Privacy statement

Stand 23.10.2018

1. Privacy at a glance

General information

Our company places the greatest value on the protection of your personal data. Our processing of this data occurs in strict adherence to privacy regulations, including the European General Data Protection Regulations (GDPR), the German Federal Data Protection Act (FDPA) and other legislation. The GDPR obligates us to provide you with the following information on the processing of your data.

Data collection on our website

Who is responsible for data collection on this website?
Data collection on this website is carried out by the website owner.
You can find their contact data in the imprint of this website.

How do we collect your data?

Some of your data are collected when you share it with us, e.g. via e-mail or as part of order processing.
Other data are automatically collected by our IT systems when you visit our website. This includes technical data in particular (e.g. your Internet browser, operating system and the time you called up the website). These data are collected automatically as soon as you access our website.

What do we use your data for?

When you contact us with a request:
You can contact us with a request at any time. You can do this by telephone, letter, e-mail, fax or in person. When you transfer data in doing so, the following applies for this data:
Personal data: Information you freely share with us
Purpose of processing: Handling your request
Legal basis: Section 6 Paragraph 1 Letter a of the GDPR
Recipient of the data:
– Company management and internal specialist departments
– Entities to which we forward the data at your request
Storage duration:
The data are archived following the completion of processing. The data in the archive are deleted after 10 years.
Business partners (customers, suppliers, service providers etc.):
Most of our service providers name one of their employees as a contact to Rettenmeier Mühle. The contact data of this contact are processed by us as follows:
Personal data:
– Name
– Company, company address
– Position, function
– Telephone number, fax number
– E-mail address
Purpose of processing: Consultation on ordered services/deliveries
Legal basis: Section 6 Paragraph 1 Letter f of the GDPR
Origin of the data:
– Provision to the contact by yourself
– Provision by another entity of the service provider/supplier
Recipient of the data:
– Company management and internal specialist departments

Storage duration:

The data are archived following fulfilment of the order. The data in the archive are deleted after 10 years. There is no obligation to pass on these data. Processing also is not absolutely necessary for the service/supply. The expenditure required for consultation would be disproportionately high without set contacts, however. The risk of misunderstanding would also be very high. For this reason, there is a justified interest in this processing.

Applicants

We welcome you to send us your application by e-mail.
When you apply with us, we process the following of your data:
Personal data: Data you send with the application
Purpose of processing: Employment decision
Legal basis:
– Section 88 of the GDPR in conjunction with Section 26 of the FDPA
– Section 6 Paragraph 1 Letter a of the GDPR (consent to the longer-term storage of documents)
Recipient of the data:
– Company management and internal specialist departments
Storage duration:
– Should employment occur: 10 years following the end of your employment with us
– Should employment not occur: 6 month following the negative decision
Processing of the data is necessary for considering employment. An employment contract is not possible without the provision of these data.

We always follow the principle of data economy and minimisation. Only those data required for moving forward with our business relationship are processed. The data are neither used for other purposes nor made accessible to others for their purposes.
Data which we no longer require and for which there is no legal or commercial requirements for storage will be destroyed by us in compliance with privacy laws.

What rights do you have with regard to your data?

With regard to this processing of your personal data, you have the following rights:
– Information on the data saved about your person (Section 15 of the GDPR)
– Correction of incorrect data (Section 16 of the GDPR)
– Deletion, if allowed by law (Section 17 of the GDPR)
– Limitation of processing (Section 18 of the GDPR)
– Reception of your data in a structured, conventional and machine-readable format (Section 20 of the GDPR)
– Objection to processing (Section 21 of the GDPR)
– Complaint to a supervisory authority (Section 77 of the GDPR)
Should processing be based on your consent, you have the right to withdraw consent at any time with effect for the future.

Analysis tools and tools of third-party providers

Only one so-called “session cookie” is set. This is required for technical reasons and is deleted again automatically by your browser when you leave our website. No other cookies are used.
Purpose of processing:
Operation of the website, evaluation of errors
Legal basis:
Section 6 Paragraph 1 Letter f of the GDPR
Recipient of the data: none
Storage duration: 3 months

2. General information and compulsory information

Privacy concept

We take the protection of your personal data very seriously. We treat your personal data in a confidential manner and in accordance with the statutory privacy regulations and this privacy statement.
Your personal data are saved and used solely for the purpose of communication and business with you. We follow the principle of data economy and minimisation here. The data are neither used for other purposes nor made accessible to others for their purposes.
Within the scope of our technical and organisational measures, your data is protected from outside and unauthorised access. We take suitable technical and organisational security measures to protect your data against random or deliberate manipulation, partial or complete loss, destruction and unauthorised access by third parties. Our security measures are continually being improved in accordance with the latest technological developments.
We would like to point out that data transmission on the Internet (e.g. communication via e-mail) can exhibit gaps in security. Seamless protection of data against access by third parties is not possible.

Note to the responsible entity

The entity responsible for data processing on the website is:
Rettenmeier GmbH art mill, Manfred-Volz-Straße 7, D- 72160 Horb a. N, Germany
Tel. +49 (0) 7451 5502 0, Fax +49 (0) 7451 5502 29, E-mail: info(at)rettenmeiermuehle.de
Michael Gutting, Claudia Rettenmeier, Markus Rettenmeier (company management)

SSL or TLS encryption

For security purposes and to protect transmissions of confidential content such as orders and enquiries which you send to us, the website owner, this website uses SSL or TLS encryption. Encrypted connections can be identified by the address line of the browser changing from “http://” to “https://” and the lock symbol on the browser line.
When SSL or TSL encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking and deletion

Within the scope of the applicable legal regulations, you have the right to information, free of charge, on the personal data about you which we have saved, its origin and recipients and the purpose of data processing and, if applicable, the right to correction, blocking and deletion of these data within a reasonable period of time. Please feel free to contact us at the address specified in the imprint at any time in this regard and for any other questions on personal data you may have.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation for the purpose of transmitting advertising and informational materials not expressly requested is hereby contradicted. The owners of the websites expressly reserve the right to take legal action in the case of unsolicited sending of advertising information, such as through the use of spam e-mails.

3. Privacy officer

Legally prescribed privacy officer
We have appointed a privacy officer for our company.
Anja Twietmeyer
bds(at)saalemuehle.de

4. Data collection on our website

Cookies

Server log files

The provider of the websites automatically collects and saves information in so-called server log files sent to us by your browser automatically. This includes:
Browser type and version
Operating system used
Referring URL
Host name of the accessing computer
Time of the server request
IP address
These data are not merged with other data sources.

The basis for data processing is Section 6 Paragraph 1 Letter b of the GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Contact form

Should you send us requests using the contact form, your information – including the contact data specified by you there – from the request form is saved by us for the purpose of processing your request and in case of follow-up questions. We do not pass on these data without your consent.
You can withdraw this consent at any time. Informal communication sent to us by e-mail is sufficient. The legality of data processing procedures up to the point of withdrawal remains unaffected by the withdrawal.

5. Plug-ins and tools

Google Maps

This website uses the Google Maps service over an API. This is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To utilise the functions of Google Maps, your IP address must be saved. This information is generally transferred to a server by Google in the USA and saved there. The provider of this website has no influence on this data transfer.
The Google Maps service is used in the interest of an attractive presentation of our online offerings and the easy findability of the locations specified by us on the website. This represents a justified interest as per Section 6 Paragraph 1 Letter f of the GDPR.

6. Visiting our location

Our facility grounds and locations which are especially sensitive with regard to product security are monitored by video. No other working areas are monitored. Non-personnel are only recorded if they enter monitored areas. The Rettenmeier GmbH art mill has a justified interest (GDPR Section 6 Paragraph 1 Letter f) in exercising its domiciliary right and resisting negative influences on product security. Video monitoring is a necessary means for monitoring sensitive areas.

7. Social Media

Instagram Feed:

We use an Instagram feed plugin from the company Smash Balloon (LLC, P.O. Box 126 Long Lake, MN 55356, USA) to display social media content on our website. As a result, our website makes requests to Instagram’s servers to obtain the data to populate the feeds and display images and videos. These requests make your IP address visible to Instagram, which may use it in accordance with its privacy policy: https://help.instagram.com/519522125107875

8. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data). This data may be used for customized advertising with the assistance of Google Signal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Google Analytics E-Commerce-Tracking

This website uses the “E-Commerce Tracking” function of Google Analytics. With the assistance of E-Commerce Tracking, the website operator is in a position to analyze the purchasing patterns of website visitors with the aim of improving the operator’s online marketing campaigns. In this context, information, such as the orders placed, the average order values, shipping costs and the time from viewing the product to making the purchasing decision are tracked. These data may be consolidated by Google under a transaction ID, which is allocated to the respective user or the user’s device.

Google Ads

The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Moreover, it is possible to link the advertising target groups generated with Google Ads Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).

If you have a Google account, you have the option to object to personalized advertising under the following link: https://adssettings.google.com/anonymous?hl=de.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at: https://policies.google.com/technologies/ads?hl=en.

Formation of Target Groups with Customer Reconciliation

For the formation of target groups, we use, among other things, the Google Ads Remarketing customer reconciliation feature. To achieve this, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google accounts, matching advertising messages within the Google network (e.g., YouTube, Gmail or in a search engine) are displayed for them to view.

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en

Meta Pixel (formerly Facebook Pixel)

To measure conversion rates, this website uses the visitor activity pixel of Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta’s statement the collected data will be transferred to the USA and other third-party countries too.

This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Meta ad. This makes it possible to analyze the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Meta archives the information and processes it, so that it is possible to make a connection to the respective user profile on Facebook or Instagram and Meta is in a position to use the data for its own promotional purposes in compliance with the Meta Data Usage Policy (https://www.facebook.com/about/privacy/). This enables Meta to display ads on Facebook or Instagram and other advertising channels. We as the operator of this website have no control over the use of such data.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Within the meta pixel, we are using the expanded alignment function.

The expanded alignment allows us to transfer to Meta different types of data (e.g., place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects we collect through our website. Herewith, we can tailor the offers presented in our advertising campaigns on Facebook and Instagram to individuals interested in what we offer even more precisely. Moreover, this expanded alignment optimizes the allocation of website conversions and expands custom audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta. The processing by Meta that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us have been jointly set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the privacy-secure implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Meta’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.

If you do not have a Facebook or Instagram account, you can deactivate any user-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Meta Conversion API

We have integrated the Meta Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, based on the information provided by Meta, the recorded data is also transmitted to the United States and other Non-EU and Non-EEZ countries.

Meta Conversion API enables us to record the interactions of our website visitors with our website and to share this information with Meta to improve the promotional performance with Facebook and Instagram.

To do this, in particular the time you accessed the site, the website you accessed, your IP address and your user agent, as well as, if applicable, other specific data (e.g., purchased products, value of the shopping cart and currency) are tracked. For a complete overview of the tracked data, please visit: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service occurs on the basis of your consent pursuant to Art. 6 Sect. 1 lit. a GDPR and § 25 Sect. 1 TDDDG. You may revoke your consent at any time.

If personal data is collected on our website with the assistance of the tool described herein and if it is shared with Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland shall be jointly responsible for the processing of your data, i.e., we are the data controllers (Art. 26 GDPR). This shared responsibility is limited exclusively to the recording of your data and its sharing with Meta. The processing that occurs after the data has been shared with Meta is not part of this shared responsibility. The obligations we share responsibility for have been documented in an agreement on joint processing. The concrete wording of this agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of the data protection information when using the Meta tool and for the data protection law compliant secure implementation of the tool on our website. Meta is liable for the data security of Meta products. You may request information on your rights as a data subject (e.g., request for information) related to the data processed by Facebook or Instagram directly from Meta. If you claim any data subject rights with us, we are required to forward your request to Meta.

The transfer of data to the United States is based on the standard contract clauses of the EU commission. For details please visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Meta’s data privacy policy, you will find additional information pertaining to the protection of your privacy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function ‘Custom Audiences’ in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account with Facebook or Instagram, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Whenever you visit or use our website and apps, utilize our portfolio (e.g., participation in sweepstakes), transfer data to us or interact with the Facebook or Instagram content of our company, we record related personal data. In the event that you have given us your consent to the use of Meta Custom Audiences, we will share these data with Meta to put Meta in a position to send you compatible ads. These data may also be used to defined target audiences (Lookalike Audiences).

Meta processes these data as our contract processor. For details, please consult the user agreement of Meta: https://www.facebook.com/legal/terms/customaudience.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

The transfer of date to the USA is based on the standard contract clauses of the EU Commission. For details please see: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.