We would like to thank you for your interest in our company. Data protection is particularly important to the management of Rutronik Elektronische Bauelemente GmbH (hereinafter referred to as Rutronik GmbH). It is always possible to use our website without providing any personal data.
If a data subject wishes to use particular services offered by our company via our website, it may be necessary to process their personal data, however. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain the data subject’s consent.
Rutronik GmbH has implemented extensive technical and organizational measures to protect personal data stored by our company from unauthorized access and misuse in order to ensure the most comprehensive degree of protection possible for the personal data we process. In this context, we would particularly like to mention that our information security management system (ISMS) is certified in accordance with ISO27001:2016. In addition, our employees are obligated to maintain confidentiality. Our security methods are regularly reviewed and updated to reflect the latest technological developments.
Nevertheless, transmitting data over the Internet can always be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by a controller.
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing refers to marking stored personal data with the aim of limiting its processing in the future.
Pseudonymization refers to processing personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
A controller is any natural person or legal entity, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
A processor is any natural person or legal entity, public authority, agency, or other body that processes personal data on behalf of a controller.
A recipient is any natural person or legal entity, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
i) Third party
A third party is any natural person or legal entity, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. Name and Address of the Controller
Within the meaning of the General Data Protection Regulation, other European Union or member state data protection laws as well as other data protection regulations of a legal nature, the Controller is:
Rutronik Elektronische Bauelemente GmbH
75228 Ispringen, Germany
Using cookies allows us to provide users of this website with more user-friendly services that would not be possible without setting cookies.
We use tracking services and cookies to create pseudonymous user profiles. This user profile contains information about a visitor’s behavior on our website. This does not allow us to directly identify the user, however.
4. Collection of General Data and Information
Our web server is configured so that the data that would be necessary to individually identify a user is not automatically logged.
In case of attempted misuse or server errors, it may be necessary to activate a log file for error analysis, however. In this case, we will collect your IP address, the specific address of the page you visited, the page from which you came, if applicable (referring URL), your browser’s transmitted ID, as well as the system date and time the page was accessed. This data is deleted from our servers immediately after the error has been corrected and is used exclusively to analyze the error.
5. Statistical Analyses
a) Tracking via Econda:
When you visit our website, we transfer data to our service provider Econda. Econda’s service allows us to perform statistical analyses to improve the quality of our website. This data is anonymized and processed reliably in a system approved by the supervisory authorities. Neither we nor Econda can use this data to identify you personally. If you do not want your visits to this website to be tracked, you have the option of opting out of their collection.
To do so, please click on the following link:
b) Tracking via Google Analytics:
When you visit our website, we also transfer data to our service provider Google Inc. as part of the Google Analytics service. Google Analytics is configured so that your IP address is transmitted to Google in anonymized form (anonymizeIP). Google processes data about your use of our website on our behalf in order to create reports on website activity. We use these reports to measure your interest in our products and services and to improve them.
If you do not want to be tracked by Google Analytics, you can install a browser add-on to prevent tracking by Google Analytics:
6. Creating a “Rutronik24” Online Shop Account
Since our Rutronik24 online platform is designed exclusively for the business-to-business sector, an account can be created without needing to provide personal data as defined by the General Data Protection Regulation.
When creating a Rutronik24 account, the data subject’s IP address assigned by the Internet service provider (ISP) is stored along with the date and time of the subscription. This data is saved in order to prevent misuse of our services and, if necessary, to enable the investigation of any crimes that have been committed. In this respect, it is necessary to store this data in order to protect the controller. This data is not disclosed to third parties unless there is a legal obligation to disclose it or disclosing this information serves the purpose of criminal prosecution and/or law enforcement.
Rutronik GmbH will provide each data subject with information about the personal data stored concerning that data subject at any time upon request. Furthermore, Rutronik GmbH will rectify or delete personal data upon the request or notice of the data subject unless there is a legal obligation to retain this data.
To submit such a request, data subjects can contact Rutronik GmbH’s external data protection officer at any time.
7. Subscribing to Our Newsletter
Rutronik GmbH periodically sends information about the company’s products and services to its customers, business partners, and interested parties in the form of a newsletter.
A data subject can only receive our newsletter if (1) the data subject has a valid e-mail address and (2) the data subject signs up to receive the newsletter. For legal reasons, we use the double opt-in method for verification purposes and first send a confirmation e-mail to the e-mail address provided by the data subject before sending the newsletter. The purpose of this confirmation e-mail is to verify whether the owner of the e-mail address, as the data subject, actually requested to receive the newsletter.
When subscribing to the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of subscription, as well as the date and time of subscription. This data is collected in order to be able to track the (potential) misuse of a data subject’s e-mail address at a later point in time and therefore serves to legally protect the controller.
The personal data collected during the process of subscribing to our newsletter will only be used for the purposes of sending our newsletter. Furthermore, newsletter subscribers may also be contacted via e-mail if doing so is necessary for the operation of the newsletter service or subscription, as might be the case in the event of changes to the newsletter service or technical circumstances. The personal data collected within the scope of our newsletter service will never be transmitted to third parties.
A data subject that has subscribed to our newsletter can unsubscribe at any time. A data subject that has consented to the storage of their personal data for the purpose of sending the newsletter may withdraw their consent at any time. Every newsletter contains a link that can be used to unsubscribe from the newsletter and withdraw your consent to the storage of your personal data. In addition, data subjects can always contact Rutronik GmbH’s external data protection officer to inform them of this.
8. Links to Other Websites
If you access an external website from our site (via an external link), your browser may inform the provider of the external website which page of our website you were on before you accessed their site. The external provider is responsible for this data. Like any other website provider, we are not in a position to influence this process.
Some pages contain share buttons and links to the Rutronik channels on various social media networks: Facebook, XING, Twitter, LinkedIn, Pinterest and YouTube. If you click on one of these buttons, the following data can be transmitted to the provider of the social media network: IP address, browser information and operating system, screen resolution, installed browser plug-ins such as Adobe Flash Player, origin of visitors when they follow a link (referrer), URL of the current page. The external providers are responsible for this data.
9. Routine Deletion and Restriction of Processing Personal Data
We process and store personal data of the data subject only for as long as is required to fulfill the purpose for which the data is being collected, or for the period stipulated by the applicable European Union laws or any other laws and provisions on data processing to which the controller is subject.
If the purpose for storing the personal data no longer exists or if the retention period pursuant to European Union laws or any other applicable law has expired, a routine process is run to delete or restrict the processing of personal data in accordance with the legal provisions.
10. Rights of the Data Subject
Every data subject has the rights granted within the scope of the applicable European directives and regulations, and Rutronik GmbH fully respects these rights.
These rights may be exercised at any time and free of charge by contacting Rutronik GmbH’s external data protection officer.
The individual rights as defined by the General Data Protection Regulation are listed below:
a) Right to obtain confirmation
Data subjects have the right to obtain a confirmation as to whether Rutronik GmbH processes personal data concerning them.
b) Right of access
Data subjects have the right to obtain information about the personal data stored about them and a copy of this information. In addition, European directives and regulations grant data subjects the right of access to the following information:
- The purpose of the processing
- The categories of personal data concerned
- The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- The right to lodge a complaint with a supervisory authority
- Where the personal data is not collected from the data subject: Any available information as to their source
- The existence of automated decision-making, including profiling, referred to in article 22, paragraphs 1 and 4, of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
- Information as to whether personal data has been transferred to a third country or an international organization Where this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.
c) Right to rectification
Data subjects have the right to obtain without undue delay the rectification of inaccurate personal data concerning themselves.
d) Right to erasure (“right to be forgotten”)
Data subjects have the right to obtain the erasure of personal data concerning themselves where one of the following grounds applies and insofar as processing is no longer necessary:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to article 6, paragraph 1, point (a), of the GDPR or article 9, paragraph 2, point (a), of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to article 21, paragraph 1, of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, paragraph 2, of the GDPR.
- The personal data has been unlawfully processed.
If Rutronik GmbH has made personal data public and is obligated to erase the personal data pursuant to article 17, paragraph 1, of the GDPR, we, taking account of available technology and the cost of implementation, have taken reasonable steps in this regard.
e) Right to restriction of processing
Data subjects have the right to obtain the restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to article 21, paragraph 1, of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
f) Right to data portability
Data subjects have the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format.
g) Right to object
Data subjects have the right to object at any time to processing of personal data concerning them that is based on article 6, paragraph 1, point (e) or (f), of the GDPR.
If a data subject makes such an objection, Rutronik GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
h) Automated individual decision-making, including profiling
As a responsible company, we refrain from automatic decision-making or profiling.
i) Right to withdraw consent
Data subjects have the right to withdraw their consent to the processing of personal data at any time.
11. Data Protection with Regard to Job Applications and the Application Process
Rutronik GmbH collects and processes personal data from applicants for the purpose of conducting the application process. If this processing results in an employment contract with an applicant, the data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
12. Lawfulness of Processing
Article 6, paragraph 1, point a, of the GDPR serves as the legal basis for our company with regard to processing operations for which we obtain consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on article 6, paragraph 1, point (b), of the GDPR. The same applies to such processing operations that are necessary in order to take steps prior to entering into a contract, for example in the case of inquiries about our products or services.
In cases in which we are obligated by law to process personal data, e.g. to fulfill tax obligations, the processing is based on article 6, paragraph 1, point (c), of the GDPR.
In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business was injured and the visitor’s name, age, health insurance data, or other vital information would need to be transferred to a physician, hospital, or other third party. In this case, such processing would be based on article 6, paragraph 1, point (d), of the GDPR.
Finally, processing operations can also be based on article 6, paragraph 1, point (f), of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are carried out on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations particularly because they have been specifically cited by European lawmakers. In this respect, they held the view that a legitimate interest could exist if the data subject was a client of the controller (recital 47, sentence 2, of the GDPR).
If the processing of personal data is based on article 6, paragraph 1, point (f), of the GDPR, our legitimate interest is the performance of our business activities to the benefit of all our employees and business partners.
13. Legal or Contractual Provisions Governing the Provision of Personal Data; Necessity for the Conclusion of a Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Not Providing Personal Data
We would like to inform you that providing personal data is in some cases required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). It may be necessary for a data subject to provide us with personal data for the purpose of concluding a contract, which we must then process. For example, a data subject is obligated to provide us with personal data when our company enters into a contract with them. Failure to provide personal data would mean that we could not enter into a contract with the data subject. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and the consequences of not providing the personal data.
14. Competent Supervisory Authority
The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a
70173 Stuttgart, Germany
P.O. Box 10 29 32, 70025, Stuttgart, Germany
15. External Data Protection Officer