Privacy Policy | ratiotec

1. Data Controller

ratiotec GmbH & Co. KG

Max-Keith-Str. 66, 45136 Essen, Germany

Managing Directors: Manuel Schneider, Sebastian Merhofe

Data Protection Officer:
Email: datenschutzbeauftragter@ratio-tec.de
Phone: +49 (0)201 36149-0

2. Overview of Processing Activities

The following overview summarises the types of data processed, the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

Master data (e.g. names, addresses)
Contact data (e.g. email, phone numbers)
Content data (e.g. text entries, photographs, videos)
Usage data (e.g. websites visited, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)
Contract data (e.g. subject matter of contract, duration, customer category)
Payment data (e.g. bank details, payment history)

Categories of Data Subjects

Visitors and users of the online services
Customers, prospects and business partners
Applicants

Purposes of Processing

Provision of the online services, their functions and content
Responding to contact requests and communicating with users
Security measures
Reach measurement

3. Applicable Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data:

Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a contract (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests of the controller or a third party.

4. Security Measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing, as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as access to, input, disclosure, safeguarding of availability and separation of data. Communication between your browser and our server is exclusively encrypted via TLS/SSL (HTTPS).

5. Disclosure and Transfer of Personal Data

Where we disclose, transfer or otherwise grant access to data to other persons and companies (processors or third parties) in the course of our processing, this is done solely on the basis of a legal permission, your consent, a legal obligation, or on the basis of our legitimate interests.

Where we commission third parties to process data on the basis of a data processing agreement, this is done on the basis of Art. 28 GDPR.

6. Transfers to Third Countries

Where we process data in a third country (i.e. outside the European Union or the European Economic Area) or where this takes place in the context of the use of third-party services, this is done solely on the basis of legal or contractual permissions. Subject to express consent or contractually or legally required transfer, we only process data in third countries with a recognised level of data protection or on the basis of special guarantees such as Standard Contractual Clauses (Art. 44–49 GDPR).

7. Rights of Data Subjects

You have the following rights under the GDPR:

Right of access (Art. 15 GDPR): You may request information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided there are no statutory retention obligations.
Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing.
Right to data portability (Art. 20 GDPR): You may request the provision of your data in a machine-readable format.
Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given at any time with effect for the future.
Right to object (Art. 21 GDPR): You may object to the processing of your data at any time, in particular to processing for direct marketing purposes.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with the competent supervisory authority.

Competent supervisory authority: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2–4, 40213 Düsseldorf.

8. Provision of Online Services and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the IP address of the user, which is necessary for the transmission of content to the user’s browser.

Collection of Access Data and Log Files

Our hosting provider collects data on every access to the server (so-called server log files) on the basis of our legitimate interests (Art. 6(1)(f) GDPR). The access data includes: name of the website accessed, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL, IP address and the requesting provider.

Log file information is stored for a maximum of 14 days for security purposes and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

9. Cookies

“Cookies” are small files that are stored on users’ devices. We may use temporary and permanent cookies. Temporary cookies (session cookies) are deleted once a user leaves the website and closes their browser. Permanent cookies remain stored even after the browser is closed.

If users do not wish cookies to be stored on their device, they are asked to deactivate the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Excluding cookies may lead to functional restrictions of this website.

10. Contact

When contacting us (e.g. via contact form, email, phone), the user’s information is processed for the purpose of handling the contact request in accordance with Art. 6(1)(b) GDPR. The information may be stored in a CRM system. We delete enquiries once they are no longer required. We review the necessity every two years; in addition, the statutory archiving obligations apply.

11. Business-Related Processing

We process master, contract and payment data of our customers, prospects and business partners for the purpose of providing contractual services, customer service and customer care (Art. 6(1)(b) GDPR). Deletion takes place after the expiry of statutory warranty and retention obligations. In particular, data is retained for 6 years pursuant to § 257(1) HGB and for 10 years pursuant to § 147(1) AO.

12. Recruitment Process

We process applicant data exclusively for the purpose of and within the framework of the recruitment process in accordance with Art. 6(1)(b) GDPR in conjunction with § 26 BDSG. In the event of a successful application, the data will be further processed for the employment relationship. Otherwise, the data will be deleted after a period of six months in order to fulfil the burden of proof obligations under the AGG (General Equal Treatment Act).

13. Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The integration takes place via a server-side request to Google. In this process, your IP address is transmitted to Google. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a uniform presentation).

14. Protection of Minors

Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people and do not knowingly collect it.

15. Social Media Presences

We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users active there. When accessing the respective networks, the terms and conditions and data processing policies of the respective operators apply.

We process user data insofar as users communicate with us within the social networks, e.g. write posts on our online presences or send us messages.

16. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services. The new privacy policy will then apply to your next visit.

As of: March 2026