Rheonics, Inc. (“Rheonics”, “we” or “us”) attaches great importance to the protection of your personal data. We therefore conduct our business in compliance with applicable laws on personal data protection and data security.
This Data Protection Notice applies to Rheonics GmbH in Switzerland. It also applies in addition to the General Data Protection Policy, which has global validity and takes precedence in case of conflict.
Details of the responsible Rheonics company within the meaning of the GDPR and further information about the competent supervisory authority can be found on our website.
The relevant company’s internal Data Protection Responsible, or Data Protection Officer if it has one, can be contacted by post at the address indicated on the website, adding the title “Data Protection Responsible”, or via email if an email address is given.
particularly in connection with customer orders, suppliers, service partners and employees
To the extent necessary, we process your data beyond the actual fulfilment of the contract in order to safeguard our legitimate interests or those of third parties. This concerns in particular:
– Passing on data within the Rheonics Group
– Advertising or market research, unless you have objected to the use of your data
– Reviewing and optimising procedures for needs assessment and for direct client discussions, including client segmentation and calculation of closing probabilities
– Asserting legal claims and defence in legal disputes
– Guaranteeing IT security
– Video surveillance to safeguard domiciliary rights and protect buildings and property from vandalism and theft
– Measures for building and site security (e.g. access control)
– Measures to safeguard domiciliary rights
– Measures for business management and further development of products and services
– Risk management within the Group
Where you have granted us consent to process your personal data for certain purposes (e.g.filming and photographs, newsletters), such processing is lawful on the basis of your consent. Consent given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal is only valid for the future. Data processed prior to the withdrawal
is not affected.
We are also subject to various legal obligations, that is to say, statutory requirements (e.g. checks against anti-terrorism lists, anti-money laundering legislation). Purposes of processing include identity checking, fulfilment of verification and reporting obligations in relation to tax and social security, fraud and money laundering prevention and measurement and management of risks within the Rheonics Group.
Within the responsible Rheonics company, those units that require your data to fulfill our contractual and legal obligations or to safeguard legitimate interests will have access to it.
Rheonics group, our service providers and vicarious agents appointed by us, public authorities or third parties may also receive data for such purposes.
In particular, the following recipients or recipients which offer the following activities and services may
– Affiliated companies of Rheonics
– Third party cloud and ASP service providers
– Public bodies for compliance with statutory reporting requirements, e.g. financial authorities,
social security institutions, law enforcement agencies
– Processing of bank information
– Support/maintenance of computer/IT applications
– Document processing
– Compliance services
– Data screening for anti-money laundering purposes
– Data destruction
– Auditing services
– Leasing companies
– Credit-checking service providers
– Debt collection companies
– Payment card processing (debit cards/credit cards) and payment transactions
– Website management
Data will only be transferred to countries outside the EU or EEA (“third countries”) where necessary to execute your orders (e.g. production, logistics), where legally required (e.g. to meet tax reporting obligations), where you have given us your consent, or for the purposes of contract data processing. Data may also be exchanged within the Rheonics group.
Where use is made of service providers in third countries, besides written instructions they will also be bound by EU standard contract clauses on compliance with the data protection levels applicable in the EU. Appropriate contractual agreements have been concluded with affiliated companies of the Rheonics Group.
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations. We will delete your personal data once it is no longer needed for the above purposes. It is possible that personal data may be stored for the period in which claims can be asserted against our companies (statutory limitation periods range from three to thirty years). We will also store your personal data for as long as we are legally obliged to do so. Commercial and tax legislation imposes corresponding documentation and retention obligations.
Every data subject has the right of access to information pursuant to Article 15 GDPR. Subject to certain conditions, every data subject has the right to rectification pursuant to Article 16 GDPR, the right to restrict processing pursuant to Article 18 GDPR and the right to deletion pursuant to Article 17 GDPR. Furthermore, every data subject has the right to receive the personal data which they have provided in a structured, commonly used and machine-readable format (data portability) pursuant to Article 20 GDPR, provided the processing is carried out by automated means and is based on consent.
Concerning the right to information and the right of deletion, for responsible companies of the Rheonics Group with registered office in Germany, the limitations set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG) are applicable.
Every data subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of his or her habitual residence, place of work or place of the alleged breach of data protection (Article 77 GDPR). Further information about the competent supervisory authority can be found on our website.
You may revoke your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal is only valid for the future. Data processed prior to the withdrawal is not affected.
In addition to the rights referred to above, you also have a right of objection as follows.
You have the right to lodge a complaint with the person indicated in Section 1 or with a supervisory authority, particularly in the Member State of your habitual residence, place of work or place of the alleged breach of data protection (Article 77 GDPR).
In establishing and maintaining business relations, we generally refrain from fully automated decision making pursuant to Art. 22 DSGVO. If we use such methods in individual cases, we will inform you separately insofar as we are legally required to do so.
We process some of your data automatically, with the aim of assessing certain personal aspects (profiling). For example, we use profiling in the following cases:
– Due to legal requirements, we are obliged to compare data against anti-terrorism lists.
– We use assessment tools in order to specifically notify you and advise you about products. These allow communications and marketing to be tailored according to need.