Data privacy statement pursuant to GDPR
As the provider of the website, Ridex GmbH (hereinafter: “we”) is responsible for the personal data of the user (hereinafter: “you”) of this website. Therefore, we have implemented numerous technical and organizational measures for processing in order to guarantee best possible end-to-end protection of the personal data processed through this website.
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation of the EU (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions:
Ridex GmbH
Josef-Orlopp-Straße 55
10365 Berlin [Germany]
Email: datenschutz@ridex.de
Managing director: Anastasiia Kozlovska & Andreas Beraz
Commercial Register Number: Registry Court Charlottenburg Berlin, HRB 186819 B; VAT Reg No: DE314892085
1. General information relating to data processing
1.1. Scope of personal data processing
We generally only collect and use our users’ personal data to the extent necessary for providing a functioning website and for our content and products and services. Our users’ personal data are routinely collected and used only after the user’s consent has been obtained. An exception is made in cases where it is not possible to obtain the consent beforehand for factual reasons and processing of the data is permitted by statutory provisions.
Personal data are only collected if you voluntarily communicate that to us in the context of your order. We exclusively use the data you have provided to process and complete your order unless you have given further consent. Upon complete processing of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after the retention period for tax and business records has expired insofar as you have not explicitly consented to further use of your data.
1.2. Disclosure of personal data
We will not disclose your personal data to third parties – with the exception of and to the extent indicated in this data privacy statement, – unless you have effectively consented to a disclosure of data or we are entitled or obligated to disclose data as a result of statutory provisions and/or orders of the authorities or courts. In particular, this may comprise the provision of information for purposes of criminal prosecution, averting danger or asserting intellectual property rights.
1.3. Legal basis for the processing of personal data
To the extent that we obtain the consent for the processing procedures of personal data from the data subject, Art. 6 (1) (a) of the General Data Protection Regulation of the EU (GDPR) serves as the legal basis.
During the processing of personal data, which is necessary for the performance of a contract, the contracting party of which the data subject is, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing procedures needed to carry out pre-contractual measures. To the extent that personal data need to be processed to comply with a legal obligation that is binding on our company, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is needed to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interests, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.
1.4. Deletion of data and duration of storage
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases. The data may be stored beyond the foregoing if provided for by the European or national legislator in legal Union regulations, laws or other regulations which the controller is subject to. Blocking or deletion of the data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity to continue to store the data in order to enter into a contract or perform a contract.
2.Provision of the website and creation of log files
2.1. Description and scope of data processing
Each time our website is viewed, our system automatically collects data and information about the
computer system of the accessing computer.
The following data are collected in this process:
1. Information about the type of browser and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user’s IP address
5. Date and time of the access
6. Websites from which the user’s system has accessed our website
7. Websites that are accessed from our website by the user’s system
The log files contain IP addresses or other data permitting association with a user. This may be the
case, for example, if the link to the website from which the user accesses the website or the link to
the website from which the user transfers contains personal data.
The data are also stored in the log files of our system. The user’s IP addresses or other data
permitting an association of the data with a user are not affected by the foregoing. Storage of this
data together with other personal data of the user does not take place.
2.2. Legal basis for the data processing
Article 6 (1) (f) GDPR serves as the legal basis for the temporary storage of the data and the log
files.
2.3. Purpose of the data processing
The temporary storage of the IP address by the system is needed to permit delivery of the website
to the user’s computer. To do this, the user's IP address must be stored for the duration of the
session.
Storage in log files takes place in order to ensure the website’s ability to function. In addition, the
data helps us optimize the website and ensure the security of our information technology systems.
An analysis of the data for marketing purposes does not take place in this process.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these
purposes.
2.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the
purpose for which they were collected. In the event of collection of the data to provide the website,
this is the case when the respective session is ended.
In the event that the data are stored in log files, this will be the case after not later than seven days.
Storage extending beyond that limit is possible. In this case, the user's IP address will be erased or
masked, so that it can no longer be associated with the viewing client.
2.5. Option of objection and removal
Collection of the data for provision of the website and storage of the data in log files is essential for
the operation of the website. Therefore, the user has no option of objection.
3.Use of cookies
3.1. Description and scope of data processing (analysis of surfing behaviour)
We use cookies permitting an analysis of the user’s surfing behaviour on our website. The
following data can be transmitted in this manner:
1. Search terms entered
2. Frequency of page views
3. Use of website functions
The data collected in this way are pseudonymised by technical precautions. Therefore, it is no
longer possible to associate the data with the user viewing the website. The data are not stored
together with other personal data of the users.
3.2. Data collection by the use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. Google
Analytics uses so-called "cookies". These are text files that are stored on your computer and
enable an analysis of your use of the website. The information collected may include information
about the operating system, the browser, your IP address, the website you viewed previously (the
referrer URL) and the date and time of your visit to our website. The information on the use of our
website created by this text file is transmitted to a Google server in the USA and stored there.
Google will use this information to analyse your use of our website, to compile reports on the
website activity for the website operator and to provide other services associated with the use of
the website and use of the Internet. If required by law or to the extent that third parties process
data on Google's behalf, Google will also pass this information on to such third parties. This use
will take place in an anonymized or pseudonymised form. You can obtain more detailed
information concerning this directly from Google. Please click here.
3.3. Legal basis for the data processing
Art. 6 (1) (f) GDPR forms the legal basis for processing personal data involving the use of cookies.
3.4. Purpose of the data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content.
Through the use of the analysis cookies, we learn about how the website is used, so that we can
constantly optimise our products and services.
Our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR also lies in these
purposes.
3.5. Duration of storage, option of objection and removal
Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you
as the user have full control of the use of cookies. By changing the settings in your Internet
browser, you can deactivate or limit the transmission of cookies. Cookies already stored may be
erased any time. This can also be done automatically. If cookies are deactivated for our website, it
is possible that you will no longer be able to fully use all the functions of the website.
The transmission of flash cookies cannot be disallowed in the settings of the browser, but this can
be done by changing the settings of the flash player.
4.Newsletter
4.1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the
data from the input mask are transmitted to us.
We inform you about our products and services at regular intervals (generally every two weeks) by
way of a newsletter. The newsletter can generally only be received if (1) you have a valid email
address and (2) you have registered for delivery of the newsletter.
For legal reasons, a confirmation email is sent to the email address entered for delivery of the
newsletter for the first time using the double-opt-in procedure. This confirmation email serves to
check whether the owner of the email address as the person concerned has authorised receipt of
the newsletter.
During the registration for the newsletter, we store the IP address assigned by the Internet service
provider to the computer system you are using at the time of the registration, as well as the date
and time of the registration. The collection of this data is necessary in order to understand any
possible misuse of the email address at a later date. This storage is exclusively in the interest of
our security.
4.2. Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data
processing after registration for the newsletter by the user.
4.3. Purpose of the data processing
The user's email address is collected for delivery of the newsletter.
The collection of other personal data as part of the registration process serves to prevent abuse of
the services or of the email address used.
4.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the
purpose for which they were collected. Accordingly, the user's email address shall be stored as
long as the subscription to the newsletter is active.
4.5. Option of objection and removal
The subscription to the newsletter can be cancelled any time by the user concerned. There is a
corresponding button on the website under Newsletter for this purpose.
5.Contact form and email contact
5.1. Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If the user
makes use of this opportunity, the data entered in the input mask are transmitted to us and stored.
These data comprise:
1. Name
2. Email
3. Subject
4. Optional
The following data are also stored at the time the message is sent:
1. The user’s IP address
2. Date and time of the registration
For the purpose of processing the data, your consent is obtained and reference is made to this
data privacy statement as part of the registration process.
Alternatively, you can contact us by using the email address provided. In this case, the user’s
personal data transmitted with the email will be stored.
No data will be passed on to third parties in this context. The data are exclusively used to process
the conversation.
5.2. Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data
processing.
Art. 6 (1) (f) GDPR forms the legal basis for processing the data transmitted while an email is being
sent. If the email contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR forms an additional
legal basis for the data processing.
5.3. Purpose of the data processing
Processing of the personal data from the input mask is exclusively for the purpose of processing
the contact process. If we are contacted by email, the necessary legitimate interest in processing
the data also lies in this contact.
The other personal data processed during the sending process serve to prevent abuse of the
contact form and to ensure the security of our information technology systems.
5.4. Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the
purpose for which they were collected. For the personal data from the input mask of the contact
form and those sent by email, this is the case when the respective conversation with the user is
ended. The conversation is ended when the circumstances indicate that the matter concerned is
finally resolved.
The personal data collected additionally during the sending process will be erased after not later
than a period of seven days.
5.5. Option of objection and removal
The user has the option of withdrawing his or her consent to the processing of the personal data at
any time. If the user contacts us by email, he or she can object to the storage of his or her personal
data at any time. In that case, the conversation cannot be continued.
Cancellation by email or post:
Ridex GmbH
Unter den Linden 10
10117 Berlin [Germany]
+49 30 588 49 588
E-mail: datenschutz@ridex.de
All the personal data stored in the course of the contact process will be erased in this case.
6. Rights of the data subject
The following list comprises all the rights of the data subjects pursuant to GDPR. Rights that are
not relevant for one’s own website do not need to be mentioned. In that regard, the list can be
shortened.
If your personal data are processed, you are the data subject within the meaning of GDPR and you
have the following rights vis-à-vis the controller:
6.1. Right to information
You may request confirmation from the controller about whether personal data concerning you are
being processed by us.
If such processing is taking place, you can request information from the controller about the
following:
1. The purposes for which the personal data are being processed;
2. The categories of personal data that are being processed;
3. The recipients or the categories of recipients to whom the personal data concerning you
were disclosed or are yet to be disclosed;
4. The planned duration of the storage of the personal data concerning you or, if it is not
possible to obtain specific information about this, the criteria for determining the duration of
storage;
5. The existence of a right to rectification or erasure of the personal data concerning you, a
right to restriction of processing by the controller or a right to objection to this processing;
6. The existence of a right to complain to a supervisory authority;
7. All available information about the origin of the data, if the personal data were not
collected from the data subject;
8. The existence of automated decision-making including profiling pursuant to Art. 22 (1)
and (4) GDPR and – at least in these cases – meaningful information about the logic
involved as well as the significance and the envisaged consequences of such processing
for the data subject.
You also have the right to request information about whether the personal data concerning you are
being transferred to a third country or an international organization. In this regard, you can request
to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the
transfer.
6.2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal
data concerning you are incorrect or incomplete. The controller shall carry out the rectification
without undue delay.
6.3. Right to restriction of processing
You may request restriction of processing of the personal data concerning you under the following
conditions:
1. If you dispute the accuracy of the personal data concerning you for a period of time that
enables the controller to verify the accuracy of the personal data;
2. The processing is unlawful and you reject erasure of the personal data and instead
request restriction of the use of the personal data;
3. The Controller no longer needs the personal data for the purposes of the processing, but
you require them for the establishment, exercise or defence of legal claims; or
4. If you have objected to the processing pursuant to Art. 21 (1) GDPR pending the
verification whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with
the exception of storage – only be processed with your consent or for the establishment, exercise
or defence of legal claims or for the protection of the rights of another natural or legal person or for
reasons of important public interest of the Union or of a Member State.
If the restriction of the processing was restricted in accordance with the above-mentioned
conditions, you will be informed by the controller before the restriction is lifted.
7. Right to erasure
7.1. Obligation to erase
You may demand that the controller erase the relevant personal data without undue delay, and the
controller is obligated to promptly erase the data if one of the following applies:
1. The personal data concerning you are no longer necessary in relation to the purpose for which
they were collected or otherwise processed.
2. You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (a) or Art. 9
(2) (a) GDPR and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate
grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The personal data concerning you have to be erased to comply with a legal obligation under
Union or Member State law to which the controller is subject.
6. The personal data concerning you were collected in relation to the offer of information society
services pursuant to Art. 8 (1) GDPR.
7.2. Information to third parties
If the controller has made the personal data concerning you public and is obligated to erase them
pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of
implantation, shall take reasonable steps, including technical measures, to inform controllers which
are processing the personal data that you as the data subject request the erasure by such
controllers of any links to, or copy or replication of, those personal data.
7.3. Exceptions
There is no right to erasure if the processing is necessary
1. To exercise the right of freedom of expression and information;
2. To comply with a legal obligation which requires processing by Union or Member State
law to which the controller is subject or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller;
3. For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i)
as well as Art. 9 (3) GDPR;
4. For archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the right referred to in
subsection (3) is likely to render impossible or seriously impair the achievement of the objectives of
that processing; or
5. To establish, exercise or defend legal claims.
7.4. Right to notification
If you have claimed the right to rectification, erasure or restriction of processing vis-à-vis the
controller, the controller is obligated to communicate this rectification or erasure of the data or
restriction of processing to all recipients to whom the personal data concerning you were disclosed,
unless this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the controller.
7.5. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the
controller in a structured, commonly used and machine-readable format. In addition, you have the
right to have these data transmitted to another controller without hindrance from the controller to
which the personal data were provided, if
1. The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a)
GDPR or a contract pursuant to Art. 6 (1) (b) GDPR and
2. The processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you
transmitted directly from one controller to another if this is technically feasible. This may not
adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the
performance of a task carried out in the public interest or in the exercise of official authority vested
in the controller.
7.6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to
processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; including
profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate
compelling legitimate grounds for the processing which override your interests, rights and
freedoms, or the processing serves the purpose of establishing, exercising or defending legal
claims.
Where personal data concerning you are processed for direct marketing purposes, you have the
right to object at any time to processing of personal data concerning you for the purpose of such
marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall
no longer be processed for these purposes.
In the context of the use of information society services, you have the opportunity –
notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using
technical specifications.
7.7. Right to withdraw the declaration of consent regarding data privacy
You have the right to withdraw your declaration of consent regarding data privacy at any time. A
withdrawal of consent does not affect the lawfulness of any processing done up to the time of
withdrawal.
7.8. Automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing,
including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply if the decision
1. Is necessary to enter into or perform a contract between you and the controller;
2. Is authorised by Union or Member State law to which the controller is subject, and these
legal provisions also lay down suitable measures to safeguard your rights and freedoms and
legitimate interests, or
3. Is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to
Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR apply and suitable measures have been taken to
protect your rights and freedoms and legitimate interests.
In the cases referred to in sections 1 and 3, the controller shall implement suitable measures to
safeguard your rights and freedoms and legitimate interests, at least the right to obtain human
intervention on the part of the controller, to express your own point of view and to contest the
decision.
7.9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a
complaint with a supervisory authority, in particular in the Member State of your habitual residence,
place of work or place of the alleged infringement if you are of the opinion that the processing of
personal data relating to you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant
on the progress and the outcome of the complaint, including the possibility of a judicial remedy
pursuant to Art. 78 GDPR.