Name and contact of the data controller in accordance with Article 4 Para. 7 GDPR
Rudnick & Enners
Maschinen- und Anlagenbau GmbH
Am Wehrholz 9
57642 Alpenrod, Germany
Phone: +49 2662 8007-0
Fax: +49 2662 2613
Mr. Sven Rudnick
Data Protection Officer:
Am Wehrholz 9
57642 Alpenrod, Germany
Phone: +49 (0) 2662 8007-0
Security and protection of your personal data
We consider it our primary task to safeguard the confidentiality of the personal data you provide and to protect it against unauthorised access. We therefore apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European Union’s General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by our external service providers.
Definitions of terms
The legislator requires that personal data be processed in a lawful manner, in good faith and in a manner that is comprehensible to the person concerned (“lawfulness, processing in good faith, transparency”). To ensure this, we shall inform you about the individual legal definitions, which are also used in this data protection declaration:
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “affected person”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” refers to any operation or set of operations which is performed on personal data or on sets of personal data, with or without automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of transfer, comparison or linking, limitation, deletion or destruction.
Limitation of processing
“Limitation of processing” refers to marking stored personal data with the aim of limiting their processing in the future.
“Profiling” refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation” refers to personal data processing in such a manner that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“File system” refers to any structured set of personal data which is accessible according to specific criteria, whether this collection is arranged on a centralised, decentralised or functional or geographical basis.
“Data controller” refers to the natural or legal person, public authority, agency or other body, which, alone or jointly with others, determines the purposes and means of personal data processing; if the purposes and means of such processing are determined by European Union (EU) or member state laws, the data controller or the specific criteria for their nomination may be provided for by European Union or member state laws.
“Order processor” refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
“Recipient” refers to a natural or legal person, public authority, agency or another body that the personal data are disclosed to, whether this represents a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with European Union or member state laws shall not be regarded as recipients; processing those data by those public authorities shall be in compliance with the applicable data protection rules in accordance with the purposes for processing.
“Third party” refers to a natural or legal person, public authority, agency or body other than the data subject, data controller, order processor and persons who are authorised to process personal data under the direct authority of the data controller or order processor.
A data subject's “consent” refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative act, signifies agreement to personal data processing relating to him or her.
Legality of processing
Personal data processing is only lawful if there is a legal basis for processing. According to Article 6 Para. 1, the legal basis for processing is provided by items a – f GDPR, in particular:
- The data subject has given consent to processing of his or her personal data for one or more specific purposes;
- Processing is necessary for fulfilment of a contract that the data subject is a party of or for implementation of pre-contractual measures taken at the request of the data subject;
- Processing is necessary for compliance with a legal obligation that the controller is subject to;
- Processing is necessary to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the order processor;
- Processing is necessary for the purposes of the legitimate interests pursued by the order processor or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, especially if the data subject is a child.
Information about collection of personal data
(1) In the following, we shall inform you about collection of personal data when using our website. Personal data includes, for example, names, addresses, e-mail addresses and user behaviour.
(2) If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, and your name and your telephone number, if applicable) will be stored by us in order to answer your questions. We delete data resulting in this context after storage is no longer necessary, or processing is restricted if statutory retention obligations exist.
Collection of personal data when you visit our website
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (the legal basis for this is provided by Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website where the request comes from
- Operating system and its interface
- Language and version of the browser software.
(1) In addition to the previously indicated data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on the hard disk for the browser you use and through which certain information flows to the location that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make Internet services more user-friendly and effective overall.
(2) This website uses the following types of cookies, the scope and functions of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.)
- Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store a so-called 'session ID', which is used to assign different requests by your browser to the common session. This will allow your computer to be recognised again if you return to our website. Session cookies are deleted when you log out or close your browser.
- Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- You can configure your browser settings according to your needs and also refuse the acceptance of third party cookies or all cookies, for example. So-called 'Third party cookies' are cookies set by a third party, and therefore not by the actual website you are currently visiting. Please note that you may not be able to use all functions of this website after deactivating cookies.
Additional functions and services on our website
(1) In addition to purely informational use of our website, we offer various services which you may also use if you are interested. Normally, you must provide additional personal data, which we use to provide the respective service and to which the previously indicated data processing principles apply.
(2) In some cases, we use external service providers to process your data. These providers have been carefully selected and employed by us, they are bound by our instructions and are regularly checked.
(3) Furthermore, we may pass your personal data on to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. For more information, please provide your personal data or see the description of the services below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the services.
Our range of products and services is fundamentally intended for adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.
Rights of the data subject
(1) Withdrawal of consent
If personal data processing is based on provided consent, you have the right to withdraw this consent at any time. The withdrawal of consent shall not affect the legality of processing carried out on the basis of the consent provided until withdrawal.
You can contact us at any time to exercise your right of withdrawal.
(2) Right of confirmation
You have the right to request confirmation from the data controller about whether we are processing personal data relating to you. You may request confirmation at any time using the contact details above.
(3) Right of access
If personal data is processed, you may request information about this personal data and about the following information at any time:
- The processing purposes;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom the personal data has been or continues to be disclosed to, in particular recipients in non-EU countries or international organisations;
- If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- The existence of a right to have personal data affecting you corrected or deleted, to have processing by the data controller limited or object to such processing;
- The availability of the right of appeal to a supervisory authority;
- If the personal data is not collected from the data subject, all available information about the origin of the data;
- The existence of automated decision-making, including profiling in accordance with Article 22 Paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with this transfer. We will provide a copy of the personal data that is the subject of the processing. We may charge an appropriate fee based on administrative costs for any additional copies you request. If you submit the application electronically, the information shall be provided in a common electronic format, unless otherwise specified. The right to obtain a copy in accordance with paragraph 3 shall not impair the rights and freedoms of other persons.
(4) Right to correction
You have the right to request us to correct any inaccurate personal data concerning you immediately. In consideration of the purposes of processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(5) Right to deletion (“right to be forgotten”)
You have the right to have the data controller delete personal data concerning you immediately, and we shall be obligated to delete personal data immediately in case one of the following grounds applies:
- The personal data are no longer required in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent that processing is based on according to Article 6 Para. 1 a or Article 9 Para. 2 a GDPR, and in case there is no other legal ground for the processing.
- The data subject objects to processing pursuant to Article 21 Para. 1 GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects to processing pursuant to Article 21 Para. 2 GDPR.
- The personal data has been processed illegally.
- The personal data must be erased for compliance with a legal obligation according to European Union or member state laws that the controller is subject to.
- The personal data have been collected in relation to services offered by the information provider referred to in Article 8 Para. 1 GDPR.
If the data controller has made the personal data public and is obliged to delete the personal data according to Para. 1, the data controller shall take reasonable steps in consideration of available technology and the cost of implementation, including technical measures, to inform data controllers processing the personal data that the data subject has requested deletion by the data controllers, including any links to, or copy or replication of, the personal data.
The right to deletion (“right to be forgotten”) shall not apply in case processing is necessary:
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation that requires processing by European Union or member states laws that the data controller is subject to, to perform a task carried out in the public interest, or to exercise official authority that has been vested in the data controller;
- For reasons in the public interest in the area of public health in accordance with Article 9 Para. 2 letters a and i, as well as Article 9 Para. 3 GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 Para. 1, insofar as the right referred to in Para. 1 is likely to render impossible or seriously impair achievement of the objectives of processing, or
- For enforcing, exercising, or defending legal claims.
(6) Right to limit processing
You have the right to limit our processing in case one of the following applies:
- The accuracy of personal data is contested by the data subject for a period enabling the data controller to verify the accuracy of the personal data,
- The processing is illegal and the data subject opposes deletion of the personal data and requests limitation of their use instead;
- The data controller no longer needs the personal data for processing purposes, but they are required by the data subject to enforce, exercise, or defend legal claims, or
- The data subject has objected to processing according to Article 21 Para. 1 GDPR pending verification of whether the legitimate grounds of the data controller override those of the data subject.
In case processing has been restricted according to the above provisions, this personal data shall only be processed with the data subject’s consent, with the exception of storage, or to enforce, exercise, or defend legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest in the European Union or a member state.
In order to exercise the right to limitation of processing, the data subject may contact us at any time using the contact details provided above.
(7) Right to data portability
You have the right to receive personal data affecting you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another data controller without hindrance from the data controller which the personal data has been provided to, if:
- The processing is based on consent according to Article 6 Para. 1 a or Article 9 Para. 2 a or on a contract according to of Article 6 Para. 1 b GDPR, and
- Processing is carried out by automated means.
By exercising your right to data portability according to Paragraph 1, you have the right to have the personal data transmitted directly from one data controller to another, provided this is technically feasible. Exercising the right to data portability does not affect the right to deletion (“right to be forgotten”). This right shall not apply to processing that is necessary to complete performance of a task carried out in the public interest or to exercise official authority that has been vested in the controller.
(8) Right to object
Based on grounds relating to your particular situation, you have the right to object at any time to personal data processing concerning you that is based on Article 6 Para. 1 e or f, including profiling based on those provisions. The data controller shall no longer process personal data unless the data controller demonstrates compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or that are required to enforce, exercise, or defend legal claims.
If personal data is processed for direct marketing purposes, you shall have the right to object at any time to personal data processing affecting you for this marketing, which includes profiling to the extent that it is related to direct marketing activities. If you object to processing for direct marketing purposes, then personal data shall no longer be processed for these purposes.
Within the context of use of information provider services, and notwithstandingDirective 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
If personal data is processed for scientific or historical research purposes or statistical purposes according toArticle 89Para. 1, you have the right based on grounds relating to your particular situation to object to personal data processing concerning you, unless processing is necessary for the performance of a task that is completed for reasons in the public interest.
You can exercise your right to object at any time by contacting the relevant data controller.
(9) Automated individual decision-making, including profiling
You have the right not to be subject to any decisions based solely on automated processing, including profiling, which results in legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- Is necessary for entering into, or performance of, a contract between the data subject and a data controller,
- Is authorised by European Union or member state laws that the data controller is subject to and which also specify suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
- Is based on the data subject’s explicit consent.
The data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, and at minimum the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.
The data subject may exercise this right at any time by contacting the data controller involved.
(10) Right to appeal to a supervisory authority
Without impairment to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the member state of your residence, place of work, or at the location of the suspected violation, provided the data subject believes personal data processing concerning him or her violates this regulation.
(11) Right to an effective judicial remedy
Without impairment to any available administrative or extrajudicial remedy, including the right of appeal to a supervisory authority according to Article 77 GDPR, you have the right to an effective judicial remedy if your legal aid considers that the rights conferred on it by this regulation have been violated as a result of personal data processing in breach of this regulation.