties may have access to data that are made available unencrypted, for example via e-mail. We have no way of preventing this by technical means. Users are responsible for protecting the data they make available, for example by means of encryption.