Data information

Your trust is our priority – explore the details below to learn more.

Visitors

The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:

The identity and the contact details of the controller:

Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com

The contact details of the data protection officer:

- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group

Purpose of processing and legal basis

We collect, process and use your data for the purpose of information security of Rhenus SE & Co. KG and its subsidiaries. This applies to data that is processed on the occasion of visitor registration, your safety instruction or within the scope of our video surveillance. Your data will be processed on the basis of a legitimate interest (Article 6 Para. 1 f) GDPR).

Categories of personal data

The following data about you may be processed by us: date, surname, first name, company with address, contact person at Rhenus, number of the visitorpass, time, registration plate, signature, picture or video recording.

Recipients of the personal data

Your data will remain with Rhenus SE & Co. KG and its subsidiaries.

Duration of storage

We keep your data, which is collected within the scope of the safety instruction, for two years. We will then delete them or make them anonymous.

Data recorded within the framework of video surveillance is deleted 14 days after recording. They are only stored for a longer period of time if they are still needed for clarification or to prove a specific incident. In this case, the data will be blocked and deleted immediately after the complete completion of the clarification measures or after the requirement for proof has ceased to apply.

The data from the visitor registration will be deleted after eight weeks or, if they are in paper form, will be destroyed in accordance with data protection regulations.

Your rights as a data subject

Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).

Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.

Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).

Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).

Right to object
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of processing carried out in the public interest and processing carried out on the basis of a balance of interests, including profiling based on this provision.

Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.

Right of appeal to the supervisory authority
If you are of the opinion that the processing of your personal data is unlawful, you can complain to a supervisory authority.

Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.

Provision of personal data
You are neither legally nor contractually obliged to make your data available to Rhenus SE & Co. KG for the above-mentioned purpose. However, if you refuse to make your data available, Rhenus SE & Co. KG cannot grant you access to its buildings and premises for reasons of information security.

Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.

Applicants

Our data protection information on the applicant management system Workday can be found here.

The data protection information for applications via WhatsApp can be found here.

Mail recipients

You have come to this page via a link in order to find out about our handling of personal data. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:

The identity and the contact details of the controller:

Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com

The contact details of the data protection officer:

- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group

Purpose of processing and legal basis

The data received from you is processed by us only for the purposes for which we received or collected it. In particular, this can be done for the following purposes:

Communication
Answers to inquiries
Initiation and provision of services
Initiation and execution of contracts

Processing for other purposes can only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR have been met. Information obligations pursuant to Article 13 para. 3 and Article 14 para. 4 GDPR are of course observed.

The legal basis for the processing of personal data is in principle Article 6 GDPR, unless there are specific legal provisions. If personal data is processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.

In particular, the following options may be considered:

Article 6 para. 1 a) GDPR
Article 6 para. 1 b) GDPR
Article 6 para. 1 c) GDPR
Article 6 para. 1 f) GDPR

If processing is carried out on the basis of Article 6 para. 1 f) GDPR, the controller shall pursue the following legitimate interests of himself or third parties: communication if the person concerned is not a direct party to the contract to be initiated or existing. If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personal data in accordance with Article 21 GDPR.

Categories of personal data

If the controller does not collect your data directly from communication with you and you therefore know what data is involved, please note that the controller regularly processes the following categories of personal data:

Master data, such as first and last name, professional qualification
Contact data, such as address, telephone and fax number, e-mail address
Contents of communication
Information on the participants, including information on legal representatives and beneficial owners
Information on the facts of the case, including information on the personal and economic circumstances of the parties involved

Recipients of the personal data

Controller, in particular the employees of the specialist department
·Processor, i.e. companies which, due to contractual obligations, treat your data exclusively in accordance with the instructions of the responsible party

Transfer of data to third countries and to an international organisation

Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if this is permissible on the basis of a weighing of interests pursuant to Article 6 Para. 1 f) GDPR, if we are legally obliged to pass it on or if you have given your consent to this.

Where data is transferred to a third country outside the EU, an adequate level of data protection is ensured by the conclusion of EU standard contractual clauses and/or the recipient's participation in the so-called "Privacy Shield" and the technical and organisational measures taken by the third party with regard to data protection and data security.

Duration of storage

Personal data will only be stored by controller as long it is necessary to pursue the purpose for which it was processed. If the storage of the data is no longer necessary for the fulfilment of contractual or legal obligations and for the pursuit of legitimate interests, i.e. for the preservation of evidence or proof within the scope of the statutory limitation provisions, these will be deleted regularly.

Your rights as a data subject

Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).

Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.

Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).

Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).

Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.

Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.

Right to object
You have the right to object to the processing of your data in connection with direct advertising pursuant to Article 21 para. 1 and para. 2 GDPR if this is done on the basis of a weighing of interests.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Customers

The identity and the contact details of the controller:

Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com

The contact details of the data protection officer:

- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group

Purpose of processing and legal basis

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR):

a.) Based on your consent (Article 6 Para. 1 a) of the GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. passing on data within the group), the lawfulness of this processing is given on the basis of your consent. Your consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the General Data Protection Regulation, before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

b.) For the fulfilment of contractual obligations (Article 6 Para. 1 b) of the GDPR)
The processing of personal data is carried out to provide disposal and cleaning services within the framework of the execution of our contracts with our customers or to carry out pre-contractual measures, which are carried out at your request. The purposes of data processing are primarily based on the requirements of the service and may include, but are not limited to, needs assessments and advice. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.

c.) As part of the balancing of interests (Article 6 Para. 1 f) of the GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties. Examples:

Review and optimization of procedures for needs analysis and direct customer contact
Advertising or market and opinion research, insofar as you have not objected to the use of your data
Assertion of legal claims and defence in legal disputes
Prevention of criminal offences
Measures for business management and further development of services and products

d.) Due to legal requirements (Article 6 Para. 1 c) of the GDPR) or in the public interest (Article 6 Para. 1 e) of the GDPR)
As a company, we are also subject to various legal obligations, i.e. legal requirements (e.g. tax law, waste law). The purposes of the processing include, among other things, the fulfilment of control and reporting obligations under tax law as well as the fulfilment of the waste documentation system under waste law, the guarantee of IT security and IT operation, measures for building and plant security (e.g. access controls).

Categories of personal data

We process personal data which we receive from our customers within the scope of our business relationship. If you are our customer as a natural person, this refers to your personal data. If you have been named to us by our customer as a contact person within the framework of the business relationship, we process the personal data that our customer or you have provided to us personally for this purpose (usually name, address and other contact data such as e-mail address, telephone number and function). In addition, we process - to the extent necessary for the provision of our services - personal data which we have received from other companies of the Rhenus Group or from other third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of your consent).

On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. land registers, commercial and association registers, press, media, Internet). Relevant personal data in the interested party process when opening master data are name, address/other contact data (telephone, e-mail address), bank details and function.

Recipients of the personal data

The service providers and vicarious agents employed by us may have access to your data, which they need to fulfil our contractual and legal obligations. These are the companies from the categories listed below:

Public bodies and institutions (e.g. regional council as waste authority) in the event of a legal or official obligation.
Subcontractors for disposal and cleaning services.

Under these conditions, recipients of personal data may be: Processors to whom we transfer personal data in order to carry out the business relationship with you. In detail: Processing of subcontractor services, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, reporting, spear accounting, telephony, video identification, website management, auditing services, payment transactions.

Other data recipients may be those for whom you have given your consent for data transfer.

Transfer of data to third countries and to an international organisation

Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary to carry out the internal business process, is required by law or if you have given us your consent.

Duration of storage

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary for the following purposes:

Compliance with commercial and tax retention periods: The German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenverordnung) must be mentioned. The periods specified there for storage or documentation amount to up to ten years.
Preservation of evidence within the framework of the statute of limitations. According to Article 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

Your rights as a data subject

Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).

Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).

Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).

Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.

Provision of personal data
As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfil the contractual obligations associated therewith, or which we are required by law to collect. Without this data we will normally have to refuse the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate it.

Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.

Information about your right of objection

2. Right to object to the processing of data for advertising purposes
In individual cases we process your personal data in order to operate direct advertising. You have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising.

Suppliers

The identity and the contact details of the controller:

Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com

The contact details of the data protection officer:

- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group

Purpose of processing and legal basis

The data received from you is processed by us only for the purposes for which we received or collected it. In particular, this can be done for the following purposes:

Communication
Answers to inquiries
Initiation and provision of services
Initiation and execution of contracts

In particular, the following options may be considered:

Article 6 para. 1 a) GDPR
Article 6 para. 1 b) GDPR
Article 6 para. 1 c) GDPR
Article 6 para. 1 f) GDPR

If processing is carried out on the basis of Article 6 para. 1 f) GDPR, the controller shall pursue the following legitimate interests of himself or third parties: Communication if the person concerned is not a direct party to the contract to be initiated or existing. If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personal data in accordance with Article 21 GDPR.

Categories of personal data

Master data, such as first and last name, professional qualification
Contact data, such as address, telephone and fax number, e-mail address
Contents of communication
Information on the participants, including information on legal representatives and beneficial owners
Information on the facts of the case, including information on the personal and economic circumstances of the parties involved

Recipients of the personal data

Controller, in particular the employees of the specialist department
Processor, i.e. companies which, due to contractual obligations, treat your data exclusively in accordance with the instructions of the responsible party

Transfer of data to third countries and to an international organisation

Duration of storage

Your rights as a data subject

Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).

Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).

Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).

Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.

Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.

Information about your right of objection

1. Right of objection in individual cases
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 e) GDPR (data processing in the public interest) and Article 6 para. 1 f) GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims

Employees

The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. Which data are processed in detail and in which way they are used depends decisively on the concrete employment relationship.

The identity and the contact details of the controller:

Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com

The contact details of the data protection officer:

- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group

Purpose of processing and legal basis

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act and all other relevant laws.

First and foremost, the processing of personal data serves to establish, execute and terminate a contractual or quasi-contractual obligation with the data subject (e.g. employment relationship). The primary legal basis for this is Article 88 GDPR. In addition, collective agreements (group, collective and works agreements as well as collective bargaining agreements) may be concluded pursuant to Article 6 para. 1 b) in conjunction with Article 26 para. 4 of the Federal Data Protection Act and, if applicable, your separate consents pursuant to Article 6 para. 1 a) and Article 7 GDPR in conjunction with Article 26 para. 2 of the Federal Data Protection Act (e.g. in the case of video recordings) may be used as a data protection permission provision.

We also process your data in order to be able to fulfil our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Article 6 para. 1 c) GDPR in conjunction with Article 26 of the Federal Data Protection Act. Due to these legal regulations, the Rhenus Group is subject to various control and reporting obligations.

If special categories of personal data pursuant to Article 9 para. 1 GDPR are processed, this serves the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection within the scope of the employment relationship, e.g. disclosure of health data to the health insurance fund, recording of severely disabled persons due to additional leave and determination of the severely disabled persons levy. This is done on the basis of Article 9 para. 2 b) GDPR in conjunction with Article 26 para. 3 of the Federal Data Protection Act. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Article 9 para. 2 h) GDPR in conjunction with Article 22 para. 1 b) of the Federal Data Protection Act.

If necessary, we also process your data on the basis of Article 6 para. 1 f) GDPR in order to protect legitimate interests of ourselves or third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Article 26 para. 1 sentence 2 of the Federal Data Protection Act) or within the group for purposes of group control, internal communication and other administrative purposes. For example:

Ensure effective manpower allocation, review and optimisation of needs analysis procedures to address clients directly,
Assertion of legal claims and defence in legal disputes,
Ensuring IT security and IT operations,
Prevention and clarification of criminal offences,
Video surveillance for the protection of the house right, for the collection of evidence in case of robberies and fraud,
Measures for building and plant security (e.g. access controls),
Measures to secure the right of domicile,
Business management and development measures,
Risk control within the company.

In addition, the processing of special categories of personal data may be based on consent in accordance with Article 9 Para. 2 a) GDPR in conjunction with Article 26 Para. 2 of the Federal Data Protection Act (e.g. company health management).

Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand and, if necessary, obtain your consent beforehand.

Categories of personal data

We collect personal data from you in order to establish, carry out and terminate your employment relationship. Data is personal if it is clearly assigned to a specific person or if this identification can at least take place indirectly.

The processed categories of personal data include in particular your master data (such as first name, surname, name supplements and titles, date of birth, gender, nationality, marital status, denomination and personnel number), contact data (e.g. private address, (mobile) telephone number, e-mail address), the log data generated when using the IT systems, as well as data from any company video surveillance and other data from the employment relationship (e.g. personnel questionnaire, social data, size of shoe, health insurance number and name of health insurance fund, bank details, social insurance number, pension insurance number, salary data as well as tax status information and tax identification number, place of employment or workplace, time recording data, absence and holiday periods, business trips, periods of incapacity for work, training and work experience, criminal record and application documents incl. certificates/references and photograph as well as employment documents (such as job title, functions, work history, working hours, remuneration and remuneration components as well as remuneration history, performance information, disciplinary and complaint data, severe disability, pregnancy incl. notification of supervisory authorities, anniversary, pension claims, notices of termination and notice periods).

This may also include special categories of personal data: health data, health conditions, health and illness data, certificate of incapacity for work.

As a rule, your personal data is collected directly from you as part of the recruitment process or during the employment relationship. In certain constellations, your personal data will also be collected from other offices due to legal regulations. This includes, in particular, occasion-related queries of tax-relevant information at the relevant tax office and information on periods of incapacity to work at the respective health insurance fund. In addition, we may have received data from third parties (e.g. employment agencies).

Human resources development

Within your employment relationship, employee appraisals with superiors take place again and again. These are an integral part of personnel development. The subject of such discussions can be performance appraisals by superiors, salary adjustments, perspective discussions, target agreements for the future, but also agreements on training and further education. The results of employee appraisals are usually documented - electronically or in paper form - and are then part of your personnel file. The same applies to information about your salary adjustment, etc. based on this information. In addition, information about your participation in training measures or the qualification measures you have carried out is stored there. Among other things, we store the following information about you: performance appraisals, salary adjustments, short CVs, objectives, information on further training, training courses and qualifications, and certificates, if applicable.

Recipients of the personal data

Within our company, only those persons and bodies (e.g. specialist departments, works councils, representatives for severely handicapped persons) receive your personal data that they require to fulfil our contractual and legal obligations.

In addition, your data will be transferred to certain companies within our group of companies if these companies centrally perform data processing tasks for the companies affiliated in the group, such as payroll accounting, disposal of files, internal administrative purposes, IT administration, controlling and financial accounting, and information for managers.

Furthermore, we transfer your data to our subsidiaries (also abroad) as far as this is necessary due to your employment relationship.

In addition, we make use of various service providers to fulfil our contractual and statutory obligations, including in particular

Service provider for applicant data management
Personnel service provider
Lawyers, tax consultants, insurance companies
Travel agency

Compliance with data protection regulations in the event of the processing of personal data on a contractual basis is ensured by corresponding contracts pursuant to Article 28 GDPR with the service providers.

In addition, we may transfer your personal data to other recipients outside the company to the extent necessary to fulfil your contractual and statutory obligations as an employer. This could be for example:

Authorities (e.g. pension insurance institutions, professional pension institutions, social insurance institutions, employers' liability insurance associations, tax authorities, courts)
Employee's bank (SEPA payment carrier)
Health insurance company acceptance offices
Posts in order to be able to guarantee entitlements from occupational pension schemes
Jobs in order to be able to pay out the benefits affecting assets
Third party debtors in the event of wage and salary garnishments
Insolvency administrator in the event of a private insolvency

Transfer of data to third countries and to an international organisation

If we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the European Commission to have an appropriate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can request information about this at the above contact information.

Duration of storage

We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, your personal data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code (Handelsgesetzbuch) and the German Tax Code (Abgabenordnung). The storage periods can then be up to ten years. Personal data may also be retained for the period during which the claims can be asserted against the Rhenus Group (statutory limitation period of three or up to thirty years).

Your rights as a data subject

Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).

Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).

Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).

Right to object
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of processing carried out in the public interest and processing carried out on the basis of a balance of interests, including profiling based on this provision.

Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.

Provision of personal data
As part of your employment relationship, you will only be required to provide the personal information that is necessary to enter into and perform the employment relationship or that we are required by law to collect. Without this information, we will not be able to perform the employment contract with you.

Profiling
We partly process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases: Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and crimes that pose a threat to property. Data analysis (e.g. comparison with legally prescribed lists) is also carried out.

SmapOne

Data Protection Information

The following data protection information provides you with general information on the functionality of the app and the processing of data within the scope of using the app.

Responsible Party Within The Meaning Of The Data Protection Laws:

Rhenus Warehousing Solutions SE & Co. KG

Rhenus Platz 1

59439 Holzwickede

Data Protection Officer

If you have any questions regarding data protection law or questions about data processing when using the app, you can reach our data protection officer at:

datenschutz-warehousing[at]rhenus.com

Data Processing During Installation And Use Of The App

Automatic data processing when using the app. After the free installation of the app from the Apple App Store, Google Play Store or Microsoft Store, personal data is processed when the app is opened. This happens automatically without you having to take any further action, such as filling out and sending a contact form. These automated processing operations concern:

Processing The IP Address And Other Device Data

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

When the app is opened, requests are sent to the server which it must answer. For this purpose, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.

Other data collected in this context are:

Platform

Device type

Screen size and resolution

Version of the runtime and the operating system

Language

Unique numbers of the unit that make identification possible are not collected. A unit cannot be distinguished by SmapOne from another unit of the same type.

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) DSGVO.

3. PURPOSE OF THE DATA PROCESSING

The purpose of processing your IP address and other data is to establish and secure the functionality of the app and to make it technically possible to retrieve it.

4. LEGITIMATE INTEREST

Our legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical retrieval option of the app is not possible without this storage.

5. DURATION OF STORAGE

The data is deleted again as soon as further storage is no longer necessary because the purpose has been achieved. This usually occurs after a period of 30 days.

6. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hanover as host of the app, administration and support.

7. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

8. AUTOMATED DECISION MAKING/PROFILING

No automated decision-making or so-called profiling takes place.

Processing Of Server Log Files

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

The IP addresses collected when opening the app are also stored in so-called server log files in order to detect technical faults and/or attempts to manipulate and break into the server structure and to make them remediable.

In addition, the hosting provider automatically collects, stores and processes information in so-called server log files that are automatically transmitted by the app. However, this information is not merged with other data sources.

This information is:

Time of the request

URL

Response Code

Runtime ID of the device

If applicable, the ID of the smap to which the request refers.

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.

3. PURPOSE OF THE DATA PROCESSING

The purpose of processing your IP address and the above information is to detect malfunctions and attempts to gain entry. This serves the security structure of the app and the system integrity of the servers.

4. LEGITIMATE INTEREST

Our legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical environment.

5. DURATION OF STORAGE

The data is deleted as soon as further storage is no longer necessary due to the achievement of the purpose. This is regularly the case after a period of 30 days. After that, only statistical information is retained.

6. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support

7. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

8. AUTOMATED DECISION MAKING / PROFILING

No automated decision-making or so-called profiling takes place.

DATA PROCESSING WHEN ENTERING USER DATA / PROCESSING HISTORY

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

In order to be able to use the app within the scope of the employment relationship, the processing of user data is required. For this purpose, an account must be applied for in the Field Business Intelligence and a registration on the platform of the provider SmapOne must be made with the official e-mail address. After downloading the app, a link to the user account via the official e-mail address is required. The individual actions associated with the registration are processed according to the type of action and date for the purpose of proving that the registration has been completed and linked to a specific licence.

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.

3. PURPOSE OF THE DATA PROCESSING

Unambiguous identification of the authorised use. Verifiability of registration and linkage to a specific licence.

4. DURATION OF STORAGE

The data processed as part of the registration will be deleted when the user account is deleted.

5. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support

6. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

7. AUTOMATED DECISION MAKING / PROFILING

No automated decision-making or so-called profiling takes place.

Use Of Cookies/Usage Analyses

Numerous cookies are processed when using the SmapOne website. Rhenus Warehousing has no influence over these cookies. The responsible party in line with the DSGVO for the processing of the cookies mentioned below is SmapOne AG. SmapOne AG’s data protection information is available at: https://www.smapone.com/datenschutzhinweise/

The following cookies are required to use the SmapOne website.

Name	Purpose	Expiry	Type	Provider
CookieConsent	Saves your consent to the use of cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server. This only affects the content you see and is not evaluated or processed by us.	Session	HTTP	Website
registrationEmail	Used to create a user account in the registration process.	1 hours	HTTP	Website
registrationAsCreator	Used to create a user account in the registration process.	1 hours	HTTP	Website
. AspNet.ApplicationCookie	Platform authorisation cookie.	2 hours	HTTP	Website
ARRAffinity	Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure.	Session	HTTP	Website
ARRAffinitySameSite	Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure.	Session	HTTP	Website
CurrentCulture	Saves the language setting in the corresponding ISO country code.	1 year	HTML	Website
TiPMix	Azure Websites Testing in Production (TiP).	Session	HTTP	Website
__RequestVerificationToken	Prevents attacks for counterfeit cross-site requests (XSRF/CSRF) in ASP.NET Core.	Session	HTTP	Website
x-ms-routing-name	Azure App Service – Forwarding production data traffic.	Session	HTTP	Website
ai_session	This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. It is a unique, anonymous session identifier cookie.	Session	HTML	Website
ai_user	This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. This cookie uniquely identifies a user and counts the number of users who access the app over time.	1 year	HTML	Website

The following optional cookies are activated if the cookies are consented to by default:

Name	Purpose	Expiry	Type	Provider
_gcl_au	Used by Google AdSense to experiment with advertising efficiency on websites.	3 months	HTML	Google
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service. Other possible values indicate opt-out, request in progress or an error retrieving a client ID from the AMP Client ID Service.	1 year	HTML	Google
_dc_gtm_--property-id--	Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests.	2 years	HTML	Google
_ga	Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously.	2 years	HTML	Google
_gat	Used to throttle the rate of queries sent to Google Analytics. It also increases the efficiency of network calls.	10 minutes	HTML	Google
_gid	Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously.	1 day	HTML	Google
_ga_--container-id--	Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests.	2 years	HTML	Google
_gac_--property-id--	Contains information about campaigns for the user. If you have linked your Google Analytics and Google Ads accounts, efficiency measurement elements will read this cookie unless you disable it.	3 months	HTML	Google
_fbp	Used to display a range of advertising products, e.g. real-time bids from third party advertisers.	28 days	HTML	facebook
fr	Used to display a range of advertising products, e.g. real-time bids from third party advertisers.	3 months	HTML	facebook
facebookPixel	If JavaScript is not enabled, this pixel initiates a connection with Facebook.	none	Pixel	facebook
_pk_id	Used for Matomo (Piwik) to store information about users, e.g. unique, anonymised visitor ID.	13 months	HTML	Website
_pk_ref	Used to store the user's originating website information.	6 months	HTML	Website
_pk_ses	Used by Matomo (Piwik) to store the attribution information and referrer originally used to visit the website.	30 minutes	HTML	Website
_pk_cvar	Short-term cookie to store temporary data of the visit.	30 minutes	HTML	Website
_pk_hsr	Short-term cookie to store temporary data of the visit.	30 minutes	HTML	Website
_hjid	Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.	1 year	HTML	Hotjar
_hjFirstSeen	Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.	1 year	HTML	Hotjar
_hjTLDTest	Used to identify the first session of a new user, as well as to recognise returning visitors to our website across domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.	1 year	HTML	Hotjar
UserMatchHistory	Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.	6 months	HTML	LinkedIn
bcookie	Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.	6 months	HTML	LinkedIn
lang	Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.	6 months	HTML	LinkedIn
BizoID	Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.	6 months	HTML	LinkedIn

Cookies can only be selected by clicking on the link: “Detailed Settings” in the pop-up “Information about Cookies.” The optional cookies are not preselected. The cookie selection in question is set with “Save Selection.”

Access To Device Functionalities

The app needs access to the camera to capture images. Images are used to document, for example, damage to the object being examined.

Functionalities Of The App And Individual Processing

Processing history within the framework of working with smaps:

1. Description And Scope Of Data Processing

Smaps and individual data per smap (see processing activity) are derived from the process.

Only the forwarding, assignment and sending of data records are stored in the respective data record. No content editing history is created for the entries.

2. Legal Basis For Data Processing

The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.

3. Purpose Of Data Processing

The purpose of processing the data is to control abuse.

4. Duration Of Storage

The data will be deleted when the user account is deleted.

5. Recipients Of Personal Data

smapOne AG, Freundallee 11a, 30173 Hannover is host of the app, administration and support.

6. Transmission To A Third Country

There is no intention to transfer the personal data to a third country or to an international organisation.

7. Automated Decision-Making/Profiling

No automated decision-making or so-called profiling takes place.

Rights Of The Data Subject

As explained above, we do not process any personal data when you use the app. However, we would like to inform you about your rights under the DSGVO when processing personal data:

If you process personal data, you are the data subject within the meaning of the general data protection regulation. You therefore have rights vis-à-vis the controller. To exercise your data protection rights against us as the data controller, please contact the following e-mail address: datenschutz-warehousing[at]rhenus.com .

1. Right to Information - Art. 15 GDPR

You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed.

If there is such processing, you have the right to access this personal data and to receive the following information:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed;
if possible, the planned period for which the personal data will be stored or, if that is not possible, the criteria for determining the storage period;
the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
any available information on the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, comprehensive information about the logic involved and the scope and intended effects of such processing for the data subject.

In addition, you have the right to request information on whether the personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may also request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to Correction – Art. 16 GDPR

You have the right to obtain from the controller the correction and/or completion of data relating to you without undue delay if the personal data processed is inaccurate or incomplete.

3. Right to Deletion – Art. 17 GDPR

Obligation to Delete:

You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
You have revoked your consent on which the processing was based pursuant to Art. 6 (1) a) or Art. 9 (2) a) GDPR and there is no other legal basis for the processing;
You have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21(2) GDPR;
the personal data concerning you have been processed unlawfully;
the deletion of the personal data concerning you is necessary for compliance with a legal obligation to which the controller is subject under European Union or member state law;
the personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

Exceptions:

A right to erasure does not exist insofar as the processing is necessary;
To exercise the right to freedom of expression and information;
To comply with a legal obligation which requires processing under EU or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller;
for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89
of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
for the assertion, exercise or defence of legal claims.

4. Right to Restriction of Processing – Art. 18 GDPR

You have the right to request the restriction of processing of personal data concerning you under the following conditions:

if you contest the accuracy of personal data concerning you for a period enabling the controller to verify its accuracy;
if the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of its use;
if the controller no longer needs the personal data for the purposes of processing but you need it for the assertion, exercise or defence of legal claims; or
if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data relating to you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or due to substantial public interest on the part of the European Union or a member state. If the restriction of processing has itself been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.

5. Right to Information – Art. 19 GDPR

If you have exercised one of your rights to rectification, deletion or restriction of processing, we are obliged to communicate the rectification, erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

6. Right to Data Portability – Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, as long as:

a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and

(b) the processing is carried out with the aid of automated procedures.

In exercising this right to data portability, you also have the right to ensure that the personal data concerning you is transferred directly from one controller to another insofar as this is technically feasible.

7. Right of Objection – Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.

8. Right to Revoke the Declaration of Consent under Data Protection Law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Right to Complain to a Supervisory Authority – Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the general data protection regulation.

The supervisory authority with which you lodge a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

This data protection notice will be updated at regular intervals.

RIS

Personal data is processed when using the RIS (Rhenus Integration System) application athttps://ris.ssl.rhenus.com

and the RISng (RIS Next Generation) application at ng.ris.rhenus.com.

This data protection notice informs you in accordance with Articles 12, 13 of the GDPR about the type and scope of the processing we carry out when you visit our web portal.

I. The controller within the meaning of data protection laws is:

Rhenus Warehousing Solutions SE & Co. KG

Rhenus-Platz 1

59439 Holzwickede

Germany

II. Contact details of the data protection officer

If you have any questions regarding the processing of your personal data by us, please feel free to contact our data protection officer by email:

datenschutz-warehousing[at]rhenus.com

III.Automatic data processing when opening RIS viahttps://ris.ssl.rhenus.com and RISng (RIS Next Generation) viahttps://ng.ris.rhenus.com.

Personal data is processed as soon as the page is accessed, regardless of the RIS modules used. This happens automatically without you having to take any further action, such as filling out and sending a contact form.

This automated processing concerns:

Processing of the IP address

1. Description and scope of data processing

When you access this page, requests are sent to the server, which it must respond to. To do this, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.

2. legal basis for data processing

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.

3. purpose of data processing

The purpose of processing your IP address is to establish and ensure the functionality of the application and to technically enable retrieval.

4. legitimate interest

The legitimate interest in the temporary storage of the IP address is that the functionality and provision of the technical retrieval option of the application are not possible without this storage.

5. duration of storage

The data will be deleted as soon as further storage is no longer necessary due to the purpose being achieved. This is regularly the case after a period of 5 days.

6. recipients of personal data

Rhenus Assets & Services GmbH & Co. KG Operation Data Center

Rhenus Assets & Services GmbH & Co. KG RIS Team

7. transfer to a third country

There is no intention to transfer personal data to a third country or an international organization.

8. Provision

The provision of data is necessary because otherwise the application cannot be accessed.

9. Automated decision-making/profiling

There is no automated decision-making or profiling.

Processing of server log files

1. Description and scope of data processing

The IP addresses collected when the application is accessed are also stored in so-called server log files in order to detect technical faults and/or attempts to manipulate and break into the server structure and to make them rectifiable.

In addition, the hosting provider of this application automatically collects, stores and processes information in so-called server log files, which are automatically transmitted by your browser.

This information includes:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request

This information is not merged with other data sources.

Sentry

The RISng application uses the Sentry tool to monitor errors and improve the user experience.

The following data is collected:

IP address: for identification and error analysis
Browser and device metadata: Information about the browser used, the operating system and the end device
User actions: Mouse and keyboard interactions to create replays to understand user behavior
Error messages and logs: Data about errors that occur, including details about affected components and application states
User feedback: When this function is activated, users can leave feedback and comments that are also processed

This information is not merged with other data sources.

The collected data is stored for a period of 5 days and then automatically deleted, unless it is required for further troubleshooting.

2. legal basis for data processing

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.

3. purpose of data processing

The purpose of processing your IP address and the above information is to detect malfunctions and intrusion attempts. This serves the security structure of the application and the system integrity of the servers.

4. legitimate interest

The legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical application environment.

5. duration of storage

The data will be deleted within 5 days.

6. Recipient of personal data

Rhenus Assets & Services GmbH & Co. KG Operation data center

Rhenus Assets & Services GmbH & Co. KG RIS team

7. Transfer to a third country

It is not intended to transfer personal data to a third country or to an international organization.

8. Provision of data

The provision of data is necessary because otherwise the application cannot be accessed.

9. Automated decision-making/profiling

No automated decision-making or profiling takes place.

Use of cookies

1. Description and scope of data processing

This website uses cookies. Cookies are text files that are stored in the memory and/or on a storage medium of the device you are using to visit the site and are processed by your internet browser in accordance with the settings stored there. We only use cookies that are technically necessary on our site.

The content of these cookies is as follows:

RIS cookies

1. clientID (TTL 1 day)

Generic session ID of a client. Can be assigned to a client (browser) but not to a user.

2. .ASPXFORMSAUTH (TTL 1 day)

Authentication token generated by ASP for RIS2.5 (registered user)

3. AuthToken (TTL 1 day)

Authentication token generated for RIS3 (registered user)

4. RISbenutzer (TTL 1 day)

The logged-in user in plain text (firstname.lastname)

5. SSO_Auth (TTL 1 month)

Y/N, depending on whether the login was via SSO

6. RISLANG (TTL 1 day)

The language selected by the user

Application cookies

1. BR-*(e.g. BR-a0f7d11d-a6a0-427c-8b30-072c5307214f, TTL 8 hours)

Application-specific authentication token that controls access to the backends.

The data here is user ID (firstname.lastname), internal ID (UUID), JWT standard properties (iat, exp, iss, sub)

and a user's authorizations (not in all applications)

2. UI-* (e.g. UI-a0f7d11d-a6a0-427c-8b30-072c5307214f, TTL 8 hours)

Application-specific authentication token that controls access to the frontends.

The data here includes the user ID (firstname.lastname), internal ID (UUID), JWT standard properties (iat, exp, iss, sub)

and a user's authorizations (not in all applications)

3. MsUserRefreshToken (TTL 12 hours)

Global refresh token that is used to renew an expired authentication. It includes the user ID

(firstname.lastname), internal ID (UUID) and the JWT standard properties (iat, exp, iss, sub)

4. MsUserAuthToken (TTL 1 hour)

Global authentication token that controls access to the backends. The data here is user ID (firstname.lastname),

internal ID (UUID), JWT standard properties (iat, exp, iss, sub)

5. *Lang (e.g. TeleflexReportingLang, TTL 1 hour)

The language selected by the user

RISng cookies

1. _ris_claim_prod_sso (TTL 1 hour)

User ID in the system

2. AUTH_SESSION_ID (session)

This cookie is used to keep track of the user's current authentication session. It contains a session ID that is generated by the to uniquely identify the authentication session. This cookie is essential for managing and maintaining the user session and ensuring that the user remains authenticated during the session.

3. AUTH_SESSION_ID_LEGACY (Session)

This cookie is an older version of the AUTH_SESSION_ID cookie. It is used for backwards compatibility or in scenarios where older versions of the cookie are necessary to manage the authentication session.

4. KC_RESTART (Session)

This cookie is used when the authentication process is restarted for any reason. It contains information needed to resume the authentication flow in case the process is interrupted or

additional input is needed, such as selecting an identity provider or entering a second authentication factor.

5. KEYCLOAK_LOCALE (Session)

This cookie stores the user's language settings. It is used to store the user's preferred language so that the user interface and messages can be displayed in the desired language. This improves the user experience by ensuring consistent localization throughout the session.

2. Legal basis for data processing

The legal basis for the processing is Art. 6 para. 1 lit. f) DSGVO.

3. Purpose of data processing

These cookies contain technical information for the provision of website functionalities in the context of use. This enables the technical realization of the website and application.

4. Legitimate interest according to Art. 6 para. 1 lit. f) DSGVO

The use of these cookies is necessary to provide the user with a functionality that meets his expectations.

5. Duration of storage as well as objection and removal options

If session cookies are processed, they will be automatically deleted from your browser cache/memory by your computer after you have finished visiting our website and/or closed your browser, provided that you have activated this functionality in your browser.

Please check the settings of your internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your internet browser also allows you to control the handling of cookies or to disable them altogether. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all of the website's functions can be used to their full extent.

The storage period for other cookies can be found in the description.

6. recipients of personal data

Rhenus Assets & Services GmbH & Co. KG Operation of data center

7. transfer to a third country

It is not intended to transfer personal data to a third country or to an international organization.

8. requirement for the provision of data

The provision of data is necessary because otherwise the application cannot be accessed.

9. Automated decision-making/profiling

No automated decision-making or profiling takes place.

Processing of personal data during login/registration/logging independent of the RIS modules

1. Description and scope of data processing

Access is requested via the ticket system, exclusively by Rhenus employees, and checked and created manually by the RIS team. Alternatively, admins at the respective Rhenus locations create users.

The following data is processed as part of registration:

First name, last name*
Company name* (YM / PM only)
Street, house number* (YM / PM only)
Postcode* (only YM / PM)
Town/City* (only YM / PM)
Country* (only YM / PM)
Email address*
Telephone number (only YM / PM)
Location * (only RIS)
Client * (only RIS)

The fields marked with an asterisk (*) are mandatory and cannot be completed without filling in the missing information.

We need this information to verify the requested access to our portal and thus to the information contained therein and accessible to registered users as part of a plausibility check.

When the data is simply entered into the form, which is done exclusively by Rhenus employees, no data is transmitted to us yet; this only happens after the “Create” button has been clicked.

A user cannot create an account for themselves at any time.

Work in the system:

When editing/changing data records within the application, the following data is always processed by the system:

cname: creator (ben_id) of a data record (also for authorization and revision)

uname: last change of a data record (ben_id)

2. legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The processing of personal data in the context of registration, use and logging serves the purpose of enabling the secure use of our application. Logging the entries is essential for IT security reasons in order to detect manipulations to the data records and, if necessary, to be able to track/correct them. The purpose is also to provide registered users with necessary information.

4. legitimate interest

The company's legitimate interest lies in fulfilling IT security requirements.

5. duration of storage

The user account and the data transmitted for registration will be deleted immediately upon request by the registered person.

The data processed through use will be deleted within six months after it is no longer required for the purpose for which it was collected or is no longer subject to any further statutory retention requirements (e.g. 10 years according to the German Tax Code, 6 years according to the German Commercial Code).

6. recipients of personal data

Rhenus Assets & Services GmbH & Co. KG Data Center

Rhenus Assets & Services GmbH & Co. KG - Technical Operations - Database Administration

Rhenus Warehousing Digital Solutions GmbH & Co. KG – RIS-Team

7. Transfer to a third country

It is not intended to transfer personal data to a third country or to an international organization.

8. Necessity of the provision

The provision of the data is necessary, otherwise we will not be able to create a customer account.

9. Automated decision-making / profiling

No automated decision-making or profiling takes place.

Data processing within the RIS modules

1. Description and scope of data processing

The RIS offers various modules. Depending on the rights and tasks of the users, these modules are accessible and visible in different ways. The type of data processed can vary depending on the module. The following modules are available:

Logistics controlling

Description: Logistics controlling includes an automated key figure system and tools for the branch office for guided and structured communication between the branch office and the branch office's customers. Reports, invoices and KPIs are mapped with the help of the collected key figures. The data is automatically pulled from WMS systems using SQL queries and stored as a numerical value in the RIS system. In the billing environment, it is possible to record audit-proof manual key figures, which in turn are required for billing purposes.

Data: Logistics controlling collects data from warehouse management systems. All data is stored in the form: day, key figure, value. Personal conclusions can no longer be drawn here.

Processing purpose: The branch and the customer of the branch require key figures to ensure operations, to be able to charge for the services provided by Rhenus and also to enable the customer to evaluate the services provided in the form of KPIs.

Yard management / person management

Description: Notification/registration of vehicles and employees/visitors on the premises of the respective location

Data: Creator (name), person visited (first name, name), driver's name, case worker

Purpose of processing: Emergency list, which persons and vehicles are on the premises

Master data

Description: Linking Rhenus ID to security database

Data: Creator (name), processor (name)

Purpose of processing: Linking Rhenus ID to security database

NCR module

Description: Managing clarification cases

Data: Order items, status of clarification case, creator, last editor, description of damage (selection), solution (selection), comment (free text), storage location

Purpose of processing: Simplifying the solution of clarification cases, overview of clarification cases, quick communication with the customer, revision

Open Eyes

Description: Recording of measures (capacities) for locations with pharmaceutical monitoring

Data: Creator (name), processor (name),

processing purpose: revision

The RISng offers various modules. Depending on the rights and tasks of the users, these modules are accessible and visible in different ways. The type of data processed can vary depending on the module. The following modules are available:

Claim Workflow

Description: Managing clarification cases

Data: Order items, status of the clarification case, creator, last editor, description of the damage (selection), solution (selection), comment (free text), storage location

Purpose of processing: Simplifying the solution of clarification cases, overview of clarification cases, quick communication with the customer, revision

2. Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) (f) GDPR.

3. Legitimate interest

The legitimate interest in the processing of the data lies in the fact that the company has to fulfill the contractual obligations arising from the contract with the respective employer of the user.

4. Duration of storage

The data will be deleted within six months after they are no longer required for the purpose of their collection or are no longer subject to any further statutory retention requirements (e.g. 10 years according to the German Tax Code, 6 years according to the German Commercial Code).

5. recipients of personal data

Rhenus Assets & Services GmbH & Co. KG Data Center

Rhenus Assets & Services GmbH & Co. KG - Technical Operations - Database Administration

Rhenus Warehousing Digital Solutions GmbH & Co. KG – RIS-Team

6. Transfer to a third country

There is no intention to transfer personal data to a third country or to an international organization.

7. Necessity of the provision

The provision of the data is necessary because otherwise the modules cannot be used.

8. Automated decision-making / profiling

No automated decision-making or profiling takes place.

Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the General Data Protection Regulation. Therefore, you have the following rights vis-à-vis the controller.

To exercise your rights as a data subject vis-à-vis us as the controller, please contact the following e-mail address:datenschutz-warehousing[at]rhenus.com

I. Right of access – Article 15 of the GDPR

You have the right to request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing has occurred, you have the right to information about this personal data and to the following information:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

You also have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you can also request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

II. Right to rectification – Art. 16 GDPR

You have the right to request the data controller to correct and/or complete the data concerning you without undue delay if the personal data processed is incorrect or incomplete.

III. Right to erasure – Art. 17 GDPR

Erasure obligation:

You have the right to request the erasure of your personal data without undue delay at any time if one of the following reasons applies:

the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you have withdrawn the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the DPA, and there is no other legal basis for the processing;
You have objected to processing pursuant to Article 21(1) and there are no overriding legitimate grounds for processing, or you have objected to processing pursuant to Article 21(2) GDPR;
Your personal data have been unlawfully processed;
the deletion of personal data concerning you is required to fulfill a legal obligation under Union or national law to which the controller is subject;
the personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Exceptions:

There is no right to deletion insofar as the processing is necessary

to exercise the right to freedom of expression and information;
to fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which the controller is subject, or
to carry out a task that is in the public interest or in the exercise of official authority that has been transferred to the controller;
for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the assertion, exercise or defense of legal claims.

IV. Right to restriction of processing – Art. 18 GDPR

You have the right to request the restriction of the personal data concerning you under the following conditions:

if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
if the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
if the controller no longer needs the personal data for the purposes of the processing, but you need it to establish, exercise or defend legal claims, or
if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the controller outweigh your reasons.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing restriction has been restricted due to the stated conditions, you will be informed by the controller before the restriction is lifted.

V. Right to notification – Art. 19 GDPR

If you have exercised one of your rights to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.

VI. Right to data portability – Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
b) the processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible.

VII. RIGHT TO WITHDRAW THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW

VIII. RIGHT TO OBJECT - ART. 21 DSGVO

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the option, in the context of the use of information society services – notwithstanding Directive 2002/58/EC – of exercising your right to object by automated means using technical specifications.

IX. Right to lodge a complaint with a supervisory authority – Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

The supervisory authority to which you submit a complaint must inform you, as the complainant, about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.

This data protection notice is updated at regular intervals.

How can we help you?

We’re here to help! Click below to get in touch with our team and let’s make things happen.

Contact

Information according to Article 13 GDPR

Your trust is our priority – explore the details below to learn more.

Your rights as a data subject

Your rights as a data subject

Your rights as a data subject

Your rights as a data subject

Your rights as a data subject