We hereby provide information about how we process personal data. Personal data includes all data that relates to you personally, such as name, address, email addresses, user behaviour etc.
The controller under Article 4(7) of the EU General Data Protection Regulation (EU GDPR) is
Lohmann & Rauscher GmbH & Co. KG
Irlicher Straße 55
Tel.: +49 2634 99-0
Fax: +49 2634 99-6467
(Further details are available in our legal information.)
You can contact our data protection officers via
Lohmann & Rauscher GmbH & Co. KG
Datenschutzbeauftragter (Data protection officer)
Tel.: +49 2634 99 7077
Fax: +49 2634 99 7877
The supervisory authority responsible for our company is
The commissioner for data protection and freedom of information for Rhineland-Palatinate (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
Postal address: PO box 30 40, 55020 Mainz
Address for visitors: Hintere Bleiche 34, 55116 Mainz
Tel.: +49 6131 2082449
Fax: +49 6131 2082497
We process personal data that we receive from you in the context of our planned or existing business relationship. Where this is necessary for our business activity, we also process personal data that we have legitimately received (e.g. to implement orders, fulfil contracts or on the basis of another consent granted by you) from other companies affiliated to us within the Lohmann & Rauscher Group or from other third parties (e.g. service agencies). We also process personal data that we have legitimately received from publicly accessible sources (e.g. the commercial register or register of associations, record of debtors, land registers, media or the internet) and are permitted to process.
Relevant personal data in this regard may in particular be: Name, academic qualification, job title, address, telephone number, fax number, email address, date and place of birth, authentication data (e.g. ID card information), bank account details (IBAN or BIC), tax ID number.
Data communicated by you to us, for example when you contact us via email or via a contact form (your email address and, where relevant, your name and telephone number), is stored by us in order that we can respond to your questions.
As part of the initiation of business transactions and over the course of the business relationship, particularly as a result of contact in person, by telephone or in writing, further personal data may arise, such as information about the method of communication, date, reason for and result of the contact and (electronic) copies of the correspondence.
As part of our business relationship, you have to provide personal data that are needed to build and execute the respective business relationship and to fulfil the contractual obligations linked to this or data that we are legally obliged to collect. Without the necessary data, we will generally not be able to enter into or continue the business relationship.
We process the above-mentioned personal data in accordance with the provisions of the EU GDPR and the German Federal Data Protection Act (BDSG) as amended from time to time:
a. On the basis of your consent (Article 6(1)(a) EU GDPR): Where you have provided us with consent to the processing of personal data for specific purposes, such processing is lawful on the basis of your consent. Consent that has been granted can be withdrawn at any time. The withdrawal of consent only has future effect, meaning that processing that occurred prior to withdrawal is not affected by this.
b. for the performance of a contract (Article 6(1)(b) EU GDPR): The processing of personal data is done as part of the initiation or conduct of our business relationship with you. The purposes of the data processing are primarily based on the specific subject matter of the business relationship and may in particular cover the provision of services and the manufacture and delivery of products.
c. due to legal obligations (Article 6(1)(c) EU GDPR) or in the public interest (Article 6(1)(e) EU GDPR): Where we are subject to legal obligations, we are permitted to process data to the extent that this is required for the purpose of the fulfilment of the respective legal obligations, for example with respect to the proper provision of information to the financial authorities on the basis of existing tax laws.
d. as part of a balancing of interests (Article 6(1)(f) EU GDPR): Where necessary, we process your data beyond the actual fulfilment of the contract for the protection of our company’s legitimate interests and those of third parties. Examples of this are allowable advertising and market research, the conduct of litigation to bring or defend against legal claims, the ensuring of our company’s IT security and measures to ensure building and system security or to defend our rights to determine who has the right to access our building e.g. through access controls.
Within our company those areas that require this for the fulfilment of the contractual and legal obligations existing in connection with our business activity have access to your data.
Service providers (processors) used by us may also receive data for this purpose if they have undertaken to comply with our written instructions in connection with data protection law. These include in particular companies in the following areas of activity: support/maintenance for IT applications, archiving, document processing, data destruction, call centre services, marketing, auditing.
Furthermore, public bodies and institutions (e.g. financial authorities) may receive personal data where there is a legal or official obligation.
Further data recipients may include those bodies to which you have granted your consent to the transfer of your data.
Data is only sent to companies outside the EU and the EEA (known as third countries) if this is necessary for us to enter into or conduct our business relationship with you or where this is provided by law, you have granted us consent for this or corresponding contracted data processing is being done. If service providers in a third country are used, they are obliged to comply with the level of data protection prescribed within the EU through written instructions or other agreement (namely in accordance with the EU standard contractual clauses).
We process and store your personal data for as long as is necessary for the performance of our contractual and legal obligations. It should be noted that the business relationship may be a continuing obligation over several years. If the data is no longer needed for performance of the contractual or legal obligations, it is deleted at regular intervals unless its further processing (on a time-limited or restricted basis) is necessary for the following purposes:
a. Fulfilment of retention periods under commercial or tax law, the periods indicated there for retention or documentation being between two and ten years;
b. Preservation of evidence in the context of applicable regulations governing limitation periods. Pursuant to Sections 195 et seq. German Civil Code (BGB), these limitation periods can be up to 30 years, with the normal limitation period being set at three years.
a. You have the following rights over us regarding the personal data relating to you:
i. Right to information,
ii. Right to rectification or erasure,
iii. Right to restrictions on processing,
iv. Right of objection to processing,
v. Right to data portability.
b. You also have the right to complain to data protection authorities about the processing of your personal data by our company.
c. In particular, you have a right to object to processing on a case-by-case basis in the following sense:
i. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) (data processing in the public interest) or point (f) (data processing on the basis of a balance of interests) of Article 6(1) EU GDPR, including profiling based on those provisions. If you object, we shall no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
ii. Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes.
We do not generally use fully-automated decision-making as the basis of or to conduct the business relationship with you. Should we use this process in individual cases, we will provide information about this separately where this is prescribed by law.
If you only use the website for information, in other words, if you do not register or provide us with information in another way, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data that are technically necessary for us to display the website to you and ensure stability and security (the legal basis for this is point (f) of Article 6(1), Sentence 1, EU GDPR):
a. IP address
b. date and time of the request
c. time zone difference from Greenwich Mean Time (GMT)
d. content of the request (specific page)
e. access status/HTTP status code
f. in each case, the quantity of data transferred
g. website from which the request comes
i. operating system and interface
j. language and version of the browser software.
In addition to the data mentioned above, when you use our website cookies will also be stored on your computer. Cookies are small text files that are stored on your hard drive allocated to the browser you use and can be used by the body that placed the cookie (in this case us) to provide certain information. Cookies cannot run programs or transfer viruses to your computer. They are used to make the online experience more user-friendly and efficient.
a. This website uses the following types of cookies, the scope of which and how they function will be explained below:
i. Transient cookies (see b)
ii. Persistent cookies (see c).
b. Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store what is known as a session ID, by which various requests made by your browser can be allocated to the same session. As a result, it is possible to recognise your computer when you return to our website. The session cookies are deleted when you log out or close the browser.
c. Persistent cookies are automatically deleted after a predefined period of time, which can vary from cookie to cookie. You can delete the cookies from your browser’s security settings at any time.
d. You can configure your browser settings as you wish and, for example, accept third party cookies or reject all cookies. We should point out that this may mean you will be unable to use all of the functions of this website.
a. In addition to the use of our website for purely informational purposes, we also offer various services that you can use if you are interested. In order to do so, you generally have to enter further personal information that we will use to provide the relevant service and to which the principles of data protection referred to above apply.
b. In some cases, we use external service providers to process your data. We select and commission these service providers carefully, and they are bound by our instructions and regularly checked.
c. Furthermore, we are able to pass your personal data on to third parties where offer sales campaigns, competitions, entry into contracts or similar services are offered by us jointly with partners. More information on this is available in the description of the relevant service.
d. Where our service provider or partner is based in a state outside the European Economic Area (EEA), we inform you of the impact this has in the description of the relevant service.
If you wish to use the “My L&R” function, you need to register by entering your email address, a password of your choice and a username of your choice. There is no obligation to use your real name, you can access the function using a pseudonym. We use what is known as the double opt-in method for registration. In other words, your registration is only complete if you have previously confirmed your registration by clicking on the link in a confirmation email sent to you for this purpose. If you do not confirm your registration within 24 hours, your registration will automatically be deleted from our database. The provision of the above data is mandatory. You are able to provide all further information on a voluntary basis by using the “My L&R” function.
When we send the newsletter, we evaluate your user behaviour. In order to carry out this evaluation, the emails and newsletters sent contain what are known as “web beacons” or “tracking pixels”, single pixel image files that are accessed when the newsletter is opened from the CleverReach server and which are stored on our website. As part of this access process, we are able to determine whether a newsletter is opened and, where relevant, which links are clicked on. For the evaluation, we link the data mentioned in clause VII (3) above and the web beacons to your email address and an individual ID. The data are only collected in pseudonymised form; the IDs are also not linked to your personal data and any direct connection to a person is excluded. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). These data are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to recipients’ interests.
We have entered into a processing contract with CleverReach in which we impose an undertaking on CleverReach to protect our customers’ data and not to pass the data on to third parties.
Further information on data analysis by CleverReach is available via the following link: www.cleverreach.com/de/funktionen/reporting-und-tracking/
If you wish to object to the analysis of data for statistical evaluation purposes, you must unsubscribe from the newsletter as described in clause VII (4) above.