We appreciate your visit to our website. Data protection is very important to us and we want you to feel secure while visiting our website.
Therefore you may visit our website without disclosing your personal data. However, if you are utilising certain functions, services or offers on our website we may process personal data. We collect, process and use personal data only to the extent you have agreed to the collection and processing or if an applicable statutory principle is present.
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
Fuhlsbüttler Straße 29
Executive board: Björn Schwabe
Phone: +49 40 36 88 00 70
The Data Protection Supervisor of the REAFINA AG can be reached via:
We store access data in so-called server log files automatically each time our website is visited.
This includes the date and time of the visit.
The temporary storage of the IP address by the system is necessary for the provision of the website to your device.For this, your IP address must remain stored for the duration of the session.
The legal basis for the temporary storage of your data and the log files is Article 6 (1)(f) GDPR.
This data is analysed for the sole purposes of delivering a smooth, uninterrupted operation of the website and improving the content of our website, as well as for transmission to law enforcement
authorities in the event of a cyber attack and to ensure the security of our IT systems.
Your data is not analysed for marketing purposes in this context.
In this context our legitimate interest also lies in the processing of data pursuant to Article 6 (1)(f)
Die Daten der Server-Logfiles werden getrennt von allen durch Sie im Übrigen angegebenen personenbezogenen Daten gespeichert.
Die Erfassung der Daten zur Bereitstellung der Website und die Speicherung der Daten in Logfiles ist für den Betrieb unserer Website zwingend erforderlich. Es besteht folglich keine Widerspruchsmöglichkeit.
We use so-called cookies on our website to make your visit to our website more attractive, and to enable you to use certain functions. These are small text files that are installed by a browser and
stored on your device.
Many cookies contain a so-called cookie ID. It consists of a character string through which websites and servers can be assigned to a specific browser in which the cookie was stored. Most of the cookies we use are deleted when the browser session ends (“session cookies”). However, the “persistent cookies“ remain on your device.
The following data is stored and transmitted in cookies: language settings, search terms entered. Your data that is collected on our website is pseudonymised by technical means. It is therefore no longer possible to assign your identity to this data. The data is not stored together with your other personal data.
The legal basis for the processing of personal data using cookies is Article 6 (1)(f) GDPR.
The analytical cookies are used to improve the quality of our website and its content. The analytical cookies tell us how you use the website and this allows us to continually optimise our offerings. In this context our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1)(f) GDPR.
On our website we embed videos from the social network youtube.com which is run by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
When you visit our website, your browser establishes a direct connection to the YouTube servers. Your browser is automatically prompted by the relevant video embedded on our website to download a display of the corresponding YouTube component. During this technical process, YouTube receives information about which specific sub-page of our website you are visiting. If you use the videos, the relevant information – e.g. the play button being pressed – is sent to YouTube by your browser, possibly linked to your user account and stored. The legal basis for the use of your data is Article 6 (1)(f) GDPR. In this context our legitimate interest in processing your data lies pursuant to Article 6 (1)(f) GDPR in
the, optimisation and economic operation of our website. If you are logged into your personal Google account while visiting our website, YouTube can assign the visit and specifically the subpages of our website visited to your account.
If you do not have a Google account, it is still possible that YouTube stores your IP address. If you do not want your data to be processed in this way, you must log out of your Google account and delete your cookies before visiting our site.
You can object to the use of your data by Google at any time by clicking on the following link:
We embed some third-party content on our website, such as maps from Google Maps and Apple
Maps, RSS feeds or graphics from other websites/providers. To display this content, your IP address has to be transmitted to the third-party provider. To do this your browser establishes a direct connection to the relevant third-party provider‘s servers when you visit our website.
Your browser is automatically prompted by the relevant content embedded on our website to download a display of the corresponding third-party provider component. During this technical process, the third-party provider receives information about which specific sub-page of our website you are visiting.
The legal basis for the use of your data is Article 6 (1)(f) GDPR.
In this context our legitimate interest lies pursuant to Article 6 (1)(f) GDPR in the analysis, optimisation and economic operation of our website. The third-party providers may also use “web beacons” for statistical or marketing purposes. Web
beacons can be used to evaluate further information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on your device and may, among other things, include technical information about the browser and operating system, referrer URL, visit time and other information about your use of our website. This information may also be linked to such information from other sources.
You can object to the use of your data by Google at any time by clicking on the following link:
Due to legal requirements, we provide information on our website which enables quick electronic contact as well as direct communication with us. This includes both our e-mail address and our contact form. If you contact us by e-mail or using our contact form, the personal data transmitted by you is stored automatically. Other personal data processed in the course of your contact with us is used to prevent misuse of the contact form and ensure the security of our IT systems.
The legal basis for processing the data transmitted in the course of sending an e-mail is Article 6 (1)(f) GDPR. If the purpose of contacting us is to conclude a contract, the additional legal basis for processing is Article 6 (1)(b) GDPR. We use the personal data you provide exclusively to process your specific query. The data you provide is always treated as confidential. Your details may be stored in a customer relationship management system (so-called CRM system) or another customer data organisation tool.
The data is deleted as soon as it is no longer needed for the specific purpose for which it was collected. In the context of personal data from the contact form input screen and personal data sent by e-mail this is the case when the conversation with you is finished. The conversation is finished if it is evident from the circumstances that the matter in question has been conclusively resolved.
If you contact us you can object, at any time, to the storage of your personal data. It will not be possible to continue the conversation in this case.
We use a number of technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. However, despite regular controls, complete protection against all risks is not possible and we cannot guarantee it. For this reason you may, at any time, provide us with your personal data by other means, for example by telephone or mail.
If we obtain your consent to personal data processing, Article 6 (1)(a) GDPR applies as the legal basis for processing personal data.
Article 6 (1)(b) GDPR is the legal basis for processing personal data that is required for the performance of a contract to which you are a party. This also applies to processing that is required for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR applies as the legal basis. If personal data processing is necessary to protect your vital interests or the vital interests of another natural person, Article. 6 (1)(d) GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and freedoms do not override the former interest, Article 6 (1)(f) GDPR applies as the legal basis for processing.
Where the processing of your personal data is based on Article 6 (1)(f) GDPR, our legitimate interest, unless specified otherwise, is to conduct our business activities. Otherwise, we have stated our purposes and interests in each case in the context of the processing list above.
Your personal data is erased or blocked as soon as the purpose of its retention no longer applies or you withdraw your consent. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. If the retention purpose is not applicable, if you withdraw your consent or if a retention period prescribed by the European legislator or another competent legislative body expires, the personal data is routinely blocked or erased in accordance with legal requirements unless further retention of the data is needed to conclude a contract or fulfil a contract.
You also have the right, at any time, to obtain information free of charge regarding the stored personal data relating to you and to receive a copy of this information. You also have the right of access regarding the following information:
You also have a right of access to information as to whether personal data has been transferred to any third country or international organisation. If this is the case, you also have the right to be given information about the appropriate guarantees in connection with the transfer.
You have the right to request that incomplete personal data pertaining to you is completed and/or inaccurate data is rectified without delay. We must make the rectification without delay.
You have the right to obtain the restriction of processing by us if one of the following conditions is met:
If processing of your personal data has been restricted, this data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State.
If the restriction on processing was restricted in accordance with the conditions above, we will inform you before the restriction is lifted.
You have the right to ask us to erase personal data pertaining to you without delay provided one of the following grounds applies and provided processing is not necessary:
Where we have made the personal data public and, as the controller, are obliged pursuant to Article 17 (1) GDPR to erase the personal data, we shall take reasonable steps including technical measures, taking the available technology and the cost of implementation into account, to inform other controllers who process the disclosed personal data that the data subject has requested the erasure by these
other controllers of any links to this personal data or copies or replications of this personal data insofar as the processing is not necessary.
The right to erasure does not apply if processing is necessary:
If you have exercised the right to have us rectify, erase or to restrict processing, we are obliged to inform all the recipients to whom the personal data pertaining to you has been disclosed of this rectification, erasure or restriction on processing of the data unless this proves impossible or involves a disproportionate effort.
You have the right to ask us to inform you of these recipients.
You have the right to receive personal data relating to you which you provided to us in a structured, commonly used and machine-readable format. You also have the right to request that we transmit this data to another controller without hindrance if the processing relies on consent as defined in Article 6 (1)(a) GDPR or Article 9 (2)(a) GDPR or on a contract pursuant to Article 6 (1)(b) GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority vested in the data controller.
In exercising your right to data portability pursuant to Article 20 (1) GDPR, you also have the right to have the personal data transmitted directly from one controller to another provided this is technically feasible and does not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
You have the right, at any time, to object to the processing of personal data concerning you which is based on Article 6 (1)(e) or (f) GDPR, on grounds relating to your particular situation. This also applies to profiling based on those provisions.
In the case of an objection we no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such advertising. This also applies to any profiling to the extent that it is related to such direct marketing. If you object to the processing by us for direct marketing purposes, we will no longer process your personal data for these purposes.
You have the right on grounds relating to your particular situation, to object to processing of personal data concerning you which we use for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR unless this processing is necessary for the performance of a task carried out in the public interest.
You can contact us at any time to exercise your right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which will have a legal effect on you or similarly significantly affects you if the decision
If the decision
we will implement suitable measures to safeguard your rights and freedoms and legitimate interests, and at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
We do not undertake any automated decision making or profiling.
Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
We inform you that the provision of personal data is, in part, prescribed by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information about the contractual partner). It is sometimes necessary, for the purposes of concluding a contract, for a data subject to provide us with personal data which must subsequently be processed by us. For example, you are required to provide us with your personal data if you enter into a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.
STAND: May 2018