Declaration on data protection
RAL is regarded as a term for quality in many areas of everyday life. This also applies to the processing of your data. We try to ask you for as little personal data as possible and manage the necessary information as securely as possible for your security and to protect your data.
Below you will find information about the personal data we will request from you and how we process these data.
1. Name and contact details of the controller
RAL gemeinnützige GmbH
Fränkische Straße 7
Telephone: +49 228 68895 0
Fax: +49 228 68895 431
Chairman of the Management Board: RA Rüdiger Wollmann
Managing Director: RA Thomas Roßbach
2. Contact details of the data protection officer
If you have any questions about the collection and processing of your personal data, please contact our external data protection officer who will be happy to provide you with information. You can reach him via the email address email@example.com
3. Scope and purpose of the processing of personal data
3.1 Personal data
Personal data in accordance with Art 4 Para. 1 EU General Data Protection Regulation (GDPR) are all the information, which refer to an individual who can be identified directly or indirectly. This includes for example your name, your contact details and the data which you provide when registering a customer account, for processing your order or as part of a job application.
3.2 Server statistics
Every time the website is called up, the internet browser used will automatically transmit data to the web server and save them in log files. The following data will be saved until they are deleted:
- Name and URL on the page retrieved,
- IP address at the time the relevant page is retrieved
- Date, time and success of access to the page,
- Website from which the visitor reached our page (so-called referrer-URL),
- Browser type and version
- Operating system of the end-device used for the retrieval.
Processing takes place for the purpose
- of enabling the connection to be made to the website,
- of providing an optimised display of the website,
- of verifying and ensuring the security and stability of the systems
- of enabling and improving the administration of the website.
The data saved will not be merged with other data sources. The data can generally not be assigned by us to a certain person.
We reserve the right to save the IP addresses of visitors to our websites for a period of 30 days. This recording of the data is for the purpose of identifying long-term attacks, limiting and overcoming disruptions as well as system and data security. After this period the data will be made anonymous, saved and processed for a further 900 days to compile statistics.
We have a legitimate interest in processing the data in accordance with Art. 6 Para. 1 Clause 1 Letter f) EU GDPR for the purposes mentioned there.
Visitors can contact us by telephone and send us messages via a contact form on the website. All the information is transmitted to us voluntarily by the person making the inquiry. A valid email address is required to enable us to respond by email. Data processing will take place exclusively for the purpose of telephone advice and the processing of inquiries via the contact form and responding to them.
Processing takes place on the basis of consent which has been granted voluntarily in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR.
If the contact seeks to conclude a contract, the processing is based on the legal basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR.
The data you have transmitted will be deleted after your inquiry or after completion of the relevant event, insofar as there are no other reasons for continued retention, such as statutory requirements in accordance with §257 German Commercial Code (HGB).
Saving cookies can be deactivated at any time. The Help function in the menu tab on most web browsers (e.g. Microsoft Edge or Firefox) shows how users and visitors of our application portal can prevent the browser from accepting cookies, how users and visitors to our websites can indicate to the web browser when it receives a new cookie or also how it can block all the cookies it has already received and future cookies. However, it should be noted in the latter case that various functions (login and management options) are no longer available. The cookie block must be cancelled again to use these functions.
3.5 Registration and customer account
Our websites offer you the opportunity to register and open a customer account. During this process you will be asked for personal data (e.g. name, email, contact details) to complete registration. You will be informed of the compulsory information in each case during registration. Your consent to the processing of the data will be requested expressly during registration. The data which you enter will be collected and processed as part of pre-contractual services, processing of the contract and customer care. In addition, additional parameters of your registration (date and time of your registration, IP address during registration) will be saved to ensure correct operation of the websites and prevent misuse or pursue the latter if applicable. The data collected will be used exclusively as part of the establishment and management of your customer account and the procedures associated with the latter. There will be no transmission to a third party.
Insofar as you consent to this processing during registration, Art. 6 Para 1 Letter a) EU GDPR forms the legal basis for processing. In the event of the initiation or processing of a contract via your customer account (e.g. during the purchase of goods), the legal basis is Art. 6 Para 1 Letter b) EU GDPR.
3.6 Online shop
You have the opportunity to purchase goods in our webshop (e.g. colour charts, colour cards etc.). We require your data to process the purchase contract and to ship or transmit the goods purchased. The conclusion of the contract and the processing of the contract would not be possible without these data. We transmit your data to the external transport company instructed to deliver the goods for the processing of the relevant contract, insofar as this is necessary for service. We transmit your data to the financial services provider instructed by us to process payments.
The legal basis for processing is the initiation and processing of the contract in accordance with Art. 6 Para 1 Letter b) EU GDPR.
By registering for the Newsletter, you are expressly giving your consent to the processing of the personal data you have provided voluntarily. The data, which are collected during registration, are used exclusively to process the dispatch of the Newsletter. We use a double opt-in procedure to ensure that you receive the Newsletter only if you really wish to do so. We will send you an email for this purpose after your initial registration, in which you confirm that you would like to receive our Newsletter by clicking on a link in the email. It is possible to unsubscribe from our Newsletter at any time. This can take place by using a special link at the end of every Newsletter or by sending an email. You can find further details in the section on the right to withdraw consent.
The legal basis for processing the personal data for the dispatch of Newsletters and the associated activities is your consent in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR.
3.8 Social networks
Logos of social networks are displayed on our websites in the form of push buttons with the corresponding logos of the operators.
- Facebook, operated by Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304 USA (“Facebook”) and
- Twitter, operated by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103.
The push buttons are set up as hyper links to the relevant sites. There will be no transmission of data via pure linking. Transmission of data to the above-mentioned offices will take place only after the express activation of the corresponding push button.
Our website uses the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. After consenting to the processing of your personal data by the LinkedIn Insight Tag according to Art. 6 (1) (a), a cookie is set in your browser.
Via this, LinkedIn collects, among other things, data such as:
- referrer URL
- Device properties,
- browser properties and
- IP address.
LinkedIn anonymizes the data within 7 days and within 90 days the data is deleted. RAL as a site operator does not receive any personal data through the Insight Tag, but only aggregated, anonymized reports about the demographics of their target audience and the performance of their ads and offers RAL the possibility of retargeting for better control of targeted advertising outside the website without identifying you as a website visitor.
3.8 Embedding of videos
Videos from the YouTube platform of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA are embedded in our websites. While the video data are being played, a connection is created to the servers of YouTube and while doing so the data are transmitted to YouTube via the retrieval. They will include at least your IP address, the date and time of the retrieval and the website you have visited. If you are logged into your account at YouTube at the same time, information will be assigned to your YouTube account via the video file which has been retrieved. If you would like to prevent this, you must either cancel your registration with YouTube before you visit our website or adjust the corresponding settings in your YouTube user account.
The YouTube videos on our website are provided using a two-click solution. In order to be able to play the videos, you must first give consent to the processing of your data and the associated transmission to YouTube. Furthermore, the “Expanded data protection mode” function is activated so that data will be transmitted to the servers of YouTube only if a video is actually retrieved. YouTube permanently saves cookies on your end-device to ensure functionality and to analyse user behaviour. If you are not in agreement with these cookies being saved, you have the option of preventing this by adjusting the settings on your internet browser.
Google provides more detailed information about the collection and use of data and its rights and protection options in the data protection details which can be downloaded at https://policies.google.com/privacy
Our legitimate interest lies in increasing the attractiveness and improving the quality of our internet presence. The legal basis for data processing is therefore Art. 6 Para 1 Letter f) EU GDPR.
3.9 USE OF ETRACKER
Technologies of etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg (www.etracker.de) are used on our websites. They collect and save data for marketing and optimisation purposes. Pseudonymous user profiles are created from these data. Cookies may be used for this. The cookies make it possible for the internet browser to be recognised. The data collected via the etracker technologies are not used to personally identify the visitor to this website without the consent of the data subject which has been granted separately and are not merged with personal data via the carrier of the pseudonym.
Consent to the collection and saving of data can be withdrawn at any time with effect for the future.
You can find our more information about data protection during the use of etracker on the provider’s website. The address of the page is:
Our legitimate interest in the assessment of access to and the use of the websites in accordance with Art. 6 Para 1 Letter f) EU GDPR is also the legal basis for the processing of personal data.
3.10 Email and security
Please remember that in principle emails are not protected against unauthorised inspection, corruption etc. Therefore please do not send any confidential information (e.g. account data, passwords etc.) by email.
4. Transmission of data
In principle personal data are transmitted to a third party only if
- the data subject has given their express consent for this in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR,
- transmission in accordance with Art. 6 Para 1 Clause 1 Letter f) EU GDPR is necessary for the assertion, exercising or defence of legal claims and there are no reasons to assume that the data subject has an overwhelming interest worthy of protection in the non-transmission of your data,
- there is a statutory obligation to transmit the data in accordance with Art. 6 Para 1 Clause 1 Letter c) EU GDPR, and/or
- this is necessary in accordance with Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.
4.1 Payment processing
It may be necessary to transmit your data to an external financial service provider instructed by RAL to process payments for orders (e.g. in our shop in the Farben division).
The data are processed on the basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.
4.2 Logistics and order processing
In principle we process your orders in-house. Personal data to the extent required (address and product data if applicable) are transmitted to external delivery companies and freight forwarders (parcel and postal services) to deliver the goods ordered. By providing your data voluntarily, you are giving your consent for us to transmit your data to process the desired transactions to the extent required to the relevant third parties involved.
The data are processed on the basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.
4.3 RAL events and RAL Academy
When you register for the various events organised by RAL and the RAL Academy, personal data are transmitted to the extent necessary to hold events. Events run by the RAL Academy may sometimes be carried out by external speakers. As a result, it is necessary to transmit personal data to the persons entrusted with implementation in each case.
The basis for data processing is your express consent in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR when registering for or satisfying a contractual relationship with the data subject in accordance with Art. 6 Para 1 Clause 1 Letter b) EU GDPR.
5. Your rights as a data subject
Insofar as your personal data are processed when you visit our website, you as a “data subject” within the meaning of EU GDPR have the following rights:
5.1 Right to information
You can request information from us whether your personal data are processed by us. There is no right to information if the data are not permitted to be deleted on the basis of statutory periods of retention or those in accordance with articles of association or are used exclusively for the purposes of data security or data protection monitoring, insofar as the provision of information would require a disproportionate amount of effort and processing is ruled out for other purposes through the appropriate technical and organisational measures.
If applicable, you can request information about:
- The purposes of processing,
- The categories of your personal data which are processed,
- The recipients or categories of recipients to whom your personal data are disclosed, in particular regarding recipients in third countries,
- If possible, the planned period during which your personal data will be saved or, if this is not possible, the criteria for the stipulation of the duration of retention,
- The existence of a right to correction or deletion or restriction of processing of the personal data which concerns you or a right to withdraw consent against this form of processing,
- The existence of a right to complain to a supervisory authority for data protection,
- Insofar as the personal data were not collected from you as the data subject, the available information about the data origin,
- If applicable, the existence of automated decision-making including profiling and significant information about the logic involved as well as the extent and intended effects of automated decision-making,
- If applicable, in the event of transmission to recipients in third countries, insofar as there is no decision by the EU Commission about the appropriateness of the level of protection in accordance with Art. 45 Para 3 EU GDPR, information about which appropriate guarantees are envisaged in accordance with Art. 46 Para 2 EU GDPR to protect personal data.
5.2 Correction and completion
Insofar as you discover that we have incorrect personal data about you, you can request the correction of the incorrect data. In the event of incomplete data, you can request that they are completed.
You have the right to deletion (“right to be forgotten”), insofar as one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were processed.
- You have withdrawn your consent to processing.
- You have withdrawn your consent to the processing of your personal data which we have published.
- You have withdrawn your consent to the processing by us of personal data which have not been made public and there are no higher ranking legitimate reasons for processing.
- Your personal data were processed unlawfully.
- The deletion of the personal data is necessary to satisfy a statutory obligation to which we are subject.
There is no entitlement to deletion if the deletion is not possible in the event of lawful non-automated data processing owing to the special nature of retention or only with a disproportionate amount of effort and your interest in the deletion is low. In this case, a restriction of processing will take place instead of a deletion.
5.4 Restriction of processing
You can request the restriction of processing from us if one of the following reasons applies:
- You dispute the accuracy of the personal data. In this case, the restriction can be requested for the period which is necessary to verify the accuracy of the data.
- The processing is unlawful and you request the restriction of the use of your personal data instead of a deletion.
- Your personal data are no longer required by us for the purposes of processing, but you require the data to assert, exercise or defend legal claims.
- You have withdrawn your consent in accordance with Art. 21 Para 1 EU GDPR. The restriction of processing can be requested for as long as it has not yet been established whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data are processed only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of an important public interest. We are obliged to inform you before we remove the restriction.
5.5 Data portability
You have a right to data portability, insofar as the processing is based on your consent in accordance with Art. 6 Para 1 Clause 1 Letter a) or Art. 9 Para 2 Letter a) EU GDPR or on a contract where you are the contracting party and the processing takes place using automated procedures. In this case the right to data portability includes the following rights, insofar as there is no adverse effect on the rights and freedoms of other people:
You can request us to send you the personal data which you have provided in a structured, current and machine-readable format. You have the right to transmit these data to another controller without any hindrance on our part. Insofar as technically feasible, you can request that we transmit your personal data directly to another controller.
5.6 Right to object
If you are of the opinion that the processing of the personal data about you is unlawful, you can submit an objection to a data protection supervisory authority, which is responsible for your location or place of work or for the location of the alleged breach.
5.7 Right to withdraw consent
Consent to the processing of personal data can be withdrawn at any time with effect for the future. In doing so, the withdrawal of consent can refer to individual partial areas of data processing (e.g. unsubscribing to the Newsletter).
We would like to point out that processing may be prescribed on the basis of the statutory requirements, even in the event of a withdrawal of consent.
Please send your withdrawal of consent to the contact details mentioned under 1. above and please understand that in the event of a withdrawal of consent to data processing, identification may be necessary to prevent misuse.
6. External links
The website contains so-called “external links” to other websites, over whose content the website provider has no influence. For this reason the provider cannot assume any warranty for their content.
The relevant provider of the linked website is responsible for the content and accuracy of the information provided. No legal breaches were identifiable at the time the link was created. The link will be removed immediately if such a breach of law becomes known.
7. Withdrawal of consent to advertising emails
Consent is hereby withdrawn for the use of contact data published as part of the obligation to provide company details to send advertising and information material which has not been expressly requested. The operators of the websites expressly retain the right to undertake legal steps if unsolicited advertising information is sent, for example through spam emails.