Thank you for your interest in our company. The Executive Board of Richnerstutz AG takes data privacy very seriously. It is generally possible to use the Richnerstutz AG website without providing any personal data. However, if data subjects wish to avail themselves of particular services provided by our company via our website, it may become necessary to process their personal data. If the processing of personal data is necessary but there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always performed in accordance with the General Data Protection Regulation and complies with the country-specific data protection provisions applicable to Richnerstutz AG. This privacy policy is intended to inform the public of the nature, scope and purpose of the personal data that we collect, use and process. Furthermore, this privacy policy explains the rights of data subjects.
As the controller, Richnerstutz AG has implemented numerous technical and organizational measures to protect the personal data processed via this website to the maximum possible extent. Nevertheless, transmission of data via the internet is never completely secure, and total protection cannot be guaranteed. Data subjects are therefore free to transmit personal data to us by alternative channels – for example, by phone.
Richnerstutz AG’s privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is meant to be easy to read and understand by the general public, our customers and our business partners. Therefore, we will now explain the terms used.
The terms used in this privacy policy include the following:
'personal data' means any information relating to an identified or identifiable natural person (hereinafter referred to as the 'data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A 'data subject' is any identified or identifiable natural person whose personal data is processed by the controller.
'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.
'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
'pseudonymization' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.
'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of data protection law is:
Richnerstutz AG
Nordstrasse 7
5612 Villmergen
Switzerland
Phone: +41 (0)56 616 67 67
E-mail: info@richnerstutz.ch
Website: www.richnerstutz.ch
The Richnerstutz AG website uses cookies. Cookies are text files that are placed and stored on a computer system via a web browser.
Many websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that websites and servers can associate with the browser on which the cookie is stored. This enables the websites and servers visited to distinguish the browser used by the data subject from other web browsers that store different cookies. A specific web browser can be recognized and identified by the unique cookie ID. The use of cookies enables Richnerstutz AG to provide users of this website with more user-friendly services. This would not be possible without setting cookies.
Using a cookie allows us to optimize the user experience by tailoring the information and offers on our website to their interests. As previously mentioned, cookies allow us to 'remember' users the next time they visit our website, thus making our site easier for them to use. Users of a website that uses cookies do not, for example, need to enter their login details every time they visit the site as this task will be performed by the website and the cookie placed on the user’s computer system.
Data subjects can prevent our website from setting cookies, and thus refuse cookies altogether, by changing their browser settings at any time. Furthermore, cookies that have already been set can be deleted at any time via a web browser or another software program. This can be done in all common web browsers. If data subjects disable the setting of cookies in the web browser they are using, some of the functions of our website may be lost.
The Richnerstutz AG website collects a range of general data and information each time it is accessed by a data subject or an automated system. This general data and information, which is technically necessary, is stored in the server’s log files. The types of data that may be collected are (1) browser types and versions used, (2) the operating system used by the system accessing our website, (3) the website from which a system accesses our website (called the 'referrer'), (4) the sub-pages of our website accessed by a system, (5) the date and time the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the system accessing our website, and (8) any other similar data and information that may be used to protect our IT systems from attacks.
When using this general data and information, Richnerstutz AG makes no attempt to link it back to the data subject. Instead, this information is required to (1) deliver the content of our website correctly, (2) optimize the content and the advertising for our website, (3) ensure that our IT systems and our website’s technology functions properly at all times, and (4) provide law enforcement agencies with the information required to prosecute any cyberattacks that may occur. Richnerstutz AG therefore uses this data and information, which is collected anonymously, for statistical analysis, partly with the objective of increasing data protection and data security at our company, thus ultimately ensuring the best possible level of protection for the personal data that we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
Richnerstutz gives visitors to its website the opportunity to receive regular information about the company's projects and other news by subscribing to its newsletter. For this purpose, we require a valid e-mail address and the data subject's first and last names. This data is only used to send the newsletter, and we do not forward it to any third parties. Users can unsubscribe from the newsletter at any time. Richnerstutz uses the newsletter platform Mailchimp, operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, to manage subscriptions and send newsletters. You can view the Mailchimp Global Privacy Statement at mailchimp.com/legal/privacy/.
Mailchimp may track newsletter delivery in order to measure the success of our newsletter. The analysis shows us whether and when the newsletter was opened, and which links were clicked. These analyses are used for internal marketing purposes only and serve to make the content of the mailing more relevant to our readers.
The Rocket Science Group LLC d/b/a Mailchimp is certified under the Privacy Shield Framework and is thus guaranteed to comply with the level of data protection required in Europe (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
As required by law, the Richnerstutz AG website contains information – including a general e-mail address – that enables users to contact our company rapidly by electronic means and to communicate with us directly. If a data subject contacts the controller by e-mail or using a contact form, the personal data provided by the data subject is automatically stored. Personal data provided to the controller voluntarily by the data subject is stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
The www.richnerstutz.ch website uses a web analytics tool to analyse user behaviour and identify the IP address of companies for marketing purposes. The use of this service requires data regarding user behaviour (e.g. IP address, time of access, user behaviour, browser request, etc.) to be transmitted directly to the analytics servers and made available to www.richnerstutz.ch for its exclusive use. The data collected is treated in strict confidence and is not sold or passed on to third parties. If you do not wish to be identified in the future, please send an e-mail to optout@permagroup.ch.
The controller processes and stores personal data of the data subject for no longer than is necessary for the purpose for which it is stored or no longer than permitted by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose for which the data is stored no longer applies or a period prescribed in laws or regulations by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased as required by law.
The European legislator grants all data subjects the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed. Data subjects wishing to exercise this right can do so by applying to an employee of the controller at any time.
All data subjects have the right to receive free information about the personal data concerning them that is being stored and to be given access to further information, e.g. the purposes of the processing, the source of this data and the envisaged period for which it will be stored.
The European legislator grants all data subjects the right to obtain, without undue delay, the rectification of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, data subjects have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Data subjects wishing to exercise the right to rectification can apply to an employee of the controller at any time.
The European legislator grants all data subjects the right to ask the controller to erase the personal data concerning them, without undue delay, where one of the following grounds applies and if processing is not necessary:
If one of the reasons listed above applies and data subjects wish to request the erasure of personal data stored by Richnerstutz AG, they can do so by applying to an employee of the controller at any time. The employee of Richnerstutz AG will arrange for the request for erasure to be complied with immediately.
If the personal data has been made public by Richnerstutz AG and our company is obliged, as the controller, to erase the personal data in accordance with Art. 17 (1) GDPR, Richnerstutz AG will, taking account of the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that has been made public that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data insofar as it is not required for processing. The employee of Richnerstutz AG will make the necessary arrangements in the particular case.
The European legislator grants all data subjects the right to ask the controller to restrict processing where one of the following applies:
If any of the above apply and data subjects wish personal data stored by Richnerstutz AG to be restricted, they can do so by applying to an employee of the controller at any time. The employee of Richnerstutz AG will arrange for processing to be restricted.
The European legislator grants all data subjects the right to receive the personal data concerning them which they provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where the processing is based on consent in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising the right to data portability in accordance with Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided it does not adversely affect the rights and freedoms of others.
Data subjects wishing to assert the right to data portability can do so by applying to an employee of Richnerstutz AG at any time.
The European legislator grants all data subjects the right to object, on grounds relating to their personal situation, at any time to the processing of personal data concerning them which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on those provisions.
In the event of an objection, Richnerstutz AG will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where Richnerstutz AG processes personal data for direct marketing purposes, data subjects shall have the right to object at any time to processing of personal data concerning them for such marketing. This includes profiling to the extent that it is related to such direct marketing. If data subjects object to processing by Richnerstutz AG for direct marketing purposes, Richnerstutz AG will no longer process their personal data for these purposes.
In addition, data subjects have the right to object on grounds relating to their particular situation to the processing of their personal data by Richnerstutz AG for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Data subjects wishing to exercise their right to object may do so by applying directly to any employee of Richnerstutz AG or to any other employee. Notwithstanding Regulation 2002/58/EC, data subjects may also exercise their right to object in connection with the use of information society services by automated means using technical specifications.
The European legislator grants all data subjects the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning them or similarly affects them to a significant degree, unless the decision (1) is necessary for entering into or performing a contract between the data subject and the data controller, or (2) is authorized by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into or performing a contract between the data subject and the data controller or (2) is based on the data subject's explicit consent, Richnerstutz AG will take suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
Data subjects wishing to assert their rights with regard to automated decision-making can do so by applying to an employee of the controller at any time.
The European legislator grants all data subjects the right to withdraw their consent to the processing of personal data at any time.
Data subjects wishing to assert their right to withdraw consent can do so by applying to an employee of the controller at any time.
The controller collects and processes the personal data of job applicants for the purpose of conducting the application process. Data may be processed electronically. This applies in particular when an applicant submits application documents to the controller by electronic means, e.g. by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted automatically two months after the applicant has been notified of the rejection, unless any other legitimate interests of the controller stand in the way of their deletion. Bearing the burden of proof in proceedings under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG), for example, constitutes 'other legitimate interests' in this sense.
The controller has made Google Analytics (with anonymization function) an integrated component of this website. Google Analytics is a web analytics service. 'Web analytics' means the collection, collation and evaluation of data about the behaviour of visitors to websites. The data collected by a web analytics service includes, but is not limited to, the website from which a data subject reached a website (known as the 'referrer'), which sub-pages of the website they accessed, or how often they viewed a sub-page and for how long. Web analytics is mainly used for website optimization and conducting a cost-benefit analysis of online advertising.
The Google Analytics component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the snippet "_gat._anonymizeIp" for web analytics via Google Analytics. This snippet allows Google to truncate and anonymize the IP address of the data subject's internet connection if our website is accessed from a member state of the European Union or from another state that is party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, inter alia, to analyse the use of our website, compile online reports for us showing the activities on our website, and provide further services related to the use of our website.
Google Analytics sets a cookie on the data subject's IT system. See above for an explanation of what cookies are. Setting the cookie enables Google to analyse the use of our website. Each time one of the pages of this website operated by the controller and into which a Google Analytics component has been integrated is accessed, the Google Analytics component automatically causes the web browser on the data subject's IT system to transmit data to Google for the purpose of online analysis. This technical procedure means that Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, inter alia, to track the source of visitor traffic and clicks, and subsequently to calculate commissions.
The cookie stores personal information such as the time our website was visited by the data subject, the location from which it was accessed and the frequency of those visits. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose the personal data collected by this means to third parties.
As mentioned above, data subjects can prevent our website from setting cookies, and thus refuse cookies altogether, by changing their browser settings at any time. If data subjects make the relevant setting in the web browser they use, this will also prevent Google from setting a cookie on their IT system. Furthermore, cookies that have already been set by Google Analytics can be deleted at any time via a web browser or another software program.
The data subject may also object to the collection of data generated by Google Analytics relating to the use of this website and to prevent this data from being processed by Google. To do this, the data subject must download and install a browser add-on from the link tools.google.com/dlpage/gaoptout. This browser add-on instructs the Google Analytics JavaScript to prohibit the transmission of data and information about website visits to Google Analytics. Google considers the installation of the browser add-on to constitute an objection. If the data subject's IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person within their sphere of influence, it is possible to reinstall or re-enable it.
Further information and the applicable Google Privacy Policy can be found at policies.google.com/privacy and marketingplatform.google.com/about/analytics/terms/gb/.html. Google Analytics is explained in greater detail here: marketingplatform.google.com/intl/en_uk/about/analytics/
The controller has integrated Google AdWords into this website. Google AdWords is an online advertising service that allows advertisers to place ads on Google search engine results pages and the Google advertising network. Google AdWords allows advertisers to specify certain keywords in advance. These are then used to display an advertisement on the Google search engine results page whenever a user's search returns keyword-relevant results. In the Google advertising network, the ads are positioned on relevant websites using an automatic algorithm and taking into account the previously defined keywords.
The Google AdWords services are operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying advertising relevant to the data subject's interests on the websites of third-party companies and the Google search engine results page, and to display third-party advertising on our website.
If a data subject reaches our website via a Google ad, a 'conversion cookie' is stored on the data subject's IT system by Google. See above for an explanation of what cookies are. A conversion cookie expires after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie will be used to determine whether certain sub-pages, such as the shopping basket in an online shop system, have been accessed on our website. The conversion cookie allows both us and Google to track whether a data subject referred to our website by an AdWords ad generated a sale, i.e. whether they completed or abandoned a purchase of goods.
Google uses the data and information collected through the use of the conversion cookie to produce visitor statistics for our website. We then use these visitor statistics to determine the total number of users who were referred to us by AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other customers who advertise on Google AdWords receive information from Google that could be used to identify the data subject.
The conversion cookie enables personal information, such as the websites visited by the data subject, to be stored. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose the personal data collected by this means to third parties.
As mentioned above, data subjects can prevent our website from setting cookies, and thus refuse cookies altogether, by changing their browser settings at any time. If data subjects make the relevant setting in the web browser they use, this will also prevent Google from setting a conversion cookie on their IT system. Furthermore, cookies that have already been set by Google AdWords can be deleted at any time via a web browser or another software program.
Data subjects may also object to advertising by Google related to their interests. To do this, data subjects must click the link www.google.de/settings/ads in each of the web browsers they use and make the desired settings there.
Further information and the applicable Google Privacy Policy can be found at policies.google.com/privacy
Art. 6 (I) (a) GDPR serves our company as the legal basis for processing operations, for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, where processing operations are necessary to supply goods or provide another service or other consideration, then processing is based on Art. 6 (I) (b) GDPR. The same applies where processing operations are necessary to take steps prior to entering into a contract, for example, should we receive enquiries about our products or services. If our company is subject to a legal obligation necessitating the processing of personal data – in order to meet fiscal obligations, for example – then processing is based on Art. 6 (I) (c) GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Processing would then be based on Art. 6 (I) (d) GDPR. Finally, processing operations may be based on Art. 6 (I) (f) GDPR. This is the legal basis for processing operations not covered by any of the aforementioned legal bases where the processing is necessary in order to safeguard the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are especially permitted to carry out processing operations of this nature because the European legislator specifically mentions them, taking the view that a legitimate interest could be assumed to exist in situations where the data subject is a client of the controller (Recital 47, sentence 2, GDPR).
Where the processing of personal data is based on Art. 6 (I) (f) GDPR, our legitimate interest is the conduct of our business operations for the benefit of all our employees and our shareholders.
The period for which personal data is stored is determined by the relevant statutory retention period. The respective data is routinely deleted at the end of this period provided that it is no longer required for the initiation or performance of a contract.
We would like to inform you that the provision of personal data is sometimes required by law (e.g. tax regulations), but may also arise from contractual rules (e.g. information on the contracting party). When entering into a contract, it may be necessary for a data subject to provide us with personal data that we are subsequently required to process. Data subjects are obliged to provide us with personal data, for example, if our company enters into a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be entered into. Before providing their personal data, the data subject must contact one of our employees. Our employee will then explain to the data subject whether, in this specific case, the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into the contract, whether there is an obligation to provide the personal data, and the consequences of not providing the personal data.
As a company that takes its responsibilities seriously, we do not make use of automatic decision-making or profiling.
This Privacy Policy was created by the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which serves as External Data Protection Officer Landshut, in cooperation with IT and data protection lawyer Christian Solmecke.