A. Name and contact info of the legally responsible party for data acquisition and processing
The legally responsible party in the context of the General Data Protection Regulation (GDPR) and other data protection provisions (codes) regarding data processing is :
RTI Sports GmbH
Am Autobahnkreuz 7
- +49 (0)261 / 899 998-0
- +49 (0)261 / 899 998-18
B. Name and contact info of the data protection officer:
We have appointed a data protection officer to the competent supervisory authority.
Dipl. Ing. Walter Lukmann
- phone :
- +49 72239 566677
- e-mail :
The data protection officer is not bound by instructions in the performance of his duties (Section 5 (3) of the DSG).
C. Extent and intent of processing personal data
1. Visiting our website and generating logfiles
a) Description of data processing and handling
With every visit of our website we automatically acquire data and information from the computer system used for that visit.
The following data are collected:
- Browser type and version used
- Operating system of the user
- User’s IP- address
- Time and date of visit
- Websites used to refer the user to our website (Referrer URL)
- Sub-pages of our homepage visited by the user
- Name of the accessed data file
- Notification whether the data access was successful
These data are deleted from the web server logfiles after the duration of seven days unless by way of exception their handling is required to meet our legitimate interest (e.g. for blocking IP addresses, pressing criminal charges). The data are deleted as soon as the purpose of their storage is meet and they are no longer required.
b) Intend & legal basis of the data processing
The under a described data are acquired,
- to enable the delivery of the website to the user’s computer. The legal basis for this is art. 6, para. 1 lit. f, GDPR. The temporary acquisition of the IP-address to display the site actively visited by the user is technically necessary and resembles our legitimate interest according to art. 6, para. 1 cl. 1 f, GDPR with no contradiction to the user’s predominant interests.
- for the security of our web servers and to ensure a failure-free operation of our website. These stated intentions resemble our legitimate interest according to art. 6, para. 1 cl. 1 f, GDPR with no contradiction to the user’s predominant interests.
c) Passing on of data/recipient of data
The acquired data are stored by our webhosting provider, working on our behalf and providing the data storage resources for our website. Additionally our webhosting provider performs further services in this context, e.g. storing related data processing steps, ensuring the website is accessible through the internet. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union or in a country within the European Economic Area.
The data acquired according to a) are not communicated to a third party, unless necessary when our IT is attacked see above under b), for example when reporting a legal offence towards law enforcing agencies.
d) Right of objection
The acquisition of the IP-address for displaying the website and its storage in logfiles is obligatory for operating the Internet site. Accordingly the user has no right of objection for this.
With all other data stated under a) processed according to art. 6, para. 1 cl. 1 f, GDPR you have the right to object, anytime, corresponding to your specific situation – also see further info under section D (“Rights of the person affected”).
2. Contact sheet, Contact via e-mail by the user
a) Description of data processing and handling
Our webpage includes a contact sheet that can be used to electronically contact us. If you choose this option the data given in the form are transmitted to us. Only the entry of the e-mail address, input given under „topic / request“ and the field „message“ are mandatory. All other data input is optional and may be used, e.g. to contact you personally or via telephone if necessary.
In addition we acquire and store
- your IP-address and
- the time and date when your inquiry was sent
Alternatively it is possible to contact us through the e-mail addresses stated in the imprint and under “contact”. In this case all personal data communicated with the e-mail will be stored.
The data are used to answer the inquiry. If your name and postal address is given therein, we will be processing these data according to section C 3 (“Postal advertising”).
The data are deleted as soon as they are no longer required to fulfill the intent of your inquiry. If the inquiry is related to a fulfilled contract or a contract under negotiation both the content of the communication and the time will be stored until any possible associated claims become time-barred.
Furthermore the personal data given in the entry mask of the contact sheet and such given via e-mail are limited for further processing and will only be used to defend from possible legal claims after the conversation with the user has ended. A conversation has ended when the circumstances indicate that the issue concerned has been resolved conclusively. The data will be deleted after the statutory period of limitation.
All additional personal data acquired with the sending process are deleted after no more than seven days.
b) Intend & legal basis of the data processing
All personal data given in the entry mask are processed to follow up and handle the intention pursued by contacting us. Your e-mail address or postal address and any potentially given additional data are stored to follow up and answer the request or respectively to process a shipment. The legal basis for this is art. 6, para. 1 lit. f, GDPR. The same applies to contacting us directly via e-mail.
The purpose of storing your IP-address and the time of contact is to verify your inquiry and potentially to solve a case of misusing your personal data. The legal basis for processing these data is art. 6, para. 1 lit. f, GDPR.
If the reason for contacting us has the intention to conclude a contract, then art. 6, para. 1 lit. b, GDPR acts as an additional legal basis for processing the data.
c) Passing on of data
In this context there is no passing on of data to a third party. The data are exclusively processed to follow up and answer the inquiry when contacting us.
The acquired data are stored by our webhosting provider working on our behalf and providing the data storage resources for our website and storing related data processing steps. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union or in a country within the European Economic Area.
d) Right of objection and deletion
The user has the right to object to the use of his/her personal data anytime. In this case an ongoing conversation cannot be continued. Additionally section D applies.
3. Postal advertisement
a) Description of data processing, handling and storage, intend, passing on of data
In case you choose to communicate your name and postal address, we store this data for potential future postal advertisement related to our products The data may become accessible to external service providers acting on our behalf and according to our instructions, e.g. for franking or shipping. They are located in the European Union. There is no passing on of data to a third party. The data are deleted as soon as their storing in no longer required to fulfill the primary intend for their acquisition or if an objection for processing has been stated.
b) Legal basis for processing data, right of objection
The legal basis for the data processing stated under a) is art. 6, para. 1 lit. f, GDPR. Sending product related information via mail is a legitimate interest of our company. It is your right to object to the usage of personal data anytime. In this case we will stop sending postal advertisement. Additionally section D applies.
4. Downloading catalogues or other information (data files/documents) (PDF)
It is possible to download catalogues and/or other information (data files/documents) in PDF format and then display them on your end device. For this we only temporarily store the data stated under C 1 (Logfiles). Furthermore all information stated under C 1 also applies here.
5. “Saddle Selector” tool
a) Description of data processing, handling and storage
Through our website you can use the tool to search for the Ergon saddle best suited for your needs (“Saddle Selector”). The data stated there are only used and stored while using the tool to determine our saddle recommendation and will not be linked with your IP-address. The recommendation itself then is stored within our database. Further user data, e.g. from the log files are not added and saved to the search/recommendation in our database. These product recommendations are accessible for the user through the URL path indicated, which can be saved to view the recommendation later on.
b) Intend and legal basis for processing data
The processing of personal data within the „saddle selector“ tool is a service feature and marketing tool that may replace or complement the personal consultation in a shop. The legal basis for this is art. 6, para. 1 lit. f ,GDPR.
c) Passing on of data
In this context there is no passing on of data to a third party. The data are exclusively processed to search for the saddle best suited for your needs and to determine a recommendation.
The acquired data are stored by our webhosting provider working on our behalf and providing the data storage resources for our website and storing related data processing steps. This service provider has been carefully selected by us, is acting on our behalf, according to our instructions and is checked regularly. The service provider is located in the European Union (EU) or in a country within the European Economic Area.
d) Right of objection and deletion
The user has the right to object to the use of his/her personal data anytime by ending to use the tool. Additionally section D applies.
6. Cookies and tracking technologies
We utilize the following cookie types with their scope and functionality stated in the following:
- Transient Cookies are automatically deleted when the browser is closed, such as session cookies. These cookies store a so-called session-ID, connecting different inquiries by your browser within a joint session. This enables us to recognize your computer when returning to our website. The session cookies are deleted upon logout or closing of the browser.
- Persistent Cookies are deleted automatically after a predetermined period that can vary depending on the particular cookie. Such cookies can be deleted anytime through the browser’s security settings.
It is possible to configure the browser settings according to your needs/wishes, e.g. to reject any third-party cookies or all cookies. We need to point out that this may limit the full extend of the website functions.
b) Facebook-Pixel, Extended Alignment/Synchronization
We also use so-called Facebook-Pixel. The provider is Meta Platforms Inc., 1601 S California Avenue AVE, Palo Alto, California 94304, USA or if you are an EU-resident, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For information on the data acquisition see: https://www.facebook.com/policy.php. For further information on data processing see: https://www.facebook.com/help/186325668085084,http://www.facebook.com/about/privacy/your-info-onother#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
The Facebook-Pixel feature enables us to improve our offering and make it more interesting to the user. The legal basis for the use is art. 6, para. 1 cl. 1 lit. f, GDPR. The Facebook-Pixel is embedded immediately when visiting our website and is able to store a cookie to your device. If you log in with Facebook later on or visit our website logged in, the visit to our online offering is noted in your Facebook profile. The Facebook-Pixel acquires the following data types:
- Http header – everything contained within an http header. Http header is a standard web protocol sent between a browser inquiry and an Internet server. Http-Header contain IP-addresses, information on the web browser, site location, document, referrer and on the website visitor.
- Pixel-specific data are among others the Pixel ID and the Facebook cookie.
- Button-Click data are all buttons the website visitor clicks on, the buttons’ labels and all sites visited due to clicking on a button.
- Optional values are Conversion values, and types of pages.
- Form entry mask names are the names of all designated fields within a website such as “address” und “quantity” filled during the purchase of a product or service. The pixel does not record field values.
In addition we can use the access feature “extended alignment/synchronization”. By means of this function, customer data such as first name, family name, e-mail address, phone number or Facebook-ID are communicated to Facebook, where they can be compiled and enhanced with existing tracking data. If you registered with a Facebook service, Facebook then is able assign your visit to your account. Even if you are not registered with Facebook or you are not logged in, your IP address may be connected to further identification attributes and stored. For further information concerning “extended alignment/synchronization“ see: https:///www.facebook.com/business/help/611774685654668.
We have no influence on the scope or the further use of the data acquired by Facebook and inform you in accordance to our own state of knowledge.
You can object to the data acquisition by Facebook-Pixel and define what type of advertisement is displayed to you within Facebook. For this go to your established Facebook site and follow the notifications on user-specific advertisement settings: https://www.facebook.com/settings?tab=ads. You may also object to the data use by means of the Opt-Out process.
c) Matomo (formerly known as Piwik)
Purpose of processing
collect and analyse information about how you interact with our websites (web analytics), and to recognize and stop any misuse.
Legitimate interest, Art. 6 Abs. 1 lit. f DSGVO
Personal data collected by the third party
- anonymised IP address
- pages visited
- browser and device used
- mouse movements
- anonymised key strokes
Our Matomo is hosted by:
7 Waterloo Quay
PO Box 625, 6140 Wellington
d) Embedding of services and third party content
It may be that within our online offerings some content or services by third party providers are embedded. This embedding of content by a third party provider always requires the third party to use your IP-address, as without, the content cannot be sent to the user’s browser. Providers of such third party content may install their own cookies and process data for their own purposes.
D. Rights of people affected
As a person affected you have the right to be disclosed all information on your person stored by us at no charge, as well as the right to correct, to limit the scope of processing, to delete, to notify a third party, to transfer the data, to object and to recall a permission given concerning personal data protection, to prohibit automated decision making and/or to file a complaint with the concerning privacy law enforcement agency. Further details can be taken from the following information.
With questions concerning data processing and to exercise your rights you may contact us, as the legally responsible party or our data security officer, see contact information under A. and B. of this privacy statement.
1. Right of access to personal data
In case we are processing your personal data, you have the right to demand from us, as the legally responsible party information, free of charge whether we are processing your personal data. Is this the case, you as the person affected have the right to be disclosed all data on your person and the following information:
- the intended purpose for which the personal data are processed;
- the categories of personal data processed;
- the recipient(s), respectively categories of recipients, who have been or will be given the related personal data;
- the scheduled storage duration of your personal data or, in case specifics cannot be stated, the criteria for determining the storage duration;
- the existence of a right to correct or delete the related personal data and of a right to limit the scope of data processing by the legally responsible party or a right to object to any such processing;
- the existence of a right to file a complaint with a legal authority;
- all available information about the data source if the personal data have not been acquired from you as the person affected;
- the existence of an automated decision making process, including profiling according to art. 22, para. 1 and 4, GDPR and – at least in this case – significant information about the logic involved as well as the scope and intended ramifications (of such a processing for the person affected.
You are entitled to the right to demand disclosure if the related personal data are transmitted to a third party country or any international organization. In this context you may demand information on the eligible warranties for the data transmission according to art. 46, GDPR.
2. Right of correction
You are entitled to the right of correction and/or completion towards us, as the legally responsible party, as long as the concerning processed personal data are incorrect or incomplete.
3. Right of limiting the scope of data processing
You may demand limiting the scope of processing the related personal data if one of the following requirements is met:
- If you deny the correctness of the related personal data, the processing of the data is limited for a period of time allowing us, as the legally responsible party, to review the correctness of the related personal data;
- If the processing is illegitimate and you disapprove deleting the personal data and demand limiting the scope of using the personal data;
- If we, as the legally responsible party no longer require the personal data for processing, whereas you need them to enforce, exercise or defend a legal right, or
- if you have objected to the processing according to art. 21, para. 1, GDPR and we, as the legally responsible party investigate into the legitimacy of the claim. Until it is confirmed that the legitimate reasons of the legally responsible party predominate your reasons, the data processing is limited.
Once the scope of processing (of) the personal data has been limited, these data may only be processes with your consent or for the enforcement, exercise or defense of a legal right or for the protection of another natural or legal person or for reasons of significant public interest of the European union or one of its member states – your own storage being exempt.
If the limitation of processing the personal data according to the above stated requirements is limited, you will be informed by us, as the legally responsible party before the limitation is lifted.
4. Right of deletion
a) Obligation to deletion
You may demand from us, as the legally responsible party to immediately delete related personal data. We, as the legally responsible party are then bound to immediately delete these data if one of the following reasons applies:
- The personal data related to you are no longer needed for the purpose they were acquired for and were processed for in any way.
- You recall your permission, the processing according to art. 6, para. 1 lit. a, GDPR or art. 9, para. 2 lit. a, GDPR is based upon and no other legal basis for processing the data is existent.
- In accordance to. art. 21, para. 1, GDPR you object to processing your personal data, with no primary legitimate reasons for further processing existing or you file an objection for processing your personal data according to art. 21, para. 2, GDPR.
- The personal data concerning your person have been processed unlawfully.
- The deletion of the related personal data is necessary to fulfill a legal obligation according to the law of the European Union or its member states, which the legally responsible party is subject to.
- The personal data related with you were acquired in relation to services offered by the information society according to art. 8, para. 1, GDPR.
b) Information to third parties
In case we, as the legally responsible party have made personal data public and are obligated to delete them according to art. 17, para. 1, GDPR we, as the legally responsible party will take adequate measures, potentially of a technical kind, considering the available technologies and costs for the implementation, to inform the party responsible for processing the personal data that you, as person affected, have demanded from them the deletion of all links to those personal data or of copies or replications of those personal data.
The right of deletion and on informing third party members does not persist if the processing is required
- to exercise the right of freedom of expression and information;
- to fulfill a legal obligation that makes the processing necessary according to a law of the European Union or its member states we, as the legally responsible party are subject to, or to fulfill a task of public interest or while executing a public authority the legally responsible party has been assigned;
- for reasons of public interest in the field of public health according to art. 9, para. 2, lit. h and i as well as art. 9, para. 3, GDPR;
- for purposes of archiving of scientific or historical research or statistical reasons according to art. 89, para. 1, GDPR within the public interest, as far as the right stated under section a) likely makes the realization of those goals of the data processing impossible or impairs them significantly, or
- to enforce, exercise or defend a legal right.
5. Right of disclosure (notification)
We will communicate with all recipients of personal data, every correction, deletion or limitations of processing unless this proofs to be impossible or result in a disproportional effort.
You have the right to demand from us, as the legally responsible party to be notified of all such recipients.
6. Right of data transferability
You, as the affected person have the right to be disclosed all personal data you entrusted us, as the legally responsible party with, in a structured, well-established and machine-readable format. Furthermore you have the right to communicate and forward these data you have entrusted us, as the legally responsible party with, to a third party, as long as
- the processing results from your consent according to art. 6, para. 1 lit. a, GDPR or art. 9, para. 2 lit. a, GDPR or from a contract according to art. 6, para. 1 lit. b, GDPR and
- the processing is done in an automated process.
By exercising this right you further have the right to prompt us, as the legally responsible party to communicate these personal data directly to another party, as long as this is technically feasible. Other peoples’ rights and civic liberties are not to be limited by this.
The right of data transferability does not apply to the processing of personal data, necessary to fulfill a task concerning the public interest or while acting on public authority, transferred on us, as the legally responsible party.
7. Right of objection
From reasons resulting from your particular situation you have the right to object to the processing of the personal data that relate to you according to art. 6, para. 1 lit. e or f, GDPR anytime; this also applies to a profiling based on these regulations.
We, as the legally responsible party do not process the personal data related to you any more, unless we can provide evidence for reasons requiring protection concerning their processing, that predominate your interest, rights and liberties or if the processing serves the exercise, enforcement or defense of legal rights.
If the personal data related to you are used to do direct mail advertisement, you have the right to object to the processing of related personal data for such advertisement uses; this also applies to profiling, related to such direct mail advertisement.
If you object to the data processing for uses of direct mail advertisement we will no longer use your personal data for this use.
In context with using services of the information society, you have the possibility –regardless of guideline 2002/58/EG – to exercise your right of objection through an automated process, using technical specifications.
8. Right of revoking the declaration of consent related to data protection
You have the right to revoke your declaration of consent related to data protection anytime. By revoking your declaration of consent, the legitimacy for the consent of the data processing up until the time of revoking is not affected.
9. Automated decision in individual cases, profiling included
You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has a legal effect on you or significantly compromises you.
This does not apply if the decision
- is required for concluding or fulfilling a contract between you and us, as the legally responsible party,
- is legal in accordance to legal codes of the European Union or its member states, which we, as the legally responsible party are subject to and if these legal codes contain adequate measures for protecting your rights and civil liberties as well as your legitimate interests or
- is made with your explicit consent.
Such decisions are not to be based upon special categories of personal data according to art. 9, para. 1, GDPR, unless art. 9, para. 2 lit. a or g apply and adequate measures are taken to protect the rights and liberties as well as your legitimate interests.
In so far as a case according to a) or c) is existent, we, as the legally responsible party take adequate measures to protect the rights and civil liberties as well as your legitimate interests, with the very least being the right to obtain the intervention of us, as the legally responsible party to present and define the individual perspective and to the right to object the decision.
10. Right to file a complaint with the concerning privacy law enforcement agency
Without prejudice to any other administrative, judicial or legal appeal, you are entitled the right to file a complaint with a law enforcement agency, particularly within the member state of your residence, your working place or the place where the alleged violation has happened, if you hold a view that the processing of your related personal data is in violation of the GDPR.
The law enforcement agency where the complaint is being filed, then notifies the appellant about the state and results of the complaint including the possibility of a judicial remedy according to art. 78, GDPR.