DATA PROTECTION

DATA PROTECTION
We respect your privacy
DATA PROTECTION
We respect your privacy

INFORMATION TO BE PROVIDED PURSUANT TO ARTICLES 12 ET SEQ. OF THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

INFORMATION TO BE PROVIDED PURSUANT TO ARTICLES 12 ET SEQ. OF THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

CONTROLLER AND SCOPE

The controller as referred to in the EU General Data Protection Regulation (GDPR) and other, national data protection laws of the member states as well as other regulations on data protection is

RSU Rating Service Unit GmbH & Co. KG
Karlstraße 35
80333 München
Tel +49/89/442340-0
Fax +49/89/442340-999
E-Mail: infos@rsu-rating.de

NAME AND ADDRESS OF DATA PROTECTION OFFICER

You can reach our data protection officer by e-mail at Datenschutzbeauftragter@rsu-rating.de, by regular mail by adding “der Datenschutzbeauftragte” to our postal address or by telephone at +49/89/442340-0.

TREATMENT OF PERSONAL DATA

The present text is to inform users about the nature, extent, and purpose of the processing of personal data by RSU Rating Service Unit GmbH & Co. KG, Karlstraße 35, 80333 München. The relevant statutory provisions on data protection are contained in the GDPR.

Since changes in legislation or to our internal processes may require us to amend this data protection statement from time to time, we would ask you to check this statement regularly.

“Personal data” as defined in Article 4 of the GDPR means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more specific properties. For example, personal data include the name, e-mail address, telephone number or IP address of an individual.

Information which we cannot connect to you (or which we could only connect to you at disproportionate cost), for example because it has been anonymized, is not personal data. Any processed personal data will be erased once the purpose of the processing has been achieved and there is no legal requirement to store the data any more.

RSU will only process personal data if this is legally permitted or the users agree to the collection of the data. If we process your personal data, the concrete operations, extent and purpose of and legal basis for the processing and the time for which the data are stored are stated below

ACCESS DATA/SERVER LOG FILES

RSU (or its web space provider) collects data on every instance in which the website is accessed (referred to as server log files). The data collected include: domain, IP address, name of website retrieved, file, date and time of retrieval, amount of data transmitted, information on success of retrieval, type and version of browser, user’s operating system, referrer URL (site previously visited) and requesting provider.

RSU only uses the log data for statistical evaluation in support of the operation, protection and optimisation of the website. However, RSU reserves the right to check the log files at a later time if there are specific indications of illegal use.

This processing of data is based on Article 6(1)(f) of the GDPR. It is necessary for maintaining a website and thus for pursuing legitimate interests of our company.

Recording the data required for operating the website and saving the data in log files is indispensable for operating an Internet page. For this reason, users cannot object to these actions. Your personal data will be erased as soon as they are no longer needed for the aforementioned purpose. If personal data are saved in log files, they are erased after three days. Data may be stored more extensively in individual cases if this is required by law.

CONTACTING RSU

If RSU is contacted by e-mail, user information is stored for the processing of the inquiry and in case further questions arise.

Your e-mail address is used to assign your message to its sender and to answer you. This processing of personal data is based on Article 6(1)(f) of the GDPR. Once the personal data gathered in this context are no longer needed, they will be erased or their processing will be restrict-ed if they must be stored by law. You may object to the future processing of your personal data at any time when contacting RSU by e-mail.

INCORPORATION OF THIRD-PARTY CONTENT AND SERVICES

Third-party content such as maps from Google Maps, Google Webfonts, RSS feeds or charts from other websites may be incorporated into this website. This always requires the providers of such content (referred to as “third-party providers” below) to know the IP addresses of the users to be able to send the content to the users’ browsers. The IP address is therefore necessary for presenting the content. While we try to incorporate only content whose providers use IP addresses only for transmitting the content, we have no way of preventing third-party providers from storing IP addresses, for example for statistical purposes. Where we know that a third-party provider stores IP addresses, we inform users accordingly.

Details on how Google Maps processes data are given in Google’s notes on data protection: https://www.google.com/intl/de_de/help/terms_maps.html

Details on Google Web Fonts are given at https://developers.google.com/fonts/faq and in Google’s data protection statement: https://www.google.com/policies/privacy/.

Cookies

Cookies are small files that allow to store specific, device-related information on the users’ devices (PCs, smartphones, etc.). They help improve a website’s user friendliness, which is in the users’ interest. Some functions of our Internet page cannot be provided without the use of specific cookies needed for technical reasons. They also serve to gather and analyse statistical data on how a website is used, which helps improve that website. Users can influence the use of cookies.

For details on the use of cookies on our website click here Cookie Policy and for individual cookie settings HERE.

DIRECT MARKETING BY REGULAR MAIL

We process your personal data for purposes of direct marketing by regular mail. This is in our legitimate interest as referred to in Article 6(1)(f) of the GDPR, which is therefore the legal basis for the processing of your personal data in this context. Your personal data will be erased as soon as they are no longer necessary for the purpose for which they have been collected. This applies in particular if you object to our processing of your personal data.

Normally we collect the personal data from you directly. In addition we process data that we have obtained from publicly accessible sources and that we are permitted to process.

ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS

In the context of the establishment, exercise or defence of legal claims, we process your personal data to refute unfounded claims and enforce claims and rights. This is in our legitimate interest as referred to in Article 6(1)(f) of the GDPR. The legal basis for processing personal data in the context of the establishment, exercise or defence of legal claims is Article 6(1)(f) of the GDPR. Your personal data will be erased as soon as they are no longer needed for the purposes for which they have been collected. Since processing your personal data is indispensable in this context, you cannot object to it.

CATEGORIES OF RECIPIENTS

Within RSU Rating Service Unit GmbH & Co. KG, your personal data will be provided to those units that need them to achieve the purposes stated above. In addition, we make your personal data available to certain trustworthy recipients whose services we use (e.g. IT service providers). We have carefully selected and commissioned these recipients; they have agreed to comply with our instructions and are monitored on a regular basis.

EMPLOYMENT APPLICATIONS

We process the personal data of applicants during the application process. Applications can be submitted to us electronically by e-mail.

The data that you provide to us during the application process will be processed solely for the purposes of this process and will be made available only to the individuals directly involved. The data will not be passed on to any third parties. The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR in conjunction with Article 88 of the GDPR and § 26 of the Bundesdatenschutzgesetz. The data will be erased as soon as they are no longer needed for the purposes for which they have been collected and stored, need not be stored by law and are no longer required in connection with the protection and defence of potential legal claims. Applicants may withdraw their application at any time. If they do so, their application documents are disregarded in the further application process and are erased unless they must be stored by law.

RIGHTS OF THE DATA SUBJECT

If we process your personal data, you are a data subject and have the following rights with regard to the personal data concerning you:

  • Pursuant to Article 15 of the GDPR you are entitled to information about the personal data processed by us. In particular, you are entitled to information on the purposes for which the data are processed, the categories of personal data processed, the categories of recipients to which your data are or were disclosed, the period for which the data are intended to be stored, any existing right to rectification, erasure or restriction of processing, right to object and right to lodge a complaint, the source of your data if your data have not been collected at our company, and any transfer to a third country or an international organisation. You are also entitled to information about whether there is an automated decision-making system, including profiling, and to meaningful details on any such system.
  • Pursuant to Article 16 of the GDPR you are entitled to have any inaccurate personal data about you that we have stored corrected and to have any incomplete personal data about you that we have stored completed without undue delay.
  • Pursuant to Article 17 of the GDPR you are entitled to have your personal data stored by us erased unless processing the data is necessary for exercising freedom of speech and information, complying with legal obligations or establishing, exercising or defending legal claims or is in the public interest.
  • Pursuant to Article 18 of the GDPR you may restrict the way in which we can process your personal data if you contest the accuracy of the data, the data are processed unlawfully or we do not need the data any more and you object to their erasure because you need them for the establishment, exercise or defence of legal claims. This applies even if you have objected to the processing of your personal data on the grounds set forth in Article 21 of the GDPR.
  • Pursuant to Article 20 of the GDPR you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have the data transmitted to a different controller.
  • Pursuant to Article 7(3) of the GDPR you may withdraw your consent at any time, in which case we are prohibited from processing the data based on such consent in the future.
  • Pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, this may be the competent authority at your habitual residence, your place of work or our registered seat.The competent protection supervisory authority is:
    Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
    Promenade 27
    91522 Ansbach
    Germany
    Phone: +49 (0) 981 53 1300
    Fax: +49 (0) 981 53 98 1300
    E-Mail: poststelle@lda.bayern.de

RIGHT TO OBJECT

If your personal data are processed for the purposes of legitimate interests of our company in accordance with Article 6(1)(f) of the GDPR, you may object to the processing of your personal data pursuant to Article 21 of the GDPR on grounds relating to your particular situation or because you object to direct marketing activities. In the case of direct marketing you have a general right to object, with which we will comply without any need for you to invoke your particular situation. RSU will then stop processing these personal data unless RSU demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms in question or RSU needs to process the data for the establishment, exercise or defence of legal claims.

DATA SECURITY AND SAFEGUARDS

We undertake to protect your privacy and treat your personal data as confidential. To prevent any manipulation, loss or abuse of the data stored in our systems we take extensive technical and organisational precautions, which we check and update to state-of-the-art level on a regular basis. This includes the use of acknowledged encryption methods (SSL or TLS). However, please be aware that due to the structure of the Internet there may be persons or institutions outside our area of responsibility which disregard data protection rules or fail to observe the aforementioned precautions. In particular, third parties may have access to data that are made available unencrypted, for example via e-mail. We have no way of preventing this by technical means. Users are responsible for protecting the data they make available, for example by means of encryption.

Munich, November 2019