Data privacy statement
in accordance with the GDPR
for the company Richard Brink GmbH & Co. KG
I Name and address of the data controller
The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data privacy acts effective in the EU member states as well as other provisions under data protection law is:
Richard Brink GmbH & Co. KG
Metalware Production and Sales
Görlitzer Strasse 1
33758 Schloss Holte-Stukenbrock
Germany
Tel.: +49 (0)5207 / 9504-0
Email: info@richard-brink.de
Website: www.richard-brink.de
Please also refer to the mandatory information available in the imprint.
II Name and address of the data protection officer
The controller’s data protection officer is:
Alfred Leingang
ERP&IT Service GmbH
Sunderweg 8
33649 Bielefeld
Germany
Tel.: +49 (0)521 95036013
Website: www.erpit-service.de
Email: datenschutz(at)richard-brink.de
III General information on data processing
1. Extent to which personal data is processed
We generally process our users’ personal data only to the extent required to provide a fully functioning website together with our content and services. As a general rule, our users’ personal data is processed only after obtaining the user’s consent. Exceptions apply in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is legally permitted.
2. Legal basis for processing personal data
Article 6 (1) letter a of the GDPR serves as the legal basis in cases where we obtain consent for processing operations from the data subject relating to their personal data.
Article 6 (1) letter b of the GDPR serves as the legal basis for processing personal data required to perform a contract. This also applies for processing operations necessary for implementing pre-contractual measures.
Article 6 (1) letter c of the GDPR serves as the legal basis if personal data have to be processed in order to comply with a legal obligation to which our company is subject.
Article 6 (1) letter d of the GDPR serves as the legal basis in the case that processing personal data is made necessary in order to protect the vital interests of the data subject or of another natural person.
Article 6 (1) letter f of the GDPR serves as the legal basis for processing data where this is required in order to maintain a legitimate interest pursued by our company or a third party and where the interests and fundamental rights and freedoms of the data subject do not override this interest.
3. Deletion of data and storage period
The data subject’s personal data will be deleted or blocked as soon as the purpose for storage is no longer applicable. Moreover, personal data may be stored where this is provided for by the European or national legislator in the form of regulations, laws or other provisions compliant with EU law to which the controller is subject (e.g. legal duties to preserve records in accordance with commercial or tax law provisions). The data is also blocked or deleted when a storage period prescribed by the named standards expires, unless there is a need for the continued storage of the data in concluding or fulfilling a contract.
IV Provision of the website and creation of log files
1. Description and extent of data processing
Our system automatically records data and information from the computer system of the accessing computer every time our website is accessed.
(1) Information about the browser type and version in use
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites that directed the user’s system to our website
(7) Websites called up by the user’s system via our website
These data are also stored in our system’s log files. The data described above are not stored together with other personal data connected to the user.
2. Legal basis for data processing
Article 6 (1) letter f of the GDPR serves as the legal basis for the temporary storage of data and log files.
3. Purpose of data processing
The temporary storage of the IP address by the system is required in order to enable the user’s computer to access the website. The user’s IP address therefore has to be stored for the duration of the session.
Storage takes place in log files so as to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes constitute our legitimate interest in data processing in accordance with Article 6 (1) letter f of the GDPR.
4. Storage duration
The data are deleted as soon as they are no longer required to fulfil the purpose of their collection. Where data are collected in order to provide a fully functioning website, this is when the respective session has ended. Where data is stored in log files, this is after a period of no more than fourteen (14) days. Storage beyond this time is possible. In this case, the users’ IP addresses are deleted or anonymised so the accessing client can no longer be attributed. Item III.3 shall otherwise apply.
5. Objection and deletion options
The collection of data in order to provide a fully functioning website and the storage of data in log files is absolutely vital to the operation of the website. The user is therefore unable to object to such collection and storage of data.
V Use of cookies
a) Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the user’s internet browser and/or on the user’s computer system by the internet browser. If a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a series of characters that enable the browser to be unambiguously identified when accessing the same website at a later time.
We use cookies in order to make our website more user friendly. Several elements of our website demand that the accessing browser is also able to be identified when changing web page.
The following data are stored and transmitted in the cookies:
(1) Session ID
(2) Login data
(3) Language selection
(4) Miscellaneous
Moreover, we use cookies on our website that enable the user’s surfing behaviour to be analysed.
The following data are thus able to be transmitted:
(1) Entered search terms
(2) Frequency of site views
(3) Use of website functions
Precautionary technical measures are in place that pseudonymise the user’s data collected in this way. This means the data can no longer be assigned to the accessing user. The data is not stored together with the user’s other personal data.
On accessing our website, an info banner informs the user about the use of cookies for analysis purposes and makes reference to this data privacy statement. In this context, information is also provided on how the storage of cookies can be prevented in the browser settings.
b) Legal basis for data processing
Article 6 (1) letter f of the GDPR serves as the legal basis for the processing of personal data using technically necessary cookies.
Article 6 (1) letter a of the GDPR serves as the legal basis for the processing of personal data using cookies for analysis purposes if the user has consented to such processing.
c) Purpose of data processing
Technically necessary cookies are deployed to make it easier for the user to use websites. Several functions of our website cannot be provided without using cookies. The browser also has to be recognisable even after navigating to a new web page.
We require cookies for the following uses:
(1) to maintain language settings
(2) to save the session ID
The user data collected by the technically necessary cookies are not used to create user profiles.
We use analysis cookies in order to improve the quality of our website and its content. These analysis cookies allow us to see how the website is utilised, enabling us to constantly improve our online presence.
These purposes constitute our legitimate interest in processing personal data in accordance with Article 6 (1) letter f of the GDPR.
d) Duration of storage, objection and deletion options
Cookies are stored on the user’s computer and transmitted from there to our website. This means that you, as the user, have complete control of the way in which cookies are used. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be done automatically. If the use of cookies is deactivated for our website, the respective functions may potentially no longer be provided in full. Item III.3 shall otherwise apply.
VI Email contact
1. Description and extent of data processing
Contact can be taken up with our company using the email addresses provided on our website. In this case, the personal data transmitted with the email are stored and processed.
These data are not provided to third parties in this connection. The data are used solely for the purposes of the email exchange.
2. Legal basis for data processing
Article 6 (1) letter f of the GDPR serves as the legal basis for processing data transmitted through an email exchange. If the email exchange aims at concluding a contract, Article 6 (1) letter b of the GDPR shall serve as an additional legal basis for data processing.
3. Purpose of data processing
The processing of personal data from such emails serves solely to handle the contact. If contact is made by email, this also constitutes the required legitimate interest in processing the data.
Other personal data processed as part of the email exchange serve to prevent misuse and ensure the security of our information technology systems.
4. Duration of storage
The data are deleted as soon as they are no longer required to fulfil the purpose of their collection. This is the case for personal data sent by email once the respective exchange with the user has ended. The exchange is deemed ended as soon as it can be deduced from the circumstances that the issue at hand has been conclusively dealt with.
Any additional personal data collected as part of the email exchange will be deleted after a period of no more than seven days. Item III.3 shall otherwise apply.
5. Objection and deletion options
The user may withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In this case, however, the email exchange cannot be continued.
To request the deletion of the data, please send an email to datenloeschung(at)richard-brink.de
All personal data stored upon making contact will then be deleted. Item III.3 shall otherwise apply.
VII Rights of the data subject
If your personal data are processed, you are the data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:
1. right of access pursuant to Article 15 of the GDPR,
2. right to rectification or erasure pursuant to Articles 16 and 17 of the GDPR,
3. right to restriction of processing pursuant to Article 18 of the GDPR,
4. right to data portability pursuant to Article 20 of the GDPR,
5. right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data,
6. right to withdraw your consent with effect for the future pursuant to Article 7 (3) of the GDPR,
7. special right to object.
You have the right to object at any time, on grounds relating to your specific situation, to the processing of your personal data based on Article 6 (1) letters e or f of the GDPR; this shall also apply to profiling based on the same provisions.
The data controller shall then no longer process your personal data unless they are able to demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or unless such processing serves to assert, exercise or defend legal claims.
If your personal data are processed for direct marketing purposes, you shall have the right to object, at any time, to the processing of your personal data for such marketing purposes; the same shall apply for profiling to the extent that it is connected to such direct marketing measures.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
VIII Use of Google Analytics
1. This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", i.e. text files that are stored on your computer and analyse how you use the website. The information generated by the cookie regarding your website use is generally transferred to a Google server in the US, where it is then stored. If IP anonymisation is activated for this website, your IP address will, however, first be truncated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and then truncated. Google will use this information on behalf of the operator of this website in order to analyse how you use the website, to compile reports on website activity and to provide the website operator with additional services associated with the use of the website and the Internet.
2. The IP address communicated by your browser in the context of Google Analytics will not be merged with other Google data.
3. You can prevent cookies from being stored by adjusting the respective browser software setting; however, please note that doing so may limit the functionality of this website. You can also prevent data generated by cookies and data related to your website use (incl. your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en-GB.
4. As an alternative to the browser add-on, especially for browsers on mobile end devices, you can also prevent data from being collected by Google Analytics by using the link < a href="javascript:gaOptout()">Google Analytics deaktivieren</a>. This generates an "opt-out cookie", which prevents your data from being collected in the future when visiting this website. The opt-out cookie will be stored on your device and is effective only in the same browser for the same website. If you delete the cookies in this browser, you will have to generate the opt-out cookie again.
Besides this, for mobile end devices in particular, we use the function “ga-disable-UA-XXXXXX-Y”.
Further information on data protection in connection with Google Analytics can be found, for example, in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
5. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in a truncated form without referring directly to specific individuals. If any of the data collected about you contains information of a personal nature, it will thus be excluded immediately and the personal data will be promptly deleted.
6. We use Google Analytics in order to analyse and regularly improve the use of our website. We can improve our online presence and make our site more interesting for you as the user based on the statistics we receive. If, in exceptional cases, personal data is transferred to the US, Google has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Article 6 (1) clause 1 letter f of the GDPR serves as the legal basis for the use of Google Analytics.
8. Details of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 1 436 1001. Terms of service: http://www.google.com/analytics/terms/us.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/en/policies/privacy.
9. This website also uses Google Analytics for analysing visitor streams across devices (Universal Analytics), which is done based on a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
IX Integration of YouTube videos
1. We have integrated YouTube videos in our online presence that are stored to http://www.youtube.com and can be watched directly on our website. All of these videos are covered by the “expanded data protection mode”, i.e. none of your user data is transferred to YouTube if you do not play the videos. Only upon playing the videos will the data referred to under point 2 be transferred. We cannot influence this data transmission.
2. On visiting its website, YouTube receives the information that you have accessed our website’s corresponding subpage. The data listed under Section IV of this statement – “Provision of the website and creation of log files” – will also be transmitted. This will happen regardless of whether you are logged into a user account provided by YouTube or whether no user account exists.
If you are logged into Google, your data is directly attributed to your account. If you do not want your data to be attributed to your YouTube profile, you must first log out before activating the button.
YouTube saves your data in the form of usage profiles, which it uses for advertising, market research, and/or the needs-based design of its website. This kind of evaluation is carried out in particular (also for users who are not logged in) to facilitate customer-driven advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this type of user profile, however this right may only be exercised by addressing YouTube directly.
3. Further information on the purpose and scope of data collection and processing by YouTube can be found in the data privacy statement. The data privacy statement also contains further information about your rights and also setting options that can be used to protect your privacy: https://www.google.de/intl/en/policies/privacy. Google also processes your personal data in the US and has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
X Social Media
We are present on YouTube, Pinterest, LinkedIn and Google. We do not use any social media plug-ins on our website so as to avoid uncontrolled data streams to these networks. Instead, we solely refer to our presence on these sites. We therefore urge you to refer to and familiarise yourself with the terms of service and data protection regulations in place for these websites and platforms, before visiting them if possible.
XI Newsletter
1. On providing your consent, you can subscribe to our newsletter and find out about our latest interesting offers. The advertised goods and services are outlined in the declaration of consent.
2. To register for our newsletter, we use what is known as a double opt-in procedure. This means that after registering, we will send you an email to the email address provided, asking you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 24 hours, your information will be disabled before being automatically deleted after one month. Furthermore, we store your IP address(es) and the times of your registration and confirmation. This procedure aims to verify your registration and, where necessary, flag up any misuse of your personal data.
3. The only information that must be provided in order to receive the newsletter is your email address. Any further, separately marked fields may be completed voluntarily and will be used to address you personally. After your confirmation, we will save your email address in order to send out the newsletter. Article 6 (1) clause 1 letter a of the GDPR serves as the legal basis here.
4. You can withdraw your consent to receive the newsletter and unsubscribe at any time. You can do this by clicking the link provided in every newsletter email, by completing this form on the website, by sending an email to newsletter(at)richard-brink.de or by sending a message using the contact information provided in the imprint.
XII Contact form
You can send us queries using our contact form. The transmission of your entered data is protected by a current encryption standard (at present: SSL).
Only the fields marked “mandatory” have to be filled out. Any other information can be provided voluntarily.
Regardless of whether the information provided is voluntary or mandatory, it will be collected, processed and stored solely for the purpose of handling your query. We will not share this data with third parties without your consent. Your data will be deleted as soon as your query has been dealt with; otherwise it will be stored in compliance with this data privacy statement.