Data-privacy statement

With this data privacy information we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). The R&M International GmbH is the controller of the data processing (hereinafter referred to as ‘we’ or ‘us’).

I. General Information

1. Contact

If you have any questions or feedback concerning this information or wish to contact us to exercise your rights, please send your enquiry to

R&M International GmbH
Schellerdamm 22-24, 21079 Hamburg
Tel. +49 40-752444-0
E-Mail marketing@rm-group.com

2. Legal Basis

The term "personal data" under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place based on a legal permission. We process personal data only with your consent (Section 25 para. 1 TTDSG or Art. 6 para. 1 lit. a DSGVO), for the performance of a contract to which you are a party or at your request for the performance of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO), for the performance of a legal obligation (Art. 6 para. 1 lit. c DSGVO) or if processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 para. 1 lit. f DSGVO).

If you apply for an open position in our company, we will also process your personal to decide on whether to hire you (Section 26 para. 1 sentence 1 BDSG).

3. Period of Storage

Unless otherwise stated in the following, we will only store the data only for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. In particular, such statutory retention obligations may arise from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. Recipients of Data

For certain processing activities, we rely on service providers. These processing activities include, for example, hosting, sending e-mails, maintenance and support for IT systems, customer and order management, accounting and billing, marketing measures or destruction of paper files and data carriers. A ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors process data not for their own purposes but solely for the controller and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection. Apart from that, we may transfer your data to postal and delivery services, our bank, tax consultancy/auditing company or the fiscal authority, if necessary. Further recipients may result from the following notes.

5. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR

Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards exist in accordance with Art. 46 of the GDPR or if one of the conditions of Art. 49 of the GDPR is met.

Unless there is an adequacy decision and nothing else is stated below, we use the EU standard data protection clauses as suitable safeguards for the transfer of personal data in third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 para. 1 lit. a DSGVO.

6. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.

These processing operations are based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.

7. Your rights

As the data subject, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
  • Pursuant to Art. 16 GDPR, you have the right to demand that we correct your data.
  • Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to demand that we delete your personal data.
  • Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
  • Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
  • Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 para. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
  • If you believe that the processing of your personal data violates provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
8. Right to object

Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 lit. e or lit. f GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.

9. Data protection officer

You can contact our data protection officer via the following contact details:

E-Mail: info@cos-gmbh.eu
Compliance Officer Services Legal
Telemannstraße 22, 53173 Bonn
https://www.cos-gmbh.eu  

II. Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

1. Processing of Server-Log-Files

When using our website for informative purposes only, general information that your browser transfers to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code.

The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 para. 1 lit. f GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

2. Contact form and requests

Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your inquiry.

If your request is directed towards the conclusion or performance of a contract with us, Art. 6 para. 1 lit. b GDPR is the legal basis for data processing. Otherwise, we process the data based on our legitimate interest in contacting requesting persons. The legal basis for data processing is then Art. 6 para. 1 lit. f GDPR.

3. Applications

You have the possibility to apply via our website in the jobs section. For this purpose, we collect personal data from you, including your name, CV, letter of application and other content provided by you.

Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. Applications relating to other companies in the R&M Group are automatically forwarded to the relevant company and only processed there.

All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after completion of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.

The legal basis for the collection of data is Section 26 para. 1 sentence 1 BDSG in conjunction with Article 6 para. 1 lit. b GDPR.

If we retain your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 para. 3 GDPR. Such withdrawal shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the withdrawal.

4. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.

The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 para. 1 TTDSG and, if applicable, Article 6 para. 1 lit. a GDPR. You can find information about the purposes, providers, technologies used, stored data and the storage period of individual cookies in the cookie settings of our Consent Management Tool in the footer of our website under "Cookies".

5. Consent Management Tool

This website uses the Consent Management Tool of our content management system provider, Contao Association (Switzerland), to control cookies and the processing of personal data.

The Consent banner allows users of our website to give their consent to certain data processing procedures or to revoke their consent. By confirming the "I accept" button or by saving individual cookie settings, you consent to the use of the associated cookies.

The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 lit. a GDPR.

In addition, the banner supports us in being able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. The processing of this data is necessary to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).

In the footer of the website under "Cookies" you can revoke your consent for cookies.

6. Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of users on our website. Google Analytics allows us to measure interaction data from different devices and from different sessions. This allows us to put individual user actions in context and analyse long-term relationships.

Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. It also processes personal data in the form of IP addresses, device identifiers and information about interaction with our website. In part, this data is information stored in the device you are using. In addition, further information is also stored on your used end device via the cookies used.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by the user, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 lit. a GDPR. You can revoke this consent via our Consent Management Tool at any time with effect for the future.

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data. The shortening of the IP address takes place on servers in the EU.

The data on user actions are stored for a period of 2 months and then automatically deleted. The deletion of data whose storage period has expired takes place automatically once a month.

Further information on how data from websites or apps is used by Google for advertising purposes can be found in Google's notices at: www.google.com/policies/technologies/ads/.

7. Adobe Fonts (Typekit)

We use Adobe Fonts from Adobe Systems Software Ireland Limited (Ireland, EU) on our website for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into the browser cache to display texts and fonts correctly. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Adobe. For licensing reasons, it is necessary that page views are counted, which is why your browser transmits, among other things, our Adobe customer ID as website operator. No cookies are set in the process.

You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website. If your browser does not support web fonts, a standard font will be used by your computer.

The processing of your data is based on Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the uniform and appealing presentation of our website.

When using the service, a transfer of your data to the USA cannot be completely avoided. Please note the information in the section "Data transfer to third countries". For more information on data protection at Adobe, please see the Adobe privacy policy at https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

III. Data processing on our Social Media

We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta"
  • Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta"
  • LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter "LinkedIn"
  • XING of NEW WORK SE, (Germany, EU), hereinafter "XING".

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.

1. Visiting a Social Media Page

When you visit our social media site, through which we present our company or individual products from our portfolio, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. You will find further information about the processing of personal data in their data protection declarations, to which we link below:

The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, which we use to gain insights into the types of actions that people take on our site (so-called "page insights"). These page insights are created based on certain information about individuals who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into joint controller processing agreements with the operators of the social media platforms, which specify the distribution of data protection obligations between us and the operators. Details about the processing of personal data to create page insights and the agreement concluded between us and the operators can be found at the following links:

You also have the possibility to assert your rights against the operators. You can find more information about this under the following links:

We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.

2. Communication via Social Media Pages

We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Further data processing may take place if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).

IV. Further data processing

1. Contact via Email

If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest to get in touch with inquiring persons.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR.

2. Customer and Prospect Data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master, contract and payment data provided to us as well as contact and communication data of our contact persons for commercial customers and business partners. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interests consist in the above-mentioned purposes.

We also process customer and interested party data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR and serves our interest to further develop our offer and to inform you specifically about our offers.

Further data processing may take place if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).

3. Use of the e-mail address for marketing purposes

We may use your e-mail address provided in the course of our business contact to inform you about our own similar products and services offered by us.

The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to marketing@rm-group.com.

Version: 01.09.2023