Information to be provided in accordance with Article 13 of the EU GDPR

Controller in accordance with Article 13 (1) point (a) GDPR

Name of the company in accordance with Section 17 (1) of the German Commercial Code (HGB), including contact data of the controller:

RST Rabe-System-Technik und Vertriebs-GmbH
Otto-Lilienthal-Strasse 19
49134 Wallenhorst
GERMANY

Represented by:
Jan Christoph Rabe and Wolfgang Rabe

Contact:
Phone:  +49 5407 8766-0
Fax:     +49 5407 8766-99
E-mail:  info@rst.eu

Contact data of the Data Protection Officer in accordance with Article 13 (1) point (b) GDPR

Sandra Brockmeyer, Otto-Lilienthal-Strasse 19, 49134 Wallenhorst, GERMANY
Phone: +49 5407 8766-14
E-mail: privacy@rst.eu

Purposes of and legal basis for data processing in accordance with Article 13 (1) point (c) GDPR

The personal data is processed for the purpose of performing contracts or steps prior to entering into contracts. That data includes the customer master data with contact persons and the contact history, offers, orders, invoices, project data and data on further statutory obligations of the controller.

The legal basis is as defined in Article 6 GDPR. Further essential legal grounds are derived from the German Commercial Code (HGB), tax legislation, the German Limited Liability Companies Act (GmbHG) and other statutory requirements of relevance to RST. They also include contractual provisions. Contact data is transmitted to the subsidiaries of RST or RST’s support partners for the purpose of personalised customer support subject to the data subject’s consent.

Processing to safeguard the legitimate interests pursued by the controller or by a third party in accordance with Article 13 (1) point (d) GDPR

Where necessary, we process your data, above and beyond what is required to actually perform the contract, in order to safeguard the legitimate interests pursued by us or a third party. 

They include:

  • Sales management and sales controlling
  • Establishing legal claims and defending against legal action
  • Ensuring IT security and IT operation 
  • Measures to protect buildings, plant and systems (such as access controls) and to prevent trespassing and enforce house rules
  • Business controlling and further development measures.

Categories of recipients of the personal data (data transmission) in accordance with Article 13 (1) point (e) GDPR

Within GERMANY, the European Union and the European Economic Area:

Certified public accountants, bailiffs and other creditors and other government bodies for fulfilling statutory obligations and for requested certification, logistics companies, customers, suppliers and other bodies and business partners.

Third country including an adequacy decision in accordance with Article 13 (1) point (f) GDPR

As part of international business relationships, the data is transmitted in accordance with Article 6 (1) point (b) for the purpose of performing contracts or steps prior to entering into contracts. No adequacy decision is required for that.

Period of storage in accordance with Article 13 (2) point (a) GDPR

The purposes are derived from the statutory requirements and relevant industry-specific regulations. The personal data is erased after the purpose has been achieved.

Rights of data subjects in accordance with Article 13 (2) point (b) GDPR

You can exercise your rights at any time by getting in touch with us under the above contact data. If personal data concerning you is processed, you are a data controller within the meaning of the GDPR and you have the following rights towards the controller:

The data subject has the right to demand confirmation from the controller as to whether it is processing personal data concerning him or her.

If this is the case, the data subject has the right of access to this personal data and to obtain the information specified in Article 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, if applicable, the right to have incomplete personal data completed (Article 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds specified in Article 17 GDPR applies, such as if the data is no longer required for the purposes pursued (right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the requirements stipulated in Article 18 GDPR applies, such as if the data subject has objected to processing, for the period of the examination by the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of legal claims (Article 21 GDPR).

Rights of data subjects in accordance with Article 13 (2) point (c) GDPR

If you have given us your consent to process your personal data for specific purposes (such as processing photos of data subjects), such processing is lawful on the basis of your consent. 

You may withdraw your consent at any time with effect for the future. The same also applies if you wish to revoke declarations of consent you gave us before the GDPR came into effect, i.e. before 25 May 2018. 

Please note that withdrawal of consent applies only with effect for the future. Processing activities before withdrawal of your consent are not affected by it.

Right to lodge a complaint with a supervisory authority in accordance with Article 13 (2) point (d) GDPR

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). 

The data subject can lodge a complaint with a supervisory authority in the Member State of his or her habitual residence, his or her place of work or place of the alleged infringement.

The responsible supervisory authority in Lower Saxony is:

Die Landesbeauftragte für den Datenschutz (State Commissioner for Data Protection) 

Address:

Prinzenstrasse 5
30159 Hanover
GERMANY

Phone: +49 511 120-4500
Fax:         +49 511 120-4599
E-mail: poststelle@lfd.niedersachsen.de

Provision of personal data in accordance with Article 13 (2) point (e) GDPR

As part of our business relationship, you must only provide personal data that is required to establish, perform and end the contractual relationship or which we are obliged to collect by law. Without this data, we will usually not be able to perform the contractual relationship.

Amendment of the data protection information and change in purpose

We reserve the right to amend the data protection information in compliance with stipulations under data protection law. You can request the latest version at any time by getting in touch with us under the above contact data. If we intend to process your data for purposes other than those for which it was collected, we will notify you in advance in compliance with statutory provisions. You can find more information on the data protection provisions in our data protection statement at: www.rst.eu/en/contact/datenschutzerklaerung.html.

Last revised: September 2018

Customer satisfaction survey by RST Rabe-System-Technik und Vertriebs-GmbHRST APP