1. Data protection at a glance
General notices
The following notices provide a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified. You will find detailed information about data protection in our privacy statement provided under this text.
Data collection on this website
Who is responsible for the data collected on this website?
The website operator processes data on this website. You can find their contact details in the section “Information on the data controller” in this privacy statement.
How do we collect your data?
We collect data that you communicate to us. This may be data that you fill in a contact form, for example.
Other data is collected automatically or after you have given consent by our IT systems when you visit our website. This is mainly technical data (e.g. internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter this website.
What do we use your data for?
We collect some of your data to ensure that we can provide the website without any errors. Other data may be used to analyse the way you use the website.
What are your rights concerning your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent for the future at any time. Furthermore, you have the right to demand that we restrict the processing of your personal data under certain circumstances. You also have the right of appeal to the competent supervisory authority.
You can contact us at any time with this and other questions concerning data protection.
Analysis tools and third-party provider tools
Your surfing behaviour on our website can be analysed statistically. This is done primarily with so-called analytics programs.
You will find detailed information on these analytics programs in the following privacy statement.
2. Hosting
IONOS
We host our website with IONOS SE. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter: IONOS). When you visit our website, IONOS collects various log files including your IP addresses. For details, please refer to the IONOS privacy statement: https://www.ionos.de/terms-gtc/terms-privacy.
IONOS is used on the basis of Art. 6(1) f) GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1) a) GDPR and section 25 (1) of the German Telecommunications, Telemedia and Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Commissioned data processing
We have concluded a commissioned data processing agreement (AVV) with the above provider. This is an agreement required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.
3. General and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data with confidentiality in compliance with the legal regulations and this privacy statement.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to emphasise that data transmission over the internet (e.g. communication by email) may have security gaps. It is not possible to guarantee absolute protection of data against access by third parties.
Note on the data controller
The data controller for data processing on this website is:
Ritzenhoefer GmbH
Königsallee 2b
40212 Düsseldorf
Germany
Telephone: +49 (0)211 54234 835
Email: info@ritzenhoefer.com
The data controller is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Storage period
Unless a more specific storage period has been specified within this privacy statement, your personal data will remain with us until the purpose for which it was collected ceases to apply. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons have ceased to exist.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1) a) GDPR or Art. 9(2) a) GDPR if special categories of data are being processed in accordance with Art. 9(1) GDPR. If you have consented to cookie storage or to access to information in your terminal device (e.g. via device fingerprinting), the data processing is also carried out on the basis of section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1) b) GDPR. Furthermore, we process your data on the basis of Art. 6(1) c) GDPR if this is necessary for the fulfilment of a legal obligation. The data processing may also be based on our legitimate interest pursuant to Art. 6(1) f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy statement.
Data protection officer
We have appointed a data protection officer for our company.
RPA Datenschutz + Compliance GmbH
Mr Henning Koch and Mr Ilja Borchers
Franzenburg 48
35578 Wetzlar
Germany
Telephone: +49 (0)6441 671000
Email: datenschutz@ritzenhoefer.com
Notice on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For instance, US companies are obliged to hand over personal data to security agencies without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US agencies (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You may revoke any consent you have already given at any time. The legality of the data processing up to the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1) E) OR F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY STATEMENT. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PROCESSING IS FOR THE PURPOSES OF ASSERTING, EXERCISING OR DEFENDING LEGAL RIGHTS/CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right of appeal to the competent supervisory authority
In the event of infringements of the GDPR, the data subjects have the right to appeal to a supervisory authority, in particular in the Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data, which we process automatically based on your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another data controller, this will only take place if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Access, erasure and rectification
Within the scope of applicable statutory provisions, you have the right to free information about your stored personal data, its source and recipient, and the purpose of data processing and, if necessary, a right to rectification or erasure of this data. You can contact us at any time with this and other questions concerning personal data.
Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data has taken/is taking place unlawfully, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have filed an objection in accordance with Art. 21(1) GDPR, your interests must be weighed against ours. As long as it is not yet clear whose interests shall prevail, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, such data may – apart from its storage – only be processed with your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons pertaining to an important public interest of the European Union or a Member State.
4. Data collection on this website
Cookies
Our webpages use so-called cookies. Cookies are small text files and do not cause any damage on your terminal device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or displaying videos). Other cookies are used to evaluate user behaviour or display advertisements.
Cookies that are required to implement the electronic communication process to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1) f) GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of necessary cookies for technically accurate and optimised provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, the storage is based exclusively on this consent (Art. 6(1) a) GDPR and section 25 (1) TTDSG); consent may be revoked at any time.
You can customise your browser in such a way that you are informed of the placement of cookies and permit cookies only in individual cases, block the acceptance of cookies for certain cases or generally as well as activate the automatic deletion of cookies when the browser is closed. Deactivating cookies may limit the functionality of this website.
Insofar as cookies are used by third-party companies or for the purposes of analysis, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This is information about the:
- browser type and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- the time of the server request
- IP address
This data is not combined with other data sources.
This data is collected on the basis of Art. 6(1) f) GDPR. The website operator has a legitimate interest in presenting and optimising its website in a manner free of technical errors – for this purpose the server log files must be recorded.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not disclose this data without your consent.
This data is processed on the basis of Art. 6(1) b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6(1) f) GDPR) or on your consent (Art. 6(1) a) GDPR), provided that this consent has been requested.
The data you sent to us via contact enquiries remain with us, till you ask us to erase it, you withdraw your consent to storage or the purpose for which data has been stored no longer applies (e.g. after successfully handling your request). Mandatory legal provisions – including but not limited to statutory retention periods – remain unaffected.
5. In-house services
Handling of applicant data
We offer you the opportunity to apply to us (e.g. by email, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be handled with the utmost confidentiality.
We use the Personio platform (https://www.personio.de) for our application procedure. This service is provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. The Personio Data Privacy Policy is available here: https://www.personio.de/datenschutzerklaerung/.
Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is section 26 of the German Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1) b) GDPR (general contract initiation) and – if you have given your consent – Art. 6(1) a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of section 26 BDSG and Art. 6(1) b) GDPR for the purpose of implementing the employment relationship.
Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6(1) f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data is then deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an imminent or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6(1) a) GDPR) or if legal storage obligations prevent deletion.
Commissioned data processing
We have concluded a commissioned data processing agreement (AVV) with the above provider. This is an agreement required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.
6. Other service providers
For the creation and administration of the website, we use another service provider based in Germany.
Commissioned data processing
We have concluded a commissioned data processing agreement (AVV) with the above service provider. This is an agreement required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.
7. Our social media pages
Data processing by social networks
We maintain publicly accessible profiles on social networks. All the social networks we use can be found below.
Social networks such as Facebook, Twitter, etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous processing operations relevant to data protection. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we are not able to track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media pages are designed to ensure the broadest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6(1) f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) a) GDPR).
Data controller and assertion of rights
If you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered during this visit. Generally, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and appeal) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device till you delete them. Mandatory legal provisions – including retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please seek out information directly from the operators of the social networks (e.g. in their privacy statement, see below).
Social networks in detail
XING and Kununu
We have a profile on XING and Kununu. The provider is NEW WORK SE, Am Strandkai 1, 20457 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy statement: https://privacy.xing.com/de/datenschutzerklaerung.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal data, please refer to LinkedIn’s privacy statement: https://www.linkedin.com/legal/privacy-policy.