RATH Group

Data protection

Scope

This Privacy Statement explains how RATH handles personal data and protects your privacy. This Privacy Statement is also intended to inform users of this website in accordance with the General Data Protection Regulation concerning the nature, scope and purpose of the collection and usage of personal data by the website operator “RATH”. For the purposes of this Privacy Statement, “RATH” means Rath AG and its subsidiaries. This Statement also applies to all websites operated by RATH and is in addition applicable to all activities of RATH.

RATH takes the protection of your data very seriously and will treat your personal data in confidence and exclusively in accordance with the provisions of data protection law.

Principles

RATH abides by the following principles concerning the processing of personal data:

  1. Personal data will in principle only be processed for particular specified purposes and only to the extent permitted by law. As a matter of principle, only information that is necessary in order to fulfill our business tasks and that is directly related to the purpose of processing will be processed. Processing will also occur if there is a legal requirement to do so or if the express consent of the data subject has been provided.
  2. Personal data will not be transferred to third parties or to foreign countries, except under the circumstances mentioned in this Policy or with your prior consent.
  3. RATH will endeavor to update personal data at regular intervals and will act upon requests to amend personal data.
  4. RATH will put in place technical and organizational measures that are intended to guarantee the security of personal data.
  5. Unless specified otherwise herein, personal data will not be stored in identifiable form for longer than is in order to fulfill the purpose for which they were processed or than required by law.

Categories of data processed, purpose, legal basis of data processing, and storage periods:


 

Customer and supplier master data

Purpose of data processing

Contractual performance: your personal data will be processed in order to comply with contractual obligations associated with the purchase or sale of goods and services, in order to enable RATH to provide or acquire services in an optimal manner, including in particular in relation to: the conclusion, management, and fulfillment of the contractual relationship between you and RATH.

The provision of services including: the registration on the website, in order to ensure you access to the services and information relating to upcoming training events and trade fairs.

Other purposes: in addition, your master data will be processed with your express consent for the following purposes: marketing—in particular, RATH may use your master data provided by you when purchasing a product/service in order to send you information letters and advertising concerning similar services and offers of RATH, even without your consent, unless you decide to opt out.

Category of recipient

The data will not be passed on to other parties unless such disclosure is provided for by law or expressly authorized by the data subject. The data of the data subject may be transmitted for the above-mentioned purpose to the following categories of recipient:

  1. the employees of RATH who are competent and/or responsible for data processing;
  2. companies from the Group, including those with their registered office abroad;
  3. persons, companies, associations, or firms that provide services to or advise RATH (for example tax advisors, auditors);
  4. persons who have access to the data according to law or secondary legislation or on the basis of rules issued by authorities authorized by law.

Storage period

Personal data will only be stored for the period of time necessary in order to achieve the purpose for which they were collected and processed. In particular, personal data shall be stored:

  1. for the period of time provided for under applicable data protection law;
  2. for the period of time provided for by the laws, including secondary legislation, that impose a requirement of storage;
  3. for the period of time necessary in order to protect the rights of the controller, in the event of any disputes, for example in relation to the provision of the service or the staff selection procedure.

 

Personal data

Purpose of data processing

  1. Contractual performance: your personal data will be processed in order to comply with contractual obligations associated with the commencement of employment, in particular in relation to: the conclusion, management, and fulfillment of the contractual relationship between you and RATH.
  2. Statutory obligations, health, and safety: Your personal data will also be processed in order to: comply with statutory obligations, provisions, national and Community law, and rules issued by authorities authorized by law; determine, exercise and/or defend the rights of RATH within court action; carry out any necessary preventive or mandatory occupational health examination during your employment relationship with RATH; comply with employment law requirements.
  3. Compliance with the requirements of standard ISO 9001:2015: your personal master data and training certificates will be retained in order to: comply with quality management requirements under ISO 9001:2015, in particular for the chapter of the standard entitled Control of Documents and Records.
  4. Other purposes: in addition, your data will be processed with your express consent for the following purposes: marketing, including advertising by RATH, also abroad, which may occur both electronically (for example advertising campaigns for RATH products on the website or intranet of RATH) as well as conventionally (posters, billboards). Data processing for marketing purposes may only occur with your consent.

Category of recipient

The data will not be passed on to other parties unless such disclosure is provided for by law or expressly authorized by the data subject. The data of the data subject may be transmitted for the above-mentioned purpose to the following categories of recipient:

  1. the employees of RATH who are competent and/or responsible for data processing;
  2. companies from the Group, including those with their registered office abroad;
  3. persons, companies, associations or firms that provide services to or advise RATH (for example tax advisors, auditors);
  4. persons who have access to the data (for example company doctor, labor inspector) according to law or secondary legislation or on the basis of rules issued by authorities authorized by law.

Storage period

Personal data will only be stored for the period of time necessary in order to achieve the purpose for which they were collected and processed. In particular, personal data shall be stored:

  1. for the period of time provided for under applicable data protection law;
  2. for the period of time provided for by the laws, including secondary legislation, that impose a requirement of storage;
  3. for the period of time necessary in order to protect the rights of the controller, in the event of any disputes, for example in relation to the provision of the service or the staff selection procedure.

 

Applicant data

Purpose of data processing

  1. Selection procedure: the personal data transmitted by you will be processed as part of the staff selection procedure.
  2. Statutory obligations: your personal data will also be processed in order to: determine, exercise and/or defend the rights of RATH within court action.
  3. Retention of evidence: in addition, your data will be retained with your express consent.

Category of recipient

The data will not be passed on to other parties unless such disclosure is provided for by law or expressly authorized by the data subject. The data of the data subject may be transmitted for the above-mentioned purpose to the following categories of recipient: the employees of RATH who are competent and/or responsible for data processing (for example Human Resources Department, competent Area Head or Executive Management).

Storage period

Personal data will only be stored for the period of time necessary in order to achieve the purpose for which they were collected and processed. In particular, personal data shall be stored:

  1. for the period of time provided for under applicable data protection law;
  2. for the period of time provided for by the laws, including secondary legislation, that impose a requirement of storage;
  3. for the period of time necessary in order to protect the rights of the controller, in the event of any disputes, for example in relation to the provision of the service or the staff selection procedure.

 

Participant data

Purpose of data processing

  1. Organization of events: the personal master data provided by you will be processed for the purpose of scheduling and holding events.
  2. Dispatch of information concerning further event offers: in particular, RATH may use your master data disclosed by you when registering for an event in order to send you information letters concerning similar services and offers of RATH, even without your consent, unless you decide to opt out.

Category of recipient

The data will not be passed on to other parties unless such disclosure is provided for by law or expressly authorized by the data subject. The data of the data subject may be transmitted for the above-mentioned purpose to the following categories of recipient: the employees of RATH who are competent and/or responsible for data processing (for example Human Resources Department, competent Area Head or Executive Management).

Storage period

Personal data will only be stored for the period of time necessary in order to achieve the purpose for which they were collected and processed. In particular, personal data shall be stored:

  1. for the period of time provided for under applicable data protection law;
  2. for the period of time provided for by the laws, including secondary legislation, that impose a requirement of storage;
  3. for the period of time necessary in order to protect the rights of the controller, in the event of any disputes, for example in relation to the provision of the service or the staff selection procedure.

Records of processing activities

The Data Protection Manager of RATH shall maintain a record of processing activities including the categories of recipients. This record shall state the persons and authorities to which data have been transmitted.

Transmission of data outside the European Union

Personal data may be transmitted for the above-mentioned purposes to third countries outside the European Union. The reasonableness of the level of protection shall be assessed with reference to binding internal data protection rules.


 

Information to website users

Contact with RATH and service portal

The website is in principle structured in such a manner that the user does not transmit any personal data to RATH when visiting the website, unless you submit a query to RATH using the dedicated contact form or by email and/or unless you create a free user account through the website in order to access price lists and information concerning current training seminars and upcoming trade fairs.

If we are contacted using the form provided on the website or by email, the personal data transmitted will be used by RATH exclusively in order to process this inquiry. The personal data that must be entered into the contact form or in order to create a user account include your name, contact details, and the other details relating to your request. These are data that are necessary in order to arrange the related services, e.g., your contact data in order to hold a consultation meeting and/or to create or delete a user account. The user profile created is not publicly accessible.

If necessary in order to answer your inquiry or in order to create a user account, RATH reserves the right to pass on the data to partner companies within the RATH network. If any third party providers (contracted data processors) are used, these shall be selected carefully by RATH having regard to the security of your information. For the sake of completeness, it is stipulated that these third party providers will not have any right to process the data other than as instructed by RATH. Your personal data will not be used in any other way. RATH will not under any circumstances disclose or otherwise disseminate your personal data to third parties for marketing purposes without your express consent.

Your personal data will be stored for no longer than is necessary for the purpose for which the personal data were provided or as otherwise required by law. Personal data that have been stored will also be erased if you withdraw your consent to storage or if you instruct us to delete your user account.

Online services (download)

You have the option of using online services through this website (e.g., download of RATH documents). In order to do so, RATH will require your contact data and your consent so that it can inform you if appropriate of any updates concerning related issues. You also have the option of contacting RATH directly to use the service without being informed concerning related issues. You may withdraw your consent at any time. If consent is withdrawn, RATH will promptly erase the data that you have provided. Should you wish to withdraw your consent, please send a request by email to the following address: unsubscribe@rath-group.com.

Newsletter

You have the option of subscribing to the RATH newsletter through this website. In order to do so, RATH will require your contact data and your consent to receiving the newsletter. You can cancel the subscription to the newsletter at any time. In order to cancel, please send an email to the following address: unsubscribe@rath-group.com.

RATH will thereafter promptly erase your data relating to the dispatch of the newsletter.

Signing up for events

You have the option of signing up for RATH events through this website. In order to do so, RATH will require your contact data. In particular, RATH may use your master data disclosed by you when registering for an event to send you information letters concerning similar services and offers of RATH, even without your consent, unless you decide to opt out.

Should you wish to cancel and/or withdraw consent, please sent a request by email to the following address: unsubscribe@rath-group.com.

RATH will thereafter promptly erase your data relating to the registration.

Photographs and videos

Please note that RATH documents events using film footage and photographs. These will be published in online and offline media for advertising and marketing purposes.

Hyperlinks to third party websites

The RATH website also contains links to third party websites. RATH does not provide any assurances in relation to other websites accessed by you from this website. If you access a non-RATH website, please be aware that it is not associated with RATH and that RATH has no control over its content. In addition, the provision of a link to another website that does not belong to RATH does not imply that RATH endorses or accepts any responsibility for its content or usage. Users of extracts from non-RATH websites must ensure that they are free of viruses, worms, Trojans, or any other harmful elements. No guarantee is provided that the website or the server provided by it is free from viruses or other harmful components. RATH would like to point out that the terms of privacy statements of third parties may differ from the terms of its own Privacy Statement.

Usage of cookies

RATH uses so-called “cookies” (small text files containing configuration information). Cookies are small text files that are sent by RATH web servers to your browser when using the RATH website and saved by the browser on your computer for subsequent retrieval. RATH uses so-called session cookies (also known as temporary cookies), which are saved exclusively for the duration of your usage of the RATH website.

Cookies are also used in order to establish the frequency of use and the number of users of the website, and to be able to determine when your usage ends. This enables RATH to establish which areas of the website have been visited by users. However, these usage data do not enable any inferences to users to be made. None of these anonymously collected usage data will be cross-referenced with your own personal data and all data will be deleted properly after statistical assessment. After the session has ended, the cookies will be deleted as soon as you leave the website (session cookies).

Cookies are automatically enabled according to the default setting of most browsers. However, you can disable cookies or adjust your browser in such a manner as to be informed before cookies are saved. If cookies are disabled, this may impair the proper operation of the website.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files that are saved on your computer and enable the usage of the website by you to be analyzed. The information generated by the cookies concerning your usage of this website (including your IP address) will be transmitted to a Google server in the USA and stored at that location. Google will use this information in order to assess your usage of the website, to compile reports concerning website activities for website operators, and to provide further services associated with usage of the website and of the internet. Google may transfer this information to third parties under certain circumstances where required by law or in the event that third parties process these data on behalf of Google. Google will not under any circumstances cross-reference your IP address with other data held by Google. You can prevent cookies from being installed through the relevant settings on your browser software; however, please note that, should you do so, it is possible that you may not be able to use all functions of this website in full. In using this website you consent to the processing of the personal data concerning you collected by Google in the manner described above and for the purpose specified above.

You can also prevent Google from collecting the data generated by the cookie concerning usage of the website (including your IP address) along with the processing of these data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout. You can prevent the collection of data by Google Analytics by clicking on the following link. This will install an opt-out cookie, which will prevent the subsequent collection of data when visiting this website.

Deactivating Google Analytics

Further information concerning the terms of service and data protection may be found at: https://www.google.com/analytics/terms/us.html, or at: https://www.google.de/intl/en/policies/.

Please note that Google Analytics has been expanded on this website by the code “anonymizeIp” in order to ensure the anonymized collection of IP addresses (so-called IP masking).

Integration of social plugins

The RATH website also incorporates plugins from the social networks “Facebook” (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), Twitter (1355 Market St #900, San Francisco, CA 94103, USA), Linkedin (LinkedIn Corporation, North Mathilda Avenue, Sunnyvale, California, USA), and Xing (XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany).

These are operated exclusively by the relevant providers. The plugins are marked on the RATH website by the buttons associated with the relevant services.

Information concerning the visit to the RATH website will be forwarded to the relevant service. If you are also logged in to your personal user account with the relevant service when using this website (e.g., in another browser session), it may allocate usage of the RATH website to your account.

Plugins can enable users to share or post links to the corresponding websites in social networks such as Facebook, Twitter, Linkedin, or Xing or recommend the contents of those pages. By actively interacting with these plugins, e.g., by clicking on the relevant button or posting a comment, the corresponding information will be transmitted directly to the relevant service where it will be saved.

Should you wish to prevent the transmission of such data, you must log out of your user account with the relevant service before accessing the RATH website. For further information concerning the scope and purpose of the collection of data by the relevant service along with any further processing and usage of your data by it, please refer to the privacy statements on the website of the relevant service (www.facebook.com/about/privacy/),

(https://twitter.com/privacy?lang=en),

(https://www.xing.com/privacy),

(https://www.linkedin.com/legal/privacy-policy?_l=uk_EN).

These also contain further information concerning your relevant data protection rights and settings options in order to protect your privacy.

Security measures to protect personal data

RATH will endeavor to guarantee the security of your data. Extensive technical and organizational security precautions, which are regularly reviewed and adjusted in line with technical progress, are adopted in order to avoid the loss or misuse of the personal data stored. This includes staff training. Please note that, due to the structure of the internet, it is possible that the data protection rules and the security measures mentioned above may not be complied with by other persons beyond our control. In particular, data that are disclosed in unencrypted form—even if by email—may also be seen by third parties. RATH does not have any influence over this on a technical level. The user is responsible for protecting the data provided by him/her against misuse, either through encryption or otherwise.

Updating of the Privacy Statement

As it may be necessary to amend this Privacy Statement due to changes to the law or to internal company processes, it will be regularly updated and may be downloaded, saved, and printed out at any time at https://www.rath-group.com/en/data-protection/.

Your rights

You have in principle the right to information, rectification, erasure, the restriction of processing, data portability, as well as the right to withdraw consent and to object. You can give notice of the withdrawal of consent or request information or the rectification, erasure or blockage of your personal data either by post or by sending an email to RATH. Please write to privacy@rath-group.com or send a letter to RATH AG, Walfischgasse 14, 1015 Vienna. You will not thereby incur any costs other than the costs of postage or the transmission costs according to existing basic rates. If you believe that your data have been processed in breach of data protection law or that your data protection rights have been otherwise infringed, you can complain to the supervisory authority. In Austria, this is the Datenschutzbehörde (Austrian Data Protection Authority).