Data protection

In accordance with Art. 12 et seq. and Art. 13 GDPR, this data protection declaration informs you about the processing of personal data when you visit the RICON GmbH & Co. KG website and about your data protection rights.

Personal data is any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR), such as name, contact details, IP address or usage behavior. Processing exists when such data is collected, stored, transmitted, changed or deleted (Art. 4 No. 2 GDPR).

Your data is processed in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR), the Telecommunications Telemedia Data Protection Act (TTDSG) and other applicable standards.

RICON GmbH & Co. KG processes personal data from website visitors for the technical provision and optimization of the website and to process incoming inquiries. In addition, processing may take place if you have a separate relationship with us — for example as a customer, supplier, interested party, applicant or employee. In these cases, additional data protection notices apply, which are referred to separately:

Below, we provide you with detailed information about the type, scope, purposes, legal bases and recipients of the respective processing operations in connection with your visit to our website.

1. Who is responsible for this website?

The responsible person within the meaning of Art. 4 No. 7 GDPR is:

RICON GmbH & Co. KG

Lüneburger Strasse 1

49597 Rieste

email: info@ricon.de

telephone: +49 5491 9692-0

If you have any questions about data protection, you can contact our data protection officer at any time:

Carla Holterhus

Email: datenschutz[at]ricon.de

2. How is your data processed when you visit this website?

2.1 Data required to display the website and to ensure its stability and security.

When you access this website, certain data is automatically processed that is necessary for the technical provision, stability and security of the website. It concerns:

  • the IP address of the requesting device,
  • date and time of access,
  • the URL or file accessed,
  • the amount of data transferred,
  • the access status (e.g. successful transfer, error message),
  • browser type and version as well as the operating system used,
  • the user's Internet service provider,
  • the referrer URL (the previously visited page).

This data is processed on the basis of Art. 6 para. 1 lit. f DSGVO. The legitimate interest of RICON GmbH & Co. KG lies in ensuring the technical functionality and security of the website, in particular in protecting against attacks and misuse. Any further processing is carried out for purely statistical purposes and to optimize the website; no personal evaluation or profiling takes place.

The data is stored for a maximum period of [e.g. 7 days], unless further storage is required for evidence purposes in the context of specific security-relevant incidents.

The data is processed exclusively by technical service providers who are contractually bound as part of order processing in accordance with Article 28 GDPR.

2.1.1 Web hosting and provision of the online offer

We use the services of external hosting providers to provide and secure the technical operation of our online offering. These provide us with rented server capacity, storage space and infrastructure as well as software solutions. The processing of the resulting personal data is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the secure, efficient and user-friendly provision of our online offering and maintaining the stability and functionality of the IT systems.

In this context, usage data (such as pages viewed, access times, click histories), meta and communication data (such as IP addresses, time stamps, device identifiers) and content data (such as submitted contact forms or comment content) are processed. In addition, server log files are created which include the retrieved URL, date and time of access, transferred data volumes, access status, browser and operating system information, the referrer URL as well as the IP address and the provider. These log files are used to monitor technical system security, in particular to prevent abusive or damaged access (e.g. DDoS attacks).

Log file data is stored for a maximum period of 30 days and is then automatically deleted or anonymized, unless further storage is required in individual cases to clarify security-relevant incidents.

Processing is carried out by service providers subject to instructions as part of order processing in accordance with Article 28 GDPR. Insofar as a transfer to third countries takes place as part of the use of content delivery networks (CDNs) or hosting services, we ensure an appropriate level of data protection through appropriate guarantees in accordance with Article 46 GDPR.

Webflow

To create, manage and provide our website and the integrated forms, we use the services of Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, USA. Webflow acts as a technical service provider as part of order processing in accordance with Art. 28 GDPR. Personal data is processed on the basis of our legitimate interest in providing a professional and functionally secure website in accordance with Art. 6 para. 1 lit. f DSGVO.

Insofar as there is a transfer of personal data to the United States when using Webflow, this transfer is based on the European Commission's adequacy decision in accordance with Article 45 GDPR within the framework of the EU-U.S. Data Privacy Framework (DPF). Webflow is certified under the DPF. In addition, there is a data processing agreement (DPA) with Webflow, which ensures compliance with the data protection requirements under Articles 28 and 32 GDPR.

For more information about data processing by Webflow, please see the provider's privacy policy at: https://webflow.com/legal/privacy

Cloudflare

To ensure the stable, high-performance and secure delivery of our online content, we use the services of the Content Delivery Network (CDN) from Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Connection data, in particular IP addresses and browser information, is technically routed across the Cloudflare infrastructure in order to deliver content faster, ward off DDoS attacks and provide security mechanisms such as web application firewalls. Processing is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR in ensuring the technical operational safety, availability and protective function of our website.

In this context, Cloudflare acts as a processor bound by instructions within the meaning of Article 28 GDPR. A corresponding order processing contract (Data Processing Addendum — DPA) was concluded.

Insofar as personal data is transferred to the United States, this is based on the European Commission's adequacy decision in accordance with Article 45 GDPR within the framework of the EU-U.S. Data Privacy Framework (DPF). Cloudflare is certified under the DPF.

For more information about data processing by Cloudflare, please see the provider's privacy policy at: https://www.cloudflare.com/privacypolicy

Amazon CloudFront

For high-performance and fail-safe delivery of our online content, we use the Amazon CloudFront Content Delivery Network (CDN), operated by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg. Certain connection data, such as IP addresses and browser information, is automatically routed via Amazon's global server network to optimize the delivery of content such as media files, scripts, or style sheets. Processing is carried out on the basis of our legitimate interest in providing our online service securely, efficiently and in a user-friendly manner in accordance with Article 6 (1) (f) GDPR.

In this context, Amazon CloudFront acts as a processor bound by instructions in accordance with Art. 28 GDPR. An order processing contract including standard contractual clauses (SCCs) has been concluded with the service provider, which have been approved by the European Commission and ensure an appropriate level of data protection when data is transferred to third countries.

For more information about data processing by Amazon Web Services, please see the privacy policy at: https://aws.amazon.com/privacy

jsDelivr

For fast and efficient delivery of media files, scripts and other static content, we use the content delivery network jsDelivr, operated by Prospectone, Królewska 65A/1, 30-081 Kraków, Poland. Through this network, content is cached and delivered via geographically distributed servers to reduce load times and ensure system stability, especially when access loads are high. Technical access data such as the IP address, the browser used, operating system information and the time of retrieval are transmitted to jsDelivr servers.

Processing is carried out on the basis of our legitimate interest in providing our website in a technically flawless, secure and high-performance manner in accordance with Art. 6 para. 1 lit. f DSGVO. Prospectone acts as a technical service provider bound by instructions. Since the provider is located within the European Union, there is no transfer to third countries.

For more information about data processing by jsDelivr, please see the provider's privacy policy at: https://www.jsdelivr.com/privacy-policy-jsdelivr-net

2.2 Contact form and email contact

For electronic contact, we offer a contact form on our website. When using it, the data entered by the user is transmitted to us and stored. This includes in particular: first and last name, date of birth (if entered), e-mail address, telephone number, the message text entered and the IP address of the terminal device, date and time of transmission and any voluntary information. Data processing is used exclusively for the purpose of processing the contact request and subsequent communication.

Alternatively, you can contact us via the email addresses provided. In this case, the personal data transmitted with the email will be stored. The data collected as part of the contact process will not be passed on to third parties.

The legal basis for processing is Article 6 (1) (f) GDPR. The legitimate interest lies in the proper processing of user inquiries. If the purpose of the contact is to conclude or execute a contract, the processing is also carried out on the basis of Art. 6 para. 1 lit. b GDPR.

The personal data will be deleted as soon as the purpose of communication has been fulfilled and it follows from the circumstances that no further correspondence is required, unless there are legal storage obligations to the contrary.

2.3 Information applications from other providers

Google Ads

On our website, we use the Google Ads service offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) for advertising purposes. In this respect, Google acts as an independent controller within the meaning of data protection law. We use Google Ads to place interest-based advertising on the Google network and on third-party sites and to evaluate the success of our campaigns.

Google uses cookies, in particular so-called DoubleClick cookies, to pseudonymize user interactions with advertisements (e.g. impressions, clicks, conversions). This information enables statistical analyses of the effectiveness of our advertising measures. We ourselves only receive aggregated evaluations without reference to identifiable persons.

By integrating Google Analytics, so-called remarketing can also take place: Based on defined target groups, such as users who have visited a specific product page, advertising IDs (e.g. cookie or device identifiers) are used by Google to present targeted ads to these users. This is a pseudonymous attribution, which precludes direct identification of individual persons by us.

The processing of personal data as part of the use of Google Ads is carried out exclusively on the basis of your express consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG. This consent is obtained via our consent management tool when you visit the website for the first time and can be withdrawn there at any time.

For more information about data processing by Google, please visit: https://policies.google.com/privacy

Google Tag Manager

To manage website tags and integrate analysis and marketing tools, we use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager allows us to centrally control scripts and code elements via an interface. This does not involve any independent analysis by the Tag Manager itself. In particular, it does not set any cookies and does not store any personal data about user behavior.

However, as part of the technical provision, Google may process the IP address, in particular as part of establishing a connection with Google servers. This processing may include transmission to third countries, in particular to servers of the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In these cases, the transfer is based on appropriate guarantees in accordance with Article 46 GDPR, in particular through the conclusion of standard contractual clauses.

Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the efficient management of website tags and the legally compliant integration of third-party services. Insofar as services whose use requires consent (e.g. Google Analytics, Google Ads) are integrated via Tag Manager, they are activated exclusively with your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG. This consent is obtained via our consent management tool and can be withdrawn there at any time.

Google Analytics

This website uses the web analysis service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google acts as part of order processing in accordance with Art. 28 GDPR. We have concluded a corresponding contract with Google and fully implement the data protection requirements of the German supervisory authorities.

Google Analytics uses cookies and similar technologies (such as device fingerprinting) to analyze the use of our website. The information collected includes pages viewed, time spent, source of origin, mouse movements and click behavior. This information can be aggregated by Google and assigned pseudonymous user profiles.

To protect your data, we have activated the IP anonymization function. Your IP address is therefore abbreviated by Google within the EU or the EEA before transmission. Only in exceptional cases will a full transfer be made to servers in the USA. The IP address transmitted by your browser is not combined with other data from Google.

Processing is carried out exclusively on the basis of your express consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG. Consent is obtained via our consent management tool and can be withdrawn there at any time.

Insofar as data is transferred to third countries, in particular to the USA, as part of the use of Google Analytics, this is based on the standard contractual clauses of the EU Commission in accordance with Article 46 GDPR. For more information, see: https://privacy.google.com/businesses/controllerterms/mccs/

This website also uses the “demographic characteristics” function to obtain anonymized information about the age, gender and interests of users. This data comes from interest-based advertising from Google and visitor data from third parties and does not allow individual persons to be identified.

The storage period of user and event data linked to cookies, user IDs or advertising IDs is 14 months. This is followed by automatic deletion or anonymization. Details below: https://support.google.com/analytics/answer/7667196?hl=de

For more information on data processing as part of Google Analytics, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

github

To manage, develop and deliver our software projects, we use the services of GitHub, Inc., 88 Colin P. Kelly Jr Street, San Francisco, CA 94107, USA. GitHub is used as a technical service provider to provide source code repositories and project management features.

In the course of using GitHub, personal data may be processed, in particular contact data, communication content, project-related usage information as well as metadata about access times, user interactions and system usage. This includes cases where users access publicly or internally provided repositories or interact via GitHub as part of our business communication.

GitHub acts as an independent controller in terms of data protection law insofar as the platform collects or processes independent usage data, in particular for security monitoring, analysis of user behavior or to optimize its own offering. GitHub is directly responsible for this data processing. You can find more information about data processing by GitHub at:

https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Personal data may also be processed on servers in third countries, in particular in the United States. GitHub is certified according to the EU-U.S. Data Privacy Framework. The transfer of personal data to the USA is based on an adequacy decision in accordance with Article 45 GDPR.

youtube

To integrate and display video content, we use plug-ins from the video portal YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The person responsible for data processing in connection with the YouTube platform is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you call up a page with an embedded YouTube video, a connection to YouTube's servers is established. In doing so, various technical access data (in particular your IP address and information about the browser, device and previously visited pages) are transmitted to YouTube. If the user is logged into a YouTube or Google account at the same time, YouTube can assign the page visit to the respective profile. Assignment can be prevented by logging out of the Google account beforehand.

YouTube videos are integrated in extended data protection mode, as far as technically available. According to YouTube, in this mode, no cookies are set on the user's device as long as no playback takes place. However, when playing the video, cookies and similar technologies may be used by YouTube or Google for analysis and marketing purposes.

Personal data will only be processed as part of YouTube integration with your express consent in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with § 25 para. 1 TTDSG, which you give via our consent management tool and can withdraw there at any time.

A transfer of personal data to the USA cannot be ruled out. Google LLC is certified under the EU-U.S. Data Privacy Framework. The transfer of data is therefore based on an adequacy decision by the European Commission in accordance with Article 45 GDPR.

For more information about data processing by YouTube, please see Google's privacy policy at: https://www.google.com/policies/privacy/

3. Who receives your data?

Personal data will only be passed on to third parties if there is legal permission to do so, in particular to fulfill legal obligations in accordance with Article 6 (1) (c) GDPR, on the basis of consent given by you in accordance with Article 6 (1) (a) GDPR or to protect legitimate interests under Article 6 (1) (f) GDPR, provided that there are no overriding interests of the data subject.

In this context, recipients of personal data may in particular be the following bodies:

  • law enforcement and supervisory authorities, insofar as we are required by law to submit,
  • other GRIMME Group companies, insofar as this is necessary for intra-group administration or transaction processing,
  • contracted service providers (e.g. in the areas of IT operations, hosting, software development, consulting, marketing or sales), insofar as they work as part of order processing in accordance with Article 28 GDPR. These service providers are contractually obliged to comply with data protection requirements and act exclusively on our instructions.

Any further transfer to third parties will not take place unless you have given your express consent or there is a legal obligation. A transfer to third countries only takes place under the conditions of Art. 44 et seq. of the GDPR, in particular through adequacy decisions or suitable guarantees such as standard contractual clauses.

4. When will your data be deleted?

We only store personal data for as long as it is necessary for the respective processing purposes. As soon as the purpose of processing no longer applies, the data will be deleted, provided that no legal storage obligations or legitimate follow-up purposes in accordance with Article 6 (4) GDPR prevent deletion. Insofar as there are different deadlines in connection with certain services or processing processes, these are expressly stated in the respective sections of this data protection policy.

5. Is your data transferred to a third country or to an international organization?

RICON GmbH & Co. KG will only transfer personal data to countries outside the European Economic Area (EEA) or to international organizations if this is necessary to fulfill contractual or legal obligations, if you have given your express consent or if there is another legally permissible reason for permission.

In certain cases, we use service providers based in so-called third countries, in particular in the United States. Insofar as such third-country transfers take place, we ensure in accordance with Art. 44 et seq. of the GDPR that there is either an adequacy decision by the European Commission (for example in the case of US providers certified under the EU-U.S. Data Privacy Framework) or that appropriate guarantees such as standard contractual clauses have been concluded in accordance with Art. 46 GDPR.

Detailed information on specific transfers, recipients and the security mechanisms used in each case can be found in the data protection notices for the relevant services within this privacy policy.

6. Is your data used for automated decision-making or profiling?

When you visit this website, no automated decision-making within the meaning of Article 22 GDPR takes place. There is also no profiling that has legal effects or significantly affects you in a similar way. Personal data is not combined to evaluate personal aspects, interests or behaviours.

7. Data protection information in the application process

As part of the application process, we process personal data that you submit to us as part of your application. The purpose of the processing is to check your suitability for the advertised position and, if applicable, for other vacant positions within the group of companies and to carry out the selection process. The legal basis is Article 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG, as processing is necessary to decide on the establishment of an employment relationship.

If there is no discontinuation, we will delete your data no later than six months after completion of the procedure, unless longer storage is necessary to defend against potential legal claims (legal basis: Art. 6 para. 1 lit. f GDPR). If there is consent to be included in our pool of applicants, we store the data for a maximum of 24 months on the basis of Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time. If your application is successful, your data will be transferred to our personnel management system to carry out the employment relationship.

Processing is carried out exclusively by authorized persons within our company. Your data will be forwarded within the HR department and to the specialist areas responsible for the respective position. Access is only given to people who are involved in the selection process. Storage and processing takes place exclusively in data centers within the Federal Republic of Germany.

We use applicant management software from an external service provider to process the application process. The latter acts as a contract processor in accordance with Art. 28 GDPR and is contractually obliged to maintain confidentiality and comply with all data protection requirements.

Within the framework of legal requirements, you have the right to information, correction, deletion, restriction of processing, data portability and to object to processing at any time. Please direct inquiries to the contact addresses listed in the legal notice. If there is any doubt as to your identity, we reserve the right to request suitable proof of identity.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data. The competent supervisory authority depends on the location of our company. You can contact our data protection officer using the contact details given in the “Responsible person” section.

8. What rights do you have when it comes to processing your data?

As a data subject, you have the following rights vis-à-vis RICON GmbH & Co. KG with regard to the processing of your personal data:

  • Right to information (Art. 15 GDPR): You can request information at any time as to whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You have the right to have incorrect data corrected and incomplete data completed.
  • Right to deletion (Article 17 GDPR): Under the conditions of Article 17 GDPR, you have the right to request the deletion of your data.
  • Right to restrict processing (Art. 18 GDPR): Under certain conditions, you can request that the processing of your data be restricted.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the data you have provided to us in a structured, common and machine-readable format or to have it transmitted to another person responsible.
  • Right to withdraw consent (Article 7 (3) GDPR): Once given, you can withdraw consent at any time with effect for the future.

In addition, you have a right of objection under Article 21 GDPR:

  • Objection in a particular situation: You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, if this is based on Article 6 (1) (e) or (f) GDPR. This also applies to any profiling. In the event of an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
  • Objection to direct marketing: You have the right to object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling insofar as it is associated with such advertising. After your objection, your data will no longer be processed for advertising purposes.

The objection can be made form-free and must be addressed to:

RICON GmbH & Co. KG

Lüneburger Strasse 1

49597 Rieste

E-Mail: datenschutz [at] ricon.de

You also have the right to lodge a complaint with a data protection supervisory authority.

9. Amendment and update of the privacy policy

We reserve the right to adapt this data protection information if there are legal, technical or organizational changes in data processing or new legal requirements require this. The latest version is always available on our website.

We will inform you in good time of any changes that significantly affect the purposes of processing or the types of data concerned, insofar as this is required by law. If consent must be obtained again as a result of a change or other cooperation becomes necessary, we will inform you of this separately and in an appropriate manner.

Status: 02.04.2025