Data Protection Policy

Version: November 2022

RAL stands for quality in many areas of daily life. This also applies to the processing of your data. In order to ensure the security and privacy of your data, it is our aim to collect as little personal data as possible from you and to handle any required data as securely as possible. 

Below you will find information about which personal data we ask for and how we process this data.

1 Name and contact details for the responsible entity

RAL gemeinnützige GmbH
Fränkische Straße 7
53229 Bonn
Phone: +49 228 68895 0

Chief Executive Officer: RA Rüdiger Wollmann 
Managing Director: RA Thomas Roßbach

2 Contact details for the Data Protection Officer

If you have any questions about the collection and processing of your personal data or a request for information, our external Data Protection Officer would be pleased to assist you:
Stephan Viehoff
Im Hahn 28, 52224 Stolberg

3 Scope and purpose of the processing of personal data

3.1 Personal data

According to Art. 4 (1) of the EU GDPR, personal data describes all information relating either directly or indirectly to an identified or identifiable natural person. This includes, for example, your name, your contact details and data which you provide when registering for a customer account, processing your orders or as part of an application.

3.2 Server statistics

Every time our website is accessed, data is automatically transferred to the web server by the respective Internet browser and stored in log files. The following data is stored till its deletion:

  • name and URL of the accessed web page
  • IP address at the time the respective page is accessed
  • date, time and success of the access to the web page
  • website from which the user accessed our web page (so-called referrer URL)
  • type and version of the browser 
  • operating system of the end device used to access the web page

The data is processed for the following purposes:

  • to enable the connection to the website
  • to enable the optimised presentation of the website
  • to check and guarantee the security and stability of the systems and
  • to enable and improve the administration of the website

The stored data is not combined with other sources of data. It is generally not possible for us to assign the data to any specific person. The data is not processed for the purpose of gaining further information about the respective visitor to the website.

We reserve the right to store the IP addresses of visitors to our websites for a maximum time period of three months. The logging of this data serves to recognise advanced persistent threats and limit and resolve faults, as well as for ensuring system and data security.

We have a legitimate interest in the sense of Art. 6 (1) lit. f of the EU GDPR for processing the data for the purposes described above.

3.3 Contact (information by telephone, contact form)

Visitors can request information by telephone and send messages to us using a contact form on the website. All information is transferred to us voluntarily by the person making the enquiry and they thus give their consent for the processing of their personal data. In order for us to answer the enquiry by email, it is necessary for the person to provide us with a valid email address. The data is exclusively processed for the purposes of providing advice on the telephone or for handling and answering enquiries submitted using the contact form.

The processing of this data is carried out based on the consent given voluntarily in accordance with Art. 6 (1) lit. a of the EU GDPR. The personal data collected due to the use of the contact form is automatically deleted as soon as the enquiry has been dealt with and there is no reason for it to be stored for a longer period of time.

3.4 Product information area

Our website offers users the opportunity to log in and open a customer account. The following personal data are requested and processed by the contact person of the sign user’s company:

  • name, first name,
  • title, salutation,
  • e-mail address,
  • password,
  • telephone number of the contact person and
  • allocation to the company.

The mandatory information is indicated during registration. Additional parameters such as 

  • date and time of the last login and 
  • date and time of the last password forgotten request 

are stored in order to ensure the proper operation of the website and to prevent or, if necessary, track misuse. The data collected will only be used in the context of setting up and maintaining your customer account and the associated processes for providing product information. The processing is carried out on the legal basis of Art. 6 (1) lit. f of the EU GDPR based on the legitimate interest of RAL to register a contact person of the company user for the purpose of coordination between RAL and the company user with regard to the presentation and content of the product information.

3.5 Newsletter

By subscribing to the newsletter, you expressly give your consent for the processing of the personal data that was voluntarily submitted to us. The data collected during the subscription process is exclusively used for sending the newsletter. We use a double opt-in process to ensure that you only receive the newsletter when you really want to. After subscribing to the newsletter for the first time, we send you an email containing a link to confirm that you really want to receive our newsletter. It is possible to unsubscribe from our newsletter at any time. This is possible using a special link at the end of every newsletter or by sending us an email. Please refer to section 5.7 “Withdrawal of consent” for more details.

The legal basis for the processing of personal data for the distribution of newsletters and the associated activities is your consent given in accordance with Art. 6 (1) Sentence 1 lit. a of the EU GDPR. 

3.6 Cookies

Our website uses cookies. Cookies are small text files that are stored on the customer's digital end device or data medium so that they can make optimum use of all the functions of our website. Most of the cookies we use are deleted from the digital end device or data medium after the end of the current browser session and are thus described as session cookies. Cookies that enable us to check the main functions involved in the operation of our website are left on the digital end device or data medium. For security reasons, we use cookies on various pages of our website that are required for the use of certain functions or for the optimum performance of our application portal. This is the case, in particular, on the login page and the user area. These cookies ensure that the interested person does not need to enter the same information again every time they switch between the individual pages on our website.

It is possible to deactivate the saving of cookies at any time. The help function in the menu for most browsers (e.g. Internet Explorer or Firefox) will describe how users and visitors to our application portal can prevent the browser accepting cookies, how the user and visitor to our website can be informed by the browser when they receive a new cookie or also how he or she can delete all of the cookies already received and block the saving of any cookies in the future. In the latter case, the previously described functions (login and administration options) will no longer be available. It is necessary to remove the block on cookies in order to use these functions.

3.7 Matomo Analytics

This website uses the web analysis service Matomo. Matomo is an open-source software for the statistical analysis of visitor access and page views. Matomo analyzes your usage behavior anonymously, so that it is not possible for us to draw any conclusions about specific persons, as your IP address is anonymized after it is recorded and before it is saved. To ensure functionality and to analyze usage behavior, Matomo permanently saves cookies on your device. 

For more information, see 3.6 Cookies above. Matomo is used for the purpose of gaining knowledge about the use of the website in order to continuously improve and optimize the quality and content. The legal basis for the processing is Art. 6 (1) lit. f EU GDPR based on the stated purpose. 

You have the option of preventing actions you have taken here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and making it easier for you and other users to use the website. 

 Your visit to this website is currently being recorded by Matomo web analysis. Deselect this checkbox for opt-out. 

3.8 Social networks

Our websites contain logos from social networks in the form of buttons featuring the respective logos of the operators. These social networks include, amongst others:

  • Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland,
  • Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland,
  • Twitter, operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland,
  • LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and 
  • YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The buttons act as hyperlinks to the relevant web pages. No data is transferred by merely linking to these sites.

3.9 Embedding of videos

Videos from the YouTube platform are sometimes embedded into our websites. YouTube is a portal provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. While playing the video files from YouTube, a connection to the YouTube servers is established and data about accessing this video is transferred to YouTube. This includes at least the following information: the IP address, data and time of access and the website you are visiting. If you are also logged into your YouTube account at the same time, information on the accessed video file will be allocated to your YouTube account. If you want to prevent this from happening, you either have to log out from your YouTube account before visiting our website or activate the corresponding settings in your YouTube user account.

We use the “privacy-enhanced mode” function to ensure that the connection data is only transferred to the YouTube server if a video is actually played.

To ensure the functionality of the platform and analyse user behaviour, YouTube permanently saves cookies on your end device. If you do not agree to the saving of this data, you can prevent it using the corresponding settings on your Internet browser. You can find further information about this above under 3.6 “Cookies”.

Our legitimate interest lies in improving the quality of our Internet presence. The legal basis for the processing of this data is thus Art. 6 (1) lit. f of the EU GDPR. 

Further information on the collection and use of data and your rights and protection options have been provided by Google in their privacy policy that is available at

3.10 Use of Facebook social plugins

Our website uses social plugins (“plugins”) from the social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identified by a Facebook logo or the note “Facebook Social Plugin”.

If you open a page on our website that contains such a plugin, your browser will establish a direct connection to the Facebook servers. The content of the plugin is sent from Facebook directly to your browser and integrated into the web page by your browser. Facebook receives the information that you have accessed the corresponding page of our website via the integrated plugin. If you are logged into Facebook, Facebook can assign your visit to your Facebook account. If you interact with the plugins, e.g. by clicking on the “Like” button or posting a comment, the corresponding information is transmitted directly to Facebook by your browser and stored there.

For further information on the purpose and extent to which your data is collected and any further processing and use of this data by Facebook, as well your rights in this regard and the settings available for the protection of your personal privacy, please refer to Facebook's data protection information. If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website.

3.11 E-mail and security

Please bear in mind that emails are not protected against unauthorised access, falsification, etc. Therefore, please do not send any confidential information (e.g. account number, passwords, etc.) to us by email.

4 Transferring data

Personal data is only transferred to a third party if:

  • the data subject has expressly given their consent for the data to be used for this purpose in accordance with Art. 6 (1) lit. a of the EU GDPR,
  • in the event of the transfer of data in accordance with Art. 6 (1) lit. f of the EU GDPR, this is required for the establishment, exercise or defence of legal claims and there is no reason to believe that the data subject has an overriding legitimate interest for the non-transfer of their data,
  • in the event of the transfer of data in accordance with Art. 6 (1) lit. c of the EU GDPR, a legal obligation to this end exists,
  • it is necessary in accordance with Art. 6 (1) lit. b of the EU GDPR for the performance of a contract to which the data subject is a party and/or
  • from third-party companies are used where the transfer takes place on the basis of an order processing contract in accordance with Art. 28 EU GDPR.

5 Your rights as the data subject

If your personal data has been processed due to your visit to our website, you have the following rights as the “data subject” in the sense of the EU GDPR:

5.1 Right to obtain information

You can request information from us about whether we are processing personal data about you. No right to obtain information exists if the data cannot be deleted due to legal or contractual retention periods or has been processed exclusively for data backup or data security purposes and the provision of this information would require a disproportionate amount of cost and effort and any processing of the data for other purposes is excluded using suitable technical and organisational measures. Where applicable, you can request information about:

  • the purposes of the processing
  • the categories of your personal data that were processed
  • the recipients or categories of recipients to whom your personal data is made public, especially recipients in third countries
  • if possible, the period for which your personal data will be stored, or if that is not possible, the criteria used to determine that storage period
  • the existence of a right to rectification or erasure or restriction of processing of the data about you as the data subject or a right to object to this processing
  • the right to lodge a complaint with a data protection supervisory authority
  • if the personal data was not obtained from you as the data subject, any available information on the source of the data
  • if relevant, the existence of automated decision-making including profiling and meaningful information on the logic involved, as well as the scope and envisaged consequences of such automated decision-making
  • if the personal data is transferred to a recipient in a third country, insofar as the EU Commission has not issued a resolution on the adequacy of the level of protection in accordance with Art. 45 (3) of the EU GDPR, information on what appropriate safeguards in accordance with Art. 46 (2) of the EU GDPR have been provided to protect the personal data

5.2 Right to rectification and completion

If you establish that the personal data, we hold about you is incorrect, you can request that we rectify the incorrect data. You also have a right to request that incomplete data is completed.

5.3 Right to erasure

You have a right to erasure (“right to be forgotten”) if one of the following grounds applies:

  • the personal data is no longer required for the purposes for which they were processed
  • you have withdrawn you consent for the processing of the data
  • you have objected to the processing of your personal data that we have made public
  • you have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing of the data
  • your personal data has been unlawfully processed
  • the erasure of your personal data is required to comply with a legal obligation to which we are subject

The right to erasure does not exist if, in the event of legal non-automated data processing, the erasure of the data would only be possible at a disproportionate amount of cost and effort due to the special type of storage and you only have a low level of interest in its erasure. In this case, the processing of this data will be restricted instead of the data being erased.

5.4 Right to restriction of processing

You have the right to request a restriction of processing if one of the following grounds applies:

  • you contest the accuracy of the personal data. In this case, a restriction can be requested for the period required to verify the accuracy of the data.
  • the processing is unlawful and the data subject requests a restriction of the use of their personal data instead of the erasure of the data.
  • your personal data is no longer required by us for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims.
  • you have raised an objection in accordance with Art. 21 (1) of the EU GDPR. A restriction of processing can be requested pending the verification of whether we have legitimate grounds that override your grounds for a restriction of processing.

A restriction of processing means that the personal data will only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We are obligated to inform you before the restriction of processing is lifted by us.

5.5 Right to data portability

You have a right to data portability if the processing is based on your consent according to Art. 6 (1) lit. a or Art. 9 (2) lit. a of the EU GDPR or a contract to which you are a contractual party and the processing is carried out with the aid of automated means. In this case, the right to data portability includes the following rights insofar as they do not adversely affect the rights and freedoms of others:

You have the right to receive from us the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to have this data transferred to another controller without hindrance from us. If technically feasible, you can request that we directly transfer your personal data to another controller.

5.6 Right to object

If you believe that the processing of the personal data about you is unlawful, you can lodge a complaint with a data protection supervisory authority that is responsible for your place of residence, place of work or the place of the alleged infringement.

5.7 Withdrawal of consent

Your consent for the processing of personal data can be withdrawn at any time with future effect. The withdrawal of consent can also apply to individual sections of the data processing (e.g. unsubscribing from the newsletter).

Please note that even if you withdraw your consent, processing of the data may still be required due to legal regulations.

Please send us the notification about your withdrawal of consent using the contact details stated above in section 1 and please understand that some identification may be required in the event of a withdrawal of consent to prevent any misuse.

6 Withdrawal of consent for advertising mails

We hereby expressly prohibit the use of our contact details – published as part of our duty to publish a legal notice – for the purpose of sending us any advertising or information materials that we have not expressly requested. The operator of these websites expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information such as in the form of spam emails.