Privacy policy
We are pleased that you are visiting our website and thank you for your interest in our company. The relationship with our customers and prospects is based on trust. The trust you place in us is of great importance, and we are committed to handling your data with care and protecting it from misuse.
To ensure you feel safe and secure while visiting our website, we take the protection of your personal data and its confidential handling very seriously. Therefore, we act in accordance with the applicable laws regarding data protection and data security.
Data protection is a high-priority issue for us, and we only collaborate with partners who also demonstrate an appropriate level of data protection in their processing frameworks. Your data will only be processed if you have given us consent. This consent relates to contracts or pre-contractual measures on a service basis, provided that relevant laws allow or require data processing.
With this privacy notice, we inform you that we collect, store, and process data in accordance with the applicable national legal framework as well as the EU General Data Protection Regulation (EU GDPR), which has been valid since May 25, 2018. When using the internet, we comply with the Telemedia Act (TMG) of the Federal Republic of Germany.
The following privacy policy explains which data is collected on our websites and how we process and use this data.
1. Name and Address of the Responsible Party
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:
Max Rappenglitz GmbH
Frauenstraße 50
82216 Maisach
Phone: +49 8141 22835-0
Fax: +49 8141 22835-99
Email:
Website: www.rappenglitz.de
Managing Directors: Barbara Rappenglitz-Lex, Michael Lex
Responsible for Website Content:
Michael Lex
Phone: +49 8141 22835-0
Email:
2. General Information on Data Processing
2.1 Scope of Processing of Personal Data
You can visit our website without telling us who you are. Our web servers automatically store general information, including the type of web browser, the operating system used, the domain name of your internet service provider, the website from which you visit us, the websites you visit on our site, as well as the date and duration of your visit. This data does not allow us to identify you personally. We use this data for statistical purposes and only in an anonymous form. The collection and use of personal data from our users occurs only with the user's consent. Exceptions exist when consent cannot be obtained due to factual reasons, and the data processing is permitted by legal provisions.
2.2 Legal Basis for the Processing of Personal Data
We obtain consent from the data subject for the processing of personal data. The legal basis for processing is Article 6(1)(a) GDPR.
If personal data is processed for the performance of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) GDPR.
If data processing is required for compliance with a legal obligation, the legal basis is Article 6(1)(c) GDPR.
If processing is necessary to protect vital interests of the data subject or another person, the legal basis is Article 6(1)(d) GDPR.
If processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and the interests, rights, and freedoms of the data subject do not override those interests, the legal basis is Article 6(1)(f) GDPR.
2.3 Data Deletion and Storage
Once the purpose for storage is no longer applicable, personal data of the data subject will be deleted or blocked. Data may be stored if required by European or national regulations, laws, or other provisions the responsible party is subject to. Data will also be deleted when the retention period required by these regulations has expired unless further retention of the data is necessary for the performance of a contract.
2.4 Obligation to Provide Data
Within the scope of our contractual relationship, personal data must be provided that is necessary for the establishment and performance of the service contract or that we are legally required to collect. Without this data, we may not be able to enter into or fulfill the contract with you. If you do not provide the necessary information, we may not be able to deliver the requested services in full.
2.5 Automated Decision-Making and Profiling
In the course of establishing and performing our contractual relationship, you will not be subject to decisions based solely on automated processing, including profiling, as per Article 22 GDPR, which have legal effects on you or similarly significantly affect you.
2.6 Information About Your Right to Object Pursuant to Article 21 GDPR
You have the right to object at any time to the processing of your personal data, which is based on Article 6(1)(e) or Article 6(1)(f) GDPR, including profiling based on these provisions. In the event of an objection, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes, including profiling in so far as it is related to such direct marketing.
The objection can be made without formality and should be directed to our data protection officer. The contact details are provided under section II.
2.7 Use of Cookies
Some areas of our website use so-called cookies. A cookie is a small text file that is placed on your hard drive by a website. Cookies do not harm your computer and do not contain viruses. The cookies on our website do not collect any personal data. The information contained in cookies is used to make it easier for you to use our site and to tailor it to your needs.
Of course, you can also view our website without cookies. If you do not want cookies to be stored on your computer, you can disable this option in your browser's system settings. Stored cookies can also be deleted at any time via the system settings of your browser. However, if you do not accept cookies, this may result in functional limitations of our offers.
The following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
- Items in the shopping cart
Additionally, we use cookies on our website that enable analysis of users' browsing behavior.
In this way, the following data can be transmitted:
- Search terms entered
- Frequency of page views
- Access date
- Visited URLs
- Shopping cart data (order data, booked services, cart total, currency)
- Use of website functions
The data collected in this manner is pseudonymized through technical measures. Therefore, it is no longer possible to assign the data to the requesting user. The data is not stored together with other personal data of the users.
The data used by cookies is required for the purposes of safeguarding our legitimate interests, as well as those of third parties, pursuant to Article 6(1)(f) GDPR.
You can configure your browser to only allow cookies to be stored if you consent to them. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or to receive a notification before a new cookie is created. Disabling cookies completely may result in you not being able to use all features of our website. If you only want to accept cookies from Rappenglitz Messebau, but not those from partners, please select the option "Block third-party cookies" in your browser. The help function in your browser's menu bar will show you how to reject new cookies and deactivate already received ones.
2.8 Integration of Third-Party Services and Content (e.g. Google Analytics, Facebook Ads)
Third-party content, such as YouTube videos and Google Maps maps, is integrated into the website. For the use of such content, the transfer of the user's IP address to the respective third party is technically required. Without the IP address, the third party cannot send the embedded content to the user's browser. We have no influence on whether a third party stores or uses the IP address for statistical purposes or otherwise.
2.8.1 Data Protection in Google Analytics and Google Remarketing
This website uses Google Analytics and Google Remarketing. These are services of Google Inc. ("Google"). Google uses "cookies", text files stored on your computer that enable analysis of website usage. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, compile reports on website activities for the website operators, and provide further services related to website and internet usage. Google may also transfer this information to third parties, if required by law or if third parties process the data on behalf of Google.
Third-party providers, including Google, place advertisements on websites on the internet. These providers, including Google, use stored cookies to serve ads based on prior visits by a user to this website.
Google will not associate your IP address with any other data held by Google. You can opt out of data collection and storage at any time with future effect. You can disable the use of cookies by Google by visiting Google's ad settings page.
Alternatively, users can disable cookies used by third-party providers by visiting the Network Advertising Initiative opt-out page. Additionally, users can prevent the collection of data generated by the cookie and related to their use of the website (including IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.
2.8.2 Data Protection in Facebook Ads
We use communication tools from the social network Facebook, especially the Custom Audiences and Website Custom Audiences products. A non-reversible, non-personal checksum (hash value) is generated from your usage data, which may be sent to Facebook for analysis and marketing purposes. More information on the purpose and scope of data collection and its further processing and use by Facebook, as well as your privacy settings, can be found in Facebook's privacy policy, available at https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation.
2.8.3 Data Protection for Instagram Usage
We use plugins from the social network Instagram.com, operated by Instagram LLC, 1601 Willow Rd. Menlo Park CA 94025 USA (Instagram). You can find the link to Instagram's privacy policy here: http://instagram.com/legal/terms.
2.9 Rights of the Data Subject
Under Article 15 GDPR in conjunction with Section 34 BDSG, you have the unrestricted right to request free information about the data we have stored about you, and in accordance with Section 35 BDSG, the right to deletion or blocking of unlawful data or the right to correction of incorrect data.
Upon request, we are happy to provide you with written information on whether and what personal data we have stored about you. We will take appropriate steps to promptly update or correct any personal data we hold about you, where possible. All information requests, access requests, or objections to data processing should be sent via email, including your full postal address, directly to our data protection officer.
If your personal data is processed, you are considered a data subject under the GDPR and have the following rights with respect to the controller:
2.9.1 Right to Information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing occurs, you may request the controller to provide information regarding:
- the purposes of the processing;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed;
- the planned duration of the storage of your personal data or, if specific details cannot be provided, the criteria for determining the storage duration;
- the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or an objection to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- all available information regarding the source of the data if the personal data was not obtained from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR, and, at least in these cases, meaningful information about the logic involved, as well as the significance and the consequences of such processing for the data subject.
You have the right to inquire whether your personal data has been transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards under Article 46 GDPR related to such transfers.
2.9.2 Right to Rectification
You have the right to request rectification and/or completion from the controller if the personal data concerning you is incorrect or incomplete. The controller must rectify the data without delay.
2.9.3 Right to Restriction of Processing
You may request the restriction of processing of your personal data under the following conditions:
- if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the data;
- the processing is unlawful and you oppose the deletion of the personal data, requesting instead the restriction of its use;
- the controller no longer needs the personal data for the processing purposes, but you require it for the establishment, exercise, or defense of legal claims, or
- if you have objected to the processing under Art. 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override your reasons.
If the processing of personal data concerning you is restricted, such data may only be processed – apart from storage – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing is lifted, the controller will inform you beforehand.
2.9.4 Right to Erasure
(a) Obligation to Delete
You may request the controller to erase your personal data without undue delay, and the controller is obliged to do so without undue delay if one of the following grounds applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
- You object to the processing under Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing under Art. 21(2) GDPR.
- The personal data concerning you has been unlawfully processed.
- The erasure of your personal data is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you was collected in relation to the offer of information society services in accordance with Art. 8(1) GDPR.
(b) Notification to Third Parties
If the controller has made your personal data public and is obliged to erase it under Art. 17(1) GDPR, they will take appropriate measures, including technical measures, to inform the controllers who process the personal data that you have requested the erasure of all links to, or copies or replications of, that personal data, taking into account available technology and implementation costs.
(c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
- for exercising the right to freedom of expression and information;
- for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for public health purposes as per Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes under Art. 89(1) GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise, or defense of legal claims.
2.9.5 Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the controller.
2.9.6 Right to Data Portability
You have the right to receive your personal data provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:
- the processing is based on consent according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract according to Art. 6(1)(b) GDPR, and
- the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be directly transmitted from one controller to another, where technically feasible. The rights and freedoms of others must not be affected by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
2.9.7 Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing purposes, including profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
2.9.8 Right to Withdraw Consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.9.9 Automated Individual Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for the conclusion or performance of a contract between you and the controller;
- is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and appropriate safeguards are in place to protect your rights and freedoms and legitimate interests.
In the cases mentioned in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.
2.9.10 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
3. Data Protection Information according to Art. 13 GDPR