Data Protection

Data protection and information security are central components of our corporate policy. The protection of your privacy when processing personal data and the security of all business data is an important concern for us, which we take into account in our business processes. We process personal data confidentially and only in accordance with the statutory provisions. Which data is processed in detail and how it is used depends largely on the delivery or services you have requested or agreed with you. With this data protection declaration we inform you about the data protection regulations and the claims and rights to which you are entitled.

Richter lighting technologies GmbH
Im Morgen 1, 73540 Heubach, Germany
Tel: 07173 / 71440 – 0
E-Mail: info@richter-lt.de
CEO: Bernd Richter

You can reach our company data protection officer at the above postal address with the keyword “PERSONAL to the data protection officer Mr. Torsten Schmid” or by email at datenschutz@richter-lt.de.

We process personal and company-related data that we receive from you as part of our business relationship or its initiation. In addition, we process – to the extent necessary for the provision of our services – personal data that we receive from third parties or credit or financial service institutions, permissibly (e.g. to execute orders, to fulfill contracts, on the basis of legitimate interests or on the basis of a consent given by you). In addition, we process personal data that we have legitimately obtained and are allowed to process from publicly accessible sources (e.g. debtor registers, commercial registers, press, media, etc.).

We process your data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes::

To fulfill contractual obligations or pre-contractual measures (Art. 6 Para.1 (b) GDPR):

The processing of personal data takes place in the context of the initiation or fulfillment of our contracts with you or for the execution of your orders. This can also include the transfer of your data to assembly or electrical companies.

Due to our legitimate interest (Art. 6 Para.1 [f] GDPR):

As far as necessary and legally permissible, we process your data beyond our own fulfillment to protect our legitimate interests or those of third parties. Examples for this are::

• Examination and optimization of processes for needs analysis and direct customer contact
• Market and opinion research, unless you have objected to the use of your data
• Assertion of legal claims and defense in legal disputes
• Provision of internally operated IT solutions and services (NextCloud and OpenProject platform)
• Ensuring IT security and secure IT operations
• Measures for business management and further development of services, services and products
• To determine creditworthiness and default risks at credit and financial service institutions
• Measures for building and system security
• Video surveillance in connection with the protection of domiciliary rights

Based on your consent (Art. 6 Para.1 (a) GDPR):

If you give us your express consent to the processing of personal data for specific purposes (e.g. use of our guest WLAN, data transfer to third parties, for advertising or for other marketing purposes), this forms the legal base for the processing of your personal data. You can revoke your consent in whole or in part at any time with effect for the future.
Due to legal obligations or due to public interest (Art. 6 Para.1 [c, f] GDPR):

As a company, we are subject to various legal (e.g. tax) obligations. In order to fulfill these obligations, it may be necessary to process personal data (primarily contract and billing data).

We may process the following categories of personal data for the aforementioned purposes:

• Contact information (names, addresses, contact details such as telephone, fax, mobile numbers and e-mail addresses as well as addresses of communication services)
• Information whose processing is required as part of a project or the establishment and execution of a contract (contract data)
• Sales and payment data, bank details and account information
• Information collected from public sources, information databases or credit bureaus
• Tax-relevant data (as part of customs processing)
• Login and authentication data
• Log data as part of the use of the IT services provided by us
• Video or image capture

Purposes of processing

We use the open source tool Matomo on this website for cross-page analysis of the user behavior of our website visitors. This enables us, for example, to recognize when which page views were made, from which website you may have come to our website (so-called referrer), which IP address was used (this is automatically anonymized by us), which browser and which operating system you use and from which region a page view is made. With the help of this information, we are able to better tailor our content to the needs of our users.

In order to guarantee the protection of the privacy of our website visitors, we do not use cookies. Instead, to identify visitors, we use each visitor’s config_id – a randomized, privacy-friendly, time-limited hash of a limited set of settings and attributes of the accessing user device. The config_id or config hash is a string calculated for a visitor based on their operating system, browser, browser plugins, IP address and browser language.

This analysis tool is used on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR (anonymized analysis of user behavior and optimization of our website).

The data collected in this way is processed and stored exclusively on our own servers. It will not be merged with other data or passed on to third parties. In addition, no data is stored on your end device (cf. § 25 TTDSG).

Of course you have the option to object to the collection of your data at any time. For this please

Purposes of processing

We use the “HubSpot” service to provide contact forms, for contact management (CRM) and e-mail marketing, and to record and analyze the user behavior of website visitors who use our campaigns or contact forms. This service is provided by HubSpot, a company based in the USA, 25 First Street, 2nd Floor, Cambridge, MA 02141. HubSpot has an office within the EU (HubSpot, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland).

If you use one of our contact forms, your details and information about interaction with our website will be recorded and transmitted to the service provider HubSpot. We use this data for the purpose of establishing contact and analyzing website usage. Data on website use is only processed on a personal basis if you use one of our contact forms or request the download of information material.

Legal basis for processing

Your data will be processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR. Of course you have the right to revoke your consent at any time in whole or in part without giving reasons. Simply send an email to datenschutz@richter-lt.de

The transfer of data to our processor HubSpot is legitimized by a contract for order processing (Data Processing Agreement) in accordance with Art. 28 Para. 3 DSGVO.

As part of the processing of personal data by HubSpot, it may be necessary for data to be processed on HubSpot USA servers located outside the European Union and the European Economic Area. The USA is considered a so-called “third country”, which does not offer an adequate level of data protection. When data is transferred to the USA, there is therefore a fundamental risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to any legal remedies.

The permissibility of the transfer of data to the USA is based on the standard contractual clauses of the EU Commission, which we have concluded with HubSpot USA.

Further information on HubSpot’s data protection regulations is available at https://legal.hubspot.com/privacy-policy and at https://legal.hubspot.com/security.

Affected groups of people

Website visitors

Processed Data

In addition to the information that you send us in your messages via our contact forms, the following data, some of which is personal, can be collected and processed: Approximate geographic position, browser type and version, operating system and version used, device ID, device class and, if applicable, model viewed Websites and click behavior, length of visit, access times, referrer URL, IP address.

Duration of storage

The storage period depends on the type of your request. If your data is no longer required after the specific processing purpose has been achieved or you revoke your consent to the processing of your data, it will be deleted immediately.

Within Richter lighting technologies GmbH, those departments that need your data to fulfill our contractual and legal obligations will have access to it.

Furthermore, it may be necessary to pass on data to external service providers. These service providers primarily include companies in the categories of IT services, IT security, marketing, market research, processing of payment transactions, provision of products and services, and shipping logistics. External service providers are carefully selected and regularly checked by us. If there is an order processing relationship, the service providers concerned are contractually obliged in accordance with Article 28 GDPR and bound by our instructions. In addition, we may be obliged to transmit your personal data to other recipients (public bodies), such as tax authorities to fulfill legal notification obligations or customs authorities for the purpose of preparing export declarations or for comparison with sanctions lists. Other data recipients may be those bodies for which you have given us your consent to data transmission.

If necessary, personal data will be transmitted to companies affiliated with Richter lighting technologies GmbH, insofar as this is necessary to fulfill the aforementioned purposes.

Countries outside the European Union (and the European Economic Area (“EEA”) handle the protection of personal data differently than countries within the European Union. In the event that data is passed on to third countries, we have taken appropriate measures to ensure that your data is processed in the third countries just as securely as within the European Union. With service providers in third countries, we establish standard data protection clauses provided by the Commission of the European Union. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

In principle, we store your personal data for the duration of the contractual relationship. We store billing-relevant data for as long as it is necessary to fulfill our legal and contractual obligations (including the fulfillment of commercial and tax retention obligations such as retention periods from the German Commercial Code (HGB) or the Fiscal Code (AO)).

If it is no longer necessary to store the data for the fulfillment of contractual or legal obligations, your data will be deleted unless their further processing is necessary for the following purposes: Preservation of evidence within the framework of the statutory statute of limitations. According to the statute of limitations of the German Civil Code (BGB), these statutes of limitation can be up to 30 years in some cases, the regular statute of limitations is 3 years. We process data that is collected and processed on the basis of your consent until you revoke it.

In addition, we also use your data for a reasonable time after completing orders to inform you about our products and services. This is based on Art. 6 Para.1 [f] GDPR. After this time, your data will be deleted or only processed further in an anonymous form (e.g. for analytical purposes).

You have the following rights towards us with regard to your personal data:
The right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to data portability under Article 20 DSGVO and the right to object according to Art. 21 DSGVO. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. To exercise your rights, you can contact the responsible body or the data protection officer using the contact details given above.

In addition, there is a right of appeal to the competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG):
The state commissioner for data protection and freedom of information in Baden-Württemberg
Address: Lautenschlagerstr. 20, 70173 Stuttgart, Germany, postal address: Postfach 10 29 32, 70025 Stuttgart, Germany
Tel.: +49 711/615541-0, Fax: +49 711/615541-15, e-mail: poststelle@lfdi.bwl.de

As a data subject, you are free to submit your complaint to the supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement.

You can revoke your consent to the processing of personal data in whole or in part at any time. Please note that the revocation only applies to the future.

As a rule, there is no legal obligation to provide personal data. However, in order to conclude a contract or to use our services, you must provide us with the personal data that is required to carry out the contractual relationship or use our services or that we must collect due to legal requirements. If you do not provide us with this data, it will not be possible for us to carry out and process the contractual relationship or use our services.

There is no automatic decision-making or profiling.

State: 07.04.2022 TS/DSB