Privacy

Data Protection Information
raycap.de

We, Raycap GmbH provide our website under the web address www.raycap.de.

In context with the website and the services provided on the website, we process personal data.

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

In Section A of this Data Protection Information we provide you with information about the controller responsible for the processing of your personal data and the controller’s data protection officer.

In Section B you find information about the processing of your personal data.

In Section C you find more detailed information on the use of cookies or similar technologies.

In Section D you further find information on your rights regarding the processing of your personal data.

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. You will find more detailed information about this in Section E.

I. Identity and contact details of the controller

Raycap GmbH

Parkring 11, 85748 Garching, Germany
E-Mail: info@raycap.de
Phone: +49 89 360 8958 00
Fax: +49 89 360 8958 29

II. Contact details of the controller’s data protection officer

Thomas Lang

c/o INTARGIA Managementberatung GmbH, Dreieich Plaza 2A, 63303 Dreieich, Germany
E-Mail: dpo@raycap.de
GDPR@raycap.com
Phone: +49 6103 5086 0

When our website is used purely for information purposes, certain information, such as your IP address, is for technical reasons sent from your end device to our website’s web server. We process this information in order to provide the website content requested by you and to ensure the security of the IT infrastructure used to provide the website. 

Our website uses ‘PHP scripts’ to provide the website content requested by you. In order to run the PHP scripts, an active connection is established between your end device and the our website’s web server (‘session’). For this purpose, session information is stored in cookies (→ Section C) on your end device. The cookies and the information stored in them can be read during your visit to our website in order to provide you with the website content you have requested using PHP scripts.

Information about your product selection is stored in cookies (→ Section C) on your end device to provide our website’s product selection functions. The cookies and the information stored in them may be read during your visit to our website in order to provide you with the information you have requested about the products you have selected.

In order to provide our website’s search functions, we process data that you enter in search forms on our website in order to provide you with the search results for search terms you have entered.

In order to provide the privacy settings functions for our website (e.g. for granting or revoking consent for the use of certain cookie-based technologies), information on your privacy settings is stored in cookies (→ Section C) on your end device. The cookies and the information stored in them can be read during your visit to our website so that your privacy settings can be taken into account when you use our website.

If you have given your consent, information on your language selection will be stored in cookies (→ Section C) on your end device to provide our website’s language selection functions. The cookies and the information stored in them can be read during your visit to our website in order to provide you with the website content you have requested in the language you have selected

You receive more detailed information on this below:

Categories of personal data processed Personal data included in the categories Sources of the data Obligation of the data subject to provide the data Storage duration
HTTP data Protocol data created via the Hypertext Transfer Protocol (Secure) (HTTP(S) for technical reasons when the website is visited:

These include IP address, type and version of your Internet browser, operating system used, page visited, last site accessed before visiting the website (referrer URL), date and time of visit.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website content requested by you.

The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.

PHP session data Data on the your end device’s active connection to our website’s web server (‘session’).

These include a unique ID to identify your session (‘session ID’).

These data are stored in cookies on your end device (→ Section C) and can be read during the visit to the website

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website content requested by you.

We only process these data temporarily for the duration of the website visit.

(Please refer to Section C.III. for information on the validity period of the cookies stored on your end device.)

Product selection data Data created when our website’s product selection functions are used:

These include the products selected by you.

These data are stored in cookies on your end device (→ Section C) and can be read during the visit to the website.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website’s product selection function. This means that you cannot select any products and we cannot provide you with any information about our products.

We only process these data temporarily for the duration of the website visit.

(Please refer to Section C.III. for information on the validity period of cookies stored on your end device.)

Search function data Data created when our website’s search function is used:

These include all information you enter on the website as search terms in the relevant search form.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website’s search function. This means that we cannot provide you with any search results for search terms you have entered.

The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.

 

Language selection data Data created when our website’s language selection function is used:

These include the language selected by you.

These data are stored in cookies on your end device (→ Section C) and can be read during the visit to the website.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website’s language selection function. This means that we cannot provide the website content requested by you in the language selected by you.

We only process these data temporarily for the duration of the website visit.

(Please refer to Section C.III. for information on the validity period of cookies stored on your end device.)

Purpose of processing the personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Provision of the content of our website requested by the user:

Data are temporarily processed on our web server for this purpose.

Our website uses ‘PHP scripts’ to provide the website content requested by you. In order to run the PHP scripts, an active connection is established between your end device and the our website’s web server (‘session’).

For this purpose, session information is stored in cookies (→ Section C) on your end device. The cookies and the information stored in them can be read during your visit to our website in order to provide you with the website content you have requested using PHP scripts.

HTTP data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

Our legitimate interest is the provision of the website content requested by the user.

Hosting provider

Marketing agency

Ensuring the security of the IT infrastructure used to provide our website, in particular to identify, eliminate and document disruptions (e.g. DDoS attacks) for evidence purposes:

For this purpose, data are temporarily stored in log files and automatically analysed on our web server.

HTTP data

Search function data

No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

Our legitimate interest is ensuring the security of the IT infrastructure used to provide our website, in particular to identify, eliminate and document disruptions (e.g. DDoS attacks) for evidence purposes.

Hosting provider

Marketing agency

Provision of our website’s product selection functions:

Data are temporarily processed on our web server for this purpose.

Product selection data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

Our legitimate interest is providing our website’s product selection functions requested by the user.

Hosting provider

Marketing agency

Provision of our website’s search functions:

Data are temporarily processed on our web server for this purpose.

Search function data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

Our legitimate interest is providing our website’s search functions requested by the user.

Hosting provider

Marketing agency

Provision of the privacy settings functions for our website:

Your consent is required for certain functions of our website (e.g. for the use of certain cookie-based technologies).

We provide privacy settings functions for our website for the granting and, where applicable, the revoking of your consent.

For this purpose, information on your consents is stored in cookies (→ Section C) on your end device and can be read when our website is visited to identify whether and which consents you have given.

Privacy settings data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

Our legitimate interest is providing our website’s privacy functions.

Hosting provide

Marketing agency

Provision of the website’s language selection functions:

When you visit our website, we identify whether you have already selected a specific language for our website to provide the website content requested by you, where applicable, in the language selected by you.

For this purpose, information on your language selection is stored in cookies (→ Section C) on your end device and can be read when our website is visited to identify which language you have selected.

Language selection data No automated decision-making takes place. Point (a) of Article 6 (1) of the General Data Protection Regulation (consent). Hosting provider

Marketing agency

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting provider:

BIOHOST – Lars-Helge Wilbrandt

Nahrungsberg 70, 35390 Gießen, Germany

Processor EU
Marketing agency:

Elfgen Pick GmbH & Co. KG

Werner-Heisenberg-Straße 4, 86156 Augsburg, Germany

Processor EU

 

On the website we offer you the possibility of contacting us using contact forms. We only process the information provided by you in the contact forms to handle your request. We may, if necessary, also store the information for evidence purposes for the establishment, exercise or defence of any legal claims or to comply with statutory retention obligations, especially pursuant to commercial and tax law.

You receive more detailed information on this below:

Categories of personal data processed Personal data included in the categories Sources of the data Obligation of the data subject to provide the data Storage duration
HTTP data Protocol data created via the Hypertext Transfer Protocol (Secure) (HTTP(S) for technical reasons when the contact forms are accessed on the website:

These include IP address, type and version of your Internet browser, operating system used, page visited, last site accessed before visiting the website (referrer URL), date and time of visit.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot provide the website content requested by you.

The data are stored in server log files in a form that allows data subjects to be identified for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.

Contact form data Data that you provide us with in contact forms on the website:

These include information that you provide us with in the relevant contact form on the website. These can above all include the following data: name, date of birth, address, telephone number, email address and the content of your request.

Website user The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot handle your request.

Data are stored until your request has been handled.

We store these data for evidence purposes for the establishment, exercise or defence of any legal claims and also for an interim period of three years commencing at the end of the year in which you provided us with the data and in the event of any legal disputes until such have been concluded.

We also store these data longer if we are legally required to do so, especially pursuant to commercial and tax law. Depending on the type of documentation, document retention requirements can be six or ten years pursuant to commercial or tax law  (section 147 German Tax Code Abgabenordnung (AO), section 257 German Commercial Code Handelsgesetzbuch (HGB).

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Provision of our contact forms on the website:

Data are processed temporarily on our web server for this.

HTTP data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interests subject to a balancing of interests):

Our legitimate interest is providing the website content requested by the user.

Hosting provider

Marketing agency

Handling your request Contact form data No automated decision-making takes place. If your request relates to a contract to which you are a party or the implementation of pre-contractual measures

Point (b) of Article 6(1) of the General Data Protection Regulation (performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

Otherwise:

Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

In this case, our legitimate interest is handling your request.

Storage and processing for evidence purposes for the establishment, exercise or defence of any legal claims. Contact form data No automated decision-making takes place. Point (f) of Article 6(1) of the General Data Protection Regulation (safeguarding a legitimate interest subject to a balancing of interests):

In this case, our legitimate interest is the establishment, exercise or defence of legal claims.

Storage of data in order to meet statutory document retention requirements, in particular commercial and tax law document retention requirements:

Depending on the document type, commercial and tax law document retention requirements of six or ten years can exist (section 147 German Fiscal Code (Abgabenordnung – AO), section 257 German Commercial Code – Handelsgesetzbuch – HGB)).

Contact form data No automated decision-making takes place. Point (c) of Article 6(1) of the General Data Protection Regulation (compliance with a legal obligation).
Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting provider:

BIOHOST – Lars-Helge Wilbrandt

Nahrungsberg 70, 35390 Gießen, Germany

Processor EU
Marketing agency

Elfgen Pick GmbH & Co. KG

Werner-Heisenberg-Straße 4, 86156 Augsburg, Germany

Processor EU

We use cookies in connection with the website and the offers made on the website. We use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

You will find more detailed information on this below.

Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the website is visited again with the same device, the cookie and the information it contains can be retrieved.

 

1. First-party and third-party cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookies Cookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller
Third-party cookies Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

 

2. Transient and persistent cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

Transient cookies

(Session cookies)

Cookies that are automatically deleted when you close your browser
Persistent cookies Cookies that remain stored on your device for a certain period of time after the browser is closed

 

3. Consent-free cookies and cookies requiring consent

Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookies Cookies that have as their sole purpose to transmit a message using an electronic communication network

Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (“strictly necessary cookies”)

Cookies requiring consent Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

1. Granting and revoking consent to the use of cookies in our website’s privacy settings

If consent is required for the use of certain cookies, we only use these cookies if you have granted your prior consent. For information on whether consent is required for the use of a cookie, please refer to the information on the cookies used on this website in Section C.III. of this Data Protection Information.

The first time you visit our website, a pop-up for privacy settings appears. In the privacy settings you can grant consent to the use of cookies requiring consent and the processing of your personal data made possible by this. Instead, you can also continue to use the website without consent. In this case we only use cookies for which no consent is required.

You can access our website’s privacy settings at any time via the link contained in this Data Protection Information and in the footer of our website. In the privacy settings, you can revoke or reissue the consent you have given at any time

We store whether you have granted your consent, and if so, which consent you have granted, in the form of (strictly necessary) cookies (‘privacy settings cookies’) on your end device. The privacy settings cookies have a limited validity period of 12 months. After expiry of the validity period, or if you delete the cookies manually beforehand, we will show you the banner for privacy settings for our website again.

Cookies that are strictly necessary cannot be deactivated in our website’s privacy settings. However, you can deactivate these cookies generally in your browser at any time.

2. Managing cookies using browser settings

You can also manage the use of cookies in your browser’s settings. Different browsers offer different ways to configure the browser’s cookie settings. You can find more detailed information about this at https://www.allaboutcookies.org/manage-cookies/.

However, we would like to point out that some functions of the website may not function or no longer function properly if you generally deactivate cookies in your browser.

The following cookies may be used on this website:

Designation First-party/third-party Purpose and content Validity period Consent required
Privacy settings cookies
viewed_cookie_policy,

cookielawinfo-checkbox-necessary,

cookielawinfo-checkbox-non-necessary

test_cookie

First-party These cookies are strictly necessary to provide our website’s privacy functions (Section B).

The cookies store information on whether, and if so, which consents you have granted at what time.

Persistent:
12 months
No
PHP session cookies
PHPSESSID First-party This cookie is strictly necessary to provide the website content requested by you using PHP scripts (Section B).

The cookie store an unique ID to identify your device’s active connection to our website’s web server (‘session ID’).

Transient No
Product selection cookies
woocommerce_cart_hash First-party This cookie is strictly necessary to provide our website’s product selection functions (Section B).

The cookie stores information on the products selected by you.

Transient No
Language selection cookies
qtrans_front_language First-party This cookie is used to provide our website’s language selection functions (Section B) to store your individual language selection for the website for a period of 12 months, even beyond the duration of the individual session, in order to provide you with the website content you have requested in the language you have selected.

The cookie stores information on your individual language selection.

Persistent:
12 months
Yes

As a data subject, you have the following rights with regard to the processing of your personal data:

  • Right of access (Article 15 of the General Data Protection Regulation)
  • Right to rectification (Article 16 of the General Data Protection Regulation)
  • Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation)
  • Right to restriction of processing (Article 18 of the General Data Protection Regulation)
  • Right to data portability (Article 20 of the General Data Protection Regulation)
  • Right to object (Article 21 of the General Data Protection Regulation)
  • Right to withdraw consent (Article 7 paragraph 3 of the General Data Protection Regulation)
  • Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)

You may contact us for the purpose of exercising your rights using the contact information in Section A.

Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Information.

Below you find more detailed information on your rights with regard to the processing of your personal data:

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the General Data Protection Regulation.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the General Data Protection Regulation).

You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the General Data Protection Regulation.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the General Data Protection Regulation).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the General Data Protection Regulation).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the General Data Protection Regulation).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the General Data Protection Regulation.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the General Data Protection Regulation).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to restriction of processing in Article 18 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to Article 6 paragraph 1 point (b) of the General Data Protection Regulation and the processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).

You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to Article 6 paragraph 1 point (b) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation).

You can find the full extent of your right to data portability in Article 20 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Data Protection Information.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Information.

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the General Data Protection Regulation.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation.

The full scope of the definitions of the General Data Protection Regulation can be found in Article 4 of the General Data Protection Regulation, which can be downloaded from the foll

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Data Subject” means the respective identified or identifiable natural person, to which the personal Data refers to;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

“Third country” means a country which is not a member state of the European Union (“EU”) or the European Economic Area (“EEA”);

“Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The effective date of this Data Protection Information is July 28, 2020.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.

An up-to-date version of this Data Protection Information can be retrieved at any time at https://raycap.de/datenschutzinformationen/.