We thank you for your interest in our company and our products and services, and would also like you to feel comfortable about the protection of your personal data when visiting our website. We are subject to the provisions of the European General Data Protection Regulation (GDPR) as well as the supplementary regulations of the German Federal Data Protection Act (BDSG). To ensure that the data protection requirements are fulfilled both by us and our external service providers we have implemented suitable technical and organizational measures.
The controller within the meaning of the GDPR and other national data protection legislation of the member states, as well as other data protection regulations, is
RENA Technologies GmbH
Supervisors and managing directors Peter Schneidewind, Jürgen Ningelgen
Phone: +49 (0) 7723 93130
Data protection officer
The controller has appointed a data protection officer. Our data protection officer can be reached at firstname.lastname@example.org
In case of queries, suggestions, or comments on the subject of data protection, and for the enforcement of your rights set out below, please contact our data protection officer.
General information on the processing of data
Legal basis for the processing of personal data
Under statutory data protection regulations, processing of personal data is generally not allowed, unless there is a legally permitted reason for such authorization. We are obligated to make you aware of the legal basis for any data processing.
When we obtain your consent to process personal data, this provides legal basis.
When processing personal data is required for the performance of a contract to which you are a party, the performance of the contract provides legal basis. This also applies to processing procedures required prior to entering into a contract.
Where processing of personal data is required for compliance with a legal obligation to which we are subject, this provides legal basis.
Where the vital interests of the data subject, or another natural person, make the processing of personal data necessary, this provides legal basis.
If the processing is required to protect a legitimate interest pursued by our company or a third party and these interests do not override your fundamental rights and freedoms, then this provides legal basis.
Transfer of data to third countries
The GDPR guarantees a uniformly high level of data protection within the European Union (EU) and the European Economic Area (EEA). When selecting our service providers and partners, where possible we give preference to European partners if your personal data is to be processed.
Where we have your data processed in a third country, i.e. outside the EU/EEA, this is always done in accordance with statutory requirements.
Along with your specific consent, or contractually or legally required communication, we only allow your data to be processed in third countries with a recognized level of data protection from a contractual obligation by “standard contract clauses” of the European Commission, on production of certification or mandatory internal data protection regulations.
Existence of automated decision-making
We do not use automated decision-making or profiling.
Recipients of data/categories of recipients
Within our company, we ensure that only those persons receive your data, who require it to fulfill contractual and statutory obligations.
Occasionally, we make use of carefully selected external service providers for the processing of your data. If data is forwarded to service providers as part of order processing, then this is done subject to GDPR regulations. Our order processors are carefully selected and bound by our instructions. They are checked at regular intervals. We only use those order processors that provide sufficient guarantee that appropriate technical and organizational measures are in place so that the processing is done in accordance with the requirements of the GDPR and the BDSG, and the protection of your rights is guaranteed.
Forwarding of personal data to third parties
Generally, we do not forward personal data to third parties without your specific consent. Where we do, however, disclose your data to third parties, forward it to them, or provide them with other access to the data, this is done exclusively based on one of the legal foundations set out above.
By way of example, we forward data to payment service providers or suppliers where this is required for contract fulfillment. If we are obliged to do so legally, or as a result of a court decision, we must forward your data to the particular authorities entitled receive the information.
Use of our online offer
In principle, you can use our online offer without revealing your identity. In this section, we explain when and in what context we process data when using our online offer, which offers by service providers and partners we have implemented, how they work, and what happens to your data.
Our offer is essentially directed towards adults. Persons under 16 years are not allowed to forward personal data to us without the permission of their parents or guardians.
In order to protect your forwarded data in the best way possible, we use “transport encryption”. In order to guarantee the security of your data during the forwarding process, we use a state-of-the-art SSL/TLS encryption procedure.
Data collection when visiting our website
Provided you use our website solely for information purposes and you neither register for an offer nor conclude a contract with us, or reveal information in any other way, we only gather the personal data that your browser sends to our server.
When visiting our website, we only gather the data technically necessary to display our website to you, and to ensure stability and security as set out below:
- IP address of the visitor
- Date and time of the inquiry
- Content of the request (specific page)
- Access status/HTTP status code
- Specific volume of data transferred
- Website from which the request comes
- Operating system of the visitor
- Language and version of the browser software
This data is temporarily retained in the log files of our system for a maximum of seven days. Further storage is possible, but in this case the IP addresses are abbreviated or obscured so that identification of the inquiring client is no longer possible. Storage of the log files, along with other personal data related to you, does not take place in this context. The legal basis for these processing procedures is our legitimate interest.
As the gathering of data to display the website and the storage of data in log files is absolutely essential for the operation of our website and for the maintenance of IT security, you have no right of objection.
Inquiries to us
Should you make an inquiry to us via our website, for example by using the contact form, your personal data will be processed to answer your inquiry.
Information on services used
In order to indicate the location of our sites, we use links to display the site in question to you on Google maps. This involves a service by Google LLC, Gordon House, 4 Barrow Street, Dublin, Ireland (referred to as Google below).
On clicking the link, the map is showed in a separate tab in your browser. By calling up this link, you leave our website and immediately enter into a user relationship with Google. More detailed information on usage conditions and data protection with Google can be obtained here.
In addition to the above-mentioned data, when using our website, cookies are stored on your terminal device during your visit. Cookies are small text packages that can be sent from a website to the browser and stored by it, and then returned. Various types of information can be stored in cookies that can be read by the entity placing the cookie. They generally contain a characteristic string (ID) that enables explicit identification of the browser when the website is visited again, or when moving to another page. Their primary purpose is to make our online offers overall more user-friendly and effective. The user data gathered in cookies is pseudonymized by technical processes, whereby association of the data with the visiting user is generally no longer possible. If identification is provided, such as with a login cookie, the session ID, which is necessarily is linked with the user’s account, we will make you aware of this at the appropriate point.
We use various types of cookie:
- “Session cookies” are cookies that are deleted once you have left our online offer and closed the browser. In this type of cookie are stored such things as language settings, or the contents of a shopping basket.
In addition to “first-party cookies”, which are set by us as controllers for data processing, “third-party cookies” are also used that are offered by other providers.
- “First party cookies” are set by us as controllers.
The legal basis for the processing of your personal data in this case is our legitimate interest.
- External service providers, who carry out such things as web tracking or analytics for us, can also set cookies.
The legal basis for the processing of your personal data is your consent.
Information on cookies used
Detailed information on the cookies we use can be found here: Cookies
Online offers on social media
We have our offers on various platforms to keep the information available there and to make contact with you.
We have no influence on the processing of personal data by the particular platform operators. In general, when viewing our offers there, cookies are saved in your browser by the platform operator, in which your usage behavior or interests are stored for market research and advertising purposes.
The usage profile obtained thereby, generally across various devices, is used by the platform operators to present personalized advertising to you. Persons can also be subject to the data processing, who are not registered on the particular platform as users. Under certain circumstances, your data is processed outside the area of the European Union, which can impede the enforcement of your rights. When selecting such platforms, however, we ensure that the operators undertake to comply with the data protection standards of the EU.
The processing of your personal data when viewing one of our offers on social medial is done on the basis of our legitimate interest in a diverse public image of our company and the use of an effective channel of information, as well as communication with you.
Detailed information on the data processing associated with the use of our offers on these platforms, objection options, and exercising rights of access can be obtained via the privacy statement of the corresponding platform operator.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The basis for processing is an agreement on the mutual processing of personal data in accordance with the requirements of the GDPR.
Google Ireland Limited, 4 Gordon House, Barrow Street, Dublin, Ireland.
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
We offer you the opportunity to subscribe to our free e-mail newsletter. We only send this newsletter with your consent. When signing up to a newsletter, the data from the input screen (name and e-mail address) is forwarded to us and stored for as long as the subscription to the newsletter remains active.
We record the signing-up process in order to show that it is in line with statutory requirements. For this purpose, the IP address of the requesting terminal device, and the date and time of signing up are recorded. The data you provide is stored for as long as the subscription remains active.
You are free to cancel the subscription at any time. For this purpose, in each newsletter there is a corresponding unsubscribe link. This also allows you to withdraw your consent. The legal basis for the processing of your data is your freely given consent to receive the newsletter.
If you obtain goods or services from us and give your e-mail address when doing so, we reserve the right to use it to send newsletters directly marketing our own similar goods or services. This is to safeguard our overriding legitimate interest as part of the balancing of interests in promoting advertising to our customers. By sending a message to the contacts listed below, or by using the unsubscribe link in the advertising e-mail, you can withdraw consent for this use of your data at any time and without any costs other than the transmission costs at basic rates. Where the newsletter is sent on the basis of the sale of goods or services, we refer to the requirements of the German Act Against Unfair Competition (UWG).
Commercial and business services
We process the data of our contractual and business partners, e.g. suppliers, customers, and interested parties (hereafter business partners) as part of contractual or equivalent legal relationships as well as associated actions and in the context of communication with our business partners.
We inform the contractual partners of what data is required for the above purposes prior to, or as part of, data collection, or personally.
Erasure of data and duration of storage
As soon as the purpose for the processing no longer exists, we erase or block your personal data. Storage can extend beyond this period, however, if this is necessary according to statutory provisions to which we are subject. Above all, this affects data that must be retained for reasons of statutory archiving (e.g. for reasons of commercial law, generally for 6 years, or for reasons of tax law, generally for 10 years).
Listing data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail addresses, telephone numbers), contract data (e.g. subject of the contract, duration).
Purposes of the processing:
Delivery of contractual and customer services, contact inquiries and communication, internal organizational processes, management, and responding to inquiries.
Contract performance/pre-contract inquiries, statutory obligation, legitimate interests.
When making an application to us, we will only use data provided by you, such as your contact details and qualifications, to carry out the application process.
Your data will be passed internally to the relevant department responsible. We process your personal data for the purpose of your application for an employment relationship, provided this is required for the decision about the establishment of an employment relationship with us.
Furthermore, we can process personal data about you where this is required for the defense of legal claims against us arising from the application process.
In principle, your data is erased three months after the conclusion of the application process, unless there are agreements with the applicant to the contrary (see Aufnahme in den Bewerberpool). If your application is followed by the conclusion of an employment contract, then the data is incorporated into a personnel file.
How long is your data stored?
We store your personal data for as long as required to make the decision about your application. If an employment relationship between you and us does not come about, then we can still store data where this is required for defense against possible legal claims. In this case, the application documents are deleted two months following the notification of the rejection decision, provided a longer storage period is not required for litigation purposes.
Incorporation into the applicants’ pool
If we have no suitable position for you at the time, for example in relation to an unsolicited application, then we would be glad to include your application in an applicants’ pool. However, your consent is required for this, which we would request from you in such a case.
If your application documents in the applicants’ pool are not used by us within a year, your application documents are automatically deleted.
No automated decision-making
There is no automated decision-making in individual cases, that means the decision about your application does not depend exclusively on an automated process.
Your rights as a data subject
As a data subject, you have various rights, which we would like to make you aware of below. Dependent upon the rationale and nature of the processing of your personal data, you have the rights described in the following paragraphs.
Your right of access
As a data subject, you have the right to find out from us whether we process your personal data and, if this is the case, what personal data we process.
You also have the right to request a copy of your personal data that is the subject of the processing.
Your right to rectification
You have the right to request that we immediately rectify any of your personal data that you consider to be inaccurate.
You also have the right to request that we complete any of your personal data that you consider to be incomplete.
Your right to erasure
On presentation of the statutory requirements, you may request the erasure of your personal data.
This is the case, for example, when we process your data based on your consent, which you subsequently withdraw.
However, we may not erase any data if we have to keep it for statutory retention periods. We can also not comply with your erasure request if it is necessary for us to process your personal data to establish, exercise, or defend against legal claims.
Your right to restriction of processing
As a data subject, under certain conditions you have the right to request that we restrict the processing of your personal data.
One of these conditions is, for example, that you contest the accuracy of your personal data. There is also the case where we no longer require your personal data, but you require it to establish, exercise, or defend against legal claims.
Your right to object
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing if this arises as a result of your particular situation. This right to object does not exist, however, where there is a compelling public interest in the processing that overrides your interest and legally obligates us to carry out the processing, or the processing is to establish, exercise, or defend against legal claims.
If we use your personal data for direct marketing, then you have the right to lodge an objection at any time against processing for the purpose of such marketing. If you do raise objection to processing for this purpose, your personal data will no longer be used for this.
If we process your data based on your consent, then you have the right to withdraw the consent at any time to take effect in the future. The legality of the processing carried out up to the time the withdrawal request is lodged remains unaffected.
Your right to data portability
This right is only available to you in respect of such personal data that you have provided us with yourself. You have the right to request us to transmit this personal data directly to another controller.
Alternatively, you have the right to request that we provide you with your data in a machine-readable format. This only applies, however, if we process your personal data based on your consent, or a contract, and the processing is done by automated means.
Complaint to supervisory authorities
You also have the right to lodge a complaint with a supervisory authority, if you are of the view that the processing of your personal data contravenes the provisions of data protection law.
As at: September 2020