3 For what purposes and on what legal basis do we process personal data?
If you browse our website or otherwise contact us, we receive personal data from you.
In general, we process data on the basis of the following regulations:
If you give us your express consent (Art. 6 (1) lit a GDPR), e.g. if you want us to contact you directly, to fulfil our contractual obligations (Art. 6 (1) lit b GDPR), e.g. if you purchase and use a product. We are subject to various legal obligations as a company (Art. 6 (1) lit c GDPR). For example, we are obliged under tax and commercial law to retain certain documents. We also process data on the basis of a legitimate interest on our part or that of third parties (Art. 6 (1) lit f GDPR). This includes data processing for purposes of IT security and fraud prevention.
3.1 Data processing on our website
3.1.1 Contact
You can use our e-mail address or telephone to ask us questions and send us messages. We only process your data in order to contact you in the way you have requested and to process your enquiry. The legal basis is Art. 6 (1) lit b or f GDPR.
3.1.2 Career
You can apply electronically by e-mail or via the career portal to us or to the German companies affiliated with us in the Group. We only collect data that is necessary for the application process and data that you voluntarily send to us. Your data will only be used to process your application. Please note that e-mails sent unencrypted are not transmitted with access protection. If you apply via our career portal, end-to-end encryption is guaranteed.
If you have applied for a specific position and this position has already been filled or we consider you to be equally or even more suitable for another position, we would like to forward your application within the company. Please let us know if you do not agree to your application being forwarded. For the same reasons, we would like to forward your application to a German company affiliated with us in the Group. We will only do this if you have given us your consent.
Your personal data will be deleted immediately after completion of the application process, or after a maximum of 6 months, unless you have expressly given us your consent to store your data for longer or a contract has been concluded. The legal basis is Art. 6 (1) lit a, b and f GDPR and § 26 BDSG (Federal Data Protection Act)
3.1.3 How cookies are used on this website?
When you visit our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie. They are necessary in order to display the website and its contents correctly. We also use cookies to identify you for subsequent visits if you have an account with us. This is technically necessary and the correct display and functioning of the website is also in our legitimate interest. Otherwise, you would have to log in again for each visit. The legal bases are § 25 (2) no. 2 TTDSG (Telecommunications Telemedia Data Protection Act) and Article 6 (1) lit. f GDPR.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient Cookies
These cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
Persistent Cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
Cookies Refusal
You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.
4 Will my data be transmitted to third parties?
In order for us to process your data in accordance with the purposes described above, it may be necessary for other recipients to be able to view and process your data.
4.1 Recipients within the Riva Group
In special cases it may be necessary for us to process your data group-wide. In addition to us, the German companies of the Riva Group are H.E.S. Hennigsdorfer Elektrostahlwerke GmbH, B.E.S. Brandenburger Elektrostahlwerke GmbH and Betonstahl Lampertheim GmbH. The foreign companies of the Riva Group are listed in the legal notice on our website at: https://www.rivastahl.com/de/konzern/die_riva-gruppe . However, data processing by companies affiliated with us within the Riva Group only takes place if we have legal authorisation to do so. This is the case, for example, when other companies in the Riva Group work for us within the scope of commissioned processing.
4.2 External service providers (processors)
Your data will be passed on to service partners if they work on our behalf and support us by providing their services. These external service providers are - IT service providers (e.g. maintenance service providers, hosting service providers) - Service providers for the destruction of records and data. If you have any further questions about the individual recipients, please contact us at: dsgvo.de@rivagroup.com
A processing of your personal data by external service providers takes place as part of order processing according to Art. 28 GDPR.
5 Will my data be processed outside the EU and how will data protection be ensured?
We attach great importance to processing your data within the EU/EEA. However, due to the configuration of the IT infrastructure, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject (such as the EU-US Data Privacy Framework). In particular, your personal data may be transferred to Switzerland, a country for which the EU Commission has adopted an adequacy decision in accordance with Art. 45 of the GDPR.
6 How long will my data be stored?
We delete your personal data as soon as the purpose of storage no longer applies and statutory retention periods do not prevent deletion.
7 What rights do I have and how can I assert them?
You have the following rights vis-a-vis us with regard to your personal data:
7.1 General rights
You have the right of access, rectification, erasure, restriction of processing, objection to processing and right to data portability. As far as processing is based on your consent, you have the right to revoke it with effect for the future.
7.2 Rights in data processing based on legitimate interest
Pursuant to Art. 21 (1) GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 (1) lit e GDPR (data processing in the public interest) or Article 6 (1) lit f GDPR (data processing to safeguard a legitimate interest). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
7.3 Rights in case of direct marketing
If we process your personal data for the purpose of direct marketing, you have the right under Art. 21 (2) GDPR to object at any time to the processing of your personal data for the purpose of such marketing.
If you object to the processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
7.4 Right to lodge a complaint with a supervisory authority
You also have the right to complain to a competent data protection supervisory authority about the processing of your personal data by us.
8 Miscellaneous
8.1.1 Changes to the Data protection declaration
This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. Changes will be announced on this page in good time. This page should be accessed regularly to keep up to date with the current status of our privacy policy.
8.1.2 Links to other websites
Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the our websites. We have no control over and do not check whether other providers comply with the applicable data protection regulations.
