Declaration on data protection

Status: 2nd August 2023

RAL is regarded as a term for quality in many areas of everyday life. This also applies to the processing of your data. We try to ask you for as little personal data as possible and manage the necessary information as securely as possible for your security and to protect your data.

Below you will find information about the personal data we will request from you and how we process these data.

1. Name and contact details of the controller

RAL gemeinnützige GmbH
Fränkische Straße 7
53229 Bonn
Telephone: +49 228 68895 0
Email: info@ral.de
Chairman of the Management Board: RA Rüdiger Wollmann
Managing Director: RA Thomas Roßbach

2. Contact details of the data protection officer

If you have any questions about the collection and processing of your personal data, please contact our external data protection officer who will be happy to provide you with information. 

Stephan Viehoff
Cockerillstraße 100
52222 Stolberg
Email: datenschutz@viehoff-consult.de

3. Scope and purpose of the processing of personal data

3.1 Personal data

Personal data in accordance with Art 4 Para. 1 EU General Data Protection Regulation (GDPR) are all the information, which refer to an individual who can be identified directly or indirectly. This includes for example your name, your contact details and the data which you provide when registering a customer account, for processing your order or as part of a job application.

3.2 Server statistics

Every time the website is called up, the internet browser used will automatically transmit data to the web server and save them in log files. The following data will be saved until they are deleted:

  • Name and URL on the page retrieved,
  • IP address at the time the relevant page is retrieved,
  • Date, time and success of access to the page,
  • Website from which the visitor reached our page (so-called referrer-URL),
  • Browser type and version,
  • Operating system of the end-device used for the retrieval.

Processing takes place for the purpose

  • of enabling the connection to be made to the website,
  • of providing an optimised display of the website,
  • of verifying and ensuring the security and stability of the systems,
  • of enabling and improving the administration of the website.

The data saved will not be merged with other data sources. The data can generally not be assigned by us to a certain person.

We reserve the right to save the IP addresses of visitors to our websites for a period of 30 days. This recording of the data is for the purpose of identifying long-term attacks, limiting and overcoming disruptions as well as system and data security. After this period the data will be made anonymous, saved and processed for a further 900 days to compile statistics.

We have a legitimate interest in processing the data in accordance with Art. 6 Para. 1 Clause 1 Letter f) EU GDPR for the purposes mentioned there.

3.3 Contact

Visitors can contact us by telephone and send us messages via a contact form on the website. All the information is transmitted to us voluntarily by the person making the inquiry. A valid email address is required to enable us to respond by email. Data processing will take place exclusively for the purpose of telephone advice and the processing of inquiries via the contact form and responding to them.

Processing takes place on the basis of consent which has been granted voluntarily in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR.

If the contact seeks to conclude a contract, the processing is based on the legal basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR.

The data you have transmitted will be deleted after your inquiry or after completion of the relevant event, insofar as there are no other reasons for continued retention, such as statutory requirements in accordance with §257 German Commercial Code (HGB).

3.4 Cookies

Our website uses cookies. Cookies are small text files which are filed on the digital end-device or data carrier of the Customer so that the latter can use all the functions of our website optimally. Most of the cookies used by us are then deleted from the digital end-device or data carrier of the Customer at the end of the relevant browser session and are therefore called session cookies. Cookies will remain on the digital end-device or data carrier, which enable us to verify the main functions regarding operation of our website. We use cookies on various pages of our website for security reasons as they enable certain functions to be carried out in the first place or contribute to the optimal performance of our advertising portal. This is particularly the case on the login page and in the user area. Here cookies ensure that the same information does not have to be re-entered if you move between individual pages of the website.

Saving cookies can be deactivated at any time. The Help function in the menu tab on most web browsers (e.g., Microsoft Edge or Firefox) shows how users and visitors of our application portal can prevent the browser from accepting cookies, how users and visitors to our websites can indicate to the web browser when it receives a new cookie or also how it can block all the cookies it has already received and future cookies. However, it should be noted in the latter case that various functions (login and management options) are no longer available. The cookie block must be cancelled again to use these functions.

3.5 Registration and customer account

Our websites offer you the opportunity to register and open a customer account. During this process you will be asked for personal data (e.g., name, email, contact details) to complete registration. You will be informed of the compulsory information in each case during registration. Your consent to the processing of the data will be requested expressly during registration. The data which you enter will be collected and processed as part of pre-contractual services, processing of the contract and customer care. In addition, additional parameters of your registration (date and time of your registration, IP address during registration) will be saved to ensure correct operation of the websites and prevent misuse or pursue the latter if applicable. The data collected will be used exclusively as part of the establishment and management of your customer account and the procedures associated with the latter. There will be no transmission to a third party.

Insofar as you consent to this processing during registration, Art. 6 Para 1 Letter a) EU GDPR forms the legal basis for processing. In the event of the initiation or processing of a contract via your customer account (e.g., during the purchase of goods), the legal basis is Art. 6 Para 1 Letter b) EU GDPR.

3.6 Online shop

You have the opportunity to purchase goods in our webshop (e.g., colour charts, colour cards etc.). We require your data to process the purchase contract and to ship or transmit the goods purchased. The conclusion of the contract and the processing of the contract would not be possible without these data. We transmit your data to the external transport company instructed to deliver the goods for the processing of the relevant contract, insofar as this is necessary for service. We transmit your data to the financial services provider instructed by us to process payments.

The legal basis for processing is the initiation and processing of the contract in accordance with Art. 6 Para 1 Letter b) EU GDPR.

3.7 Newsletter

By registering for the Newsletter, you are expressly giving your consent to the processing of the personal data you have provided voluntarily. The data, which are collected during registration, are used exclusively to process the dispatch of the Newsletter. We use a double opt-in procedure to ensure that you receive the Newsletter only if you really wish to do so. We will send you an email for this purpose after your initial registration, in which you confirm that you would like to receive our Newsletter by clicking on a link in the email. It is possible to unsubscribe from our Newsletter at any time. This can take place by using a special link at the end of every Newsletter or by sending an email. You can find further details in the section on the right to withdraw consent.

The legal basis for processing the personal data for the dispatch of Newsletters and the associated activities is your consent in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR.

3.8 Social networks

Logos of social networks are displayed on our websites in the form of push buttons with the corresponding logos of the operators.

These are

  • Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
  • Twitter, operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland,
  • LinkedIn, operated by LinkedIn, Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland,
  • Xing, operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland,
  • Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
  • YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland und
  • Pinterest, operated by Pinterest Europe Ltd., Palmerstone House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The push buttons are set up as hyperlinks to the relevant sites. There will be no transmission of data via pure linking. Transmission of data to the above-mentioned offices will take place only after the express activation of the corresponding push button.

3.9 Embedding of videos

Videos from the YouTube platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland are embedded in our websites. While the video data are being played, a connection is created to the servers of YouTube and while doing so the data are transmitted to YouTube via the retrieval. They will include at least your IP address, the date and time of the retrieval and the website you have visited. If you are logged into your account at YouTube at the same time, information will be assigned to your YouTube account via the video file which has been retrieved. If you would like to prevent this, you must either cancel your registration with YouTube before you visit our website or adjust the corresponding settings in your YouTube user account.

The YouTube videos on our website are provided using a two-click solution. In order to be able to play the videos, you must first give consent to the processing of your data and the associated transmission to YouTube. Furthermore, the “Expanded data protection mode” function is activated so that data will be transmitted to the servers of YouTube only if a video is actually retrieved. YouTube permanently saves cookies on your end-device to ensure functionality and to analyze user behavior. If you are not in agreement with these cookies being saved, you have the option of preventing this by adjusting the settings on your internet browser.

Google provides more detailed information about the collection and use of data and its rights and protection options in the data protection details which can be downloaded at https://policies.google.com/privacy.

Our legitimate interest lies in increasing the attractiveness and improving the quality of our internet presence. The legal basis for data processing is therefore Art. 6 Para 1 Letter f) EU GDPR.

3.10 Use of etracker

Technologies of etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg (www.etracker.de) are used on our websites. They collect and save data for marketing and optimization purposes. Pseudonymous user profiles are created from these data. Cookies may be used for this. The cookies make it possible for the internet browser to be recognized. The data collected via the etracker technologies are not used to personally identify the visitor to this website without the consent of the data subject which has been granted separately and are not merged with personal data via the carrier of the pseudonym.

Consent to the collection and saving of data can be withdrawn at any time with effect for the future. Please call up the linked page below to do this. There you can withdraw consent to the saving of your data which has been collected anonymously for the future and find out further information about the procedure.

https://www.etracker.de/privacy?et=r6mGdE

You can find our more information about data protection during the use of etracker on the provider’s website. The address of the page is:

https://www.etracker.com/datenschutz/

Our legitimate interest in the assessment of access to and the use of the websites in accordance with Art. 6 Para 1 Letter f) EU GDPR is also the legal basis for the processing of personal data.

I object to the processing of my personal data with eracker on this website.

3.11 LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. After consenting to the processing of your personal data by the LinkedIn Insight Tag according to Art. 6 (1) (a), a cookie is set in your browser.

Via this, LinkedIn collects, among other things, data such as:

  • URL
  • referrer URL
  • Device properties,
  • browser properties and
  • IP address.

LinkedIn anonymizes the data within 7 days and within 90 days the data is deleted. RAL as a site operator does not receive any personal data through the Insight Tag, but only aggregated, anonymized reports about the demographics of their target audience and the performance of their ads and offers RAL the possibility of retargeting for better control of targeted advertising outside the website without identifying you as a website visitor.

For more information about LinkedIn's privacy practices, please see LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy.

3.12 Pinterest Tag

This website uses the conversion tracking technology "Pinterest Tag" of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you have reached our website from a pin on Pinterest and have consented to the processing, we will set a cookie on your computer that interacts with an implemented "tag" in the form of a JavaScript code from Pinterest. Cookies are small text files that are stored on your terminal device. The session cookie is deleted after the session expires and the other set Pinterest cookies have a storage period of one year.

If the user is redirected from a pin on Pinterest to pages on this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track them (e.g., completed transactions, leads, searches on the website, calls to product pages). When such an action is performed, your browser sends an HTTP request from the cookie to the Pinterest server via the Pinterest tag, with which certain information about the action (including type of action, time, browser type of the end device) is transmitted.

Through this transmission, Pinterest can create statistics about the usage behavior on our website after forwarding from a Pinterest Pin, which serve us to optimize our offer.

However, we do not receive any information with which users can be personally identified.

All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your consent to do so in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Consent Manager" provided on our website.

For more information on data protection at Pinterest, please refer to the Pinterest data protection information at https://policy.pinterest.com/de/privacy-policy.

3.13 Email and security

Please remember that in principle emails are not protected against unauthorized inspection, corruption etc. Therefore, please do not send any confidential information (e.g., account data, passwords etc.) by email.

4. Transmission of data

In principle personal data are transmitted to a third party only if

  • the data subject has given their express consent for this in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR,
  • transmission in accordance with Art. 6 Para 1 Clause 1 Letter f) EU GDPR is necessary for the assertion, exercising or defense of legal claims and there are no reasons to assume that the data subject has an overwhelming interest worthy of protection in the non-transmission of your data,
  • there is a statutory obligation to transmit the data in accordance with Art. 6 Para 1 Clause 1 Letter c) EU GDPR, and/or
  • this is necessary in accordance with Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.

4.1 Payment processing

It may be necessary to transmit your data to an external financial service provider instructed by RAL to process payments for orders (e.g., in our shop in the Farben division).

The data are processed on the basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.

4.2 Logistics and order processing

In principle we process your orders in-house. Personal data to the extent required (address and product data if applicable) are transmitted to external delivery companies and freight forwarders (parcel and postal services) to deliver the goods ordered. By providing your data voluntarily, you are giving your consent for us to transmit your data to process the desired transactions to the extent required to the relevant third parties involved.

The data are processed on the basis of Art. 6 Para 1 Clause 1 Letter b) EU GDPR to satisfy a contractual relationship with the data subject.

4.3 RAL events and RAL Academy

When you register for the various events organized by RAL and the RAL Academy, personal data are transmitted to the extent necessary to hold events. Events run by the RAL Academy may sometimes be carried out by external speakers. As a result, it is necessary to transmit personal data to the persons entrusted with implementation in each case.

The basis for data processing is your express consent in accordance with Art. 6 Para 1 Clause 1 Letter a) EU GDPR when registering for or satisfying a contractual relationship with the data subject in accordance with Art. 6 Para 1 Clause 1 Letter b) EU GDPR.

5. Your rights as the data subject

If your personal data has been processed due to your visit to our website, you have the following rights as the “data subject” in the sense of the EU GDPR:

5.1 Right to obtain information

You can request information from us about whether we are processing personal data about you. No right to obtain information exists if the data cannot be deleted due to legal or contractual retention periods or has been processed exclusively for data backup or data security purposes and the provision of this information would require a disproportionate amount of cost and effort and any processing of the data for other purposes is excluded using suitable technical and organisational measures. Where applicable, you can request information about:

  • the purposes of the processing.
  • the categories of your personal data that were processed.
  • the recipients or categories of recipients to whom your personal data is made public, especially recipients in third countries.
  • if possible, the period for which your personal data will be stored, or if that is not possible, the criteria used to determine that storage period.
  • the existence of a right to rectification or erasure or restriction of processing of the data about you as the data subject or a right to object to this processing.
  • the right to lodge a complaint with a data protection supervisory authority.
  • if the personal data was not obtained from you as the data subject, any available information on the source of the data.
  • if relevant, the existence of automated decision-making including profiling and meaningful information on the logic involved, as well as the scope and envisaged consequences of such automated decision-making.
  • if the personal data is transferred to a recipient in a third country, insofar as the EU Commission has not issued a resolution on the adequacy of the level of protection in accordance with Art. 45 (3) EU GDPR, information on what appropriate safeguards in accordance with Art. 46 (2) EU GDPR have been provided to protect the personal data.

5.2 Right to rectification and completion

If you find that the personal data, we hold about you is incorrect, you can request that we rectify the incorrect data. If the data is incomplete, you can request completion.

5.3 Right to erasure

You have a right to erasure (“right to be forgotten”) if one of the following grounds applies:

  • the personal data is no longer required for the purposes for which they were processed
  • you have withdrawn you consent for the processing of the data
  • you have objected to the processing of your personal data that we have made public
  • you have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the pro-cessing of the data
  • your personal data has been unlawfully processed
  • the erasure of your personal data is required to comply with a legal obligation to which we are subject

The right to erasure does not exist if, in the event of legal non-automated data processing, the erasure of the data would only be possible at a disproportionate amount of cost and effort due to the special type of storage and you only have a low level of interest in its erasure. In this case, the processing of this data will be restricted instead of the data being erased.

5.4 Right to restriction of processing

You have the right to request a restriction of processing if one of the following grounds applies:

  • you contest the accuracy of the personal data. In this case, a restriction can be requested for the period required to verify the accuracy of the data.
  • the processing is unlawful and the data subject requests a restriction of the use of their personal data instead of the erasure of the data.
  • your personal data is no longer required by us for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims.
  • you have raised an objection in accordance with Art. 21 (1) EU GDPR. A restriction of processing can be requested pending the verification of whether we have legitimate grounds that override your grounds for a restriction of processing.

A restriction of processing means that the personal data will only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We are obligated to inform you before the restriction of processing is lifted by us.

5.5 Right to data portability

You have a right to data portability if the processing is based on your consent according to Art. 6 (1) (a) or Art. 9 (2) (a) EU GDPR or a contract to which you are a contractual party and the processing is carried out with the aid of automated means. In this case, the right to data portability includes the following rights insofar as they do not adversely affect the rights and freedoms of others:

You have the right to receive from us the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to have this data transferred to another controller without hindrance from us. If technically feasible, you can request that we directly transfer your personal data to another controller.

5.6 Right to object

Furthermore, you have the right to complain to the competent data protection supervisory authority if you have any questions about data protection and data protection issues. For companies located in North Rhine-Westphalia, this is the state representative for data protection and freedom of information. The contact details are:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
E-Mail: poststelle@ldi.nrw.de
Tel.: 0211/38424-0
Fax: 0211/38424-10

5.7 Withdrawal of consent

Your consent for the processing of personal data can be withdrawn at any time with future effect. The withdrawal of consent can also apply to individual sections of the data processing (e.g., unsubscribing from the newsletter).

Please note that even if you withdraw your consent, processing of the data may still be required due to legal regulations.

Please send us the notification about your withdrawal of consent using the contact details stated above in section 1 and please understand that some identification may be required in the event of a withdrawal of consent to prevent any misuse.

6. external Links

The website contains so-called “external links” to other websites, over whose content the website provider has no influence. For this reason, the provider cannot assume any warranty for their content.

The relevant provider of the linked website is responsible for the content and accuracy of the information provided. No legal breaches were identifiable at the time the link was created. The link will be removed immediately if such a breach of law becomes known.

7. Withdrawal of consent for advertising mails

We hereby expressly prohibit the use of our contact details – published as part of our duty to publish a legal notice – for the purpose of sending us any advertising or information materials that we have not expressly requested. The operator of these websites expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information such as in the form of spam emails.