A. Name and contact info of the legally responsible party for data acquisition and processing
The legally responsible party in the context of the General Data Protection Regulation (GDPR) and other data protection provisions (codes) regarding data processing is :
RTI Sports GmbH
- +49 (0)261 / 899 998-0
- +49 (0)261 / 899 998-18
B. Name and contact info of the data protection officer:
c/o RTI Sports GmbH
see: Name and contact under A.
C. Extent and intent of processing personal data
1. Visiting our website and generating logfiles
a) Description of data processing and handling
see: Name and contact under A.
With every visit of our website we automatically acquire data and information from the computer system used for that visit.
The following data are collected:
- Browser type and version used
- Operating system of the user
- User’s IP- address
- Time and date of visit
- Websites used to refer the user to our website (Referrer URL)
- Sub-pages of our homepage visited by the user
- Name of the accessed data file
- Notification whether the data access was successful
These data are deleted from the web server logfiles after the duration of seven days unless by way of exception their handling is required to meet our legitimate interest (e.g. for blocking IP addresses, pressing criminal charges). The data are deleted as soon as the purpose of their storage is meet and they are no longer required.
b) Intend & legal basis of the data processing
The under a described data are acquired,
- to enable the delivery of the website to the user’s computer. The legal basis for this is art. 6, para. 1 lit. f, GDPR. The temporary acquisition of the IP-address to display the site actively visited by the user is technically necessary and resembles our legitimate interest according to art. 6, para. 1 cl. 1 f, GDPR with no contradiction to the user’s predominant interests.
- for the security of our web servers and to ensure a failure-free operation of our website. These stated intentions resemble our legitimate interest according to art. 6, para. 1 cl. 1 f, GDPR with no contradiction to the user’s predominant interests.
c) Passing on of data/recipient of data
The acquired data are stored by our webhosting provider, working on our behalf and providing the data storage resources for our website. Additionally our webhosting provider performs further services in this context, e.g. storing related data processing steps, ensuring the website is accessible through the internet. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union or in a country within the European Economic Area.
The data acquired according to a) are not communicated to a third party, unless necessary when our IT is attacked see above under b), for example when reporting a legal offence towards law enforcing agencies.
d) Right of objection
The acquisition of the IP-address for displaying the website and its storage in logfiles is obligatory for operating the Internet site. Accordingly the user has no right of objection for this.
With all other data stated under a) processed according to art. 6, para. 1 cl. 1 f, GDPR you have the right to object, anytime, corresponding to your specific situation – also see further info under section D (“Rights of the person affected”).
2. Contact sheet, Contact via e-mail by the user
a) Description of data processing and handling
Our webpage includes a contact sheet that can be used to electronically contact us. If you choose this option the data given in the form are transmitted to us. Only the entry of the e-mail address, input given under „topic / request“ and the field „message“ are mandatory. All other data input is optional and may be used, e.g. to contact you personally or via telephone if necessary.
In addition we acquire and store
- your IP-address and
- the time and date when your inquiry was sent
Alternatively it is possible to contact us through the e-mail addresses stated in the imprint and under “contact”. In this case all personal data communicated with the e-mail will be stored.
The data are used to answer the inquiry. If your name and postal address is given therein, we will be processing these data according to section C 3 (“Postal advertising”).
The data are deleted as soon as they are no longer required to fulfill the intent of your inquiry. If the inquiry is related to a fulfilled contract or a contract under negotiation both the content of the communication and the time will be stored until any possible associated claims become time-barred.
Furthermore the personal data given in the entry mask of the contact sheet and such given via e-mail are limited for further processing and will only be used to defend from possible legal claims after the conversation with the user has ended. A conversation has ended when the circumstances indicate that the issue concerned has been resolved conclusively. The data will be deleted after the statutory period of limitation.
All additional personal data acquired with the sending process are deleted after no more than seven days.
b) Intend & legal basis of the data processing
All personal data given in the entry mask are processed to follow up and handle the intention pursued by contacting us. Your e-mail address or postal address and any potentially given additional data are stored to follow up and answer the request or respectively to process a shipment. The legal basis for this is art. 6, para. 1 lit. f, GDPR. The same applies to contacting us directly via e-mail.
The purpose of storing your IP-address and the time of contact is to verify your inquiry and potentially to solve a case of misusing your personal data. The legal basis for processing these data is art. 6, para. 1 lit. f, GDPR.
If the reason for contacting us has the intention to conclude a contract, then art. 6, para. 1 lit. b, GDPR acts as an additional legal basis for processing the data.
c) Passing on of data
In this context there is no passing on of data to a third party. The data are exclusively processed to follow up and answer the inquiry when contacting us.
The acquired data are stored by our webhosting provider working on our behalf and providing the data storage resources for our website and storing related data processing steps. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union or in a country within the European Economic Area.
d) Right of objection and deletion
The user has the right to object to the use of his/her personal data anytime. In this case an ongoing conversation cannot be continued. Additionally section D applies.
3. Postal advertisement
a) Description of data processing, handling and storage, intend, passing on of data
In case you choose to communicate your name and postal address, we store this data for potential future postal advertisement related to our products The data may become accessible to external service providers acting on our behalf and according to our instructions, e.g. for franking or shipping. They are located in the European Union. There is no passing on of data to a third party. The data are deleted as soon as their storing in no longer required to fulfill the primary intend for their acquisition or if an objection for processing has been stated.
b) Legal basis for processing data, right of objection
The legal basis for the data processing stated under a) is art. 6, para. 1 lit. f, GDPR. Sending product related information via mail is a legitimate interest of our company. It is your right to object to the usage of personal data anytime. In this case we will stop sending postal advertisement. Additionally section D applies.
4. Downloading catalogues or other information (data files/documents) (PDF)
It is possible to download catalogues and/or other information (data files/documents) in PDF format and then display them on your end device. For this we only temporarily store the data stated under C 1 (Logfiles). Furthermore all information stated under C 1 also applies here.
5. “Saddle Selector” tool
a) Description of data processing, handling and storage
Through our website you can use the tool to search for the Ergon saddle best suited for your needs (“Saddle Selector”). The data stated there are only used and stored while using the tool to determine our saddle recommendation and will not be linked with your IP-address. The recommendation itself then is stored within our database. Further user data, e.g. from the log files are not added and saved to the search/recommendation in our database. These product recommendations are accessible for the user through the URL path indicated, which can be saved to view the recommendation later on.
b) Intend and legal basis for processing data
The processing of personal data within the „saddle selector“ tool is a service feature and marketing tool that may replace or complement the personal consultation in a shop. The legal basis for this is art. 6, para. 1 lit. f ,GDPR.
c) Passing on of data
In this context there is no passing on of data to a third party. The data are exclusively processed to search for the saddle best suited for your needs and to determine a recommendation.
The acquired data are stored by our webhosting provider working on our behalf and providing the data storage resources for our website and storing related data processing steps. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union (EU) or in a country within the European Economic Area.
d) Right of objection and deletion
The user has the right to object to the use of his/her personal data anytime by ending to use the tool. Additionally section D applies.
6. Cookies and tracking technologies
We utilize the following cookie types with their scope and functionality stated in the following:
- Transient Cookies are automatically deleted when the browser is closed, such as session cookies. These cookies store a so-called session-ID, connecting different inquiries by your browser within a joint session. This enables us to recognize your computer when returning to our website. The session cookies are deleted upon logout or closing of the browser.
- Persistent Cookies are deleted automatically after a predetermined period that can vary depending on the particular cookie. Such cookies can be deleted anytime through the browser’s security settings.
It is possible to configure the browser settings according to your needs/wishes, e.g. to reject any third-party cookies or all cookies. We need to point out that this may limit the full extend of the website functions.
b) Facebook-Pixel, Extended Alignment/Synchronization
We also use so-called Facebook-Pixel. The provider is Facebook Inc., 1601 S California Avenue AVE, Palo Alto, California 94304, USA or if you are an EU-resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For information on the data acquisition see: https://www.facebook.com/policy.php. For further information on data processing see: https://www.facebook.com/help/186325668085084,http://www.facebook.com/about/privacy/your-info-onother#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook submits to the EU-US-Privacy-Shield: https://www.privacyshield.gov/EU-US-Framework.
Facebook is certified under the Privacy-Shield-Convention and therefore warrants complying with the European Privacy Law.
The Facebook-Pixel feature enables us to improve our offering and make it more interesting to the user. The legal basis for the use is art. 6, para. 1 cl. 1 lit. f, GDPR. The Facebook-Pixel is embedded immediately when visiting our website and is able to store a cookie to your device. If you log in with Facebook later on or visit our website logged in, the visit to our online offering is noted in your Facebook profile. The Facebook-Pixel acquires the following data types:
- Http header – everything contained within an http header. Http header is a standard web protocol sent between a browser inquiry and an Internet server. Http-Header contain IP-addresses, information on the web browser, site location, document, referrer and on the website visitor.
- Pixel-specific data are among others the Pixel ID and the Facebook cookie.
- Button-Click data are all buttons the website visitor clicks on, the buttons’ labels and all sites visited due to clicking on a button.
- Optional values are Conversion values, and types of pages.
- Form entry mask names are the names of all designated fields within a website such as “address” und “quantity” filled during the purchase of a product or service. The pixel does not record field values.
In addition we can use the access feature “extended alignment/synchronization”. By means of this function, customer data such as first name, family name, e-mail address, phone number or Facebook-ID are communicated to Facebook, where they can be compiled and enhanced with existing tracking data. If you registered with a Facebook service, Facebook then is able assign your visit to your account. Even if you are not registered with Facebook or you are not logged in, your IP address may be connected to further identification attributes and stored. For further information concerning “extended alignment/synchronization“ see: https:///www.facebook.com/business/help/611774685654668.
We have no influence on the scope or the further use of the data acquired by Facebook and inform you in accordance to our own state of knowledge.
You can object to the data acquisition by Facebook-Pixel and define what type of advertisement is displayed to you within Facebook. For this go to your established Facebook site and follow the notifications on user-specific advertisement settings: https://www.facebook.com/settings?tab=ads. You may also object to the data use by means of the Opt-Out process.
c) Google Analytics
This website uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses so-called cookies, text files, that are saved on your computer enabling us to analyze the use of our website. The information on how you use our website generated by the cookie (including the IP-address) are then transmitted to a Google server in the USA and stored there. Google uses this information to monitor and evaluate the website usage, compiling reports about website activities for the website host and to perform other services related to website and Internet use. Google may transmit this information to any third party, if mandated by law or if the third party processes the data on behalf of Google. In no case will Google connect your IP-address with other data stored by Google. You can prevent cookie installation through the corresponding settings in your browser software, but we need to point out that this may limit the full extent of the website functions. By visiting this website you declare approval that the data acquired by Google are processed in the above described way and with the above stated intention. You can prohibit cookie storage through the corresponding settings in your browser software but we need to point out that this may limit the full extend of the website functions. Furthermore you can prevent the data acquisition about your website use (including the IP-address) by Google through cookies as well as the processing of these data by Google, by downloading and installing the Browser-Plug-in linked here: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension “anonymizeIp()”. This means all IP-address are abbreviated eliminating the possibility to create personal references. As far as the acquired data allow for any personal reference, this is excluded by immediately deleting the personal data.
We use Google Analytics to monitor and analyze the use of our website and to periodically improve it. The attained statistics allow us to improve our offerings und increase its appeal to the user. The legal basis for this is art. 6, para. 1 sec. 1 lit. f, GDPR.
Google submits to the EU-US-Privacy Shield (www.privacyshield.gov). Additional information about Google Analytics’ handling of user data can be found in Google’s data privacy statement (https://support.google.com/analytics/answer/6004245?hl=de).
We use marketing and remarketing services (short “Google-Marketing-Services”) by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
The Google-Marketing-Services allow us to display tailored online advertisement for and on our website to only show advertisement that potentially resembles the user’s interests. If only such products are displayed in the advertisement, the user has shown interest in on the website, it is called „remarketing“. When visiting our website or any other where Google-Marketing-Services is active, Google immediately generates a code, embedding so-called (re-)marketing tags (invisible graphics or codes, also called „web beacons“) in the site. Through them an individual cookie (a small file) is saved on the user’s device (instead of cookies sometimes or comparable technologies are utilized). The cookies can be set by various domains, such as google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted, what websites the user has visited, what content he had interest in and what offers he clicked on. It also contains technical information about the browser, the operating system, referring websites, visiting times and further details about the online offer used. It also records the user’s IP-address, but according to the Google-Analytics agreement the IP-address is communicated to the Google server in the USA only in a truncated form for all IP-addresses within the European Union (EU) and any other member states of the convention within the European Economic Area. In exceptional cases the IP-address is communicated in full length to the Google server in the USA and is then truncated there. The IP-address is not merged and referenced with the user’s data acquired from other Google services. The above-mentioned information can also be connected with information from other sources. When visiting other websites the user can be shown custom tailored advertisements according to his interests.
In the context of the Google-Marketing-Services the user’s data are processed anonymously. Google does not process e.g. the user’s name or e-mail address, but process the relevant data in relation to the cookie in pseudonym user profiles. This means from Google’s perspective the advertisements are not managed and displayed for a real, identified person but for a cookie holder, regardless of who this cookie holder is. This does not apply if the user has explicitly permitted Google to process these data without pseudonymization. The collective information on the user gathered by “DoubleClick” are transmitted to Google and stored on Google servers in the USA.
Further information about data processing for marketing purposes by Google can be seen on the following overview site: https://www.google.com/policies/technologies/ads. Google’s data privacy statement can be seen here: https://www.google.com/policies/privacy
e) Embedding of services and third party content
It may be that within our online offerings some content or services by third party providers are embedded. This embedding of content by a third party provider always requires the third party to use your IP-address, as without, the content cannot be sent to the user’s browser. Providers of such third party content may install their own cookies and process data for their own purposes.
D. Rights of people affected
As a person affected you have the right to be disclosed all information on your person stored by us at no charge, as well as the right to correct, to limit the scope of processing, to delete, to notify a third party, to transfer the data, to object and to recall a permission given concerning personal data protection, to prohibit automated decision making and/or to file a complaint with the concerning privacy law enforcement agency. Further details can be taken from the following information.
With questions concerning data processing and to exercise your rights you may contact us, as the legally responsible party or our data security officer, see contact information under A. and B. of this privacy statement.
1. Right of access to personal data
In case we are processing your personal data, you have the right to demand from us, as the legally responsible party information, free of charge whether we are processing your personal data. Is this the case, you as the person affected have the right to be disclosed all data on your person and the following information:
- the intended purpose for which the personal data are processed;
- the categories of personal data processed;
- the recipient(s), respectively categories of recipients, who have been or will be given the related personal data;
- the scheduled storage duration of your personal data or, in case specifics cannot be stated, the criteria for determining the storage duration;
- the existence of a right to correct or delete the related personal data and of a right to limit the scope of data processing by the legally responsible party or a right to object to any such processing;
- the existence of a right to file a complaint with a legal authority;
- all available information about the data source if the personal data have not been acquired from you as the person affected;
- the existence of an automated decision making process, including profiling according to art. 22, para. 1 and 4, GDPR and – at least in this case – significant information about the logic involved as well as the scope and intended ramifications (of such a processing for the person affected.
You are entitled to the right to demand disclosure if the related personal data are transmitted to a third party country or any international organization. In this context you may demand information on the eligible warranties for the data transmission according to art. 46, GDPR.
2. Right of correction
You are entitled to the right of correction and/or completion towards us, as the legally responsible party, as long as the concerning processed personal data are incorrect or incomplete.
3. Right of limiting the scope of data processing
You may demand limiting the scope of processing the related personal data if one of the following requirements is met:
- If you deny the correctness of the related personal data, the processing of the data is limited for a period of time allowing us, as the legally responsible party, to review the correctness of the related personal data;
- If the processing is illegitimate and you disapprove deleting the personal data and demand limiting the scope of using the personal data;
- If we, as the legally responsible party no longer require the personal data for processing, whereas you need them to enforce, exercise or defend a legal right, or
- if you have objected to the processing according to art. 21, para. 1, GDPR and we, as the legally responsible party investigate into the legitimacy of the claim. Until it is confirmed that the legitimate reasons of the legally responsible party predominate your reasons, the data processing is limited.
Once the scope of processing (of) the personal data has been limited, these data may only be processes with your consent or for the enforcement, exercise or defense of a legal right or for the protection of another natural or legal person or for reasons of significant public interest of the European union or one of its member states – your own storage being exempt.
If the limitation of processing the personal data according to the above stated requirements is limited, you will be informed by us, as the legally responsible party before the limitation is lifted.
4. Right of deletion
a) Obligation to deletion
You may demand from us, as the legally responsible party to immediately delete related personal data. We, as the legally responsible party are then bound to immediately delete these data if one of the following reasons applies:
- The personal data related to you are no longer needed for the purpose they were acquired for and were processed for in any way.
- You recall your permission, the processing according to art. 6, para. 1 lit. a, GDPR or art. 9, para. 2 lit. a, GDPR is based upon and no other legal basis for processing the data is existent.
- In accordance to. art. 21, para. 1, GDPR you object to processing your personal data, with no primary legitimate reasons for further processing existing or you file an objection for processing your personal data according to art. 21, para. 2, GDPR.
- The personal data concerning your person have been processed unlawfully.
- The deletion of the related personal data is necessary to fulfill a legal obligation according to the law of the European Union or its member states, which the legally responsible party is subject to.
- The personal data related with you were acquired in relation to services offered by the information society according to art. 8, para. 1, GDPR.
b) Information to third parties
In case we, as the legally responsible party have made personal data public and are obligated to delete them according to art. 17, para. 1, GDPR we, as the legally responsible party will take adequate measures, potentially of a technical kind, considering the available technologies and costs for the implementation, to inform the party responsible for processing the personal data that you, as person affected, have demanded from them the deletion of all links to those personal data or of copies or replications of those personal data.
The right of deletion and on informing third party members does not persist if the processing is required
- to exercise the right of freedom of expression and information;
- to fulfill a legal obligation that makes the processing necessary according to a law of the European Union or its member states we, as the legally responsible party are subject to, or to fulfill a task of public interest or while executing a public authority the legally responsible party has been assigned;
- for reasons of public interest in the field of public health according to art. 9, para. 2, lit. h and i as well as art. 9, para. 3, GDPR;
- for purposes of archiving of scientific or historical research or statistical reasons according to art. 89, para. 1, GDPR within the public interest, as far as the right stated under section a) likely makes the realization of those goals of the data processing impossible or impairs them significantly, or
- to enforce, exercise or defend a legal right.
5. Right of disclosure (notification)
We will communicate with all recipients of personal data, every correction, deletion or limitations of processing unless this proofs to be impossible or result in a disproportional effort.
You have the right to demand from us, as the legally responsible party to be notified of all such recipients.
6. Right of data transferability
You, as the affected person have the right to be disclosed all personal data you entrusted us, as the legally responsible party with, in a structured, well-established and machine-readable format. Furthermore you have the right to communicate and forward these data you have entrusted us, as the legally responsible party with, to a third party, as long as
- the processing results from your consent according to art. 6, para. 1 lit. a, GDPR or art. 9, para. 2 lit. a, GDPR or from a contract according to art. 6, para. 1 lit. b, GDPR and
- the processing is done in an automated process.
By exercising this right you further have the right to prompt us, as the legally responsible party to communicate these personal data directly to another party, as long as this is technically feasible. Other peoples’ rights and civic liberties are not to be limited by this.
The right of data transferability does not apply to the processing of personal data, necessary to fulfill a task concerning the public interest or while acting on public authority, transferred on us, as the legally responsible party.
7. Right of objection
From reasons resulting from your particular situation you have the right to object to the processing of the personal data that relate to you according to art. 6, para. 1 lit. e or f, GDPR anytime; this also applies to a profiling based on these regulations.
We, as the legally responsible party do not process the personal data related to you any more, unless we can provide evidence for reasons requiring protection concerning their processing, that predominate your interest, rights and liberties or if the processing serves the exercise, enforcement or defense of legal rights.
If the personal data related to you are used to do direct mail advertisement, you have the right to object to the processing of related personal data for such advertisement uses; this also applies to profiling, related to such direct mail advertisement.
If you object to the data processing for uses of direct mail advertisement we will no longer use your personal data for this use.
In context with using services of the information society, you have the possibility –regardless of guideline 2002/58/EG – to exercise your right of objection through an automated process, using technical specifications.
8. Right of revoking the declaration of consent related to data protection
You have the right to revoke your declaration of consent related to data protection anytime. By revoking your declaration of consent, the legitimacy for the consent of the data processing up until the time of revoking is not affected.
9. Automated decision in individual cases, profiling included
You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has a legal effect on you or significantly compromises you.
This does not apply if the decision
- is required for concluding or fulfilling a contract between you and us, as the legally responsible party,
- is legal in accordance to legal codes of the European Union or its member states, which we, as the legally responsible party are subject to and if these legal codes contain adequate measures for protecting your rights and civil liberties as well as your legitimate interests or
- is made with your explicit consent.
Such decisions are not to be based upon special categories of personal data according to art. 9, para. 1, GDPR, unless art. 9, para. 2 lit. a or g apply and adequate measures are taken to protect the rights and liberties as well as your legitimate interests.
In so far as a case according to a) or c) is existent, we, as the legally responsible party take adequate measures to protect the rights and civil liberties as well as your legitimate interests, with the very least being the right to obtain the intervention of us, as the legally responsible party to present and define the individual perspective and to the right to object the decision.
10. Right to file a complaint with the concerning privacy law enforcement agency
Without prejudice to any other administrative, judicial or legal appeal, you are entitled the right to file a complaint with a law enforcement agency, particularly within the member state of your residence, your working place or the place where the alleged violation has happened, if you hold a view that the processing of your related personal data is in violation of the GDPR.
The law enforcement agency where the complaint is being filed, then notifies the appellant about the state and results of the complaint including the possibility of a judicial remedy according to art. 78, GDPR.