Statement of Data Protection

Data Privacy Statement

Name and contact of the responsible party acc. to Article 4 Para. 7 of the GDPR RATIONATOR Maschinenbau GmbH
Alsheimer Straße 1
D-67586 Hillesheim / Rheinhessen
Germany
Telefon: +49 6733 9470-0
Telefax: +49 6733 9470-109
Tammy Grün e-Mail: Tammy.Gruen@rationator.de
Security and protection of your personal data We regard it as our primary task to protect the confidentiality of the personal data that you provided and to protect them against unauthorized access. For this reason, we exercise the utmost care and apply state-of-the-art security standards to guarantee the maximum protection of your personal data. As a company governed by private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (FDPA). We have taken technical and organizational measures to ensure compliance with data protection regulations by us and our external service providers. Definitions The legislative authority requires personal data to be processed lawfully, in good faith, and in a way the affected person can understand (“lawfulness, processing in good faith, transparency”). To guarantee this, we inform you about the individual legal definitions that are also used in this Data Privacy Statement: 1.     Personal data “Personal data“ consists of all information that refers to an identified or identifiable natural person (hereinafter “affected person“); a natural person is regarded as identifiable when he/she can be identified direct or indirectly, especially through allocation to an identifier like a name, an ID number, location data, an online ID or one or several special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. 2.     Processing “Processing” is any procedure executed with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, acquisition, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure through transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction. 3.     Restriction of processing “Restriction of processing” is the marking of stored personal data with the objective of restricting their future processing. 4.     Profiling “Profiling” is any kind of automated processing of personal data that consists of the fact that these personal data are used to evaluate certain personal aspects that refer to a natural person, especially to analyze or predict aspects of this natural person related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or change of residence. 5.     Pseudonymization “Pseudonymization” is the processing of personal data in a way that the personal data cannot be assigned any longer to a specific affected person without using additional information as long as this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person. 6.     Data system “Data system” is any structured collection of personal data that can be accessed according to certain criteria, regardless whether this collection is kept in a centralized or decentralized way or according to functional or geographical considerations. 7.     Responsible party “Responsible party” is a natural person or legal entity, government authority, institution or another office that decides, either itself or together with others, about the purposes and means of the processing of personal data; if the purposes and means of this processing are prescribed by the laws of the Union or the member states, then the responsible party or the certain criteria of the latter’s appointment can be designated according to the laws of the Union or the member states. Contract processor “Contract processor” is a natural person or legal entity, government authority, institution or another office that processes personal data on behalf of the responsible party.

8.     Recipient “Recipient” is a natural person or legal entity, government authority, institution or another office to whom personal data are disclosed regardless whether it is a third party or not. However, government authorities, which possibly receive personal data as part of a certain investigation task according to the laws of the Union or the member states, are not considered recipients; the processing of these data by the aforementioned authorities is done in compliance with the current data protection regulations in accordance with the processing purposes. 9.     Third party “Third party” is a natural person or legal entity, government authority, institution or another office except the affected person, responsible party, contract processor and the persons under the direct responsibility of the responsible party or of the contract processor that are authorized to process the personal data. 10.  Consent “Consent” of the affected person is any unambiguous declaration of intention, voluntarily submitted in an informed way for the particular case in the form of a statement or any other clearly justifying action with which the affected person indicates his/her agreement to the processing of his/her personal data.

Lawfulness of the processing The processing of personal data is only lawful when there is a legal foundation for the processing. Acc. to Article 6 Para. 1 Letters a – f of the GDPR, a legal foundation for the processing can be especially: a.     The affected person gave his/her consent to the processing of his/her personal data for one or several particular purposes; b.     The processing is required for fulfilling a contract whose contractual party is the affected person or for implementing pre-contractual measures that take place upon request of the affected person; c.     The processing is required to comply with a legal obligation which the responsible party is subject to; d.     The processing is required to protect vital interests of the affected person or another natural person; e.     The processing is required to perform a task that lies in the public interest or takes place in the exercise of public authority, which was transferred to the responsible party; f.      The processing is required to protect the legitimate interests of the responsible party or third party, provided the interests or basic rights and basic freedoms of the affected person, which require the protection of personal data, do not outweigh, particularly when the affected party is a child.

Information about the collection of personal data (1) In the following, we will inform you about the collection of personal data while visiting our website. Personal data are, for example, your name, address, e-mail addresses, usage behavior. (2) When you establish contact with us via e-mail, we store the data that you provide (your e-mail address, where appropriate your name and telephone number) to answer your questions. We delete the data accumulated in this context after the storage is no longer necessary or the processing is restricted if there are legal storage obligations. Collection of personal data when our website is visited During the purely informative use of the website (i.e. when you do not register or provide information to us in another way), we collect only the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data that are technically necessary for us to display our website to you and ensure the stability and security (the legal foundation is Art. 6 Para. 1 PAGE 1 Letter f of the GDPR): –       IP address –       Date and time of the inquiry –       Time zone difference compared to Greenwich Mean Time (GMT) –       Content of the request (specific page) –       Access status/HTTP status code –       Data quantity transferred in each case –       Website from which the request originates –       Browser –       Operating system and its interface –       Language and version of the browser software. Use of cookies (1) In addition to the above-mentioned data, cookies are stored in your computer while you use our website. Cookies are small text files assigned to the server you use that are stored on your hard disk and through which certain information flows from the place that places the cookie. Cookies cannot execute programs or transfer viruses to your computer; they serve to make internet offerings overall more user friendly and efficient. (2) This website uses the following kinds of cookies, whose extent and functioning are explained below:

–       Transient cookies (see a.) –       Persistent cookies (see b.). a.     Transient cookies are automatically deleted when you close your browser. They include especially the session cookies, which store a so-called session ID, with which various inquiries from your browser can be assigned to the joint session. As a result of that, your computer can be recognized again when you return to our website. Session cookies are deleted when you log out or close the browser. b.     Persistent cookies are deleted automatically after a given time period which can differ according to the cookie. You can delete the cookies at any time in your browser’s security settings. c.     You can configure your browser‘s settings according to your wishes and reject, for example, the acceptance of third-party cookies or all cookies. So-called “third party cookies” are cookies placed by a third party, therefore not by the actual website that you are currently visiting. We point out to you that if you deactivate the cookies, you may not be able to use all functions of this website.

Additional functions and offerings of our website (1) Apart from the purely informative use of our website, we offer you various services that you could use if interested. To use them, you generally have to provide additional personal data, which we use to render the respective service and for which the aforementioned data processing principles apply. (2) To process your data, we partially use external service providers. We have carefully selected and commissioned them, they are bound to our instructions and checked on a regular basis. (3) Furthermore, we can forward your personal data to third parties when we jointly offer campaign participations, lotteries, contractual conclusions or similar services together with partners. You can receive more information by submitting your personal data or below in the description of the offer. (4) If our service providers or partners have their main office in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer. Children Our offerings are basically intended for adults. Persons under 18 years of age should not submit any personal data to us without the permission of their parents or legal guardians. Rights of the affected person (1) Revocation of the consent As far as the processing of the personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of the consent does not affect the legality of the processing that already took place until the revocation because of the consent that was given. You can contact us at any time to exercise the right of revocation. (2) Right to a confirmation        You are entitled to request a confirmation from the responsible party to know whether the latter is processing your personal data. You can request the confirmation at any time using the contact information provided above. (3) Right to be informed        If personal data are being processed, you can request at any time to be informed about these personal data and the following information: a.     The processing purposes; b.     The categories of personal data that are being processed; c.     The recipients or categories of recipients to whom the personal data were or will still be disclosed, especially in the case of recipients in third countries or with international organizations; d.     If possible, the planned length of storage of the personal data or, if this is not possible, the criteria for establishing this length; e.     The existence of a right to correction or deletion of your personal data or to a restriction of the processing by the responsible party or a right to object to this processing; f.      The existence of a right to complain to a supervisory authority; g.     When the personal data are not collected from the affected person, all available information about the origin of the data; h.     The existence of an automated decision-making, including profiling acc. to Article 22 Paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the affected person. If personal data are transmitted to a third country or an international organization, then you have the right to be informed about the suitable guarantees acc. to Article 46 of the GDPR in connection with the transmission. We make available to you a copy of the personal data that are the object of the processing. For all other copies that you request in person, we can charge a reasonable fee based on the administrative costs. If you make the request electronically, then the information must be provided in a common electronic format, as long as not otherwise indicated. The right to receive a copy acc. to Paragraph 3 may not affect the rights and freedoms of other persons. (4) Right to a correction           You are entitled to request from us the immediate correction of your incorrect personal data. Taking the processing purposes into account, you are entitled to request the completion of incomplete personal data – also by means of a supplementary explanation.    (5) Right to a deletion (“right to be forgotten”)        You are entitled to request from the responsible party that your personal data be immediately deleted and we are obligated to do so provided one of the following reasons applies: a.     The personal data are no longer necessary for the purposes for which they were collected or otherwise processed. b.     The affected person revokes his/her consent on which the processing was based acc. to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, and there is no other legal foundation for the processing. c.     The affected person files an objection against the processing acc. to Article 21 Paragraph 1 of the GDPR and there are no legitimate reasons of prime importance for the processing, or the affected person files an objection against the processing acc. to Article 21 Paragraph 2 of the GDPR. d.     The personal data were unlawfully processed. e.     The deletion of the personal data is necessary to fulfill a legal obligation according to the laws of the Union or of the member states that the responsible party is subject to. f.      The personal data were collected in relation to the offered services of the information society acc. to Article 8 Paragraph 1 of the GDPR. If the responsible party has made the personal data public and is required to their deletion acc. to Paragraph 1, then taking available technology and the implementation costs of reasonable measures (also technical ones) into account to inform the ones responsible for the data processing, the responsible party informs them that an affected person has requested them to delete all links to these personal data or of copies or replications of these personal data. There is no right to deletion (“right to be forgotten”) if the processing is necessary: –       To exercise the right to the free expression of opinion and information; –       To comply with a legal obligation that the processing requires according to the laws of the Union or the member states that the responsible party is subject to, or to perform a task that lies in the public interest or takes place in the exercise of public authority that was transferred to the responsible party; –       For reasons of public interest in the area of public health acc. to Article 9 Paragraph 2 Letters h and i, as well as Article 9 Paragraph 3 of the GDPR; –       For archiving purposes that are in the public interest, scientific or historic research purposes or for statistical purposes acc. to Article 89 Paragraph 1 of the GDPR, if it is expected that the law mentioned in Paragraph 1 will make the realization of the objectives of this processing impossible or seriously affect it, or –       To assert, exercise or defend legal claims.      (6) Right to restrict the processing        You are entitled to request us to restrict the processing of your personal data when one of the following prerequisites is present: a.     The affected person disputes the accuracy of the personal data, specifically for a time period that allows the responsible party to verify the accuracy of the personal data, b.     The processing is unlawful and the affected person rejects the deletion of the personal data and instead requests the use of the personal data to be restricted. c.     The responsible party no longer needs the personal data for the processing purposes, but the affected person needs them to assert, exercise or defend legal claims, or d.     The affected person has filed an objection against the processing acc. to Article 21 Paragraph 1 of the GDPR, as long as it is still not certain whether the justified reasons of the responsible party outweigh those of the affected person. If the processing was restricted acc. to the above-mentioned prerequisites, then these personal data – apart from their storage – are processed only with the consent of the affected person or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of an important public interest of the Union or of a member state. To assert the right to restrict the processing, the affected person can contact us at any time (the contact information is provided below). (7) Right to data portability You are entitled to receive your personal data that you provided to us in a structured, common and machine-readable format, and you are entitled to transmit these data to another responsible party without obstruction by the responsible party to whom the personal data were provided, as long as: a.     The processing is based on a consent acc. to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract acc. to Article 6 Paragraph 1 Letter b of the GDPR, and b.     The processing takes place with the help of automated processes. When exercising the right to data portability acc. to Paragraph 1, you are entitled to bring about the direct transmission of the personal data from one responsible party to another responsible party if this is technically feasible. The exercise of the right to data portability does not affect the right to deletion (“right to be forgotten”). This right does not apply to a processing necessary for performing a task that lies in the public interest or takes place while exercising public authority, which transferred to the responsible party. (8) Right to object Due to reasons resulting from your special situation, you are entitled to file at any time an objection against the processing of your personal data, which takes place owing to Article 6 Paragraph 1 Letters e or f of the GDPR; this also applies to a profiling based on these provisions. The responsible party does not process the personal data any longer unless he can prove compelling reasons for the processing worth protecting that outweigh the interests, rights and freedoms of the affected person, or the processing serves to assert, exercise or defend legal claims. When personal data are processed to engage in direct advertising, then you are entitled to file an objection at any time against the processing of your personal data for the purposes of such advertising; this also applies to the profiling, as long as it is related to such advertising. If you object to the processing for direct advertising purposes, then the personal data are no longer processed for these purposes. In connection with the usage of services of the information society, you can – irrespective of Directive 2002/58/EC – exercise your right to object by means of automated processes that use technical specifications. For reasons resulting from your special situation, you are entitled to file an objection against the processing of your personal data that takes place for scientific or historic purposes acc. to Article 89 Paragraph 1, unless the processing is necessary to fulfill a task in the public interest. You can exercise the right to object at any time by contacting the respective responsible party. (9) Automated decisions in the individual case, including profiling You have the right not to be subject to a decision based exclusively on an automated processing – including profiling – that develops a legal effect towards you or significantly affects you. This does not apply when the decision: a.     Is necessary for a contractual conclusion or performance between the affected person and the responsible party, b.     Is permissible owing to legislation of the Union or member states, which the responsible party is subject to and this legislation contains reasonable measures to safeguard the rights and freedoms as well as the legitimate interests of the affected person, or c.     Is made with the express consent of the affected person. The responsible party takes reasonable measures to safeguard the rights and freedoms as well as the legitimate interests of the affected person, for which at least the right to bring about the intervention of a person on the part of the responsible party, to state one’s position and to challenge the decision are included. The affected person can exercise this right at any time by contacting the respective responsible party. (10) Right to complain to a supervisory authority Irrespective to another administrative law or judicial legal remedy, you are additionally entitled to complain to a supervisory authority, especially in a member state of your place of residence, workplace or in the city where the alleged violation occurred, when the affected person believes that the processing of his/her personal data violates this regulation. (11) Right to an effective judicial legal remedy Irrespective of an available administrative law or non-judicial legal remedy, including the right to complain to a supervisory authority acc. to Article 77 of the GDPR, you are entitled to an effective judicial legal remedy if you believe that the rights that you are entitled to owing to this regulation were violated due to a processing of your personal data not done in accordance with this processing.

Contract processors We use external service providers (contractor processors) for hosting and support, for example. Separate contract processing agreements were concluded with the service providers in order to guarantee the protection of your personal data. We work together with the following service providers:
Design, technical support and programming of the website: media machine GmbH, Mainz (https://www.mediamachine.de )
Hosting: Mittwald CM Service GmbH & Co. KG, Espelkamp (https://www.mittwald.de/)