Privacy

Data protection policy for Facebook

Version: December 2021

RAL stands for quality in many areas of daily life. This also applies to the processing of your data. In order to ensure the security and privacy of your data, it is our aim to collect as little personal data as possible from you and to handle any required data as securely as possible. Please find information below on what personal data we collect and how we process this data.

Please find information below on what personal data we collect and how we process this data.

Name and contact details for the responsible entity

RAL gemeinnützige GmbH (nachfolgend RAL)
Fränkische Straße 7
D-53229 Bonn
Telephone: +49 228 68895 120
E-Mail: info@ral.de
Chief Executive Officer: Rüdiger Wollmann, Attorney-at-Law
Managing Director: Thomas Roßbach, Attorney-at-Law

Contact details for the Data protection officer

If you have any questions about the collection and processing of your personal data or a request for information, our external data protection officer would be pleased to assist you. The data protection officer can be contacted via dsb@streitz-consult.de.

3 Scope and purpose of the processing of personal data

3.1 Personal data

According to Art. 4 (1) EU GDPR, personal data describes all information relating either directly or indirectly to an identified or identifiable natural person. This includes, for example, your name, your contact details and data which you provide when registering for a customer account, processing your orders or as part of an application.

3.2 Cookies

This website uses cookies. Cookies are small text files that are stored on the digital end device or data carrier of the user so that you can use all functions of the website optimally and the evaluation of visitor interests is enabled. Most of the cookies used on the website are deleted from the user's digital end device or data carrier after the end of the respective browser session and are therefore called session cookies. Cookies remain on the digital device or data carrier, which enable Facebook to check the essential functions for the operation of the website.

Facebook's full cookie policy can be found here: https://de-de.facebook.com/policies/cookies/

3.3 E-Mail and Security

Please note that emails are generally not protected against unauthorized access, falsification, etc. Therefore, please do not send any confidential information (account details, passwords, etc.) by email.

3.4 Processing of personal data by Facebook

RAL uses the technical platform and services of Facebook Ireland Ltd. for the information service offered here. The contact details of the platform provider are:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland

One possibility for online contact is offered by the page https://www.facebook.com/help/contact/2061665240770586

We would like to point out that you use this Facebook page and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also find a large part of the information offered here on our website at https://www.blauer-engel.de.

The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings for advertisements. The data usage guidelines are available at the following link:
https://de-de.facebook.com/policy

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device as a result of the login. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons embedded in websites, it is possible for Facebook to record your visits to these websites and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. In this way, Facebook information through which you can be directly identified will be deleted. This allows you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. If you now log in, you will again be recognizable to Facebook as a specific user. For information on how to manage or delete information about you, visit the Facebook support page at
https://de-de.facebook.com/about/privacy

3.5 Processing of personal data by RAL

As the provider of the information service, we also collect and process data from your use of our pages, which is provided to us by the operating company of the social media platform:

This information includes statistics on "likes", the post reach of individual posts, the number of interactions of users with our content, information on views of videos, information on competitions held, as well as information about individual persons who actively interact with our site, e.g. through the "like" or the communication options of Facebook.

This information is regularly used by us to ensure communication with you and to adapt our published content with regard to your reach.  

The legal basis for the processing is a legitimate interest pursuant to Art. 6 (1) (f) DSGVO for the aforementioned purposes.

This data protection declaration is linked in its current version under the item "Data protection declaration" on our Facebook page.

If you have any questions about our information offering, you can contact us at the above contact details.

Further information on Facebook and other social networks and how you can protect your data can also be found at www.youngdata.de.

4 Transferring data

Personal data is only transferred to a third party if:

  • the data subject has expressly given their consent for the data to be used for this purpose in accordance with Art. 6 (1) (a) EU GDPR,
  • in the event of the transfer of data in accordance with Art. 6 (1) (f) EU GDPR, this is required for the establishment, exercise or defence of legal claims and there is no reason to believe that the data subject has an overriding legitimate interest for the non-transfer of their data,
  • in the event of the transfer of data in accordance with Art. 6 (1) (c) EU GDPR, a legal obligation to this end exists,
  • it is necessary in accordance with Art. 6 (1) (b) EU GDPR for the performance of a contract to which the data subject is party and/or
  • services are used by companies where the transfer takes place on the basis of a contract processing agreement pursuant to Art. 28 EU GDPR.


5 Your rights as the data subject

If your personal data has been processed due to your visit to our website, you have the following rights as the “data subject” in the sense of the EU GDPR:

5.1 Right to obtain information

You can request information from us about whether we are processing personal data about you. No right to obtain information exists if the data cannot be deleted due to legal or contractual retention periods or has been processed exclusively for data backup or data security purposes and the provision of this information would require a disproportionate amount of cost and effort and any processing of the data for other purposes is excluded using suitable technical and organisational measures. Where applicable, you can request information about:

  • the purposes of the processing.
  • the categories of your personal data that were processed.
  • the recipients or categories of recipients to whom your personal data is made public, especially recipients in third countries.
  • if possible, the period for which your personal data will be stored, or if that is not possible, the criteria used to determine that storage period.
  • the existence of a right to rectification or erasure or restriction of processing of the data about you as the data subject or a right to object to this processing.
  • the right to lodge a complaint with a data protection supervisory authority.
  • if the personal data was not obtained from you as the data subject, any available information on the source of the data.
  • if relevant, the existence of automated decision-making including profiling and meaningful information on the logic involved, as well as the scope and envisaged consequences of such automated decision-making.
  • if the personal data is transferred to a recipient in a third country, insofar as the EU Commission has not issued a resolution on the adequacy of the level of protection in accordance with Art. 45 (3) EU GDPR, information on what appropriate safeguards in accordance with Art. 46 (2) EU GDPR have been provided to protect the personal data.

5.2 Right to rectification and completion

If you find that the personal data, we hold about you is incorrect, you can request that we rectify the incorrect data. If the data is incomplete, you can request completion.

5.3 Right to erasure

You have a right to erasure (“right to be forgotten”) if one of the following grounds applies:

  • the personal data is no longer required for the purposes for which they were processed
  • you have withdrawn you consent for the processing of the data
  • you have objected to the processing of your personal data that we have made public
  • you have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing of the data
  • your personal data has been unlawfully processed
  • the erasure of your personal data is required to comply with a legal obligation to which we are subject

The right to erasure does not exist if, in the event of legal non-automated data processing, the erasure of the data would only be possible at a disproportionate amount of cost and effort due to the special type of storage and you only have a low level of interest in its erasure. In this case, the processing of this data will be restricted instead of the data being erased.

5.4 Right to restriction of processing

You have the right to request a restriction of processing if one of the following grounds applies:

  • you contest the accuracy of the personal data. In this case, a restriction can be requested for the period required to verify the accuracy of the data.
  • the processing is unlawful and the data subject requests a restriction of the use of their personal data instead of the erasure of the data.
  • your personal data is no longer required by us for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims.
  • you have raised an objection in accordance with Art. 21 (1) EU GDPR. A restriction of processing can be requested pending the verification of whether we have legitimate grounds that override your grounds for a restriction of processing.

A restriction of processing means that the personal data will only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We are obligated to inform you before the restriction of processing is lifted by us.

5.5 Right to data portability

You have a right to data portability if the processing is based on your consent according to Art. 6 (1) (a) or Art. 9 (2) (a) EU GDPR or a contract to which you are a contractual party and the processing is carried out with the aid of automated means. In this case, the right to data portability includes the following rights insofar as they do not adversely affect the rights and freedoms of others:

You have the right to receive from us the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to have this data transferred to another controller without hindrance from us. If technically feasible, you can request that we directly transfer your personal data to another controller.

5.6 Withdrawal of consent

Your consent for the processing of personal data can be withdrawn at any time with future effect. The withdrawal of consent can also apply to individual sections of the data processing (e.g. unsubscribing from the newsletter).

Please note that even if you withdraw your consent, processing of the data may still be required due to legal regulations.

Please send us the notification about your withdrawal of consent using the contact details stated above in section 1 and please understand that some identification may be required in the event of a withdrawal of consent to prevent any misuse.

5.7 Right to object

If you have any questions about data protection at the responsible body and to exercise your rights in this regard, you can contact the responsible body directly using the contact details above.

You can also contact the company data protection officer. The contact details are: dsb@streitz-consult.de

Furthermore, according to Art. 77 GDPR, § 19 BDSG, you have the right to complain to the competent data protection supervisory authority if you have any questions about data protection and data protection issues. For companies located in North Rhine-Westphalia, this is the state representative for data protection and freedom of information. The contact details are:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
E-Mail: poststelle@ldi.nrw.de
Tel.: 0211/38424-0
Fax: 0211/38424-10