Privacy Policy
Privacy Policy

Data protection declaration

Curt Richter SE

 

We are pleased about your interest in our websites. Protection of your personal data (for example your surname, address, e-mail address or telephone number) is very important for us. Collection and processing are therefore always done in harmony with the data protection law directives, in particular the European General Data Protection Regulation (GDPR) and the country-specific data protection directives valid for us.

With the following data protection declaration, we would like to inform you about the nature, scope and purpose of processing personal data when you visit our websites and also about their functions and contents. Please remember that the following declaration only relates to the websites of Curt Richter SE.

I. Terminology used

The terminology used in our data protection declaration is based on the definitions stipulated in Article 4 of the GDPR. For better understanding, we would like to explain the essential terms used in the declaration to you briefly in advance:

(1) Personal data

Personal data means all information which relates to an identified or identifiable natural entity (hereinafter "data subject"). A natural entity is regarded as being identifiable if he/she can be identified directly or indirectly, in particular by means of allocation to an identification such as a name, a code number, location data, an online ID or to one or more specific feature(s) which is/are an expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural entity.

(2) Data subject

A data subject is every identified or identifiable natural entity whose personal data are processed by the controller responsible for the processing.

(3) Processing

Processing is each procedure done with or without the help of automated procedures or any such series of procedures in connection with personal data such as the collection, recording, organisation, ordering, storage, adaptation or amendment, reading out, inquiring, use, disclosure by transmission, propagation or any other form of provision, comparison or connection, restriction, erasure or destruction.

(4) Restriction of the processing

Restriction of the processing is marking of stored personal data with the objective of restricting their future processing.

 

(5) Pseudonymisation

Pseudonymisation is processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the involvement of additional information, insofar as this additional information is archived separately and is subject to technical and organisational measures ensuring that the personal data cannot be assigned to an identified or identifiable natural entity.

(6) Controller or person responsible for the processing

The controller or the person responsible for the processing is the natural or legal entity, authority, institution or other agency which decides alone or jointly with others about the purposes and means of the processing of personal data. If the purposes and means of this processing have been required by Union law or Member State law, the controller or the stipulated criteria for the appointment can be provided for pursuant to Union law or Member State law.

(7) Processor

The processor is a natural or legal entity, authority, institution or other agency which processes personal data by order of the controller.

(8) Recipients

The recipient is a natural or legal entity, authority, institution or other agency to which personal data are disclosed, independent of whether it is a question of a third party or not. Authorities possibly receiving personal data within the framework of a specific examination order pursuant to Union law or Member State law are however not deemed recipients.

(9) Third party

A third party is a natural or legal entity, authority, institution or other agency apart from the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor.

(10) Consent

Consent is any declaration of intent in the form of a notification or any other unambiguous confirming action given by the data subject voluntarily and unequivocally for the case in question in an informed way, with which the data subject states that he/she agrees to the processing of the personal data concerning him/her.

II. Name and adress of the controller

The controller for all the aforementioned internet sites within the meaning of the GDPR, other data protection law valid in the Member States of the European Union and other provisions with a data protection law character is:

 

Curt Richter SE
Manforter Str. 16
51063 Cologne 

Telephone: +49 (0)221 / 96499 - 0
Telefax:  +49 (0)221 / 96499 -141
E-Mail: info(at)curt-richter.de

 

III. Contact data of the data protection coordinator

Curt Richter SE as the controller has appointed a data protection coordinator for the internet sites.

You can reach him as follows:

Curt Richter SE
Data protection coordinator 
Manforter Str. 16
51063 Cologne
E-Mail: Datenschutz@curt-richter.de 

 

IV. Data subject's rights

If personal data of yours are processed, you are the data subject ("data subject") within the meaning of the GDPR and the following rights accrue to you against us as the controller: 

(1) Right to information

You can demand a confirmation from us as the controller about whether personal data concerning you are processed by us.

  1. If such a processing takes place, you can demand statements about the following information:
  2. the purposes for which the personal data are processed;
  3. the categories of personal data which are processed;
  4. the recipients or the categories of recipients to which the personal data concerning you are disclosed or will be disclosed in future;
  5. the planned duration of the storage of the personal data concerning you or, if no specific information on this is possible,. criteria for the stipulation of the duration of storage;
  6. the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of the processing by the controller or of a right of objection against this processing;
  7. the existence of a right of complaint to a supervisory authority;
  8. all available information about the original of the data if the personal data are not collected from the data subject;
  9. the existence of automated decision-making including profiling pursuant to Art. 22 subparagraph 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the implications and the intended effects of such a processing for the data subject.

You have the right to demand information about whether the personal data concerning you are transmitted into a third country or to an international organisation. In this context, you can demand to be informed about the suitable guarantees pursuant to Art. 46 GDPR in connection with the transmission.

(2) Right to rectification

You have the right to rectification and/or completion against the controller to the extent that the processes personal data concerning you are incorrect or incomplete. The controller must make the rectification without delay.

(3) Right to restriction of the processing

Under the following preconditions, you can demand restriction of the processing of the personal data concerning you:

  1. If you dispute the correctness of the personal data related to you for a term making it possible for the controller to verify the correctness of the personal data;
  2. The processing is unlawful and you reject deletion of the personal data and instead demand limitation of the use of the personal data;
  3. The controller no longer needs the personal data for the purposes of processing, but you need them for establishing, exercising or defending legal claims, or 
  4. If you have objected to the processing pursuant to Art. 21 subparagraph 1 GDPR and it is not yet certain whether the controller’s legitimate reasons prevail over your reasons.

If processing of the personal data related to you has been restricted, these data - apart from their storage - may only be processed with your consent or in order to establish, to exercise or to defend legal claims or to protect the rights of any other natural or legal entity or for reasons of an important public interest of the Union or of a Member State.

If the processing has been restricted pursuant to the aforementioned preconditions, you will be notified by the controller before the restriction.

(4) Right to erasure

a)Erasure duty

You can demand that the controller erases the personal data concerning you without undue delay and the controller is obliged to erase these data without delay to the extent that one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they have been recorded or processed in any other way.
  2. You withdraw your consent on which the processing was based pursuant to Art. 6 subparagraph 1 lit. a or Art. 9 subparagraph 2 lit. a GDPR and there is no other legal foundation for the processing.
  3. You make an objection against the processing pursuant to Art. 21 subparagraph 1 GDPR and there are no prevailing legitimate reasons for the processing, or you make an objection against the processing pursuant to Art. 21 subparagraph 2 GDPR.
  4. Die personal data concerning you have been processed unlawfully.
  5. Erasure of the personal data concerning you is necessary for fulfilment of a legal obligation pursuant to Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you have been recorded with a view to services offered by the information society pursuant to Art. 8 subparagraph 1 GDPR.

b)Information to third parties

If the controller has made the personal data concerning you public and if he is obliged to erase them pursuant to Art. 17 subparagraph 1 GDPR, he shall take suitable measures, also of a technical nature, taking the available technology and the costs of implementation into due account, in order to inform the persons responsible for data processing who are processing the personal data about the fact that you as the data subject have demanded erasure of all the links to these personal data or of copies or replications of these personal data from them.

c)Exceptions

The right to erasure shall not exist to the extent that processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation which requires processing pursuant to Union law or Member State law to which the controller is subject or for attending to a task which is in the public interest or is done in exercising public authority which has been assigned to the controller;
  3. for reasons of the public interest in the area of public health pursuant to Art. 9 subparagraph 2 lit. h and i and also Art. 9 subparagraph 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 subparagraph 1 GDPR, to the extent that the right stated under Section a) prospectively makes implementation of the purposes of this processing impossible or severely impairs it or
  5. to establish, to exercise or to defend legal claims.

(5) Right to information

If you have claimed the right to rectification, erasure or restriction of processing from the controller, the latter is obliged to inform all the recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or is connected with disproportionately great efforts. The right to be informed about these recipients accrues to you vis-à-vis the controller.

(6) Right to data portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, customary and machine-readable format. In addition, you have the right to transmit these data to another controller without impediment by the controller to whom the personal data have already been transmitted, provided:

  1. processing is based on a consent pursuant to Art. 6 subparagraph 1 lit. a GDPR or Art. 9 subparagraph 2 lit. a GDPR or on a contract pursuant to Art. 6 subparagraph 1 lit. b GDPR and
  2. the processing is done by means of automated procedures.

When exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another controller to the extent that this is technically feasible. Freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to a processing of personal data which is necessary in order to attend to a task which is in the public interest or is done when exercising public authority which has been assigned to the controller.

 

(7) Right of objection

You have the right to make an objection against the processing of the personal data concerning you which is done on the basis of Art. 6 subparagraph 1 lit. e or f GDPR at any time for reasons which result from your particular situation; this also applies to a profiling based on these provisions.

In such a case, the controller no longer processes the personal data concerning you unless he can prove cogent reasons for the processing worthy of protection which prevail over your interests, rights and freedoms, or the processing serves establishing, exercising or defending legal claims.

If the personal data concerning you are processed for purposes of direct advertising, you have the right to make an objection against the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies to the profiling to the extent that it is connected with such direct advertising.

If you object to the processing for the purpose of direct advertising, the personal data concerning you shall no longer be processed for these purposes.

Notwithstanding Regulation 2002/58/EC, you have the possibility of exercising your right of objection in connection with the use of information society services by means of automated methods in which technical specifications are used.

(8) Right to withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The lawfulness of the processing done on the basis of the consent until the revocation is not affected by the withdrawal of the consent.

 

(9) Automated individual decision-making including profiling

You have the right not to be subject to a decision based on exclusively automated processing - including profiling - which develops a legal effect against you or considerably impairs you in a similar way. This does not apply if the decision

  1. is necessary for the conclusion or the performance of a contract between yourself and the controller,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or
  3. is made with your explicit consent.

However, these decisions may not be based on certain categories of personal data according to Art. 9 subparagraph 1 GDPR, to the extent that Art. 9 subparagraph 2 lit. a or g does not apply and suitable measures for the protection of the rights and freedoms and your legitimate interests have been taken.

With a view to the cases stated in (1) and (3), the controller takes suitable measures in order to attend to the rights and freedoms and also your legitimate interests, which includes at least the right to achieve intervention by a person on the part of the controller, to portrayal of your own point of view and to object to the decision.

(10) Right of complaint to a supervisory authority

Notwithstanding any other administrative law or judicial remedy, you also have the right to a complaint to a supervisory authority, in particular in the Member State of your place of residence, your workplace or the place of the assumed breach if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.

The supervisory authority to which the complaint has been sent notifies the complainant about the status and the outcome of the complaint, including the possibility of an effective judicial remedy pursuant to Art. 78 GDPR.

V. General matters of data processing on our internet sites

(1) Scope of the processing of personal data

As a matter of principle, we only process our users’ personal data to the extent that this is necessary for provision of functional internet sites and our contents and services.

Processing of our users’ personal data is therefore only done following consent by the users. An exception exists in cases in which prior obtaining of consent is not possible for factual reasons and processing of the data has been allowed by statutory directives.

(2) Legal foundation for the processing of personal data

The legal foundations on the basis of which we process personal data are stated as a rule in the following data protection declaration in connection with the processing in question. If this is not the case, we process the data on the basis of the following legal foundations:

To the extent that we obtain consent from the data subject for processing procedures, Art. 6 subparagraph 1 lit. a European General Data Protection Regulation (GDPR) serves as the legal foundation for the processing of personal data.

In the processing of personal data which is necessary to perform a contract, the contracting party of which is the data subject, Art. 6 subparagraph 1 lit. b GDPR serves as the legal foundation. This also applies to processing procedures necessary to implement pre-contractual measures.

To the extent that processing of personal data is necessary to fulfil a legal obligation to which our enterprise is subject, Art. 6 subparagraph 1 lit. c GDPR serves as the legal foundation.

In the rare event of vital interests of the data subject or of another natural entity making processing of personal data necessary, Art. 6 subparagraph 1 lit. d GDPR serves as the legal foundation.

If processing is necessary to safeguard a legitimate interest of our enterprise or a third party and if the data subject’s interests, fundamental rights and fundamental freedoms do not prevail over the first named interest, Art. 6 subparagraph 1 lit. f GDPR serves as the legal foundation for the processing.

(3) Data erasure and period of storage

The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer applies. Storage can additionally take place if this has been provided for by European or national legislations in regulations, acts or other directives of Union law to which the controller is subject. Blockage or erasure of the data is also done if the storage period prescribed by the aforementioned norms expires, unless the necessity for further storage of the data for the conclusion or the performance of a contract exists. 

(4) Security measures

In order to be able to ensure a protective level of the personal data and other confidential contents of our users (e.g. inquiries to the controller) which is suitable for the risk, we take technical and organisational security measures. We continuously adapt these measures to the state of the art at the time in question. Alongside (e.g.) means of access and admission control, we therefore also use an encryption process on our internet sites. In such a case, the information provided by our users is transmitted in an encrypted form, that is to say by means of the TLS (Transport Layer Security) protocol and by means of SSL (Secure Sockets Layer). Encrypted connections can be recognised by the "https://" sequence of characters and the lock symbol in the browser bar.

 

VI. Provision of the website and production of log files

(1) Description and scope of the data processing

Each time our internet site is accessed, our system automatically stores data and information from the computer system of the accessing computer.

The following data are recorded in this context:

  • Information about the browser type and the version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of the access
  • Websites from which the user’s system comes to our internet site
  • Websites accessed by the user’s system via our websites

The data are also stored in our system’s log files. Storage of these data together with the user’s other personal data does not take place.

(2) Legal foundation for the data processing

The legal foundation for the temporary storage of the data and the log files is Art. 6 subparagraph 1 lit. f GDPR.

(3) Purpose of the data processing

Temporary storage of the IP address by the system is necessary in order to enable supply of the website to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place in order to ensure the functionality of our internet sites. In addition, the data help us to optimise the websites and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this connection.

These purposes also entail our legitimate interest in the data processing pursuant to Art. 6 subparagraph 1 lit. f GDPR.

(4) Duration of storage

The data are erased as soon as they are no longer necessary for achievement of the purpose of their recording. In the event of recording of the data for provision of the website, this is the case when the session in question has ended.

In the event of storage of the data in log files, this is the case after seven days at the latest. Storage exceeding this is possible. In this case, the users’ IP addresses are erased or alienated with the result that assignment of the accessing client is no longer possible.

(5) Possibility of objection and removal

Recording of the data for provision of the websites and the storage of the data in log files are absolutely necessary for the provision of the internet site. Consequently, there is no possibility of an objection on the part of the user.

VII. Use of cookies

 

(1) Description and scope of the data processing

 

Our website uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user’s information technology system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters making unambiguous identification of the browser possible when the website is accessed again.

 

We use cookies in order to make our website more user-friendly. Some elements of our internet sites make it necessary that the accessing browser can also be identified after a change of the site.

 

We additionally use cookies on our website making an analysis of the user’s surfing behaviour possible.

 

The users’ data recorded in this way are pseudonymised by technical measures. For this reason, allocation of the data to the user accessing the site is no longer possible. The data are not stored together with the users’ other personal data.

 

When our website is accessed, the users are informed about the use of cookies for analysis purposes and consent to the processing of the personal data used in this connection is obtained. In this context, there is also reference to this protection declaration.

 

(2) Legal foundation for the data processing

 

The legal foundation for the processing of personal data with use of cookies is Art. 6 subparagraph 1 lit. f GDPR.

 

The legal foundation for the processing of personal data with use of cookies for analysis purposes is Art. 6 subparagraph 1 lit. a GDPR if consent by the user in this regard exists.

 

(3) Purpose of the data processing

 

The purpose of the use of technically necessary cookies is making the use of websites easier for the users. Some functions of our internet site cannot be offered without the use of cookies. For them, it is necessary for the browser to be recognised again even after a change of site.

 

User data recorded by technically necessary cookies are not used for the production of user profiles.

 

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies provide us with information about how our websites are used and can thus permanently optimise our offer.

 

These purposes also entail our legitimate interest in the processing of the personal data according to Art. 6 subparagraph 1 lit. f GDPR.

 

(4) Duration of storage, possibility of objection and removal

 

Cookies are stored on the user’s computer and transmitted to our site by it. For this reason, you as the user also have complete control over the use of cookies. By a change of the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies which have already been stored can be deleted again at any time. This can also be done automatically. If cookies are deactivated for our internet sites, it is possible that not all the functions of the website can be used completely any more.

 

VIII. E-mail contact

(1) Description and scope of the data processing

Our internet site provides the possibility of getting in touch with us via the e-mail address provided there. If this is the case, the user's personal data transmitted with the e-mail are stored. There is no forwarding of the data to third parties in this context.

(2) Legal foundation for the data processing

The legal foundation for the processing of the data is our legitimate interest in replying to the user's requirements pursuant to Art. 6 subparagraph 1 lit. f GDPR. If the e-mail contact aims for the conclusion of a contract, the additional legal foundation for the processing is Art. 6 subparagraph 1 lit. b GDPR.

(3) Purpose of the data processing

Processing of the personal data within the framework of contact is exclusively for the purpose of replying to the requirements and for making contact and the technical administration connected therewith.

(4) Duration of storage

The data are erased as soon as they are no longer necessary for achievement of the purpose of their recording. This is the case when the circumstances give rise to the conclusion that the facts of the matter in question have been finally clarified and to the extent that no statutory archiving duties contradict.

(5) Possibility of objection and removal

If the user gets in touch with us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

For the objection to the storage, the contact data of the controller or the data protection coordinator stated at the start of this declaration can be used.

All personal data stored in the course of the contact are erased in this case.

IX. Questions on data protection

If you have questions on data protection with a view to our internet sites, you can contact the aforementioned address of the controller or the data protection coordinator at any time.

Cookie Consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Rosental 4, 80331 München, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

  • Your declaration(s) of consent or your revocation of your declaration(s) of consent
  • Your IP address
  • Information about your browser
  • Information about your device
  • The date and time you visited our website

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6 Sect. 1 Sentence 1 lit. c GDPR.

Contract data processing agreement

Our company has executed a Contract Data Processing Agreement with Usercentrics. This is an Agreement mandated by data privacy protection legislation that warrants that Usercentrics processes all personal data of our website visitors exclusively in compliance with our instructions and in compliance with the GDPR.

 

The core expertise at Curt Richter SE involves handling and storing liquid goods. [...more]