Data Protection

Privacy Policy

The data controller is:

Reiter Engineering GmbH & Co KG Leobendorferstr. 39 83417 Kirchanschöring Email: info@reiter-engineering.com

Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access data and hosting

You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring the smooth operation of the site and improving our offer. This serves to safeguard our legitimate interests in the correct presentation of our offer in accordance with Art. 6 (1) (f) GDPR, which prevail in the context of a balancing of interests. All access data is only processed for as long as is necessary to achieve the above-mentioned processing purposes.

1.1 Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Germany.

1.2 Content Delivery Network

In order to reduce loading times, we use a content delivery network (CDN) for some of our services. This service delivers content, such as large media files, via regionally distributed servers belonging to external CDN service providers. Access data is therefore processed on the service providers' servers. Our service providers work for us within the scope of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy. Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: World Wide (Global). The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Until certification by our service providers, data transfers continue to be based on the following: Standard data protection clauses of the European Commission.

2. Data processing for establishing contact and enquiries

Within the scope of customer communication, we collect personal data for the purpose of processing your enquiries in accordance with Art. 6 (1) (b) GDPR if you voluntarily provide us with this data when contacting us (e.g. via contact form, live chat tool or email). Mandatory fields are marked as such, as we require this data to process your enquiry. The data that is collected can be seen in the respective input forms. Once your enquiry has been processed in full, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

Merchandise management system

We use merchandise management systems from external service providers for order and contract processing. Our service providers work for us within the scope of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

2.2 Contacting us

3. Advertising by email

3.1 Email newsletter with registration and newsletter tracking

If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to send you our email newsletter on a regular basis based on your consent in accordance with Art. 6 (1) (a) GDPR. You can unsubscribe from the newsletter at any time by sending a message to the contact option described below or by using the link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

Please note that we evaluate your user behaviour when sending the newsletter. To this end, we also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (‘newsletter tracking’).

For this evaluation, the emails sent contain single-pixel technologies (e.g. web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following ‘newsletter data’ in particular.

the page from which the page was requested (known as the referrer URL),
the date and time of the request,
a description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of registration and confirmation,

and single-pixel technologies with your email address or IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

If you do not wish to receive newsletter tracking, you can unsubscribe from the newsletter at any time as described above.

The information is stored for as long as you are subscribed to the newsletter.

3.2 Newsletter dispatch

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

Our service providers are based and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada.

A decision by the European Commission on an adequate level of data protection for the USA as a basis for third-country transfers is available, provided that the respective service provider is certified. Until certification by our service providers, data transfers will continue to be based on the following: Standard data protection clauses of the European Commission.

4. Cookies and other technologies

4.1 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser the next time you visit (persistent cookies). You can find the duration of storage in the overview in the cookie settings of your web browser.

Protection of privacy on devices

When you use our online services, we use technologies that are absolutely necessary to provide the expressly requested telemedia service. The storage of information on your device or access to information already stored on your device does not require your consent in this respect.

For functions that are not absolutely necessary, the storage of information on your device or access to information already stored on your device requires your consent. We would like to point out that if you do not give your consent, parts of the website may not be fully usable. Any consent you have given will remain in effect until you adjust or reset the respective settings on your device.

Any subsequent data processing by cookies and other technologies

We use technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping basket function). These technologies collect and process your IP address, time of visit, device and browser information, and information about your use of our website (e.g. information about the contents of your shopping basket). This serves the purpose of balancing interests and is in our legitimate interest in optimising the presentation of our website in accordance with Art. 6(1)(f) GDPR.

We also use technologies to comply with the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) and for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie settings

You can find the cookie settings for your browser at the following: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies in accordance with Art. 6 (1) (a) GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can also visit the following link: https://analytics.google.com/analytics/web/provision/#/provision. If you do not accept cookies, the functionality of our website may be limited.

4.2 Use of the Consent Manager Tool to manage consent

We use a Consent Manager Tool on our website to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage and document your consent, where necessary, to the processing of your personal data by these technologies. This is necessary in accordance with Art. 6(1)(c) GDPR to fulfil our legal obligation under Art. 7(1) GDPR to be able to prove your consent to the processing of your personal data, to which we are subject. After you submit your cookie declaration on our website, the web server stores your IP address, the date and time of your declaration, browser information, language and URL from which the declaration was sent, as well as information about your consent behaviour. In addition, a cookie is used that contains information about your consent behaviour. Your data will be deleted after 365 days, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration. Our service providers are based and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Until certification by our service providers, data transfers will continue to be based on the following: Standard data protection clauses of the European Commission.

4.3 Information on third-country transfers (data transfers to third countries)

We use technologies from service providers on our website whose headquarters and/or server locations may be in third countries outside the EU or the EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by means of other suitable safeguards.

Suitable safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection regulations (Binding Corporate Rules) are possible in principle, but require prior review by the contracting parties to ensure that an adequate level of protection can be guaranteed. According to the case law of the ECJ, it may be necessary to take additional protective measures in this regard.

We have agreed the standard data protection clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree additional safeguards to ensure that adequate data protection is guaranteed in third countries without an adequacy decision.

Notwithstanding this, it may happen that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, we ask for your consent, if necessary, within the framework of cookie consent, in accordance with Art. 49 (1) (a) GDPR, to transfer your personal data to a third country.

In particular, there is a risk that local authorities in the third country may not have sufficiently restricted access rights to your personal data from a European data protection perspective, that we as the data exporter or you as the data subject may not be aware of this, and/or that you may not have sufficient legal remedies available to prevent this and/or take action against such access.

In particular, the following countries are currently among the third countries without an adequacy decision by the EU Commission (examples):

China
Russia
Taiwan

You can find out to which third countries we transfer data in the data protection information for the respective tool used and/or the consent management service/Consent Manager Platform (CMP) used by us.

Use of Google services

We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are based and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU to derive location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is based on an agreement on order processing by Google.

Google Maps

For the visual representation of geographical information, Google Maps collects data about your use of the Maps functions, in particular your IP address and location data, which is transmitted to Google and then processed by Google. We have no influence on this subsequent data processing.

YouTube Video Plugin

To integrate third-party content, the YouTube Video Plugin collects data (IP address, time of visit, device and browser information) in the extended data protection mode we use, transmits it to Google and then processes it by Google only when you play a video.

5. Social media

Our online presence on Instagram (by Meta), YouTube, LinkedIn

If you have given your consent to the respective social media operator in accordance with Art. 6 (1) (a) GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the above-mentioned social media platforms, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that are likely to be of interest to you. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact details and your rights and settings options for protecting your privacy, please refer to the providers' privacy policies linked below. If you still require assistance in this regard, please contact us. Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (‘Meta Platforms Ireland’). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, where it is stored. Data processing in connection with visits to an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on insights data) can be found here.

Our service providers are based and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification has been obtained. Our service providers are based in and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.

No adequacy decision has been made by the European Commission for these countries. Our cooperation with you is based on the following guarantees: Standard data protection clauses of the European Commission.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.

Our service providers are based and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are based and/or use servers in countries outside the EU and the EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (‘LinkedIn’). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification has been granted.

6. Contact options and your rights

6.1 Your rights

As a data subject, you have the following rights:

pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
pursuant to Art. 16 GDPR, the right to request the immediate correction of inaccurate or incomplete personal data stored by us;
pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary
for exercising the right of freedom of expression and information;
for compliance with a legal obligation;
for reasons of public interest; or
for the establishment, exercise or defence of legal claims;
the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, unless
the accuracy of the data is disputed by you;
the processing is unlawful, but you refuse to have it deleted;
we no longer need the data, but you need it to assert, exercise or defend legal claims; or
you have objected to the processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller;
pursuant to Art. 77 GDPR, theright to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Right to object

Insofar as we process personal data as explained above in order to safeguard our legitimate interests, which prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

6.2 Contact options

If you have any questions about the collection, processing or use of your personal data, or if you wish to request information, correction, restriction or deletion of data, or revoke your consent or object to a specific use of data, please contact us directly using the contact details in our legal notice.