Privacy Policy
Riese & Müller GmbH take the security of your personal data seriously. We take measures to ensure this security. As part of our digital offerings, we also use services from third-party providers in Germany, other European countries and the USA. In the following we would like to inform you of how your data are processed (a) when you visit our website www.r-m.de (hereinafter "website" or "websites"), including the use of a Riese & Müller user account 'My Bike', (b) when using cookies on the website, (c) when using our RX Connect App for smartphones, (d) when using our RX Services and also (e) when using our social media offerings.
Table of contents
C. Use of cookies on the website
D. Data processing when using the Riese & Müller RX Connect App
E. Your rights as a data subject
Privacy Notice for the Facebook fan page and Instagram page
A. Controller, data protection officer
B. Contacting the data protection officers
C. Data processing when using our Fan Page and Instagram Page
F. Processing of your data by Facebook
G. Storage of your personal data
I. Changes to this Privacy Policy
Privacy Notice for YouTube Channel
B. Contacting the data protection officer
C. Data processing when using our YouTube Channel
F. Processing of your data by YouTube
G. Storage of your personal data
I. Changes to this Privacy Policy
Privacy notice for the Customer Care Communication with customers and prospective customers
2. Information about the processing of personal data
4. Addendum on the use of AI functions in the context of customer care communication
A. Data processing controller
We,
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
E-mail: [email protected]
are responsible for processing personal data in the context of our digital offerings pursuant to the provisions of the General Data Protection Regulation (GDPR).
In this Privacy Policy, we would like to inform you about the type, scope as well as purpose of processing your personal data (hereinafter: "data") within the context of our digital offerings.
B. Data processing when visiting our website, when using our contact forms and when applying for a job
We process data when you contact us, use our services (e.g. register for our newsletter) and also when you visit our website. We use and process personal data exclusively for the purpose for which you have made such data available to us, e.g. where you have given your consent or for us to fulfill our contractual obligations. In addition, data are processed to safeguard our legitimate interests.
Your data may also be processed by other departments within Riese & Müller GmbH. In some instances, we also use external service providers for processing. They have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
The specific processing purposes, the data concerned as well as the legal basis for data processing in the context of a visit to our website are listed below:
a) Purpose of website visit
We log your visit to our websites. The following data are processed: the name of the respective website viewed, date and time of access, amount of data transferred, browser type and version, your operating system, referrer URL (the last site visited before calling up our site), your IP address and the requesting provider. We collect such data based on our legitimate interests within the meaning of point (f) of Article 6(1) GDPR, since the collection serves our legitimate interest to ensure the protection of our systems and servers and the stability and security of our website.
b) Contact
If you contact us via one of our contact forms or by e-mail, your data will be processed exclusively for the purpose of processing and handling your request. The data concerned are: your e-mail address, last and first name, subject, message as well as other data you optionally provide. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
c) My Bike Account and registration of a bike
On the My Bike service platform on our website, you have the option of creating a My Bike Account, for which you can assign a password yourself. To register the My Bike Account, we need the following data from you: e-mail address, last name and first name. You may optionally provide additional data. The legal basis for this data processing is point (b) of Article 6(1) GDPR. We need the data to register your My Bike Account and to make the My Bike service platform available.
You may add your Riese & Müller bike to your My Bike Account and register the bike in this My Bike Account for warranty after purchase. For the warranty registration, we need the following additional information: address, dealer, frame number, serial number and date of purchase. These data are processed by us for the registration of the warranty and for a later instance of a possible fulfillment and handling of the warranty service. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
d) Transmission of your data to dealers
If you contact us with the objective of establishing direct contact with a specified or with the nearest dealer (e.g. if you use our forms to make a purchase inquiry with the nearest dealer or to arrange a test ride with the nearest dealer), we will transmit your data and case-related information (such as the bike you have configured in the case of a purchase inquiry) to the respective nearest dealer. Processing and handling your request is not possible without this transmission. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
Similarly, in the event of a warranty claim, we will pass on the data you have already provided to us during warranty registration as well as information on the warranty claim to the dealer in order to process the warranty claim. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
e) Transmission of your data to payment service providers
Some of our services and products cannot be purchased from local retailers. If you purchase something directly on our website, we use a payment service provider to process your payment with the highest security standards.
We transmit your transaction data (name, booking date, payment method, amount and payee, and, if applicable, bank account or credit card details) to the payment service providers commissioned to process payments. We use the service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, The Netherlands, for the technical processing of payments. If you pay by SEPA direct debit, the trust of Mollie B.V., Stichting Mollie Payments, Keizersgracht 126, 1015 CW Amsterdam, The Netherlands, will collect the money. Payments are settled via payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, The Netherlands.
f) Press distribution list
To receive press information by e-mail, you can subscribe to our press distribution list. When you subscribe to the press distribution list, we use the data entered by you. The data concerned are: your e-mail address, last and first name, and editorial department as well as other data you optionally provide.
Transmission of Your Data to Third Parties
The messages are transmitted by the service provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Your e-mail address, last and first name as well as other data you optionally provide will be stored on the servers of rapidmail GmbH. rapidmail GmbH uses this information to send and evaluate the newsletter on our behalf. rapidmail GmbH is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR.
Inclusion in the press distribution list is based exclusively on your prior consent in accordance with point (a) of Article 6(1) GDPR.
Messages are sent via the MailChimp service of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Your e-mail address, last and first name as well as other data you optionally provide will be stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR. An adequate level of protection is guaranteed by standard data protection clauses issued by the European Commission, concluded between us and MailChimp.
For further information on data protection visit https://www.intuit.com/privacy/statement/
Inclusion in the press distribution list is based exclusively on your prior consent in accordance with point (a) of Article 6(1) GDPR.
g) Newsletter
You can subscribe to our newsletter to receive advertising information, e.g. about our products and special offers, by e-mail. When you subscribe to the newsletter, we use the data entered by you. The data concerned are: your e-mail address, last and first name as well as other data you optionally provide.
Transmission of Your Data to Third Parties
The messages are transmitted by the service provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Your e-mail address, last and first name as well as other data you optionally provide will be stored on the servers of rapidmail GmbH. rapidmail GmbH uses this information to send and evaluate the newsletter on our behalf. rapidmail GmbH is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR.
Inclusion in the press distribution list is based exclusively on your prior consent in accordance with point (a) of Article 6(1) GDPR.
Messages are sent via the MailChimp service of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Your e-mail address, last and first name as well as other data you optionally provide will be stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR. An adequate level of protection is guaranteed by standard data protection clauses issued by the European Commission, concluded between us and MailChimp.
For further information on data protection visit https://www.intuit.com/privacy/statement/
The newsletter is send exclusively on the basis of your prior consent in accordance with point (a) of Article 6(1) GDPR. If you are under 16 years of age, registration for the newsletter requires the consent of your legal guardian.
The registration for the newsletter requires a so-called double opt-in. To prevent abuse, we will send you an e-mail after your registration, asking you to confirm your registration. To be able to demonstrate that the registration process complies with the legal requirements, your newsletter registration is logged. This includes both saving the login and confirmation time as well as the IP address. Changes are logged by the newsletter service provider engaged by us.
You may revoke your consent to receiving our e-mail newsletter at any time. At the end of each newsletter, you will also find a link to unsubscribe. If you have registered only for our newsletter and have unsubscribed, your personal data will be deleted.
h) Processing of external applications as well as in-house applications by Riese & Müller employees
Your message, the application data transmitted by you (such as your name, e-mail address, date of birth, postal address and phone number), the application documents transmitted (such as CV, certificates, cover letter, including the personal details and information on qualifications contained therein) as well as additional information and notices provided by you as part of an application are processed by us exclusively for the purpose of processing and handling your application. The legal basis for this data processing is primarily the first sentence of Section 26(1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The processing of data is permitted if such data are required in connection with the decision to establish an employment relationship.
If your application is successful, your data will be stored to your personnel file.
If your application is not successful, we will store your data for a maximum of six months after completion of the application process and delete it afterwards.
The reason for processing data even after conclusion of the application process is the need for comprehensive documentation of the application process in the event that former applicants assert and/or defend claims under labor law. The legal basis for this data processing is our overriding legitimate interest in a full legal defense in accordance with point (f) of Article 6(1) GDPR.
If, during the application process, you expressly consent to being included in our talent pool, data will be processed beyond the specified period. The data processing will then be based on your consent in accordance with point (a) of Article 6(1) GDPR. The data will be deleted after twelve months, at the latest.
Your online application
After entry and transmission, your data are transferred directly via an encrypted connection to the server of our external service provider, SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany. This is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR. All data are encrypted using the TLS method.
Job Alert
If you wish, we will inform you about suitable job offers. We process the information provided by you (first name and surname, country/region of residence, career level, area of responsibility, working time model, e-mail) to inform you by e-mail once a new job opening matching your search criteria has become available. For this, we use our external service provider, SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany. This is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR. All data are encrypted using the TLS method.
The data processing will be based on your consent in accordance with point (a) of Article 6(1) GDPR. The data will be deleted after twelve months, at the latest.
Data security
Our employees as well as our processor are obliged by both their contractual obligations and also data protection rules to treat your personal data confidentially.
To protect your collected data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, technical and organizational measures are used, which are continuously improved in line with technological development.
i) Contacting as a dealer
If you contact us via one of our "Become a dealer" contact form or by e-mail to become a dealer, your data will be processed exclusively for the purpose of processing and handling your request. Data concerned are: firm, last and first name, e-mail address, phone number, company address, website domain, subject and content of your message. Processing and handling your request is not possible without processing these data. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
j) Communication with Suppliers
If you have completed our Supplier Self-disclosure Form, your details will be used exclusively for the purpose of processing and managing our business relationship. The data in question includes: Company name, surname, first name, email address, phone number, company address, website domain. It is impossible for us to process and manage the business relationship without processing this data. The legal basis for this data processing is Art. 6 para. 1b) GDPR.
k) Job Bike Leasing
If you contact us via our contact form Job Bike Leasing, by e-mail or by phone, to inform yourself about a Job Bike Leasing, your data will be processed exclusively for the purpose of processing and handling your request and for preparing an offer for the Job Bike you have requested. The data concerned are: Company name, last and first name, e-mail address, telephone number (in case of contact by telephone or callback request), employer, employer ID, Job Bike configuration data, subject and content of your message.
Transmission of your data to third parties
We transmit the aforementioned personal data and the offer we have prepared to the Job Bike provider with whom your employer cooperates. You can find the Job Bike provider currently cooperating with us here.
If your employer accepts the offer, we will forward the aforementioned personal data to the dealer responsible for you. This dealer will carry out the final assembly for you and hand over the Job Bike to you.
Without the processing of this data the consultation, the processing and handling of your request, the preparation of an offer and the final assembly and the handover of the Job Bike by the dealer is not possible. The legal basis for this data processing is point (b) of Article 6(1) GDPR.
l) Disclosure of personal data to processors and other third parties
In accordance with the applicable data protection regulations, we may disclose your personal data to external processors (Article 28 GDPR) acting on our behalf and providing services in connection with our website, the contact forms, the application process and our digital offerings (e.g. host providers, IT service providers). Data are transmitted based on processing agreements. Our processors may process your personal data only to the extent necessary to perform their specific tasks. They are contractually obliged to process your personal data only on our behalf and pursuant to our instructions.
Any processors domiciled outside the European Union or the European Economic Area are either based in third countries for which an adequacy decision has been issued by the European Commission or an adequate level of protection is ensured by standard data protection clauses issued by the European Commission which we have concluded with the external processor.
In addition to the processors designated elsewhere in this Privacy Policy, your personal data will be disclosed to the following third party processors, including, without limitation:
- Secion GmbH, Member of Allgeier CORE Group GmbH, Paul-Dessau-Straße 8, 22761 Hamburg, Germany, for IT security checks;
- CTM-COM GmbH, Marienburgstraße 27, 64297 Darmstadt, Germany, for IT systems maintenance and care;
- Stiftung Nieder-Ramstädter Diakonie, Stiftungsverein, Bodelschwinghweg 5, 64367 Mühltal, Germany, for the disposal of data carriers;
- Druckerei Lokay e. K., Königsteiner Straße 3, 64354 Reinheim, Germany, for production and shipping of printed products;
- Scholz & Volkmer GmbH, Schwalbacher Straße 72, 65183 Wiesbaden, Germany, for hosting, maintenance, further development and content creation for the website;
- Spark 5 GmbH, Rheinstraße 97, 64295 Darmstadt, Germany, for network analysis and penetration testing;
- Code Piraten UG, Am Ruhmbach 44, 45149 Essen, Germany, for further development of the website;
- Hanbuch Packaging, Obergasse 85, 64319 Pfungstadt, Germany, for various print jobs and shipping;
- Podigee GmbH, Schlesische Str. 20, 10997 Berlin, Germany, for podcast hosting.
- Wolters Kluwer Service und Vertriebs GmbH, Hindenburgstraße 46, 71638 Ludwigsburg, Germany, for supplying the software “Addison OneClick”, Support
-
Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands, for the provision of the Cookie Consent Management
-
Atlassian. Pty Ltd Level 6, 341 George Street Sydney NSW 2000, Australia, for the in-house management of tasks and knowledge
- Nion digital GmbH, Luise-Ullrich-Straße 20, 80636 Munich, Germany, for hosting, maintaining and further developing the RX Connect app
- Turbine Kreuzberg GmbH, Prinzessinnenstraße 19/20, 10969 Berlin, Germany, for further developing the internal data infrastructure
- Accenture Song / Accenture Dienstleistungen GmbH, Campus Kronberg 1, 61476 Kronberg im Taunus, Germany, for hosting, maintaining and further developing the landing page ubn.r-m.de
- LimeSurvey GmbH, Papenreye 63, 22453 Hamburg, Germany, for conducting anonymised and non-anonymised surveys
- Ernst & Young GmbH, Flughafenstraße 61, Stuttgart 70629, Germany, to support the implementation of SAP
- OpenText Software GmbH, Technopark 2, Werner-von-Siemens-Ring 20, 85630 Grasbrunn, Germany, for the creation of employment contract offers and the creation of a digital personnel file
- Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L1855 Luxembourg, for the hosting of RX Connect;
- Intercom, 18-21 St. Stephen’s Green, Dublin 2, Dublin, Ireland for customer care communications with current and prospective customers
- ecovium Holding GmbH, Justus-von-Liebig-Straße 3, 31535 Neustadt for the further processing of shipment data and shipment tracking for orders via direct shipping
C. Use of cookies on the website
You may adjust your cookie settings on our website individually at any time .
This cookie table has been created and updated by the CookieFirst consent management platform.
a) General information
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. once you have closed your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser on your next visit (persistent cookies).
You can change your browser settings to generally block cookies or to inform you when cookies are sent to your device. There are several ways of dealing with cookies. Please use your browser instructions or help menu to learn more about how to adjust your browser settings.
In this case, you may have to adjust some settings manually each time you visit a page and accept that some functions may be impaired. Specifically, we use the following types of cookies. Unless the user deletes the cookie or revokes his/her consent to the use of cookies, the cookie will be stored for the duration of its use for this purpose. It will be deleted automatically immediately afterwards.
b) Required cookies and security cookies
- On our website, we use required and security-relevant cookies. These are cookies that are used to make use of the website and navigate it faster or more safely and that guarantee special functions that are absolutely required for a normal visit to the website and for navigating it. For example, your cookie settings are saved by such cookies so our cookie notice will be displayed only once. They allow for sending forms securely via our website to prevent our systems from being attacked by a CSRF (cross-site request forgery), or ensure that a user is assigned to the services they have booked, his/her digital shopping cart, My Bike area or language and country settings.
-
Data processing is based on point (b) of Article 6(1) GDPR. The use of these cookies is technically required to make the website available to you in a legally compliant manner, to be able to store your cookie settings on the website or to enable a purchase or paid services via our website.
Storage duration: session or 1 year
- The website also uses the security cookie "__cfduid" from Cloudflare, Inc, 101 Townsend St., San Francisco, California 94107, USA ("Cloudflare"). The cookie is used to identify visitors when using a shared IP address and to confirm that the visit is coming from a known device, even if you access our website from a potentially insecure network (e.g. in public places). In this way, security settings can be applied for each individual user.
-
We have concluded a processing agreement under Article 28 GDPR with Cloudflare. An reasonable level of data protection is guaranteed with the conclusion of the EU standard contract clauses.
Storage duration: 1 month
- Our website uses the “Friendly Captcha” service (https://friendlycaptcha.com/de/). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a novel, privacy-friendly protection solution that makes it difficult for automated programs and scripts (“bots”) to access our website. We have integrated a program code provided by Friendly Captcha into our website (e.g. for our contact forms). When visitors access the protected areas of the website, the Friendly Captcha widget forwards the requesting device to the Friendly Captcha servers in order to obtain a calculation task from them. When solving the calculation task, the requesting device uses certain system resources and sends the calculation result back to our web server. The latter contacts the Friendly Captcha server via an interface and receives an answer as to whether the puzzle was solved correctly by the end device. Depending on the result, we can add security rules to enquiries or requests through our website, for instance to process or reject them.
The data is only used to protect against spam and bots, as described above. Friendly Captcha does not place or read cookies on the requesting device. IP addresses are only stored in hashed (one-way-encrypted) form and do not allow us or Friendly Captcha to draw conclusions about an individual. Any personal data stored will be deleted within 30 days. The legal basis for the processing of data includes our legitimate interests in protecting our website against improper access by bots, including spam, and protecting it against attacks (e.g. bulk requests), Art. 6 para. 1f) GDPR. For more information on privacy with the use of Friendly Captcha, visit https://friendlycaptcha.com/de/legal/privacy-end-users/
Storage duration: 1 month
c) Cookies for an optimal user experience: dealer search and detailed dealer view
With your consent, we use various cookies to optimize the user experience on our website:
- So that we can help you quickly with your dealer search, we store your zip code or other location data (in the form of IP addresses) via the cookies to show you the nearest dealers in your town or city and surroundings.
Storage duration: 1 year - We use a cookie to store the last bike you viewed. In this way, we can show you the last bike you viewed when you access the site next time.
Storage duration: 1 year
The legal basis for setting cookies for an optimal user experience is your consent in accordance with point (a) of Article 6(1) GDPR. You may withdraw your consent at any time by unchecking the box "For an optimal user experience" in "Cookie settings". However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
d) Cookies for our statistics and further development
We collect data for statistics and analysis to continuously and further improve our product range and our website. To do so, we use cookies to determine, for example, the number of visitors and the effect of certain pages on our website and to optimize our content.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website may be transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA ("Google") in the USA. However, if IP-anonymization is enabled on this website, your IP-address will be first shortened within European Union Member States or in other EEA states. The complete IP address will be in transmitted to a Google server in the USA and shortened there in exceptional cases. Google Ireland will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser in the context of Google Analytics will not be combined with any other data from Google Ireland or Google.
Please note that this website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are stored in anonymized form only, a direct personal reference in connection with the stored data therefore is excluded.
We have concluded a processing agreement under Article 28 GDPR with Google Ireland. Data transmission therefore is privileged under Article 28 GDPR.
For exceptional cases where personal data are transmitted to the USA, a reasonable level of data protection is guaranteed by the conclusion of the EU standard contractual clauses.
The legal basis for our use of Google Analytics is your consent in accordance with point (a) of Article 6(1) GDPR. You may withdraw your consent at any time by unchecking the box "For our statistics and further development" in "Cookie settings". However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You may also prevent the collection of data generated by the cookie related to your use of the website (including your IP address) as well as the processing of such data by Google, by downloading and installing the browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=de. to disable Google Analytics for your current Internet browser.
You may also prevent detection by Google Analytics, by clicking on the following link. An opt-out cookie is set to prevent future collection of your information when you visit this website: Disable Google Analytics
Storage duration: 2 years
Google conversion tracking
Riese & Müller uses Google conversion tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Through Google conversion tracking, Google and we can recognise whether users have performed certain actions. This enables us, for instance, to assess how frequently which buttons on our website are clicked on and what products are viewed or purchased particularly often. This information is used to compile conversion statistics. We discover the total number of users who have clicked on our advertisements and what actions they have taken. We do not receive any information allowing us to personally identify users. Google itself utilises cookies or comparable recognition technologies for identification purposes.
Use of this service is subject to your consent in accordance with Art. 6 para. 1a of the GDPR and section 25 para. 1 of the German Telecommunications Telemedia Data Protection Act (TTDSG). You may revoke your consent at any time.
You will find more information about Google’s conversion tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a tag management system by Google Ireland that makes it possible to integrate scripts and program codes in web pages and apps. We use Google Tag Manager to optimize our website.
The legal basis for our use of Google Tag Manager is your consent pursuant to Section 25 (1) sentence 1 of the German Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG). You may withdraw your consent at any time by deselecting the box "For our statistics and further development" in "Cookie settings." However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You will be informed separately on our jobsite about cookies on the website, as it is operated by SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany.
Storage duration: Up to 2 years
e) Google Maps
For certain functionalities of our website, such as dealer search and to display geographical information, we use the online map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google"). For this purpose, Google will obtain e.g. your IP address, device ID and the location of your terminal.
Google also uses the data collected by it for market research and advertising purposes, i.e., in particular to analyze your behavior in order to create user profiles and to provide personalized advertising (including on behalf of third parties). We have no influence on this.
You may "opt-out" of this function and have a say as to which advertising will be displayed to you in future as a user of Google services:
https://adssettings.google.de/authenticated
For further information on Google Maps and on data processing by Google visit: https://policies.google.com/privacy?hl=de&gl=de.
Please note that according to the Google Privacy Policy user data may also be transmitted to the United States or to other countries outside the European Economic Area. According to Google, in such cases Google uses either the standard contractual clauses approved by the European Commission or bases such data transmission on the adequacy decisions issued by the European Commission regarding certain countries.
The legal basis for our use of Google Maps is your consent in accordance with point (a) of Article 6(1) GDPR. You may withdraw your consent at any time by unchecking the box "Google Maps" in "Cookie settings". However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Storage duration: up to 1 year
f) YouTube API services
You may watch the latest videos on the website, which are embedded by using a YouTube plugin (YouTube API services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube"). The "extended privacy mode" for YouTube videos is enabled on the website. According to YouTube, in this mode, no information about visitors to the site is stored, unless you are watching an embedded video. The data listed in the next paragraph will be transmitted only if you actively click and play the video. We do not collect or use the data mentioned in the next paragraph and also do not have any influence on the transmission of this data.
When you visit the website, cookies set by YouTube will notify YouTube that you have visited the relevant subpage of the website. Moreover, the data collected during the informative visit of the website will be transmitted. This is done regardless of whether you have a YouTube user account and are logged in or you do not have such an account. If you are logged in to YouTube, your information is directly associated with your YouTube account. If you do not wish to have data assigned to your YouTube profile, you must log out before watching the video on the website. In addition, YouTube may also collect data about your GPS location when you access the site from a mobile device.
YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or the needs-based design of YouTube's website. Such analysis is performed in particular (including for non-registered users) to display demand-oriented advertising and to inform other YouTube users about your activities on the website. You have a right to object to the creation of such user profiles, but you must contact YouTube to exercise this right.
By incorporating YouTube videos in the website, a connection to the Google DoubleClick network is automatically established when visiting the website. This does not involve any setting of cookies in the browser. However, if DoubleClick cookies are stored already in your browser, they will be transmitted together with the request. According to the information provided by YouTube, data are transmitted only once you play the video.
For further information on the purpose and scope of data collection and processing by YouTube, please see the YouTube Privacy Policy. There you will also receive more detailed information on your rights and the settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
When you watch a YouTube video through the YouTube API Services, the YouTube Terms of Use apply (https://www.youtube.com/t/terms).
g) Help Center und Messenger (Intercom)
We use cookies on this website (Riese & Müller Help Centre and Messenger) cookies so that we can provide you with all the information as quickly and easily as possible. These cookies are technically necessary and essential for the use of this website. Detailed information can be found here.
Intercom Help Center
The Intercom Help Center product uses the following specific Cookies:
Cookie name |
Purpose |
Cookie storage duration after visit |
Who serves the Cookie |
Intercom-id-[app_id] |
This cookie serves to identify anonymous visitors to a website or application where Help Center is installed to associate them with Help Center sessions. |
9 months |
Intercom |
Intercom-session-[app_id] |
This cookie allows logged-in end users to record their reactions to Help Center articles, access restricted Help Center articles, and access their tickets. |
1 week |
Intercom |
intercom.intercom-state-[app_id] |
When Customers choose to enable the Intercom Messenger in their Help Center, browser web storage is used to cache the Messenger application data and visitor data so that the Messenger loads sufficiently following a page transition. |
Perpetual |
Intercom |
Intercom Messenger
The Intercom Messenger uses the following specific Cookies, which are set when an end user first lands on a Customer website or product page that has Messenger integrated:
Cookie name |
Purpose |
Cookie storage duration after visit |
Who serves the Cookie |
Intercom-id-[app_id] |
This cookie serves to identify anonymous visitors to a website or application where the Intercom JavaScript snippet is installed to associate them with Messenger conversations. The cookie is set by default regardless of whether a visitor has interacted with the Messenger and persists even after interaction. This cookie also supports Messenger analytics reporting. |
9 months |
Intercom |
Intercom-session-[app_id] |
This cookie allows logged-in end users to maintain access to their past conversations even on pages where logged-in requests are not being sent. The cookie also supports Messenger analytics reporting. |
1 week |
Intercom |
intercom-device-id-[app_id] |
This cookie identifies each unique device that interacts with the Messenger for security purposes. |
9 months |
Intercom |
intercom.intercom-state-[app_id] |
When Customers choose to enable the Intercom Messenger in their Help Center, browser web storage is used to cache the Messenger application data and visitor data so that the Messenger loads sufficiently following a page transition. |
Perpetual |
Intercom |
D. Data processing when using the Riese & Müller RX Connect App
When you use our Riese & Müller RX Connect App ("RX Connect App"), we process certain personal data. Which data they are, the purpose of such processing, the third parties that obtain your data and on what underlying legal basis are explained below in this section D.
a) Information on the device used by you
In order to connect the device on which you use the RX Connect App with our servers or other connected services (listed individually below), we may collect and process technical data related to your device, such as MAC address, IP address, serial number or other alphanumeric codes assigned to your end device.
We process such data to establish the connection between your end device and our servers and enable you to use the RX Connect App.
The legal basis for the aforementioned processing is the provision of the services requested by you (point (b) of Article 6(1) GDPR).
b) Querying of location data
ou can use the location function in the RX Connect App to locate yourself on the map, to find dealers and/or to help you locate your bike.
App version older than 2.0: Transmission of your data to Google and to third countries
For your selected location features, we use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google"). For this purpose, Google will obtain e.g. your IP address, device ID and the location of your end device.
Google also uses the data collected by it for market research and advertising purposes, i.e., in particular to analyze your behavior in order to create user profiles and to provide personalized advertising (including on behalf of third parties). We have no influence on this.
You may "opt-out" of this function and have a say as to which advertising will be displayed to you in future as a user of Google services:
https://adssettings.google.de/authenticated
For further information on Google Maps and on data processing by Google visit: https://policies.google.com/privacy?hl=de&gl=de.
Please note that according to the Google Privacy Policy user data may also be transmitted to the United States or to other countries outside the European Economic Area. According to Google, in such cases Google uses either the standard contractual clauses approved by the European Commission or bases such data transmission on the adequacy decisions issued by the European Commission regarding certain countries.
Legal basis
The legal basis for the aforementioned processing is your consent under point (a) of Article 6(1) GDPR.
App version as of 2.0: Transmission of your data to Mapbox and to third countries
For your selected location features, we use the services of Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington DC 20005, USA ("Mapbox"). For this purpose, Mapbox will obtain e.g. your IP address, device ID, operating system, speed, and the location of your end device.
Mapbox also uses the data collected by it for market research and advertising purposes, i.e., in particular to analyze your behavior in order to create user profiles and to provide personalized advertising (including on behalf of third parties). We have no influence on this.
You may "opt-out" of this function and have a say as to which advertising will be displayed to you in future as a user of Mapbox services:
Select the small „i“ in the top right corner of the map in the RX Connect App and revoke your participation in „Mapbox Telemetry“.
For further information on Mapbox and on data processing by Mapbox visit: https://www.mapbox.com/legal/privacy.
Your user data will be transmitted to the United States or to other countries outside the European Economic Area, where it may not be possible to guarantee the high European level of data protection, even though the service provider has been carefully selected and obligated and even though the standard contractual clauses approved by the European Commission have been agreed on.
Legal basis
The legal basis for the aforementioned processing is your consent under point (a) of Article 6(1) GDPR. The legal basis for data processing outside the European Economic Area is your consent pursuant to point (a) of Article 49(1) GDPR.
c) Push messages
You may subscribe to receive so-called push messages.
You will receive push messages with information about the status of your bike. For one, we use the services of Pusher, which is operated by Pusher Ltd. (07489873) 6 New Street Square, New Fetter Lane, London, England, EC4A 3AQ. Pusher Ltd. is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR.
If you use an Android device, we also use the Firebase Cloud Messaging Service (“Firebase”) operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland (“Google”). Google is our processor within the meaning of Article 28 GDPR and is contractually bound to comply with the GDPR. Please note that Google may also transfer data to the USA or other countries outside the European Economic Area. In such cases, a reasonable level of data protection is guaranteed by conclusion of the EU standard contractual clauses. No other Firebase services, such as tracking, are used.
To sign up for push messages you must agree to receive push messages in the RX Connect App. This process will be documented and stored. Login time and a push token or device ID are stored. In case of an Android device, a Firebase installation ID is generated from the device ID and is also stored. This enables Firebase to determine which devices push messages should be sent to. These data serve the purpose of sending you push messages and also are proof of your registration.
We statistically analyze push messages and thus are able to see if and when push messages are displayed and clicked on. This enables us to determine which push messages are of interest to recipients so as to match future messages to the presumed interests of all recipients and hence to increase the interest in our offering.
Legal basis
The legal basis for the aforementioned processing is your consent under point (a) of Article 6(1) GDPR.
You may withdraw your consent at any time with effect for the future. Your withdrawal does not affect the legality of any previous processing. To exercise this right, you may withdraw your consent under "messages" in the system settings.
d) Error analysis
We are continuously working to keep our RX Connect App up-to-date, secure and error-free. We analyze possible software errors (so-called bugs) in order to fix them.
To analyze bugs we use the Bug Tracking Tool by Datadog, Inc., 620 8th Ave 45th Floor, New York, NY 10018 USA (“Datadog”). Datadog is our processor within the meaning of Article 28 GDPR and is contractually bound to compliance with GDPR.
Legal basis
The legal basis for this data processing is our legitimate interest according to point (f) of Article 6(1) GDPR. We have a legitimate interest in keeping our RX Connect App error-free and functional and in particular in analyzing and closing any security loopholes.
e) Link with your My Bike Account and use of RX Services
You can link the RX Connect App to your My Bike Account. Your My Bike login information must be processed to link the RX Connect App. The legal basis for this is the provision of the services requested by you (point (b) of Article 6(1) GDPR).
If you wish to use booked RX Services in our RX Connect App, you first must establish a link to your My Bike Account. The Supplement to the Privacy Policy (Riese & Müller RX Services) applies to the processing of your data in connection with your booked RX Services used via the RX Connect App, including the processing of movement, location data and trip statistics.
f) Web Views
Functionalities of our RX Connect App (such as registration, service booking, My Bike Account, imprint, privacy, contact) are displayed in so-called web views. This means that parts of our website will be displayed in our RX Connect App. Our privacy policy applies to the website in this regard, including the use of cookies as described there, see sections B and C.
g) Amplitude
To improve the quality and performance of our services, we use Amplitude, an analytics service provided by Amplitude Inc. ("Amplitude") located at 201 3rd Street, Suite 200, San Francisco, CA 94103 .
Amplitude uses cookies and similar technologies to collect and analyse data about the use of our RX Connect app. This data may include information about the device from which the app is accessed, such as the IP address, browser type, operating system, app features used and interactions with the app. This information is anonymised and aggregated in order to identify trends and improve the user experience.
The data collected is processed and stored exclusively on EU servers.
By giving your consent in our app, you agree that we may send data about your interactions with the app to Amplitude for analysis purposes. You can manage the use of cookies and similar technologies in the settings.
For more information about how Amplitude collects and uses data and your rights in relation to your data, please read Amplitude's privacy policy at https://amplitude.com/privacy.
The legal basis for our use of Google Tag Manager is your consent pursuant to Section 25 (1) sentence 1 of the German Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG) and point (a) of Article 6(1) GDPR.
You may withdraw your consent at any time by accessing the settings in our app and revoking your consent. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
h) Processors used
In accordance with the applicable data protection regulations, we may disclose your personal data to external processors (Article 28 GDPR) acting on our behalf and providing services in connection with our RX Connected App (e.g. host IT service providers). Data are transmitted based on processing contracts. Our processors may process your personal data only to the extent necessary to perform their specific tasks. They are contractually obliged to process your personal data only on our behalf and pursuant to our instructions.
Any processors domiciled outside the European Union or the European Economic Area are either based in third countries for which an adequacy decision has been issued by the European Commission or an adequate level of protection is ensured by standard data protection clauses issued by the European Commission which we have concluded with the external processor.
Your personal data will be disclosed for the aforementioned purposes to the following third parties as processors:
- DATO SRL, via Botticini 13, Florence, Italy (CMS provider);
- Sentry for bug analysis and fixing;
- Pusher for using push messages;
- Netlify, Inc., 2325 3rd St #215, San Francisco, CA 94107, USA (content delivery network provider).
- Google for sending push messages to Android devices via Firebase.
E. Your rights as a data subject
1. Access
You have the right to request information at any time as to whether we are processing your personal data and if so, to request access to such personal data. To exercise this right, you may contact us at any time using the contact information provided under clause 6.
2. Rectification, erasure, restriction of processing (blocking)
When we process your personal data, we take reasonable steps to ensure that your personal data are accurate and up-to-date for the purposes they were collected for. In the event that your personal data are inaccurate or incomplete, you may request rectification of such data.
You may have the right to request erasure of your personal data or restriction of its processing.
To exercise these rights, you may contact us at any time using the contact information provided under clause 6.
3. Right to data portability
You may have the right to receive from us the personal data concerning you which you have provided us with in a structured, commonly used and machine-readable format or to transmit such data to another controller.
To exercise this right, you may contact us at any time using the contact information provided under clause 6.
4. Right to object
You have the right to object to the processing of your personal data at any time if we process your personal data for the purposes of direct marketing or if we process your personal data to pursue our legitimate interests and if there are reasons arising from your particular situation. To exercise this right, you may contact us at any time using the contact information provided under clause 6 or exercise you right to object as specified in this Privacy Policy.
5. Withdrawal of consent with effect for the future
You may withdraw your consent at any time with effect for the future. Data for billing and accounting purposes will not be affected by a termination / withdrawal or erasure. Your withdrawal does not affect the legality of any previous processing. To exercise this right, you may contact us at any time using the contact information provided under section D or exercise your right to object as specified in this Privacy Policy .
6. Exercising your rights as a data subject
If you have any questions about the processing of your personal data, or would like to request access to information, rectification, or blocking, in case of objection or erasure of data or if you would like to transmit the data to another company, please contact
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
E-mail: [email protected]
7. Our data protection officer
Our company's data protection officer is:
CTM-COM GmbH, Mr. Moritz Görmann
Marienburgstraße 27
64297 Darmstadt, Germany
Phone: +49 (0) 6151/3942-72
E-mail: [email protected]
8. Right to lodge a complaint
You also have the right to lodge a complaint with the competent supervisory authority:
Der Hessische Datenschutzbeauftragte (Data Commissioner for the State of Hesse)
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Phone: +49 (0) 611/1408-0
Fax: +49 (0) 611/1408-900
E-mail: [email protected]
F. Storage duration
Unless this Privacy Policy stipulates specific deadlines, the following applies:
Personal data which we collect in the context of our digital offerings are stored only until the purpose for which they were originally collected has been fulfilled. Where retention periods under commercial and tax law are to be observed, the storage period for certain data may be up to 10 years.
G. Security
We protect the transmission of your personal data with a secure connection, using modern cryptographic standards (TLS, e.g. with AES). TLS (transport layer security) is a security technology that ensures that your personal data are transferred securely online and cannot be viewed by third parties.
As of: 11.11.2024 | 3.2
Privacy Notice for the Facebook fan page https://www.facebook.com/rieseundmueller/ und Instagram page https://www.instagram.com/riesemuller/?hl=de
As you may know, the European Court of Justice ("ECJ") has recently ruled that under data protection law, Facebook and a Facebook page operator are jointly responsible for data processing (ECJ, judgment of 5 June 2018); for further details visit: http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398.
With this Privacy Notice, we therefore inform you - to the extent possible - about the processing of personal data when using our Facebook page https://www.facebook.com/rieseundmueller/ ("Fan Page") and our Instagram page https://www.instagram.com/riesemuller/?hl=de ("Instagram Page"). Both Instagram and Facebook are part of Facebook Inc.
A. Controller, data protection officer
Joint controllers within the meaning of the General Data Protection Regulation ("GDPR") for data processing when operating the Fan Page and Instagram Page, respectively, are:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour Dublin 2
Ireland
E-mail: [email protected]
("Facebook")
and
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
E-mail: [email protected]
("Riese & Müller GmbH" or "we")
B. Contacting the data protection officers
Contact details for the Facebook data protection officers: https://www.facebook.com/help/contact/540977946302970
The contact details of the data protection officer of Riese & Müller GmbH are:
CTM-COM GmbH, Mr. Moritz Görmann
Marienburgstraße 27
64297 Darmstadt, Germany
Phone: +49 (0) 6151/3942-71
E-mail: [email protected]
C. Data processing when using our Fan Page and Instagram Page
1. Users can send us messages via our Fan Page using Facebook Messenger, or can share, comment on or "Like" our posts. We process profile data (in particular the user's name) as well as the respective interaction (e.g. the content of the message or comment) in order to enable us to process user inquiries and answer their requests.
2. As operators of the Fan Page, we use the "Facebook Insights" function provided by Facebook. Facebook Insights provides us with statistical data from Facebook (e.g. total number of page views, information on "Likes", page activity, etc.) Such statistical data is transmitted to us only in anonymized form, i.e. we cannot attribute such data to any particular visitor to our site. We also do not have access to the underlying data of the statistics.
3. Users can send us messages via our Instagram Page via Instagram Direct or our feed, or can share, comment on or "Like" our posts. We process profile data (in particular the user's name) as well as the respective interaction (e.g. the content of the message or comment) in order to enable us to process user inquiries and answer their requests.
4. As operators of the Instagram Page, we use the "Instagram Insights" function provided by Facebook. Instagram Insights provides us with statistical information from Facebook (e.g., total number of page views, user interactions such as postings or Likes, demographic information such as age, location, language or gender, page activity, referrals, etc.). Such statistical data is transmitted to us only in anonymized form, i.e. we cannot attribute such data to any particular visitor to our site. We also do not have access to the underlying data of the statistics.
5. Facebook and we are joint controllers of the processing of Facebook and Instagram Insights data and have concluded an agreement within the meaning of Article 26 GDPR. To view this agreement, go to: https://de-de.facebook.com/legal/terms/page_controller_addendum. For further information on Facebook Insights and Instagram Insights, visit: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.
D. Processing purpose
We maintain our Fan Page and Instagram Page to promote our products and to communicate with you. We also use the data provided by the Facebook Insights and Instagram Insights features. This help us to better understand your interests and to reach our target group. In this way, we are able to place targeted interest-based ads and to provide more relevant content on our fan page. For further information about us and our products visit https://www.r-m.de/de/; for our privacy policy go to: https://www.r-m.de/de/datenschutz/ .
Facebook also uses the data collected by Facebook via our Fan Page or Instagram Page for market research and advertising purposes, i.e., in particular to analyze your behavior in order to create user profiles and to provide personalized advertising (including on behalf of third parties).
You may "opt-out" of this function and have a say as to which advertising will be displayed to you in future as a Facebook or Instagram user:
For Facebook:
https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com/de/praferenzmanagement/. You can adjust further settings here: https://www.facebook.com/help/contact/367438723733209
For Instagram:
E. Legal basis
Personal data is processed on the basis of our legitimate interests pursuant to point (f) of the first sentence of Article 6(1) GDPR in effective communication and interaction with users as well as optimal presentation of our products and services, from which you as a user benefit as well.
You are entitled to object to this type of data processing that is based on our legitimate interests at any time for reasons relating to your particular situation. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
F. Processing of your data by Facebook
With every visit to our Fan Page or Instagram Page, personal data is processed by Facebook. As far as we are aware, Facebook also uses cookies (small text files stored on the various user terminals). These cookies are active for a period of up to two years, unless you delete them earlier. If the user is registered with Facebook or Instagram, Facebook will associate the collected data with the user's personal Facebook or Instagram profile. This enables Facebook to track user behavior (including across different end devices) and create user profiles. Facebook also processes the data to display personalized advertising on the Facebook or Instagram platform or on third-party sites.
We have no influence on this data processing. The purpose and scope of data processing by Facebook as well as the relevant rights and setting options to protect the privacy of users are set forth in Facebook's Privacy Policy at https://de-de.facebook.com/privacy/explanation (Facebook) / https://de-de.facebook.com/help/instagram/519522125107875 (Instagram) as well as Facebook's Cookie Policy at https://de-de.facebook.com/policies/cookies/ or the Instagram Cookie Policy at https://help.instagram.com/1896641480634370. To manage your options to object, visit: https://de-de.facebook.com/settings?tab=ads (Facebook) and https://help.instagram.com/196883487377501/?helpref=hc_fnav&bc[0]=Instagram%20Help&bc[1]=Managing%20Your%20Account (Instagram).
Please note that according to the Privacy Policy of Facebook, both Facebook and Instagram user data may also be transmitted to the United States or to other countries outside the European Economic Area. According to Facebook, in such cases Facebook uses either the standard contractual clauses approved by the European Commission or bases such data transmission on the adequacy decisions issued by the European Commission regarding certain countries.
G. Storage of your personal data
We will store your personal data only for as long as this is necessary to fulfill the purpose for which it was originally collected or - if applicable - longer, if required or justified by law.
H. Your rights
Information requests and the assertion of further rights of data subjects should be made sensibly and most effectively directly to Facebook as the platform provider. This also follows from our agreement with Facebook and from the fact that only Facebook has the direct information and the database from which the statistics provided to us are compiled. You may contact us at any time using the contact details set forth above under A. and B if our support is required.
You have the following rights:
(a) Right of access
You have the right to obtain from us, at any time upon request, information on your personal data processed by us within the scope of Article 15 GDPR. To do so, you may submit a request by post or e-mail to the contact data set forth above under A. and B.
(b) Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. To do so, use the contact data set forth above under A. and B.
(c) Right to erasure
Under the conditions described in Article 17 GDPR, you have the right to ask us to undertake the erasure of personal data concerning you. In particular, these conditions provide for a right of erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, an objection or if personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. To assert your right to erasure, use the contact data set forth above under A. and B.
(d) Right to restriction of processing
You have the right to obtain from us restriction of processing according to Article 18 GDPR. This right exists, in particular, if the accuracy of the personal data is contested between the user and us, for a period required to enable us to verify the accuracy of the personal data; if processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead; furthermore if the personal data are no longer required for the purposes of our processing, but they are required by the user for the establishment, exercise or defense of legal claims; and also, if the successful exercise of an objection is still disputed between us and the user. To assert your right to restrict processing, use the contact data set forth above under A. and B.
(e) Right to data portability
You have the right to receive from us the personal data concerning you which you have provided us with in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. To assert your right to data portability, use the contact data set forth above under A. and B.
(f) Right to object
You have the right to object in accordance with Article 21 GDPR, on grounds relating to your particular situation, at any time to processing of personal data concerning your which is based inter alia on point (e) or (f) of Article 6(1) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
(g) Right to withdraw consent
You have the right to withdraw your consent at any time pursuant to Article 7(3) GDPR with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
(h) Right to lodge a complaint
You furthermore have the right to lodge a complaint with a supervisory authority.
I. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy as our Fan Page or Instagram Page is updated. Please visit this Fan Page or Instagram Page, respectively, regularly and check the respective current Privacy Policy.
This Privacy Policy was last updated on 13 January 2021.
Privacy Notice for YouTube Channelhttps://www.youtube.com/channel/UC7IPIhyMOUzKIDrRv1XpMJA
With this privacy notice we inform you - to the extent possible - about the processing of personal data when using our YouTube Channel https://www.youtube.com/channel/UC7IPIhyMOUzKIDrRv1XpMJA ("YouTube Channel"). The YouTube platform is part of Google LLC.
A. Controller
Controller within the meaning of the General Data Protection Regulation ("GDPR") for data processing when operating the YouTube Channel is:
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal, Germany
Phone: +49 (0) 6151/36686-0
E-mail: [email protected]
(Riese & Müller GmbH" or "we")
B. Contacting the data protection officer
The contact details of the data protection officer of Riese & Müller GmbH are:
CTM-COM GmbH, Mr. Moritz Görmann
Marienburgstraße 27
64297 Darmstadt, Germany
Phone: +49 (0) 6151/3942-71
E-mail: [email protected]
C. Data processing when using our YouTube Channel
1. Users can use our YouTube Channel to share and comment on our videos or to "Like" or "Dislike" them. We process profile data (especially the user's name) as well as the respective interaction (e.g. the content of the comment) in order to enable us to process user inquiries and answer their requests.
2. As operators of the YouTube Channel, we use the "YouTube Analytics" function provided to us by YouTube. YouTube Analytics provides us with statistical data from YouTube (e.g. top videos, reach, types of access sources, playing time, target audience information (age, gender, origin and time of online activity as well as subtitles used), information on "Likes" or "Dislikes"). Such statistical data is transmitted to us only in anonymized form, i.e. we cannot attribute such data to any particular visitor to our site. We also do not have access to the underlying data of the statistics.
3. For further information on Youtube Analytics visit: https://policies.google.com/privacy?hl=de&gl=de.
D. Processing purpose
We maintain our YouTube Channel to promote our products and to communicate with you. To do so, we also use the data provided by YouTube Analytics. This help us to better understand your interests and to reach our target group. In this way, we are able to place targeted interest-based ads and to provide more relevant content on our fan page. For further information about us and our products visit https://www.r-m.de/de/; for our privacy policy go to: https://www.r-m.de/de/datenschutz/ .
YouTube also uses the data collected by YouTube via our YouTube channel for market research and advertising purposes, i.e. in particular to analyze your behavior in order to create user profiles and to provide personalized advertising (including on behalf of third parties).
You may "opt-out" of this function and have a say as to which advertisement will be displayed to you in future as a YouTube user: https://adssettings.google.de/authenticated
E. Legal basis
Personal data is processed on the basis of our legitimate interests pursuant to point (f) of the first sentence of Article 6(1) GDPR in effective communication and interaction with users as well as optimal presentation of our products and services, from which you as a user benefit as well.
You are entitled to object to this type of data processing that is based on our legitimate interests at any time for reasons relating to your particular situation. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
F. Processing of your data by YouTube
With every visit to our YouTube Channel, personal data is processed by YouTube. As far as we are aware, YouTube also uses cookies (small text files stored on the various user terminals). These cookies are active for a period of up to ten years, unless you delete them earlier. If the user is registered with YouTube, YouTube will associate the collected data with the user's personal YouTube profile. This enables YouTube to track user behavior (including across different end devices) and create user profiles. YouTube also processes the data to display personalized advertising on the YouTube platform or on third-party sites.
We have no influence on this data processing. The purpose and scope of data processing by YouTube as well as the relevant rights and setting options to protect the privacy of users are set forth in YouTube's Privacy Policy at https://policies.google.com/privacy?hl=de&gl=de, in YouTube's Cookies Policy at https://policies.google.com/technologies/ads?hl=de and also in the Policy on the use of data by YouTube when you use websites or apps from YouTube partners at https://policies.google.com/technologies/partner-sites?hl=de.
Please note that according to the YouTube Privacy Policy, YouTube user data may also be transmitted to the United States or to other countries outside the European Economic Area.
G. Storage of your personal data
We will store your personal data only for as long as this is necessary to fulfill the purpose for which it was originally collected or – if applicable – longer, if required or justified by law.
H. Your rights
You can send requests for information or assert further data subject rights at any time by using our contact data set forth above under A. and B. You have the following rights:
(a) Right of access
You have the right to obtain from us, at any time upon request, information on your personal data processed by us within the scope of Article 15 GDPR. To do so, you may submit a request by post or e-mail to the contact data set forth above under A. and B.
(b) Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. To do so, use the contact data set forth above under A. and B.
(c) Right to erasure
Under the conditions described in Article 17 GDPR, you have the right to ask us to undertake the erasure of personal data concerning you. In particular, these conditions provide for a right of erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, an objection or if personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. To assert your right to erasure, use the contact data set forth above under A. and B.
(d) Right to restriction of processing
You have the right to obtain from us restriction of processing according to Article 18 GDPR. This right exists, in particular, if the accuracy of the personal data is contested between the user and us, for a period required to enable us to verify the accuracy of the personal data; if processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead; furthermore if the personal data are no longer required for the purposes of our processing, but they are required by the user for the establishment, exercise or defense of legal claims; and also, if the successful exercise of an objection is still disputed between us and the user. To assert your right to restrict processing, use the contact data set forth above under A. and B.
(e) Right to data portability
You have the right to receive from us the personal data concerning you which you have provided us with in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. To assert your right to data portability use the contact data set forth above under A. and B.
(f) Right to object
You have the right to object in accordance with Article 21 GDPR, on grounds relating to your particular situation, at any time to processing of personal data concerning your which is based on point (e) or (f) of Article 6(1) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
(g) Right to withdraw consent
You have the right to withdraw your consent at any time pursuant to Article 7(3) GDPR with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To exercise this right, you may contact us at any time using the contact information provided under A. and B. above.
(h) Right to lodge a complaint
You furthermore have the right to lodge a complaint with a supervisory authority.
I. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy as our YouTube channel is updated. Please visit our YouTube channel regularly and check the respective current Privacy Policy.
This Privacy Policy was last updated on 25 January 2021.
Privacy notice for the Customer Care Communication with customers and prospective customers
1. Responsibilities
1.1 Controller
The controller for the processing of your personal data is:
Riese & Müller GmbH
Am Alten Graben 2
64367 Mühltal
Germany
Phone: +49 6151 36686-0
Fax: +49 6151 366 86-20
Email: [email protected]
1.2 Competent body
- Customer Care
1.3 Contact data for the data protection officer
CTM-COM GmbH
Marienburgstr. 27
64297 Darmstadt
Germany
Phone: 06151-394272
Email: [email protected]
2. Information about the processing of personal data
2.1 Description
With this privacy policy we would like to inform you about the processing of personal data by our customer service.
2.2 Purpose of data processing
We process your personal data, to the extent necessary, for the following purposes:
- Support of existing customers to maintain and improve a continuous contractual relationship
- Conducting external communication to inform the media
- Efficiently answering questions from customers and prospective customers with and without product ownership, including warranty questions
2.3 Legal basis
The legal basis/bases for the processing of your personal data in relation to the purpose(s) of the processing is/are:
- GDPR: Point (b) of Article 6 (1) – Lawfulness of processing (contract)
- GDPR: Article 6(1) point (a) – Lawfulness of processing (consent)
2.4 Legitimate interests
The indication of the "legitimate interests" of the controller or the third party to be pursued with the processing of personal data refers to point (f) of sentence 1 of Article 6 (1) GDPR.
2.5 Storage duration
The storage period contains information about how long we store your personal data and when it will be erased.
- Unless we process your contact details for operational purposes, we only store the data collected for customer service until the purpose is fulfilled. The data will then be erased immediately, unless
- there are statutory retention and documentation obligations for longer storage (e.g. under the German Commercial Code (HGB), German Penal Code (StGB) or German Tax Code (AO)) according to point (c) of sentence 1 of Article 6 (1) GDPR (tax-relevant data 10 years, business letters 6 years).
2.6 Necessity and consequences of non-provision
The provision of personal data by data subjects may be required by law or contract or may be necessary for the conclusion of a contract. There may also be an obligation to provide personal data.
- You are not obliged to provide your personal data.
If personal data is not provided, this non-provision could result in the following consequences:
- If you do not provide your personal data, we will not be able to process it for the purposes listed above.
2.7 Automated decision-making and profiling
The data subject has the right not to be subjected to a decision based solely on automated processing – including profiling – that will have a legally binding effect on them or a significant adverse effect on them in a similar manner.
2.8 Data recipients
2.8.1 Recipients of personal data outside the company/authority
The term "recipient" is defined in Article 4 No. 9 GDPR as "a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not."
- Processor (Intercom)
- Specialist dealer, if necessary to resolve the issue
- Insurer(s)
- Public authorities, e.g. police
2.8.2 Intention of transfer to a third country or international organization
In certain processes, it may be necessary to transfer personal data to a third country (USA) or an international organisation. No special authorisation is then required for the data transfer. The EU has issued such an adequacy decision for data transfers to the USA.
2.8.3 EU Commission adequacy decision
The European Commission has adopted its adequacy decision for the EU-US Data Privacy Framework. It stipulates that the United States ensures an adequate level of protection - compared to that of the EU - for personal data transferred from the EU to US companies participating in the EU-US Data Privacy Framework.
2.8.4 Guarantees and receipt of guarantees
A transfer of personal data to an international organization may take place if there are sufficient guarantees that the international organization in question offers an adequate level of protection. The EU-US Data Privacy Framework introduced new binding safeguards
3. Data subject rights
3.1 Right to withdraw consent
The data subject has the right to withdraw his or her consent to the processing of their personal data at any time.
3.2 Right to be informed
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed; where this is the case, they shall have the right to be informed about such personal data.
- You have the right to be informed about the personal data we process about you. If you do not make a request for information in writing, we ask for your understanding that we may then require you to provide evidence that you are the person you claim to be. In addition, you have the following additional rights, which you can exercise against us and/or our service providers:
You are welcome to contact us using the contact options mentioned above to exercise your rights as a data subject.
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.,
- Right to withdraw any consent you have given us regarding data protection. The withdrawal can be made at any time via the contact options mentioned above. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
3.3 Right to rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data relating to them.
3.4 Right to erasure
The data subject has the right to obtain from the controller the erasure of personal data relating to them without undue delay and the controller is obliged to erase personal data without undue delay.
3.5 Right to restriction of processing
The data subject has the right to obtain from the controller restriction of processing.
3.6 Right to object to processing
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR.
3.7 Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data was provided.
3.8 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the subject considers that the processing of personal data relating to you infringes the GDPR. Such a complaint may be addressed to the following supervisory authority(ies):
- You also have the right to lodge a complaint with a supervisory authority if you believe or suspect that the processing of personal data relating to you infringes data protection regulations.
Contact details of the competent supervisory authority for our company:
The Hessian Commissioner for Data Protection and Freedom of Information
Email: [email protected]
4. Addendum on the use of AI functions in the context of customer care communication
What is Intercom AI
Intercom is a powerful customer service and support platform. Its integrated use of AI chatbots enables the support team to make better use of their time and provide better customer support. The platform offers numerous benefits, including greater efficiency, better customer experience and flexibility.
Why do we use AI on our website?
We use AI on our website to provide better and more efficient answers to questions from current and prospective customers who do or do not own our products. We offer a simple contact option on our website via our chatbot (chat function) to support visitors to our website in case of content-related questions and customer support.
What is a chatbot?
A chatbot is able to independently respond to user requests and input without requiring human support. Our chatbot uses artificial intelligence to analyze the requests and generate suitable answers. The chatbots are provided with all information on various topics, originating exclusively from predefined support content and non-personal user data.
Please note that it is not possible to guarantee the accuracy of the answers guaranteed in all cases where AI is used.
Processor:
We use a processor to provide the AI chatbot. This service is provided by Intercom R&D Unlimited Company, with registered office at Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (“Intercom”). Intercom's parent company, US company Intercom, Inc, has certified its participation in the EU-US Data Privacy Framework (DPF). We have concluded a “Regional Data Hosting Addendum” with Intercom to ensure that the personal data processed in Intercom are stored in a data center within the EU. Requests are processed in the USA as part of the AI chatbot function. Additional data privacy information at Intercom is available at: https://www.intercom.com/legal/privacy
Cookies
Cookies are set when the chat function is activated. Cookies are simple files that store information about our website and how you use it. These small files are optionally created automatically by your browser when you visit our website and are stored locally on your respective terminal device. This does not mean that we have obtained any direct information about your identity in this way. We use cookies to make visiting our website more enjoyable for you.
Further information on the cookies used, in particular purpose and storage period, is available at: https://www.r-m.de/en-no/privacy-policy/
What data are processed by AI?
Additional personal data are processed when you use the AI chatbot function on our website. The categories of processed data include, for example, technical server access connection data (IP address, date, time, requested page, browser information), information about your request as well as all information you enter in the chat function, including contact details such as your name or email address.
How long and where will the data be stored?
The data processed by the chatbot's AI function will not be stored. If we process your request outside the AI chatbot, the data will be deleted once they are no longer required to meet contractual or statutory obligations, unless storage is required due to statutory retention periods (e.g. to meet the ten year retention periods under commercial and tax law).
Legal basis for processing personal data
The legal basis for processing is your consent under Article 6(1) point (a) of GDPR.
This Privacy Policy was last updated on 30.08.2024.