The following data protection declaration applies to the use of our online offer www.rcs-shop.de (hereinafter “website”).
We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you the above-mentioned service. This statement describes how and for what purpose your data is collected and used and what choices you have in connection with personal data.
1 Responsible Body
Responsible body for the collection, processing and use of your personal data within the meaning of the GDPR is
RCS Systemsteuerungen GmbH
Im Paesch 5
2 General Purposes of Processing
2.1 Access Data
We collect information about you when you use this website. We automatically collect information about your usage and interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our online offer (so-called server log files). The access data includes name and URL of the retrieved file, date and time of retrieval, amount of data transferred, message about successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.
We use these log data without assignment to you or other profiling for statistical evaluations for the purpose of operation, security and optimization of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) and the extent and nature of use of our website and services, as well as for billing purposes, to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content, analyze traffic, troubleshoot and improve our services.
We reserve the right to retrospectively review the log data if, on the basis of concrete evidence, there is a legitimate suspicion of unlawful use. We store IP addresses in the log files for a limited period of time, if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers.
After break-off of the order process or after receipt of payment, we will delete the IP address if it is no longer required for security purposes. We store IP addresses also if we have a specific suspicion of a crime in connection with the use of our website. In addition, as part of your account, we save the date of your last visit (for example, when registering, logging in, clicking links, etc.).
2.1.1 Website Analysis with Matomo
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our own servers, so that all analysis data remains with us and is not passed on. The IP address is anonymized before it is stored. With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also record various e.g. referrers, browsers used and operating systems. The use of this analysis tool is based on Art. 6(1)(f) GDPR.
The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize its website. If a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (i.e. Telecommunications Telemedia Data Protection Act), insofar as the consent includes the storage of cookies within the meaning of the TTDSG. The consent can be withdrawn at any time by deleting the cookie.
2.1.2 Web Analysis – Opt-In / Opt-Out
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.
Note: There is no guarantee that you will be able to access all the functions of this website without restrictions if you make the appropriate settings.
2.3 Contact Form and E-Mail Contact
If you contact us (e.g. via contact form or e-mail), we will save your details for processing the request, as well as in the event that follow-up questions arise. We store and use other personal data only if you consent to it or if this is permitted by law without special consent.
The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.
2.4 Legal Basis and Storage Period
The legal basis of the data processing in accordance with the preceding paragraphs is Art. 6(1)(f) GDPR. Our interests in data processing include, in particular, ensuring the operation and security of the website, investigating the way the website is used by visitors, and simplifying the use of the website.
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.
3 Your Rights as a Data Subject (Affected Person)
Under applicable law, you have various rights regarding your personal data. If you would like to assert these rights, please send your request by e-mail or by post with a clear identification of your person to the address specified in section 1.
Below is an overview of your rights.
3.1 Right to Confirmation and Information
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain free information from us about the personal data we have stored together with a copy of this data.
Furthermore, there is a right to the following information:
- the processing purposes
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to obtain the rectification or erasure of personal data concerning you, or to obtain the restriction of processing by the controller, or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you, any available information about the origin of the data;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data are transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards under Article 46 of the GDPR in connection with the transfer.
3.2 Right to Rectification
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
3.3 Right to Cancellation ("Right to be forgotten")
You have the right to ask us to delete your personal information without delay, and we are required to delete your personal information immediately if one of the following is true:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
- The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
If we have made the personal data public and we are obliged to erase it pursuant to Art. 17 GDPR, we shall take reasonable measures, including technical measures, to inform data controllers processing the personal data that you have requested erasure of all links to or copies or replications of such personal data, taking into account the available technology and the cost of implementation.
3.4 Right to Restriction of Processing
You have the right to require us to restrict processing if any of the following conditions apply:
- the accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful and you refused to erase the personal data and instead request the restriction of the use of the personal data;
- we no longer need the personal data for the purposes of processing, but you needed the data to assert, exercise or defend legal claims; or
- you have objected to the processing pursuant to Article 21(1) GDPR, as long as it has not yet been determined whether the legitimate grounds of our company override yours.
3.5 Right to Data Portability
You have the right to receive the personal data you provide to us in a structured, common and machine-readable format, and you have the right to submit that information to another responsible without hindrance, provided that
- the processing is based on a consent pursuant to Article 6 (1) (a) GDPR or Article 9 (a) GDPR or a contract pursuant to Article 6 (1) (b) GDPR and
- the processing is done using automated procedures.
In exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data are transmitted directly by us to another party, as far as technically feasible.
3.6 Right to Object
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
We no longer process personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of enforcement, exercising or defending legal claims.
We process personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
You have the right, for reasons of your own particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, unless: processing is necessary to fulfill a public interest task.
3.7 Automated Decisions Including Profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner.
3.8 Right to Revoke a Data Protection Consent
You have the right to revoke your consent to the processing of personal data at any time.
3.9 Right to Complain to a Supervisory Authority
You have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
4 Data Security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted with us. This applies to your orders and customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.
We also do not warrant that our offer will be available at specific times; Disturbances, interruptions or failures can not be excluded. The servers we use are regularly backed up carefully.
5 Automated Decision-Making
There is no automated decision-making based on personal data collected.
6 Disclosure of Data to Third Parties, No Data Transfer to Non-EU Countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
We have integrated Wordfence on this website. The provider is Defiant, Inc, 800 5th Ave 10 / 12 Ste 4100, Seattle, WA 98104, USA (hereinafter Wordfence). Wordfence is used to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can match its databases with the accesses made to our website and block them if necessary.
The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyber attacks.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.
7.1 Resemblance Advertising
If you purchase goods or services from us and provide your e-mail address, we reserve the right to use them for sending newsletters with direct advertising for similar goods or services. This serves to safeguard our legitimate interests, which are predominant in the context of a weighing up of interests, in a promotional approach to our customers.
You can object to this use of your data at any time by sending a message to email@example.com or via the unsubscribe link in advertising mail, without incurring other than the transmission costs according to the basic tariffs.
7.2 With Confirmation
The following information informs you about the content of our newsletter, the registration and shipping procedure, as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
7.2.1 Content of the Newsletter
We send newsletters and e-mails with advertising information only with the consent of the recipient or a legal permission. With the newsletter, you will receive up-to-date information about EUROSYSTEMS software, new production machines, consumables (knives), special offers and relevant events via e-mail.
7.2.2 Double Opt-In and Logging
The registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm this registration. This ensures that strangers or random e-mail addresses cannot be registered indiscriminately. Logins are logged to prove the logon process. We save the registration and confirmation time, as well as the anonymized IP address. The logging of the registration is based on our legitimate interest.
7.2.3 Login Data
To register, it is sufficient to enter your e-mail address.
7.3 Termination and Revocation
You can cancel the receipt of our newsletter at any time and revoke your consent. A cancellation link can be found at the end of each newsletter. The discharged e-mail addresses are stored in our blacklist based on our legitimate interest. This prevents you from receiving e-mails from us in the future. The purpose of the processing of this data is the defense against possible claims, as well as the proof of a previously granted consent. An individual request for cancellation at any time remains unaffected, provided that the former existence of a consent is confirmed.
8 Online Shop
8.1 WooCommerce and WooCommerce Germanized
This website uses the WordPress plug-ins WooCommerce and WooCommerce Germanized to ensure the sale of products technically smooth. This is a local plug-in. No personal data is transferred to WooCommerce. The WooCommerce plug-in adds the functionality of an online store to our content management system. WooCommerce Germanized extends WooCommerce and ensures the technical adaptation to the specific German legal conditions. In this way, we ensure compliance with data protection regulations when using WooCommerce.
8.2 Data Transfer upon Conclusion of the Contract
We transmit personal data to third parties only if this is necessary in the context of contract execution.
A further transmission of data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6(1)(b) GPDR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
8.2.1 Merchants, Manufacturers and Dispatch of Goods
Data is transmitted, for example, to the companies entrusted with the delivery of the goods or to the payment service provider entrusted with the processing of payments.
8.2.2 Digital Contents
Data is transmitted, for example, to the software manufacturer for license code generation or to the payment service provider responsible for payment processing.
8.3 Payment Service Provider
We offer the option to process the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6(1)(f) GDPR).
After selecting “PayPal” as a payment option, data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing. In this context, we pass on the following data (first name, last name, address, e-mail address, telephone number, IP address) to PayPal, insofar as it is necessary for the performance of the contract (Art. 6(1)(b) GDPR). The processing of the data provided under this section is not required by law or contract. Without the transmission of your personal data, we cannot carry out a payment via PayPal. It is possible for you to choose another payment method.
PayPal is not a processor in the sense of Art. 28 GDPR. It has its own responsibility.
We offer the option to process the payment transaction via the payment service provider Stripe, Legal Process, 510,Townsend St., San Francisco, CA 94103 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6(1)(f) GDPR). In this context, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6(1)(b) GDPR): name of the cardholder, email address, customer number, order number, bank details, credit card details, credit card validity period, credit card verification number (CVC), date and time of the transaction, transaction amount, name of the provider, place
The processing of the data provided under this section is not required by law or contract. We cannot process a payment via Stripe without the submission of your personal data. It is possible for you to choose another payment method.
Stripe has a dual role in data processing activities as a responsible party and a processor. As a responsible party, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6(1)(f) GDPR) and serves the performance of the contract (pursuant to Art. 6(1)(b) GDPR). We have no influence on this process.
Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 GDPR to comply with the provisions of data protection law.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
For more information on opt-out and removal options vis-à-vis Stripe, please visit: https://stripe.com/privacy-center/legal
8.4 Encrypted Payment Transactions on this Website
Payment transactions are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
9.1 Remote Maintenance
We offer our customers remote maintenance in case of problems using the TeamViewer software. The provider of this software is TeamViewer GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany. If you wish to make use of remote maintenance, you must download the TeamViewer software from the provider using a link provided by us and run it on your computer.
The applicable data protection provisions of TeamViewer can be found at: https://www.teamviewer.com/en/privacy-policy/
If we obtain knowledge of personal data in the course of remote maintenance, this will be solely for the purpose of providing the service you have requested and not for processing the data on your behalf. We do not store such data and we maintain data secrecy for them. The legal basis for the processing is Art. 6(1)(b) DGDPR. You can cancel the remote access at any time by exiting the TeamViewer software.
The subject of this data protection declaration is information about which personal data is processed in connection with your application.
By sending or handing over your application to RCS Systemsteuerungen GmbH, you give your consent that your data may be stored, processed and used for contacting you in the application process for the duration of the application procedure.
If an application process leads to a recruitment, we will include your application documents in your personnel file as necessary on the basis of Art. 6(1)(b) GDPR, § 26(1) Federal Data Protection Act (BDSG) in order to provide information about your personality profile and qualifications for the purpose of implementing the employment relationship. This is done regardless of whether you have subsequently revoked any consent you may have declared. In this case, your application documents will only be deleted and destroyed once your employment relationship has ended again and a further three years have elapsed since the end of the year of termination.