We are pleased that you are interested in our website www.ri-management.de (‘website’) and our firm. This website is operated by RI Invest GmbH & Cie. KG (hereinafter ‘RI Invest’ or ‘we’/‘us’/‘our’) and offers you, the user (hereinafter ‘user’ or ‘you’/‘your’), the opportunity to learn about our company and our services and to contact us if you are interested.
The operator of this website and, by extension, the controller of the processing of data is:
RI Invest GmbH & Cie. KG
Telephone: +49 (0)40 80809200
2. Withdrawing your consent to data processing
Some data processing procedures are only possible with your explicit consent. You may at any time withdraw consent that you have previously given with effect for the future. You may do so by sending us a simple email (see contact details in section 1).
The lawfulness of data processing up to the time of withdrawal will not be affected by this withdrawal of consent.
3. Data protection officer
We have appointed a data protection officer. You can contact her at:
Kerstin Ann-Susann Schäfer, PhD (UCT)
Kaschae Datenschutz & Compliance GmbH
An der Alster 62
4. General information about the processing of data on our website
Different types of personal data are collected when you visit this website.
Personal data is information that is matched or can be matched with you personally, either directly or indirectly, e.g. your name, address, email address, IP address and usage patterns.
Personal data is generally only collected and processed if such action is authorised by a legal standard or if you have given your consent to such action. The data is erased as soon as the purpose for its processing no longer applies unless you have consented to its further usage or there exist statutory retention periods conflicting with such erasure. The following individual data processing operations collect personal data:
5. Collection of data on our website and creation of log files
5.1 Description of the data processing
Users can visit our website without registering. When visiting our website and whenever you access a file, information is automatically sent to our website’s server by the browser being used on your device. RI Management and the hosting provider temporarily collect this information in what are called server log files. The information includes:
- browser type and version
- operating system used
- referrer URL
- host name of the requesting device, truncated
- time of server request
- IP address (truncated if necessary)
This data is collected automatically as soon as you access our website. This data is not merged with other data sources.
5.2 Legal grounds and purpose
The legal grounds for processing data are provided in General Data Protection Regulation (‘GDPR’) Article 6(1)(f), which authorises processing for a legitimate interest unless the user has overriding interests, basic rights or basic freedoms that conflict with our legitimate interest.
It is necessary for this data to be stored temporarily so that the website’s content can be displayed to the user. It is therefore required to collect this information for the display of our website offering. The user’s IP address must also be stored for the duration of the session for this reason. Data is stored in log files to ensure the functionality of the website and optimise it in order to improve our services. This additionally serves the purpose of ensuring the security of our IT systems. Therefore, we reserve the right to review the server log files at a later date if there are tangible indicators of unlawful usage. We also have a legitimate interest within the meaning of GDPR Article 6(1)(f) in processing data for these purposes.
5.3 Duration of storage and option to object
This data is erased if further retention is not required for the purpose for which it is stored. For the purpose of providing the website, this is the case when the relevant session ends. This is the case after seven days when the data is stored in log files. Data retention for a longer period is possible if the users’ IP addresses are erased or truncated in such a way that the data cannot be matched with the user accessing the website.
It is absolutely necessary to collect data in order to provide the website and absolutely necessary to store the data in log files in order to operate the website. Users consequently do not have an option to object to these actions.
6. Disclosure of personal data to service providers
6.1 Description of the data processing
We treat personal data confidentially and normally do not disclose it to third parties unless required for the provision of our website or to respond to or process an enquiry, or you have given your consent to the processing of the data or we are legally required to disclose the data.
IT service providers are engaged as external contractors for the provision of our website. We select and contract these providers carefully, and they are required to follow our instructions and are regularly monitored.
Depending on the enquiry, we partner with external service providers to process and resolve enquiries and obtain their support on a fully or partially contracted-out basis when performing contracts that we have entered. Personal data is only transferred to these service providers for the purpose of satisfying contractual obligations.
6.2 Purpose and legal grounds
Data is disclosed in this manner on the grounds provided in GDPR Article 6(1)(b) if your enquiry is connected to the performance of a contract or if the disclosure is required in order to take steps prior to entering a contract. In other situations, the processing is based on your consent under GDPR Article 6(1)(a) and/or our legitimate interests under GDPR Article 6(1)(f), since we have a legitimate interest in the efficient processing of enquiries directed towards us and in the design of our website. Each service provider only receives the data that is required for the performance of the relevant service. These service providers are required to treat your data confidentially.
7. Links to other websites
This website may occasionally contain interactive links to third-party websites for which we have no responsibility. We do not have any influence over the content and design of external pages that are linked or of websites that the user accesses via these links. The relevant provider has sole responsibility for the content and design of these websites and for compliance with provisions of data protection law.
8. Protection of your data
This website uses SSL and/or TSL encryption for security reasons and to protect the transmission of confidential information, such as orders or queries you send to us. You can tell that a connection is encrypted by looking at the address line of your browser to see if the ‘http://’ has changed to ‘https://’ and if the line contains a padlock icon.
If SSL and/or TLS encryption is activated, the data you send us cannot be viewed by third parties.
However, please note that transmission of data via the Internet (e.g. in email communications) may involve security loopholes. Complete protection of data from third-party access is not possible.
9. Questions about data protection and user rights
You have the right at any time to obtain information regarding the origin, recipient and purpose of your stored personal data free of charge. You also have the right to obtain the rectification, blocking or erasure of this data. To do this, or for other queries regarding the issue of data protection, you can contact us at any time using the contact details in section 1. You also have the right to lodge a complaint with the relevant supervisory authority. You, the data subject, have the following individual rights that you may enforce against us:
9.1 Right to access
You may obtain confirmation as to whether or not personal data concerning you is being processed by us. If such processing does take place, you can obtain information about the following:
- purposes of processing
- the recipients or categories of recipient to whom the personal data has been or will be disclosed
- if possible, the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period
- the existence of additional rights, see below
- all available information about the origin of the data if the personal data was not collected from you
- the existence of automated decision-making, including profiling and further information about it if applicable
You have the right to be informed about the appropriate safeguards under GDPR Article 46 if your data is transferred to a third country or international organisation.
9.2 Right to rectification
You have the right to obtain the immediate rectification of incorrect or incomplete personal data concerning you.
9.3 Right to restriction of processing
You have the right to obtain from us the restriction of processing where one of the following conditions has been met:
- You contest the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data.
- We no longer need the personal data for the purposes of the processing, however you require it for the establishment, exercise or defence of legal claims.
- You have raised an objection to the processing (see below) and it is not yet clear whether our legitimate reasons override yours.
9.4 Right to erasure
You are entitled to obtain from us the erasure of personal data concerning you without delay and we will be obliged to erase this data without delay where one of the following grounds applies:
- The personal data is no longer necessary for the purposes for which we collected it or otherwise processed it.
- You withdraw the consent you have given and there is no other legal ground for the processing.
- You object to the processing (see below).
- Your personal data has been unlawfully processed.
- We are required to erase your personal data to satisfy a legal obligation under European Union law or the law of a member state.
- We have collected the personal data based on the consent of a minor.
9.5 Right to information
If you have exercised your rights to rectification, erasure or restriction of processing against us, we will be required to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or the restriction of its processing unless such action proves to be impossible or would involve disproportionate effort. You have the right to be informed by us about those recipients.
9.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, on condition that:
- The processing is based on consent under GDPR Article 6(1)(a) or on a contract under GDPR Article 6(1)(b), and
- The processing is carried out by automated means.
In exercising this right, you can obtain the personal data transmitted directly from one controller to another, where technically feasible. This cannot adversely affect the freedoms and rights of others. The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on one of the following:
- Our processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or
- The processing is required for the purposes of legitimate interests of ours or a third party unless your interests or basic freedoms that require the protection of your personal data override ours or the third parties.
You also have the right to object to any profiling based on the above forms of processing.
Where we process your personal data for direct-marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. The right to objection includes profiling if it is related to such direct marketing.
If we process your personal data for scientific or historical-research purposes or statistical purposes, you also have the right, on grounds relating to your particular situation, to object to the processing of your personal data unless the processing is necessary for the performance of a task carried out in the public interest.
9.8 Right to lodge a complaint with a supervisory authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the supervisory authority. A list of the Data Protection Commissioners and their contact details may be found at the following link:
Updated August 2019
Copyright RI Invest GmbH & Cie. KG © 2020. All rights reserved.
Back to Startpage