Refratechnik Holding
Privacy statement.

Data protection: Your rights – our commitment
You can rely on us for the protection and safety o your personal data: For Refratechnik Holding GmbH, protection of your privacy and your rights when processing personal data is an important issue that we observe in all our business transactions.
Therefore, we inform you here about the basic rules governing the way we handle personal data.

How we use your data‎
When you visit our website, Refratechnik Holding GmbH collects, processes, and uses the data provided by you exclusively in accordance with the privacy regulations for the protection of personal data.
We only use these personal data for the purposes listed in this privacy statement (e.g. to process inquiries or possibly to deal with insurance agreements). When collecting personal data by means of forms, you will be informed about the purpose of data collection and other circumstances in accordance with Article 13 GDPR. Any use of such data for other purposes is excluded.

Note regarding the responsible body
The responsible party for data processing on our website is:

Refratechnik Holding GmbH
Georg-Muche-Str. 4
80807 Munich
Germany
Phone +49 89 96107 200
holding at refra.com

Data protection officer
For further information you are welcome to contact our Data Protection Officer at any time:

HBSN GmbH
Schloßbergstraße 28
38315 Hornburg
Germany
Phone +49 5334 9488467
datenschutz@hbsn-gruppe.de

Privacy protection of persons under 16 years of age in the Internet
Refratechnik Holding GmbH does not knowingly collect information from minors (under 16 years) or use it in any way. As a rule, we are not aware of the age of visitors to our website. However, we have not taken any specific steps to protect such data in a particular manner. This website is not intended for persons under the age of 16.

Information that we collect
You can use practically the entire contents of this website without having to provide personal data. Only a few of the offers and services on our website pages require that you provide us with personal data for their use.

Data protection
In accordance with Art. 32 GDPR, we take all suitable technical and organizational measures to ensure an adequate level of protection appropriate for the risk. In particular, this includes measures to ensure the confidentiality, integrity, and availability of your data.

Availability of the website
As soon as you visit our website, the website operator (service provider) automatically collects, stores, and evaluates certain technical data (browser type, browser version, operating system, referrer URL, host name, time of access, IP address). However, these data cannot be assigned to a specific person – the individual user remains anonymous. These data will not be combined with data from other sources. According to Article 6 (1) (f) of the GDPR, this constitutes a justified interest for the purpose of technically correct representation and optimization of the website. Data is only stored for as long as required for the specified purpose.

Contact form and e-mail contact
There is a contact form on our website that you can use for your question to us. In order to answer your questions, we need your e-mail address as well as the text describing your request.
Any other data is provided voluntarily. Alternatively, it is possible to contact us via our own e-mail address. The data provided by you will be processed by us to answer your question. Legal basis for data processing is Article 6 (1) (a) of the GDPR. The purpose of data processing is to answer your question. All stored data will be deleted as soon as the purpose for processing has been fulfilled, and no further legal or contractual reasons for further storage exist Usually, the data provided by you will be stored for 9 months, provided that no additional reason for processing (e.g. order, offer) results from your question.

Inclusion of third-party services and content
It is possible that third-party contents such as e.g. videos from YouTube, material from Google Maps, RSS feeds or graphics from other websites are included within the scope of this online offer. This always assumes that the suppliers of such contents (called “third supplier” hereinafter) will note the userʻs IP address, because without the IP address they will not be able to transmit the contents to the respective userʻs browser. Consequently, the IP address is necessary for displaying such content. We attempt to use such content only from third suppliers who only use the IP address to transfer their content. However, we have no means of knowing whether a third supplier stores the IP address, e.g. for statistical purposes. Insofar as we know this, we will inform the users accordingly.

YouTube
Our website uses plug-ins from YouTube, which is operated by Google. The pages are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our website pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Hereby, the YouTube server is informed about which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

This connection is made purely on the basis of your consent in accordance with Article 6 (1) (a) of the GDPR.

Further information about handling user data is provided in YouTubeʻs privacy statement under:
https://www.google.de/intl/de/policies/privacy.

This connection is made purely on the basis of your consent in accordance with Article 6 (1) (a) of the GDPR.

Further information about handling user data is provided in YouTubeʻs privacy statement under:
https://www.google.de/intl/de/policies/privacy.

Facebook
Refratechnik Holding GmbH has not installed any Facebook components (plug-ins) on this website. Facebook is a social network that is linked via a corresponding button. By clicking on the corresponding button(s), you will exit from the Refratechnik Holding GmbH website and enter the Facebook website. The button(s) is/are marked with the Facebook logo and/or the word „Facebook“.

If you are logged into your Facebook account, Facebook can assign your visit to your account. If you press the respective button, your browser will transmit the corresponding information directly to Facebook, where it is stored.

For information on purpose and amount of the data collected by Facebook, how it is processed, and what your corresponding rights and setting options are to protect your privacy, please see Facebookʻs privacy statement under https://www.facebook.com/about/privacy/update.

Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Instagram
Refratechnik Holding GmbH has not installed any Instagram components (plug-ins) on this website. Instagram is a social network service that enables users to exchange photos and videos, as well as passing on such data to other social networks. The service is linked via a corresponding button.

By clicking on the corresponding button(s), you will exit from the Refratechnik Holding GmbH website and enter the Instagram website. The button(s) is/are marked with the Instagram logo and/or the word „Instagram“.

If you are logged into your Instagram account, Instagram can assign your visit to your account. If you press the respective button, your browser will transmit the corresponding information directly to Instagram, where it is stored.

For information on purpose and amount of the data collected by Instagram, how it is processed, and what your corresponding rights and setting options are to protect your privacy, please see Instagramʻs privacy statement under https://www.Instagram.com/about/privacy.
Instagram is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

LinkedIn and SlideShare
We maintain online presences on LinkedIn and SlideShare, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The purpose of this is to present the company, communicate with interested parties, and publish technical content.

When you visit our profile, LinkedIn processes personal data at their own responsibility. In particular, this includes user data, interaction data, device data, and IP addresses. Collected data can also be processed in third countries, in particular the USA. LinkedIn supports this data transfer based on standard contractual clauses according to Art. 46 GDPR.

Insofar as we receive personal data via our profile, e.g. via messages or interactions, we will process these data in order to answer your questions and for maintaining our business contacts. The legal basis is Art. 6 (1) (b) GDPR; our legitimate interest lies in contemporary public relations work and communication. If the purpose of establishing a contact is for entering a contract, processing is also carried out on the basis of Art. 6 (1) (b) GDPR.

Further information about data processing is provided in the privacy policy of LinkedIn.
 
WeChat
We use WeChat as a communication channel, operated by Tencent International Service Europe B.V., Amsterdam, The Netherlands. It serves for direct communication with users and business partners.

During the use of WeChat, personal data, communication contents, usage data, Meta data, and IP addresses are processed. Transfer of personal data to third countries, especially to the People’s Republic of China, cannot be excluded. Tencent processes the data at their own responsibility; we have no influence on nature, quantity, and duration of such processing.

Communication data received by us is processed in accordance with Art. 6 (1) (b) GDPR. Our legitimate interest lies in efficient and user-oriented communication. If communication is required for entering or concluding a contract, the legal basis is Art. 6 (1) (b) GDPR.

We point out that when using WeChat, it is possible that an increased risk regarding the data protection level might exist.
 
Beacons
We provide a link to the external platform Beacons.ai (Link-in-Bio/Creator-Platform), operated by Beacons AI Inc., 2261 Market St #4319, San Francisco, CA 94114, USA. The link provides supplementary external contents and an external landing page.

Clicking on the link establishes a direct connection between your terminal device and the servers of Beacons.ai. Hereby, Beacons.ai processes personal data such as IP address, device and browser information, network and connection data, referrer URL, usage data (e.g. visited pages, interactions), unique identifiers as well as general location information. For this purpose, Beacons.ai can install cookies as well as comparable technologies.

Data processing is done exclusively at the responsibility of Beacons.ai. We have no influence on the purpose, quantity, or storage period of local processing, and we are neither jointly responsible nor processors as defined by the GDPR.

The transfer of personal data to third countries, especially to the USA, is possible. At present, the USA do not have a data protection level comparable with that of the EU; according to Beacons.ai, data transfer is done on the basis of suitable guarantees such as standard contractual clauses, but a residual risk cannot be excluded.

Legal basis for linking is Art. 6 (1) (b) GDPR; our legitimate interest lies in the user-compatible presentation of additional external information. If a link is required for entering or concluding a contract, processing is carried out on the basis of Art. 6 (1) (b) GDPR.

Further information on data processing and the technologies used, as well as your rights as a data subject, are provided in the privacy policy of Beacons.ai.

Your rights regarding processing of your data
Right of access
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If that is the case, the data subject has the right for access to the personal data and the information as detailed in Article 15 GDPR.

Right of rectification
The data subject has the right to demand from the controller the rectification of inaccurate personal data concerning him or her without undue delay. He/she also has the right to have incomplete personal data completed (Article 16 GDPR).

Right to erasure
The data subject has the right to demand from the controller the erasure of personal data concerning him or her, and the controller is obliged to erase personal data without undue delay where one of the grounds listed in Article 17 GDPR applies or the data are no longer required for the respective purpose (right to be forgotten).

Right to restriction of processing
The data subject has the right to demand from the controller the restriction of processing where one of the conditions listed in Article 18 GDPR applies, e.g. if the data subject has objected to his/her data being processed during the period required by the controller to check the facts.

Notification obligation
The data subject has the right to be informed by the controller about the recipients of personal data. The controller will inform every recipient to whom the personal data have been disclosed about rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18, unless this proves impossible or involves disproportionate effort (Article 19 GDPR).

Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right, if technically feasible, to have those data transferred to another controller (Article 20 GDPR).

Right to object
The data subject has the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him or her. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims (Article 21 GDPR).

Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that processing of personal data relating to him or her infringes this Regulation (Article 77 GDPR). The data subject can lodge this complaint with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. In Bavaria, the supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach

Rights of data subjects
According to Art. 15 to 20 GDPR, you have the right to access, rectify, delete, and restrict data processing and data portability at any time. In addition, you have the right to object to the processing of personal data or to withdraw consent that has been given. Moreover, you have the right to lodge a complaint with a data protection authority.