Privacy Policy

Thank you for your interest in our company. We take the protection of your personal data very seriously. You can generally use our website without providing any personal data. However, if you wish to use certain services offered via our website, it may be necessary to process personal data. Where such processing is required and there is no other legal basis, we will normally obtain your consent.

Any processing of personal data – such as your name, address, email address or telephone number – is carried out in accordance with the General Data Protection Regulation (GDPR) and any applicable national data protection laws. The purpose of this Privacy Policy is to provide clear information about the nature, scope and purpose of the personal data we collect, use and process. It also explains your rights as a data subject.

As the controller, we have implemented a range of technical and organisational measures to ensure that personal data processed via this website is protected as comprehensively as possible. However, internet-based data transmission may be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide personal data to us via alternative means, for example by telephone.

 

1. Definitions

This Privacy Policy is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be clear and easy to understand for the public, as well as for our customers and business partners.

To ensure clarity and transparency, we explain the key terms used below:

a) Personal data

b) Data subject

c) Processing

d) Restriction of processing

e) Pseudonymisation

f) Controller / controller responsible for processing

g) Processor

h) Recipient

i) Third party

j) Consent

 

2. Name and address of the controller

In accordance with the GDPR, as well as other directives applicable in the member states of the European Union and other guidelines pertaining to data protection, the controller is:

Riethmüller Europe GmbH
Dettinger Str. 148
D-73230 Kirchheim/Teck
Germany
Tel.: +49 7021 926 0
Email: [email protected]
Website: www.riethmueller.com

 

3. Name and address of the data protection officer

DIOMIKO UG (limited liability)
Sascha Dionisius
Frankenbacher Str. 32
74336 Brackenheim
Email: [email protected]

You can contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.

 

4. Cookies

Our website uses cookies. Cookies are text files that are stored on your computer system via a browser.

Many websites and servers use cookies. Cookies often contain a unique identifier (a “cookie ID”). A cookie ID is a unique identifier of the cookie. It consists of a string of characters that allows websites and servers to identify the specific web browser in which the cookie was stored. This enables visited websites and servers to distinguish the data subject’s individual browser from other web browsers containing different cookies.

We use strictly necessary cookies required for the technical operation of the website. In addition, we only use cookies for analytics, marketing or multimedia purposes (such as embedded YouTube videos) where you have given your explicit consent. The legal basis for this is Article 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG. Non-essential cookies and embedded third-party content are only set or loaded once you have explicitly consented to this via our consent management tool. You can withdraw or amend your consent at any time. Our cookie banner provides equally prominent options to accept or reject cookies.

We also maintain a record of your consent or refusal (“consent log”) in compliance with applicable data protection requirements.

Where consent has been given, the legal basis for processing personal data in connection with cookies is Article 6(1)(a) GDPR. For strictly necessary cookies, the legal basis is Article 6(1)(f) GDPR (legitimate interests). Consent can be withdrawn at any time with effect for the future.

You can prevent cookies from being set by our website at any time by changing the relevant settings in your web browser and thereby permanently object to the setting of cookies. You may also delete cookies that have already been set at any time via a web browser or other software. This is possible in all standard web browsers. Please note that if you disable cookies, some features of this website may not function properly.

 

5. Tracking tools

This website uses Google Analytics, a web analytics service provided by Google to analyse how users interact with the website.  (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) The service uses “Cookies” – text files saved to your device. The information generated by these cookies will generally be transmitted to and stored on a Google server in the United States.

IP anonymisation is enabled on this website. This means that your IP address is truncated by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission. As a result, your IP address can no longer be linked to you personally.

Data is transferred to the United States on the basis of the EU-U.S. Data Privacy Framework, to which Google LLC is certified. This means that an adequate level of data protection exists for Google within the meaning of Article 45 GDPR.

Under the relevant data processing agreement, Google uses the information collected to evaluate use of the website and to compile reports on website activity. You can prevent cookies from being stored by adjusting the relevant settings in your browser or by installing Google’s browser plug-in (https://tools.google.com/dlpage/gaoptout?hl=de).

Google Analytics is used on the basis of your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 25 TTDSG. You can withdraw your consent at any time via our consent management tool.

Further information on how Google uses data can be found in Google’s privacy information for Analytics services under https://support.google.com/analytics/answer/6004245?hl=de

 

6. Collection of general data and information

Each time a data subject accesses our website, or when it is accessed by an automated system, our website collects a range of general data and information. This general data and information are stored in the server log files.

 

7. Contact option via the website

As required by law, this website contains information that enables you to contact our company electronically and communicate with us directly, including by email. If you contact the controller by email or via a contact form, the personal data you provide will be stored automatically. Personal data voluntarily provided by you to the controller will be stored solely for the purpose of processing your enquiry or contacting you in connection with it. These personal data will not be disclosed to third parties.

If you use our contact form or contact us by email, the personal data you submit will be processed solely for the purpose of handling your enquiry (Article 6(1)(b) GDPR). If your enquiry is not related to a contract, the processing is based on your consent pursuant to Article 6(1)(a) GDPR. The data will be deleted once your enquiry has been fully dealt with, unless statutory retention obligations apply.

These data will not be disclosed to third parties. Communication via the contact form is encrypted, where technically possible, using TLS/SSL.

 

8. Routine erasure and restriction of personal data

The controller processes and stores your personal data only for as long as is necessary to achieve the purpose of storage, or where this is required by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies, or if a statutory retention period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely restricted or erased in accordance with the applicable legal provisions.

As part of the shipping process, we transfer your data to our shipping partner, DPD Deutschland GmbH, on the basis of Article 6(1)(f) GDPR. The data transferred may include your name, address and, where applicable, your email address and/or mobile telephone number, as well as other shipment-related data. You may object at any time to the transfer of additional information such as your email address or mobile telephone number, either by contacting us at [Riethmüller Europe GmbH - [email protected]] or by contacting DPD directly at [[email protected] or via the link provided in each parcel notification.]

 

9. Your rights

a) Right to confirmation

You have the right to obtain confirmation as to whether we process personal data relating to you. This right is granted by the European legislative bodies. To exercise this right, you may contact our Data Protection Officer or any other member of staff at any time. This right is granted by the European legislative bodies.

b) Right of access 

You have the right to obtain, free of charge, information about the personal data we hold about you and to receive a copy of that information. This right is granted by the European legislative bodies. You also have the right, granted by the European legislative bodies, to request information about:

• the purposes of processing
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period
• the existence of the right to request rectification or erasure of your personal data, or restriction of processing by the controller, or to object to such processing
• the existence of the right to lodge a complaint with a supervisory authority
• where the personal data are not collected from you, any available information as to their source
• the existence of automated decision making, including profiling pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, conclusive information about the logic involved, as well as the significance and the envisaged consequences of such processing for you

You also have the right to obtain information on whether personal data have been transferred to a third country or to an international organisation. Where that is the case, you have the right to obtain information on the appropriate safeguards relating to the transfer.

To exercise your right of access, you may contact our Data Protection Officer or any other member of staff at any time.

c) Right to rectification

You have the right to require inaccurate personal data concerning you to be corrected without undue delay. This right is granted by the European legislative bodies. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.

To exercise your right to rectification, you may contact our Data Protection Officer or any other member of staff at any time.

d) Right to erasure (right to be forgotten)

You have the right, granted by the European legislative bodies, to require us to erase personal data concerning you without undue delay where one of the following grounds applies and the processing is not required:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
• You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
• The personal data were processed illegally.
• The personal data must be erased for compliance with a legal obligation under Union or Member State law to which we are subject.

• The personal data were collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If any of the above applies and you would like us to erase personal data we hold about you, you may contact our Data Protection Officer or any other member of staff at any time. Our data protection officer will arrange for your request to be dealt with without undue delay.

e) Right to restriction of processing

You have the right, granted by the European legislative bodies, to require us to restrict the processing of your personal data where one of the following applies:

• You contest the accuracy of the personal data, for a period enabling us to verify its accuracy.
• The processing is unlawful and you oppose erasure of the personal data and request restriction of its use instead.
• We no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is yet to be determined if the controller’s legitimate reasons override yours.

If one of these conditions is met and you wish to request restriction of personal data stored by us, you may contact our Data Protection Officer at any time. We will arrange for the processing to be restricted accordingly.

f) Right to data portability

You have the right, granted by the European legislative bodies, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In exercising your right to data portability under Article 20(1) GDPR, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To exercise your right to data portability, you may contact our Data Protection Officer or any other member of staff at any time.

g) Right to object

You have the right, granted by the European legislative bodies, to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you where the processing is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is required for the establishment, exercise or defence of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for those purposes.

You also have the right, on grounds relating to your particular situation, to object to the processing of your personal data for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise your right to object, you may contact our Data Protection Officer directly. You are also free, in connection with the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

You have the right, granted by the European legislative bodies, not to be subject to a decision based solely on automated processing, including profiling, if that decision produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performing, a contract between you and the controller, is permitted under Union or Member State law that provides appropriate safeguards for your rights, freedoms and legitimate interests, or is based on your explicit consent.

Where the decision is necessary for entering into, or for the performance of, a contract between the data subject and the controller, or where it is based on the data subject's explicit consent, we will implement suitable measures to safeguard the rights and freedoms and the legitimate interests of the data subject. This includes, at a minimum, the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If you wish to exercise any rights relating to automated decision-making, you may contact our Data Protection Officer at any time.

i) Right to withdraw consent under data protection law

You have the right, granted by the European legislative bodies, to withdraw your consent to the processing of your personal data at any time.

If you wish to exercise your right to withdraw consent, you may contact our Data Protection Officer or any other member of staff at any time.

You may exercise any of the rights set out in this section at any time using the contact details provided in the legal notice or in section 2 above. If you exercise one of your rights, we will store your request and any related correspondence for the purpose of demonstrating that your request has been handled properly in accordance with Article 5(2) GDPR (accountability).

 

10. Data protection in relation to applications and the recruitment process

The controller collects and processes applicants’ personal data for the purpose of handling the recruitment process. Data may also be processed electronically. This particularly applies where an applicant submits application documents electronically, for example by email or via a web form on our website. IfIf the controller enters into an employment contract with an applicant, the data provided will be stored for the purpose of managing the employment relationship in accordance with the applicable legal provisions. If no employment contract is concluded with the applicant, all personal data and application documents will be deleted in full once the recruitment process has been completed, unless there is a legitimate interest preventing deletion. Such a legitimate interest may arise, for example, from an obligation to retain evidence in connection with proceedings under the General Equal Treatment Act (AGG).

Application documents submitted by email or via an online form are processed solely for the purpose of carrying out the recruitment process (Article 6(1)(b) GDPR).

Once the recruitment process has been completed, we will delete your data no later than six months afterwards, unless a statutory retention period applies or you have expressly consented to your data being retained for longer.

 

11. Data protection provisions on the use of YouTube

Our website may contain embedded videos from YouTube. This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you access a YouTube video on our website, a connection is established to YouTube’s servers. In the process, YouTube is informed which page you have visited. If you are logged into YouTube, YouTube may associate your usage behaviour with your personal profile.

Videos are embedded using Privacy Enhanced Mode. According to YouTube, this mode means that views of embedded YouTube content are not used to personalise the viewer’s browsing experience on YouTube.

YouTube videos are only loaded on our site once you have given your consent via our consent management tool. The legal basis for the processing is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 25 TTDSG. You may withdraw your consent at any time via the cookie banner.

Further information about how YouTube processes personal data can be found at https://policies.google.com/privacy?hl=de.

 

12. Legal basis for processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose.

Where the processing of personal data is necessary for the performance of a contract to which you are a party, for example in relation to the delivery of goods or the provision of services, the processing is based on Article 6(1)(b) GDPR.

Where our company is subject to a legal obligation, the processing is based on Article 6(1)(c) GDPR.

In rare cases, processing may be based on Article 6(1)(d) GDPR, where it is necessary to protect your vital interests, or on Article 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests.

Where information is stored on, or accessed from, end-user devices, for example by means of cookies or similar technologies, section 25 TTDSG also applies.

Where consent is given via a consent management tool, processing takes place on the basis of Article 6(1)(a) GDPR in conjunction with section 25 TTDSG.

The proof of consent is governed by section 5 of the Consent Management Ordinance (EinwV).

 

13. Legitimate interests pursued by the controller or a third party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.

 

14. Period for which personal data are stored

The criterion used to determine the period for which personal data are stored is the applicable statutory retention period.

Once that period has expired, the relevant data are routinely deleted, provided they are no longer required for the performance or initiation of a contract.

Personal data are reviewed regularly and deleted as soon as the purpose of the processing no longer applies and there are no statutory retention obligations.

 

15. Legal or contractual provisions regarding the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the data

We inform you that the provision of personal data may in some cases be required by law, for example under tax legislation, or may arise from contractual provisions, for example information relating to a contractual partner. In some cases, it may be necessary for you to provide us with personal data in order for a contract to be concluded, and we may then need to process those data. For example, you are required to provide us with personal data if our company enters into a contract with you. Failure to provide the personal data would mean that the contract could not be concluded. Before providing personal data, the you may contact our Data Protection Officer. Our Data Protection Officer will explain, on a case-by-case basis, whether the provision of the personal data is required by law or contract, whether it is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

 

16. Social media links

Our website contains links to our company’s social media profiles on Facebook, Instagram, LinkedIn, Xing and YouTube.

When you visit these platforms, the respective provider’s privacy policy applies.

No personal data are transmitted to the operators of these platforms merely by visiting our website.

You will only be taken to the provider’s external website if you click on the relevant link.

Where we jointly determine the purposes and means of processing in relation to the operation of these social media profiles, we are jointly responsible with the relevant provider within the meaning of Article 26 GDPR.

However, primary responsibility for the processing of personal data on the relevant platform lies with the provider.

 

17. Data controller

Summerhouse Topco Limited is owned by Endless LLP, which acts as data controller for all data of Summerhouse Topco Limited that is provided in connection with its investments and the ongoing relationship with Summerhouse Topco Limited. Personal data are processed by Endless LLP in accordance with the Endless portfolio privacy statement, which you can view here: https://www.endlessllp.com/portfolio-privacy-statement. Endless LLP is a company registered in England and Wales under company registration number OC316569.

 

18. Final note

This Privacy Policy is reviewed regularly and updated where necessary, in particular in the event of changes to legal requirements or technological developments. The current version is available on our website at all times.