In the following notice, we inform you about the collection of personal data when using our website. Personal data is any data that concerns you personally, e.g. your name, address, email addresses and usage patterns. We have implemented comprehensive technological and operational safeguards to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adjusted to reflect technological developments.
1. Data controller
The data controller for the purposes of Article 4.7 EU General Data Protection Regulation (GDPR) is:
F. REYHER Nchfg. GmbH & Co. KG
Telephone: +49 (0)40 853 63 0
2. Data Protection Officer contact details
You can contact our Data Protection Officer at dsb(at)reyher.de or by writing to the attention of “Datenschutzbeauftragter” at our postal address.
3. Your rights
You may exercise the following rights against us with regard to personal data concerning you:
3.1 General rights
You have a right to access, rectify and erase your data, restrict and object to its processing and have it made portable. Where data is processed based on your consent, you have the right to withdraw that consent from us with future effect.
3.2 Rights when data is processed based on a legitimate interest
Article 21.1 GDPR provides you the right, on grounds relating to your particular situation, at any time to object to the processing of personal data concerning you that is based on Article 6.1(e) (Processing in the Public Interest) or Article 6.1(f) (Processing for the Purposes of a Legitimate Interest). If you lodge such an objection, we will no longer process this personal data unless we can demonstrate compelling, legitimate grounds for the processing which override your interests, rights and freedoms or the data is being processed for the establishment, exercise or defence of legal claims.
3.3 Right to lodge a complaint with a supervisory authority
Additionally, you have the right to lodge a complaint about our processing of your personal data with a competent supervisory authority for data privacy.
4. Collection of personal data when visiting our website
When using our website purely for informative purposes, i.e. when you do not register yourself or convey information to us in some other way, we only collect the personal data that your browser transfers to our server. If you would like to view our website, we collect the following data which is technologically required to display our website to you and assure its stability and security. The legal grounds for this are provided in Article 6.1(f) GDPR:
IP address, date and time of request, time difference to Greenwich Mean Time (GMT), request content (title, URL), access status/HTTP status code, volume of data transmitted each time, website from which the request is coming (URL), screen resolution, files downloaded, outgoing browser links, user geolocation, browser software, operating system, operating system user interface, browser software language and version, anonymous visitor identifier, user’s first visit, user’s last visit.
5. Contact by email or using contact form
When you contact us by email or using our contact form, we store the data you share with us (your email address and potentially your name and phone number) so that we can answer your questions. If, on our contact form, we ask for details that are not necessary for contacting you, we always mark such fields as optional. These details help us understand your request more thoroughly and process it better. If you share these details, you do so explicitly on a voluntary basis and give your consent in accordance with Article 6.1(a) GDPR. If these details pertain to communication methods (for example your email address or telephone number), you also give your consent to us contacting you using that method of communication so that we can respond to your query. You can of course withdraw this consent at any time with future effect.
We erase the data acquired in this context once we are no longer required to store it or we restrict its processing if the law obliges us to retain it.
6. Online shop
When you use our online shop, we collect various items of data that are required to enter into a contract. Entering into and performing a contract represents legal grounds for this as per Article 6.1(b) GDPR. Your data will be stored for the term of the contract and in line with any legal obligations.
7. Job applications
You can apply for a job in our company electronically, in particular by email or using our online form. We will of course only use your details to process your application and will not share them with third parties. Please be aware that emails sent without encryption are not protected against unauthorised access.
You can also apply for a job in our company by using our online applications portal. Your online application will be forwarded directly to our Human Resources department via an encrypted connection and, naturally, treated as confidential. We will of course only use your details to process your application and will not share them with third parties.
If you are applying for a specific position and it has already been filled or if we also believe that you are suitable or even better suited for another position, we would be happy to share your application within our company. Please let us know if you would not like us to share your application.
Your personal data will be erased immediately once the application process is complete or after six months at most unless you give us your explicit consent to store your data for longer or we employ you. The legal grounds for this are provided in Article 6.1(a), (b), and (f) GDPR and German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) section 26.
This website uses the following types of cookies, with the scope and functionality of each being explained further below:
8.1 Transient cookies
These cookies are automatically deleted when you close your browser. They include session cookies in particular. They save a session ID that can be used to match various requests from your browser to the same session. Session cookies are deleted when you log out or close your browser.
8.2 Persistent cookies
These cookies are automatically deleted after a prescribed length of time that varies depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
8.3 Refusing cookies
You can configure your browser settings as you desire, for example, to have your browser accept third-party cookies or reject all cookies. Do be aware that you may not be able to use all website functions in this case.
9. Legal grounds and duration of storage
There are various legal grounds for the potential processing of personal data and the duration for which data is stored. An overview of them is provided in the following sections.
10. Web analytics
To analyse and optimise our website, we use services that are explained below. As a result, we can, for example, analyse how many users visit our page, what information is desired most or how users discover our offering. We record data that includes the website from which a data subject has arrived at another (called the “referrer”), the pages that are accessed on a website and how often and for how long a page is viewed. This helps us make our offerings user-friendly and improve them. The data collected through these services is not used to identify individual users personally. Data is collected anonymously or, at most, under pseudonyms. The legal grounds for this are provided in Article 6.1 (f) GDPR.
This website uses the Web analytics service Matomo (formerly Piwik) so that we can analyse and regularly improve the use of our website. Using the acquired statistics, we can improve our offering and make it more appealing to you as a user. The legal grounds for our use of Matomo are provided in Article 6.1 (f) GDPR.
Cookies are stored on your computer for these analytics. You can stop the analytics by deleting existing cookies and preventing your browser from storing them. Please be aware that you may not be able to use this website to its full extent if you prevent your browser from storing cookies. You can prevent your browser from storing cookies by changing its settings. You can prevent Matomo from being used by unticking the box below, which will then activate the opt-out plug-in:
Prevention of data acquisition
This website uses Matomo with the “AnonymizeIP” extension. This means that IP addresses are truncated before they are processed further, therefore ruling out their ability to be drawn back directly to a specific person. We do not merge the IP address transmitted from your browser through Matomo with other data collected by us.
We use services on our website from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a Google Inc. company, Amphitheatre Parkway, Mountain View, CA 94043, USA. We use a two-click solution to protect your personal information. When you visit a page that has a YouTube video embedded, a connection to the YouTube servers is not established until you click the "Confirm" button. YouTube will set cookies in this case and use your visit data for its own purposes. If you are logged into YouTube at that time, the information about the videos you watch will be associated with your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
12. Data transfer
Generally your data will not be transferred to third parties unless we are compelled by law, sharing your data is necessary to perform our contract with you or you have previously given your explicit consent to your data being disclosed.
We put emphasis on processing your data within the EU/EEA. However, it may be the case that we engage service providers that process data outside of the EU/EEA. In these cases we ensure that the recipient has established an appropriate level of data protection before we transfer your personal data. This means that recipients will have a level of data protection comparable to standards within the EU through adequacy decisions or EU treaties such as the EU Privacy Shield.
13. Data security
We have implemented comprehensive technological and operational safeguards to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adjusted to reflect technological developments.
Last updated: July 2018
Information about the processing of your personal data
Diligence and transparency provide a foundation for building trust with our customers. This document explains how we process your personal data and how you can exercise your rights under the General Data Protection Regulation (GPDR). The types of personal data that we process and the purpose of data processing depend on the nature of your contractual relationship with us.
1. Who is responsible for data processing?
The data controller is:
F. REYHER Nchfg. GmbH & Co. KG
Dr. Peter Bielert
2. How can you contact the Data Protection Officer?
You can contact our Data Protection Officer at:
F. REYHER Nchfg. GmbH & Co. KG
3. What personal data do we use?
Your personal data are processed whenever we respond to inquiries, offers, orders and/or delivery contracts. We might for example process your personal data to fulfil a legal obligation, to protect a legitimate interest, or with your consent, among other scenarios.
Depending on the legal basis of data processing, we process the following categories of personal data:
- first name, last name
- contact details (telephone, email address)
- date of birth
- contract master data, including the contract reference number, the term of the contract, any applicable periods of notice, the nature of the contract
- invoice data/sales data
- credit information
- payment information/account details
- health information
- account data, including date of registration and login details
- video recordings and images
We also use data provided by third parties when setting up contracts. For example:
- delivery information to perform direct deliveries for customers
- information from credit bureaus and trade credit insurance providers
4. Where are the data collected from?
We process data collected from customers, service providers and suppliers.
Personal data are also collected from the following sources:
- trade credit insurance providers
- customers (for direct deliveries)
- public sources: trade and association registers, public debtor records, land registers, etc.
5. What is the purpose of data processing? What is the legal basis?
Your personal data are processed in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as any other applicable legislation.
5.1. Processing performed with your consent (Article 6.1 (a) GDPR)
If you give us your consent to collect, process, or transfer specific types of personal data, this consent represents the legal basis of the data processing.
Your personal data are processed on the basis of consent in the following cases:
- market research (e.g. customer satisfaction surveys)
- marketing and advertising
- published customer references (name and picture)
5.2. Processing performed for the fulfilment of a contract (Article 6.1 (b) GDPR)
We may need to use your personal data to execute a contract or an order.
Within the framework of a contractual relationship, we might for example need to process your personal data to perform the following activities:
contract-related communication, contract management, ongoing customer support, warranty claims, management of receivables, management of contract termination.
You can find more information about the purpose of specific instances of data processing in the contract documents and general terms and conditions.
5.3. Processing performed for compliance with legal obligations (Article 6.1 (c) GDPR) or in the public interest (Article 6.1 (e) GDPR)
As a company, we are bound by various legal obligations. In some cases, we may need to process your personal data to meet these obligations.
- control and reporting obligations
- credit checks
- prevention/protection against criminal acts
- IT security and IT operations
5.4. Processing performed to protect a legitimate interest (Article 6.1 (f) GDPR)
In some cases, we may need to process your personal data to protect a legitimate interest of our own or of a third party.
- safety measures for buildings and facilities
- video surveillance to control access to premises
- consultation with credit bureaus to determine creditworthiness and risk of default
- consultation with trade credit insurance providers to safeguard business interests
6. To whom do we disclose your personal data?
In order to meet our contractual and legal obligations, we may need to disclose your personal data to public or internal bodies, as well as external service providers.
External service providers:
We only work with carefully selected external service providers to meet our contractual and legal obligations.
- IT service providers (e.g. maintenance, hosting)
- file and document destruction
- web hosting
We may also be required to disclose your personal data to entities such as government agencies to meet the legal disclosure requirements.
- tax authorities
- customs authorities
- social security
For more details about specific recipients, please contact us at: firstname.lastname@example.org.
7. Are your personal data transferred to countries outside of the European Union (“third countries”)?
Countries that are not in the European Union (or the European Economic Area, the EEA) manage the protection of personal data differently than in the European Union. Some of the service providers that we use to process your personal data are located in third countries outside of the European Union. The EU Commission has not currently issued adequacy directives to guarantee that the level of protection in these third countries are sufficient.
We have therefore taken special measures to ensure that any data processing in third countries is performed with the same levels of protection as within the European Union. We include the standard privacy clauses published by the EU Commission in our contracts with service providers in third countries. These clauses provide adequate safeguards to ensure the protection of your personal data by service providers in third countries.
Service providers based in the US are certified under the EU-US Privacy Shield Agreement.
For more details about these safeguards, please contact us at: email@example.com.
8. How long will my personal data be stored?
Your personal data will be stored for as long as necessary to meet any applicable legal and contractual obligations.
If the storage of your personal data is no longer necessary to fulfil a legal or contractual obligation, the data will be erased, unless further processing is required for one of the following purposes:
- Compliance with mandatory commercial and tax retention period such as the retention periods defined by the German Commercial Code (HGB) or the German Tax Code (AO). These retention periods may range up to 10 years after the end of a transaction.
- Preservation of evidence to comply with the regulatory statute of limitations. Under the statute of limitations defined by the German Civil Code (BGB), the retention period may range up to 30 years in some cases. More typically, the retention period is three years.
9. What are your rights in relation to the processing of your personal data?
Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of erasure under Article 17 GDPR, the right to restrict processing under Article 18 GPDR, the right to object to processing under Article 21 GDPR, and the right to data portability under Article 20 GDPR. The right of access and the right of erasure are subject to the restrictions defined in §34 and §35 of the BDSG.
10. Right of objection
You have the right to object to the use of your personal data for advertising-related purposes at any time without incurring any costs other than communication costs at the standard rates.
What are your rights in relation to data processing based on a legitimate interest or the public interest?
Under Article 21.1 GDPR, you have the right to object at any time to any processing of your personal data performed on the basis of Article 6.1 (e) GPDR (data processing in the public interest) or Article 6.1 (f) GDPR (data processing for the protection of a legitimate interest) for reasons arising from your specific circumstances. This also applies to any profiling performed on the basis of these provisions.
If you submit an objection, we will stop processing your personal data, unless we can provide compelling legitimate grounds for the data processing that override your own personal interests, rights, and freedoms, or if the purpose of the data processing is to enforce, enact or defend a legal claim.
What are your rights in relation to data processing performed for a direct advertising campaign?
Under Article 21.2 GPDR, you have the right to object at any time to data processing performed in support of a direct advertising campaign. This also applies to any profiling associated with a direct advertising campaign.
If you submit an objection to this data processing, we will no longer process your personal data for this purpose.
11. Revocation of consent
You can revoke any consent given for the data processing at any time. Please note that this revocation is only effective from that moment onwards.
12. Right of access
You can request access to the personal data that we have stored. If you submit a right-of-access request, we will inform you about the nature of these data, the purposes of any processing performed with the data, the parties to whom the data are disclosed, how long the data are stored, and your rights in relation to the data.
13. Other rights
You also have the right to rectify any incorrect data, as well as the right to request the deletion of your data. If there is no reason to justify the continued storage of your data, the relevant data will be deleted. Otherwise, the data processing will be restricted accordingly. You can also ask us to transfer all personal data that you have disclosed to us in a structured, standard, and machine-readable format either to yourself or to any other person or company.
You can submit data protection complaints to the supervisory authority responsible for data protection (Article 77 GDPR in conj. with §19 BDSG).
14. How to exercise your rights
To exercise any of your rights, please contact the entity responsible for data protection (controller) or the Data Protection Officer using the contact details provided above. Alternatively, you can contact customer service: firstname.lastname@example.org. We will respond to any requests promptly in accordance with the applicable legal requirements, and we will inform you of any measures taken as a result of your request.
15. Are you under any obligation to provide us with your personal data?
To establish a business relationship with us, you need to provide any personal data that is necessary for the performance of the contractual relationship, as well as any data that we are legally required to collect. If you choose not to provide us with these data, we cannot continue the contractual relationship.
16. Changes to the information in this document
If the purpose or methods of processing your personal data change significantly, we will promptly update this document and inform you about the changes.
Last modified: July 2018