Information pursuant to Articles 12, 13, and 14 of EU Regulation 2016/679
Data Controller
A. RIEPER AG/Spa
Via B.-v.-Guggenberg Strasse 6 - I-39030 Vintl (BZ)
Tel.: +39 0472 867 900 - Email: info@rieper.com
VAT No.: 00126330216
Privacy Policy – Website & Online Store
Dear Website Visitor,
We are pleased to inform you about how your personal data is processed when you visit our websites:
www.rieper.com
www.schreder-altoadige.com
www.vitagran.com (hereinafter referred to as “Websites”)
https://shop.rieper.com (hereinafter referred to as “Online Store”)
This privacy notice also explains the rights you can exercise as a data subject.
Your personal data is processed in accordance with EU Regulation 2016/679 (General Data Protection Regulation) and national data protection laws.
Use of the websites and the online store requires that you agree to this privacy notice; otherwise, we ask that you refrain from further use of the websites.
We would also like to point out that the links to third-party providers on our websites and in our online store have been carefully selected and reviewed by us.
Since these third-party websites:
- may be subject to changes made without our knowledge;
- may be subject to continuous changes in their content,
we assume no liability in this regard.
Purpose of processing personal data:
To ensure the functionality of the websites and the online store, as well as for statistical purposes, technical data that may be personally identifiable—such as IP addresses, the time of requests, domain names, and similar data—is processed. In addition, the website operator and the operator of the online store have a legitimate interest (Art. 6(f) GDPR) in providing you with visually appealing websites and a pleasant user experience. With your consent (Art. 6(a) GDPR), user behavior may also be analyzed and used for marketing purposes.
The primary purpose of data processing is to provide our websites and the online store, along with their content, and to fulfill your requests.
Furthermore, personal data is processed to offer you various services:
Newsletter
Any visitor can subscribe to our newsletter on our website and in our online store using the double opt-in procedure. Users may revoke this voluntary subscription and the associated data processing at any time by clicking the “Unsubscribe” button or by notifying us via email (contact information is provided at the beginning of this notice). Subscription to the newsletter is voluntary; the legal basis is therefore Article 6(1)(a) of the GDPR. Consent expires upon revocation.Contact Form
Website visitors can contact the company using the contact form. To do so, the personal data entered by the website visitor is processed in order to respond to the inquiry. When the form is submitted, the time and date of submission, as well as the IP address, are also stored. This data is deleted within the legally prescribed period.
The legal basis is your voluntary consent (Art. 6(1)(a) GDPR) as well as our legitimate interest in offering you the contact form so that you can easily contact us (Art. 6(1)(f) GDPR).
Transmission of Special Categories of Personal Data
We ask that you refrain from transmitting sensitive data (special categories of personal data—Articles 9 and 10 of the GDPR) via our websites, e.g., through the contact form. Sensitive data should always be transmitted with appropriate protection, such as password protection, or handed over in person.
Online Store
All data you enter as a customer in our online store is processed for the purpose of purchasing goods, completing the payment process, and shipping. In this context, your data may be shared with third parties (such as payment service providers, shipping companies, etc.).
In this context, the following types of data, among others, may be processed:
- Personal data: Name, address, contact information, payment details
- Usage data (e.g., access times)
- Metadata (e.g., device information)
- Data Disclosure: The data processed in the online store is disclosed exclusively within the scope of the business relationship to fulfill pre-contractual and contractual obligations.
- Purposes of Processing: The purpose of data processing is to fulfill your customer inquiry as well as pre-contractual and contractual services, for the purchase of goods, for the provision of customer service, and for security measures
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – e.g., fulfilling your inquiry; Legitimate interests (Art. 6(1)(f) GDPR) – e.g., implementing security measures; Legal obligation (Art. 6(1)(c) GDPR) – e.g., disclosure of fiscal data
- Retention period: Our retention period is governed by legal requirements. You may exercise your right to erasure (Art. 17 GDPR) and your right to object (Art. 21 GDPR) at any time, provided that legal provisions do not preclude the exercise of these rights.
Without this information, we will not be able to process your order properly.
Credit Card Payment (Mastercard, Visa, etc.)
We offer our customers the option to pay with various credit cards (e.g., MasterCard, Visa, etc.). In this context, we process information such as the cardholder’s name, the credit card number, the expiration date, and the card verification code (CVC). The storage of this information is limited to the minimum period necessary to fulfill the aforementioned purpose. The full privacy notice for this processing is provided by the respective payment service provider and can be viewed upon completion of the payment transaction. Please note that the payment transaction is forwarded to the selected card provider. The purpose of this data processing is our legitimate interest in facilitating payment for you as a customer (Art. 6(1)(f) GDPR) and in managing the business relationship (Art. 6(1)(b) GDPR). The purpose of this data processing is our legitimate interest in facilitating payment for you as a customer (Art. 6(1)(f) GDPR) as well as managing the business relationship (Art. 6(1)(b) GDPR).
PayPal
Our website offers you the option to pay via the payment service provider PayPal. The data controller is: PayPal Europe S.a.r.l. et Cie s.c.a, 22-24 Boulevard Royal, L-2449 Luxembourg.
We offer this service to provide you with this payment method (Art. 6(1)(f) GDPR) and to process the purchase for the purpose of fulfilling the contract (Art. 6(1)(b) GDPR). Among other things, the following data may be processed by PayPal:
- Name
- Address
- Contact information (such as email)
- Account number
- User device information
- Technical usage data
Providing payment information is voluntary; however, payment via PayPal cannot be processed without it.
PayPal may conduct credit checks to verify your ability to pay. The legal basis for this is Article 6(1)(f) of the GDPR. The legal basis for the performance of the contract is Article 6(1)(b) of the GDPR. As part of the credit check, your data (e.g., name, address, bank account details, and similar information) may be shared with credit bureaus (the legal basis here is Article 6(1)(f) of the GDPR—legitimate interests of the controller). We have no influence over this and are only informed whether the payment was declined or processed.
Your data will be stored until the payment process is completed. This also includes the period required for processing refunds, debt collection, and fraud prevention. We only receive information regarding whether the payment was processed and do not process or store any payment data.
For more information on options to object to or have data removed from PayPal, please visit: www.paypal.com/de/webapps/mpp/ua/privacy-full
Legal Basis for Data Processing
The primary legal bases for processing are Article 6(b) of the GDPR (implementation of pre-contractual measures) and Article 6(f) of the GDPR (website functionality), as well as the consent you have provided, if applicable (Article 6(a) of the GDPR).
Cookies
Our websites use cookies, which may involve the processing of personal data.
There are four categories of cookies:
- Strictly necessary cookies – for the basic functionality of the website
- Functional cookies – to ensure optimal website performance, including, for example, saving the language selection
- Performance cookies – to improve the user experience and to process information about website usage, such as measuring load times
- Marketing cookies – for tracking user behavior and interests for marketing purposes, e.g., to display targeted advertisements
Non-essential cookies are disabled by default on our websites and in our online store and are only enabled once you have given us your consent.
Most of the cookies used are “session cookies,” which are deleted when you close your browser. Other cookies are stored for a longer period, for example, to display the correct language the next time you visit the website and/or the online store.
For all cookies that are not subject to a legitimate interest of the website operator (Art. 6(f) GDPR), you will be explicitly asked for your consent.
You can delete your cookies at any time by clicking on the three dots or lines (usually located in the top-right corner, depending on your browser), opening the settings menu, typing “cookies” into the search bar, and selecting “Delete cookies” or “Clear browsing data.”
The cookie banner can be accessed at any time by clicking a dedicated button in the lower-left corner of the screen.
You can find a detailed description of the cookies and tools used on Rieper AG’s corporate websites and online store, as well as other important information, in our cookie banner. If you have any questions, please don’t hesitate to contact us.
Provision of Data
The provision of your data is voluntary (with the exception of the processing of navigation data) and is not required by law. However, failure to provide such data may result in limited use of the websites and the services offered.
Sharing Data with Third Parties
Your data may be shared with third parties as necessary, but only within the scope of our business relationship, e.g., to fulfill your request or, where applicable, to process payments through third parties and to comply with legal obligations. Your data will not be transferred to countries outside the EU without your explicit consent. The same applies to the use of profiling and automated decision-making.
Website Hosting
Rieper AG hosts the following websites itself:
- www.rieper.com
- www.schreder-altoadige.com
- shop.rieper.com
The following website is hosted by an external service provider:
- www.vitagran.com
For this purpose, the external host receives personal data collected on the websites. The legal basis for this is Art. 6(b) GDPR (pre-contractual measures) and Art. 6(f) (ensuring the smooth operation of the tools on our websites).
Google Services
Our websites and online stores use services provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
As a result, Google may process information and personal data. Please note that, under U.S. law, U.S. authorities could theoretically gain access to this data. Information regarding the legal framework for data transfer can be found at www.dataprivacyframework.gov.
Google Tag Manager
Our websites use Google Tag Manager. The provider is Google Ireland Limited (“Google”), House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager makes it easier to integrate tracking codes. It also allows website operators to make changes that are automatically applied to the pages without having to modify the source code.
Google Tag Manager can communicate with the Tag Manager servers; in this context, personal data (e.g., the IP address) may be processed when a tag is triggered.
You will be explicitly asked for your consent before Google Tag Manager is activated. The legal basis is Art. 6(a) GDPR.
For detailed information, please visit: policies.google.com/privacy
Google Maps
This website uses the Google Maps API, a mapping service provided by Google Inc. (“Google”), to display an interactive map and generate directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
By using Google Maps, we cannot rule out the possibility that information regarding your use of these websites (including your IP address) may be transmitted to a Google server in the U.S. and stored there. Google may transfer the information obtained through Maps to third parties if required by law or if such third parties process this data on Google’s behalf.
In principle, it would be technically possible for Google to identify at least individual users based on the data received. It is possible that personal data and user profiles from visitors to Google’s websites could be processed for other purposes over which we have no control and cannot exert any influence. You have the option at any time to disable the Google Maps service and thus prevent the transfer of data to Google by disabling JavaScript in your browser. Please note that in this case, you will not be able to use the map display on our site.
You will be explicitly asked for your consent before Google Maps is activated. The legal basis is therefore Art. 6(a) GDPR
You can find the Terms of Service for Google Maps at: www.google.com/intl/de_de/help/terms_maps.html
You can find Google's Privacy Policy at: policies.google.com/privacy
Vimeo
We use the Vimeo video plugin on our websites. These are operated by Vimeo LLC, located at 555 West 18th Street in New York (10011), USA. When videos are played, the plugin establishes a connection to the Vimeo server. This means that Vimeo LLC receives various pieces of information, such as your IP address, browser type, date and time of playback, etc. Vimeo also receives information about which page you visited. Please also note that if you are logged into Vimeo, Vimeo may associate your browsing behavior with your account. You can prevent this by logging out of your Vimeo account.
The full privacy policy regarding how Vimeo processes your personal data can be found at: www.vimeo.com/privacy.
The legal basis for the integration of this plugin is Art. 6(1)(a) GDPR (your voluntary consent) or Art. 6(1)(f) GDPR (the website operator’s legitimate interest in the appealing design of the website with video playback).
We would also like to point out that Vimeo is an American company and therefore personal data may be processed outside the EU.
Matomo
Our websites use Matomo (formerly Piwik) to analyze website visitors’ browsing behavior. The controller of this open-source service is “InnoCraft Ltd.,” 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.
Matomo is activated with your explicit consent (legal basis: Art. 6a GDPR) by setting one or more cookies that enable the processing of various data, such as IP address (truncated by 2 bytes), access time, browser type, duration of visit, subpages visited, etc.
The full privacy policy can be found at: matomo.org/privacy-policy/.
SSL Encryption
Our websites and online store use SSL encryption to ensure the necessary security standards for the transmission and receipt of data (e.g., when submitting inquiries via contact forms). Active SSL encryption is used to encrypt the data you send to us.
Minor visitors
This website is not intended for use by minors. We therefore do not collect or store any data from minors (except where this occurs unintentionally).
Data Retention Period
Your data will be retained in accordance with the statutory retention requirements and legal obligations applicable to us, unless a specific retention period is specified in this Privacy Policy. Tax-related data is retained for 10 years.
Information on the Rights of Data Subjects
The data subject has the right to withdraw any consent given at any time.
The data subject has the right to request confirmation from the controller as to whether personal data concerning him or her is being processed; if this is the case, he or she has the right to access such personal data and to receive the information specified in detail in Article 15 of the GDPR.
The data subject has the right to request from the controller the immediate rectification of inaccurate personal data concerning them and, where appropriate, the completion of incomplete personal data (Article 16 of the GDPR).
The data subject has the right to request that the controller erase personal data concerning him or her without delay if one of the grounds described in Article 17 of the GDPR applies, for example, if the processing of the data is no longer necessary for the purposes for which it was collected (right to erasure).
The data subject has the right to request that the controller restrict processing if one of the conditions listed in Article 18 of the GDPR applies, for example, if the data subject has objected to the processing.
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, under certain circumstances, for example when the processing is based on consent and is carried out by automated means (right to data portability, Art. 20 GDPR).
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or the place where the alleged infringement occurred, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). In Italy, the competent supervisory authority is: Garante per la protezione dei dati personali
This privacy notice may be updated at any time.