In the following, we will inform you about the processing of personal data when you visit the my Riese & Müller portal for dealers on the website https://my.r-m.de/ (hereinafter the "website" or "my Riese & Müller").
A. Data controller
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
Fax: +49 (0) 6151/36686-20
(hereinafter "we", "us") are the controller for processing personal data in the context of my Riese & Müller pursuant to the provisions of the General Data Protection Regulation (GDPR).
B. Use of data, processing purposes and legal bases
We process data when you contact us or use our services and also when you visit our website. We process such data exclusively for the purpose for which you have made them available to us, e.g., where you have given your consent or for us to fulfill our contractual obligations. In addition, data are processed to safeguard our legitimate interests.
Your data may also be processed by other departments within Riese & Müller GmbH. In some instances, we also use external service providers for processing. These providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored regularly.
The specific processing purposes, the data concerned as well as the legal basis for data processing are listed below:
a) Data collected by automated means
We log your visit to our website. The following data are collected by automated means: the name of the respective website viewed, date and time of access, amount of data transferred, browser type and version, your operating system, referrer URL (the last site visited before calling up our site), your IP address and the requesting provider. We collect such data based on our legitimate interests within the meaning of point (f) of Article 6 (1) GDPR, since the collection serves our interest in ensuring the protection of our systems and servers and the stability and security of our website.
b) User account
You need a user account to use the my Riese & Müller portal. In order for us to create a user account, we need your name, email address, and phone number, and you must provide a password. We process these data to perform our contract with you (point (b) of Article 6 (1) GDPR).
c) Information regarding your use of my Riese & Müller
We also store data about your use of the my Riese & Müller portal, such as orders placed by you (in detail: order date and number, object of purchase and information about your user account), service requests, delivery and invoice addresses as well as account and bank data (SEPA direct debit or bank transfer). We process these data to perform our contract with you (point (b) of Article 6 (1) GDPR).
If you contact us via one of our contact forms or by e-mail, your data will be processed exclusively for the purpose of processing and handling your request. The data concerned are: your e-mail address, last and first name, subject, message as well as other data you optionally provide. The legal basis for this data processing is the performance of our contract with you (point (b) of Article 6 (1) GDPR).
e) General contract data
We also store personal data related to the general contractual relationship between you and us. In addition to the data already mentioned, we may also store additional contact information, information about your company (e.g., VAT identification number), data required in connection with payments for the purpose of fraud prevention, other data about our general contractual relationship, the conditions granted to you and previous orders, as well as the content of correspondence between you and us and the data transmitted in this context.
We collect and process such personal data in particular for the performance of contracts (shipping, after-sales, complaint management), for credit assessment, for customer or business partner support and communication with our customers or business partners (or their representatives) in the context of questions about services or products or relating to customer service, as well as to create a customer or business partner file.
If you have entered into a contract with us, the legal basis for processing under this clause 4 is point (b) of Article 6 (1) GDPR. These processing operations are required to initiate, complete, perform, execute and terminate our contract with you.
In some cases, however, we are also legally bound to retain such data, for example under regulations of tax or commercial law. If we are legally bound to retain the data, the legal basis for the processing is point (c) of Article 6 (1) GDPR (our compliance with a legal obligation).
If you are employed by a company that has concluded a contract with us and we receive data from you in this context, the legal basis for processing your data is our legitimate interest (point (f) of Article 6 (1) GDPR). We have a legitimate interest in processing your data in order to perform the contract your company has concluded with us or to implement pre-contractual measures, for our internal organization as well as to respond to any inquiries.
a) General information
To make visiting our website attractive and to enable the use of certain functions, we use "cookies". Cookies are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e., once you have closed your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser on your next visit (persistent cookies).
You can change your browser settings to generally block cookies or to inform you when cookies are sent to your device. There are several ways of dealing with cookies. Please use your browser instructions or help menu to learn more about how to adjust your browser settings.
b) Required cookies and security cookies
On our website, we use required and security-relevant cookies. These are cookies that are used to make use of the website and navigate it faster or more safely and that guarantee special functions that are absolutely required for a normal visit to the website and for navigating it. For example, such cookies allow forms to be sent securely through our website to prevent fake requests from entering our systems, they store the type of display or version of the website accessed by you, or they ensure a user's association with their booked services, order history, or digital shopping cart.
Data processing in such cases is based on point (b) of Article 6(1) GDPR. The use of these cookies is technically required to make the website available to you in a functional and legally compliant manner, and to make it possible to purchase or use the other offers on our website.
Storage period: Most of the required and security cookies are automatically deleted after the session expires, i.e., when the browser is closed.
However, some of these cookies are stored for up to 2 years.
c) Cookies for optimal user experience: storage of recently viewed products
Storage period: Most of the required cookies set for an optimal user experience are automatically deleted after the session expires, i.e., when the browser is closed. However, some of these cookies are stored for up to 2 years.
The legal basis for setting cookies for an optimal user experience is your consent in accordance with point (a) of Article 6 (1) GDPR.
d) Google Analytics
The extension "_anonymizeIp()" of Google Analytics is activated on the website. As a result, IP addresses are stored in anonymized form only, a direct personal reference in connection with the stored data is therefore not possible.
We have concluded a processing agreement under Article 28 GDPR with Google Ireland.
For exceptional cases where personal data are transmitted to the USA, an adequate level of data protection is guaranteed by the conclusion of the EU standard contractual clauses.
The legal basis for our use of Google Analytics is your consent in accordance with point (a) of Article 6 (1) GDPR.
You may also prevent the collection of data generated by the cookie related to your use of the website (including your IP address) as well as the processing of such data by Google, by downloading and installing the browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=de. to disable Google Analytics for your current Internet browser.
You may also prevent detection by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent future collection of your information when you visit this website: Disable Google Analytics
Storage duration: up to 2 years
D. Disclosure of your information
In accordance with the applicable data protection regulations, we may disclose your data to external processors (Article 28 GDPR) acting on our behalf and providing services in connection with our website, the contact forms, and our digital offerings (e.g. host providers, IT service providers). Data are transmitted based on processing contracts. Our processors may process your data only to the extent necessary to perform their specific tasks. Processors are contractually obliged to process your data only on our behalf and pursuant to our instructions.
Any processors domiciled outside the European Union or the European Economic Area are either based in third countries for which an adequacy decision has been issued by the European Commission or an adequate level of protection is ensured by standard data protection clauses issued by the European Commission which we have concluded with the external processor.
- netz98 GmbH Hattenbergstr. 10, 55122 Mainz, Germany, for operating the my Riese & Müller portal;
- CTM-COM GmbH, In den Leppsteinwiesen 14, 64380 Roßdorf, Germany, for servicing and maintenance of the IT systems;
- Stiftung Nieder-Ramstädter Diakonie, Stiftungsverein, Bodelschwinghweg 5, 64367 Mühltal, Germany, for data carrier destruction;
- Kühne + Nagel (AG & Co.) KG, Wilhelm-Kaisen-Brücke 1, 28195 Bremen, Germany, for delivery of goods and other logistics services;
- Druckerei Lokay e. K., Königsteiner Straße 3, 64354 Reinheim, Germany, for production and shipping of printed products;
- Wolters Kluwer Service und Vertriebs GmbH, Hindenburgstraße 46, 71638 Ludwigsburg, Germany, for the provision of software and related support services;
- Spark 5 GmbH, Rheinstraße 97, 64295 Darmstadt, Germany, for network analysis and penetration testing;
- BrandSourcery GmbH, Perfektastraße 58/1/2b, 1230 Wien, Austria, for various print jobs and shipping;
- Code Piraten UG, Am Ruhmbach 44, 45149 Essen, Germany, for further development of the website;
- Hanbuch Packaging, Obergasse 85, 64319 Pfungstadt, Germany, for various print jobs and shipping;
- Siemssen Consulting GmbH, Stresemannstraße 46, 27570 Bremerhaven, Germany, for matching names against public sanctions lists;
- Babtec Informationssysteme GmbH, Clausenstraße 21, 42285 Wuppertal, Germany, for the provision of software and related support services.
If we contact you by e-mail (for example, as part of dealer communication, to maintain the business relationship and communication in the context of the business relationship), messages are sent via the MailChimp service of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, based in the USA. Your e-mail address, as well as your last and first name will be stored on the servers of MailChimp in the USA. MailChimp uses this information to send the e-mails on our behalf. MailChimp is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR. An adequate level of protection is guaranteed by standard data protection clauses issued by the European Commission, concluded between us and MailChimp. For further information on data protection visit https://mailchimp.com/legal/privacy/
In order to deliver the products you ordered, we disclose your personal data to our shipping service providers
- DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany;
- FedEx Express Germany GmbH, Langer Kornweg 34K, 65451 Kelsterbach, Germany
. The legal basis for this processing is the performance of the contract with you (point (b) of Article 6 (1) GDPR).
E. Your rights as a data subject
You have the right to request information at any time as to whether we are processing your personal data and if so, to request access to such personal data. To exercise this right, you may contact us at any time using the contact information provided under clause E.6.
2. Rectification, erasure, restriction of processing (blocking)
When we process your personal data, we take reasonable steps to ensure that your personal data are accurate and up-to-date for the purposes they were collected for. In the event that your personal data are inaccurate or incomplete, you may request rectification of such data.
You may have the right to request erasure of your personal data or restriction of its processing.
To exercise these rights, you may contact us at any time using the contact information provided under clause E.6.
3. Right to data portability
You may have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or the right to transmit such data to another controller.
To exercise this right, you may contact us at any time using the contact information provided under clause E.6.
4. Right to object
You have the right to object to the processing of your personal data at any time, inasmuch as we are processing your personal data to pursue our legitimate interests and reasons are present that result from your special situation.
5. Withdrawal of consent with effect for the future
6. Exercising your rights as a data subject
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as described above, please contact:
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
Fax: +49 (0) 6151/36686-20
7. Our data protection officer
You may also contact our data protection officer:
CTM-COM GmbH, Mr. Moritz Görmann
In den Leppsteinswiesen 14
64380 Roßdorf, Germany
Phone: +49 (0) 6154/57605111
8. Right to lodge a complaint
You also have the right to lodge a complaint with a competent supervisory authority. You may contact:
Der Hessische Datenschutzbeauftragte (Data Commissioner for the State of Hesse)
65189 Wiesbaden, Germany
Phone: +49 (0) 611/1408-0
Fax: +49 (0) 611/1408-900
F. Storage duration
The data collected via our website are only stored until the purpose for which they were originally collected has been fulfilled. Where retention periods under commercial and tax law are to be observed, the storage period for certain types of data may be up to 10 years.
We use a secure SFTP (SSH) connection to protect the transfer of your data. This security technology ensures that your data are transferred securely online and cannot be viewed by third parties.