Your privacy is very important to us. We would therefore like to inform you in the following about what data is used and for what purpose. If you have any further questions about how we handle your personal data, you can contact our Data Protection Officer.
In the following, you can deactivate or reactivate all services, with the exception of those that are technically necessary (see next paragraph).
You will also find the link to the privacy settings at the bottom of each page.
| Controller for data processing purposes |
Data Protection Officer of the Controller |
|---|---|
| RATIONAL Aktiengesellschaft Siegfried-Meister-Straße 1 86899 Landsberg am Lech E-Mail: info@rational-online.com https://www.rational-online.com |
RATIONAL Aktiengesellschaft Data Protection Officer Siegfried-Meister-Straße 1 86899 Landsberg am Lech E-Mail: privacy@rational-online.com |
| Controller for data processing purposes |
RATIONAL Aktiengesellschaft Siegfried-Meister-Straße 1 86899 Landsberg am Lech E-Mail: info@rational-online.com https://www.rational-online.com |
| Data Protection Officer of the Controller | RATIONAL Aktiengesellschaft Data Protection Officer Siegfried-Meister-Straße 1 86899 Landsberg am Lech E-Mail: privacy@rational-online.com |
The term personal data is defined in the GDPR. Accordingly, means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, your name, your address, your telephone number or your date of birth.
For mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we will only collect the personal data transmitted by your browser to our server. If you would like to view our website, we will collect the following data, which we require for technical reasons in order to deliver our website to you and to ensure the stability and security thereof (the legal basis is a legitimate interest pursuant to Art. 6 (1) S. 1 lit. f GDPR
Within the framework of the balancing of interests pursuant to Art. 6(1)(f) GDPR, we have taken into account and weighed our interest in providing and your interest in processing your personal data in accordance with data protection guidelines. Since the following data is sometimes technically necessary for the provision of our service in order to be able to offer you our website and also to ensure stability and security, in particular to provide protection against misuse, we have concluded that this data can be processed - with a guarantee of data security taking into account the state of the art - taking due consideration of your interest in data protection-compliant processing.
| Data | Purpose of processing | Storage duration |
|---|---|---|
| Operating system used | Analysis according to devices to ensure optimised presentation of the website | The data is deleted when the respective session has ended. |
| Information about the browser type and version used | Analysis of the browsers used in order to optimise our websites for this purpose | The data is deleted when the respective session has ended. |
| User's internet service provider | Analysis of the internet service provider | The data is deleted when the respective session has ended. |
| IP address | Display of the website on the respective device | The data is deleted when the respective session has ended. |
| Date and time of access | Ensuring the proper operation of the website. | The data is deleted when the respective session has ended. |
| Log files | Ensuring the proper operation of the website. | The data is deleted when the respective session has ended. |
| Data | Operating system used |
| Purpose of processing | Analysis according to devices to ensure optimised presentation of the website |
| Storage duration | The data is deleted when the respective session has ended. |
| Data | Information about the browser type and version used |
| Purpose of processing | Analysis of the browsers used in order to optimise our websites for this purpose |
| Storage duration | The data is deleted when the respective session has ended. |
| Data | User's internet service provider |
| Purpose of processing | Analysis of the internet service provider |
| Storage duration | The data is deleted when the respective session has ended. |
| Data | IP address |
| Purpose of processing | Display of the website on the respective device |
| Storage duration | The data is deleted when the respective session has ended. |
| Data | Date and time of access |
| Purpose of processing | Ensuring the proper operation of the website. |
| Storage duration | The data is deleted when the respective session has ended. |
| Data | Log files |
| Purpose of processing | Ensuring the proper operation of the website. |
| Storage duration | The data is deleted when the respective session has ended. |
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
There are various legal grounds for the processing of personal data. If we need your data to fulfil a contract with you or to respond to enquiries from you regarding a contract, the legal basis for this data processing is Art. 6(1)(b) GDPR.
If we obtain your consent to process specific data, the legal basis is Art. 6(1) (a) GDPR. We process some data for the purposes of pursuing our legitimate interests, whereby a balancing of your interests requiring protection and our legitimate interests is always undertaken. The legal basis for this is point (f) of Article 6(1) GDPR. If processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6(1)(c) GDPR.
Below we explain how we process personal data via our website.
Our website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be recognised. Cookies transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of visits on our website or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognise preferences and tailor content according to areas of interest.
There are different types of cookies: Session cookies are sets of data that are only temporarily held in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are stored by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are stored by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is point (a) of Article 6(1) GDPR. If the data processing is based on our overriding legitimate interests, the legal basis is point (f) of Article 6(1) GDPR. The stated purpose then corresponds to our legitimate interest.
We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and - with your consent - to tailor our services to preferred areas of interest.
You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being stored, you can do this via the settings in your internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.
When accessing our website, all users of our website are also informed by an information banner about our use of cookies and referred to this data protection notice. Users will also be asked for their consent to the use of certain cookies, in particular those relevant for the personalisation of services and for marketing measures. Consent can be revoked at any time with future effect by calling up the tracking settings via the link at the end of each page (footer) and removing the tick behind the processing for which consent had been given. "
| Name of cookie | Purpose of processing | Legal basis for processing | Storage duration |
|---|---|---|---|
| RationalOnline | Session cookie of the website framework | Legitimate interest – technically necessary | Until session ends |
| wantTip | Session cookie of the Javascript functionality “Tooltip” | Legitimate interest – technically necessary | Until session ends |
| Name of cookie | RationalOnline |
| Purpose of processing | Session cookie of the website framework |
| Legal basis for processing | Legitimate interest – technically necessary |
| Storage duration | Until session ends |
| Name of cookie | wantTip |
| Purpose of processing | Session cookie of the Javascript functionality “Tooltip” |
| Legal basis for processing | Legitimate interest – technically necessary |
| Storage duration | Until session ends |
We use the Usercentrics service to manage consents on our website. Usercentrics is software developed by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.
Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our cookie management tool during a previous visit to our website. This cookie is necessary because it allows the website to recognise whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymised form, information about the browser that was used, data about the scope of the consent, and the date and time of the visit.
The legal basis for the processing is our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and increase the transparency of data processing by means of cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of data processing.
Your consent or refusal to use / receive services that may also set cookies is stored on your end device in its local storage. The consent data (consent granted and revocation of consent) remain stored on your computer until the local storage is deleted. To enable matching, Usercentrics stores this as hash values for 3 years.
For reasons of transparency, we would like to point out that we use Google Tag Manager. Google Tag Manager does not collect any personal data itself. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that are used to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimise websites, among other things. We use the Tag Manager for all digital services listed in this data privacy statement. If you have deactivated it, Google Tag Manager will take this deactivation into account. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html .
For the purpose of analysing and optimising our websites, we use various services which are described below. We use these services to analyse how many users visit our site, which information is most in demand or how users find the offer. We also collect data on which website a user came to our website from (the referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.
| Affected data category | Purpose of processing | Legal basis for processing | Storage duration | Withdrawal |
|---|---|---|---|---|
| IP address (saved anonymously) | Creation and modification of cookie information. | Consent | 14 months | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Device-related data, such as device type, operating system model, browser type and version | Optimisation of the website and adaptation of content as well as aggregated usage analysis. | Consent | 14 months | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Usage-related information, such as time of use, duration, place of origin, pages accessed, clicks and actions on the website | Optimisation of the website and adaptation of content as well as aggregated usage analysis. | Consent | 14 months | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | IP address (saved anonymously) |
| Purpose of processing | Creation and modification of cookie information. |
| Legal basis for processing | Consent |
| Storage duration | 14 months |
| Withdrawal | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Device-related data, such as device type, operating system model, browser type and version |
| Purpose of processing | Optimisation of the website and adaptation of content as well as aggregated usage analysis. |
| Legal basis for processing | Consent |
| Storage duration | 14 months |
| Withdrawal | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Usage-related information, such as time of use, duration, place of origin, pages accessed, clicks and actions on the website |
| Purpose of processing | Optimisation of the website and adaptation of content as well as aggregated usage analysis. |
| Legal basis for processing | Consent |
| Storage duration | 14 months |
| Withdrawal | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
On our website, we use the open source web analytics software Matomo, a service of “InnoCraft Ltd“, a company based at 7 Waterloo Quay PO625 Wellington, New Zealand. Since InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg (privacy@innocraft.com). The software is only operated by its own servers.
Cookies are used to analyse the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. With Matomo, no data is transmitted to servers beyond our control. Your IP address is immediately anonymised during this process, so that you as a user are not identifiable to us. The information collected about your use of this website will not be passed on to third parties.
We use the data collected for the statistical analysis of user behaviour for the purpose of optimising the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing lies in optimising our website, adapting the content and improving our offer. The interests of the users are sufficiently protected by anonymisation. We only store the analysis data for as long as the purpose of the data processing requires, but for a maximum of 14 months.
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the cookie settings (see above, Tracking settings). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options is then displayed again.
With your consent, we use Google Analytics 4 on our website, the web analysis service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
To use Google Analytics 4, we use 'server-side tracking'.
In this case, we use our own server between the collection by us and the transfer to Google. This means that we process the information we collect from you on our own servers before transferring it to Google. This means that we have full control over what information is sent to Google.
The information collected when you visit our website includes the following:
We actively anonymise your IP address before sending the data to Google. Google will use the information collected and transmitted on our behalf for the purpose of evaluating your use of the website and compiling reports on website activity for us (for example, reports on advertising, remarketing, cross-device reports and reports on interests and demographics). The reports provided by Google Analytics are used to analyse the performance of our website and the effectiveness of our marketing campaigns.
We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activity within those sessions) and to analyse user behaviour across devices.
We use the Google Signals feature to run cross-device remarketing campaigns for ad delivery. This is a feature of Google Analytics that links the visit and session information we collect on our website or in our apps with Google account information from logged-in Google Account users who have opted in to this linking for the purpose of ad personalisation. Google Signals allows us to analyse your user behaviour across devices. For example, Google can detect if you view a product on our site using a smartphone and then purchase the product later using a laptop.
Google Signals uses cookies and is client-side, meaning that the user data it collects is sent directly to Google. If Google Signals is enabled, your IP address will be collected and sent to Google. Please note that we have no control over the transmission of the IP address as part of Google Signals. Due to the activation of IP anonymisation on this website, your IP address will be truncated by Google within the member states of the European Union or other states that are party to the agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. You will also be assigned a unique user ID.
Google Analytics also uses Google Signals to collect additional visitor data such as location, search history, YouTube history and data about what visitors do on our website. This allows us to get better advertising reports from Google and useful information about our users' interests and demographics. These include age, language, location or even gender. Social criteria such as occupation, marital status or income can also be added. These features allow Google Analytics to define groups of people and target audiences. This data is used to provide aggregated and anonymised insights into the cross-device behaviour of our users. It is always statistical, anonymous data that cannot be attributed to you as an individual. The data collected in this way expires by default after 26 months.
The legal basis for the described data processing is your consent, Article 6 (1)(a) GDPR, Article 25 (1) sentence 1 TDDDG, which we ask for when you access the website and which you must give before you can use Google Analytics with the above-mentioned features. The data processing described above will not be carried out without your consent. You can withdraw your consent at any time with future effect by changing your preferences on our consent management platform (see above).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this or other websites. You can also prevent the collection of your data by Google Analytics 4 by installing the browser add-on to disable Google Analytics.
The recipients of the data are Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA cannot be excluded. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. This safeguards data transfers to Google LLC based on the adequacy decision pursuant to Article 45 GDPR.
More information on the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/intl/de/about/analytics/
We use cookies for marketing purposes to target our users with interest-based advertising. We also use cookies to limit the probability of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information can also be shared with third parties, such as such as ad networks. The legal basis for this is point (a) of Article 6(1) GDPR.
As part of usage-based online advertising, we use the Custom Audiences service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA). The processor for us (as a company from the EU) is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For this purpose, we define target groups of users based on certain characteristics in the Facebook Ads Manager, who will subsequently be shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website.
In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set. This collects information about your activities on our website (e.g. browsing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.
We do not use Facebook Custom Audiences via the customer list or the “advanced comparison“ function.
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with the selection options is then displayed again.
Further information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, can be found in Facebook's privacy policy. You can apply settings regarding which advertisements are displayed to you on Facebook under this link and in the Facebook account settings.
If you consent to the data processing described, Facebook will of course also have access to your data. In particular, it is possible that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, alongside Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland may have access to your data. Facebook Inc. is located in an insecure third country where the level of data protection is lower.
Facebook has made available online a "Facebook EU Data Transfer Addendum" since 31/08/2020, which is intended to incorporate the standard contractual clauses in cases where Facebook Ireland Limited processes data from the EU/EEA as a processor and transfers it to Facebook Inc. as a sub-processor.
You can find further information on the Custom Audiences service by Facebook at: https://de-de.facebook.com/business/help/449542958510885 .
You can obtain further information on data processing and storage duration from the provider or at https://www.facebook.com/about/privacy .
The deactivation of the “Facebook Custom Audiences“ function is possible for logged-in users under https://www.facebook.com/settings/?tab=ads# .
| Name of the provider | Provider type | Data transfer to third country | Third country | Guarantees in accordance with Article 44ff GDPR |
|---|---|---|---|---|
| Facebook Inc. ("Facebook") based at 1601 S. California California, Palo Alto, CA 94304, USA. | Processor | Yes | USA | Standard contractual clauses |
| Name of the provider | Facebook Inc. ("Facebook") based at 1601 S. California California, Palo Alto, CA 94304, USA. |
| Provider type | Processor |
| Data transfer to third country | Yes |
| Third country | USA |
| Guarantees in accordance with Article 44ff GDPR | Standard contractual clauses |
| Affected data category | Purpose of processing | Legal basis for processing | Storage duration | Deactivation/revocation |
|---|---|---|---|---|
| HTTP header: An HTTP header contains information about your IP address, web browser information, page location, document, URl reference and web browser user agent. | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Pixel-specific data, such as the pixel ID and Facebook cookie data. | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Optional values, such as information on purchases made, information on the conversion value. | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | HTTP header: An HTTP header contains information about your IP address, web browser information, page location, document, URl reference and web browser user agent. |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Pixel-specific data, such as the pixel ID and Facebook cookie data. |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Optional values, such as information on purchases made, information on the conversion value. |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
With your consent, we use the conversion tracking option provided by the form extensions for the ad lead forms we use on Facebook and Instagram. The service provider is Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The responsible service provider in the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin/Ireland. The service allows us to target our advertising campaigns more accurately. This data allows us to optimise and target our advertising campaigns.
When you open a lead form on Facebook or Instagram and contact us through it, Meta will assign you an identifier (an ID). If you send us the information you entered on the lead form, this will be recorded as a lead form conversion. As part of this process, your information will be provided to us as a registered lead from Meta in the Advertising Manager to the Facebook or Instagram account as a list. In addition, we receive information from Meta in the form of purely statistical, aggregated evaluations, such as how many users have become aware of our offers through which advertisement and advertising campaign, and are interested in attending a customer event. These evaluations give us an overview of the success of our advertising campaigns, enabling us to optimise and target them more precisely.
In order to capture offline conversions - i.e. processes and events in our customer engagement that start online but are completed offline - we use the option of offline conversion imports into our Meta ad manager. For this purpose, we store the lead data you provide with the ID assigned by Meta for a total of 90 days. If offline conversions occur during this period that can be attributed to our lead form advertising, such as actual event attendance and expressed purchase interest, we will associate this additional information with your data as offline conversions and load this information (event attendance, purchase interest and, if applicable, additional lead qualification information) along with the META ID assigned to you in our META Advertising Manager. This way we can also show offline conversions in the statistics. For more information about how we process data when using META Ads Lead Forms on Facebook and Instagram, please see https://www.facebook.com/business/help/829597887147190?id=735435806665862
We are joint controllers with Meta with regard to the present data processing pursuant to Article 26 GDPR. We have entered into a joint responsibility agreement, which sets out our respective responsibilities for fulfilling our obligations under the GDPR. As joint controllers, we are informing you, with regard to Article 26 GDPR, about the essentials of the joint controller agreement between us and Facebook: https://de-de.facebook.com/legal/controller_addendum
Data will only be collected and processed with your express consent in accordance with Section 25 (1) sentence 1 TDDDG (German Telecommunications Digital Services Data Protection Act), Article 6 (1)(a) GDPR.
Various recipients within and outside the EU/EEA receive the aforementioned personal data:
Recipients may be national or partner companies within the RATIONAL Group. Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.
In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply. Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection with the service provider, we must comply with the standard data protection clauses adopted by the EU Commission pursuant to Article 46 GDPR, which allows the transfer of personal data to a third country in individual cases.
If you interact within the scope of Meta services, Meta will of course also have access to your data. The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin/Ireland. The parent company of Meta Ireland, Meta Platforms Inc., is based in California, USA. A transfer of data to the USA cannot be excluded. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Meta Platforms Inc. has been certified according to the EU-US Data Privacy Framework (DPF). This means that Meta Platforms Inc. has made a public commitment to comply with the DPF obligations, which means that a transfer of data to the USA is already covered by the current adequacy decision of the European Commission pursuant to Article 45 GDPR.
For more information about Meta's privacy policy, please visit https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
We use the LinkedIn Conversion Tracking service of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA to evaluate our online advertising. The controller for users in the EU/EEA and Switzerland is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
For this purpose, we define target groups of users based on certain characteristics in the LinkedIn Campaign Manager, who are subsequently shown advertisements within the LinkedIn network. Users are selected by LinkedIn based on the profile information they provide, as well as other data provided when using LinkedIn. If a user clicks on an advertisement and subsequently reaches our website, LinkedIn receives the information that the user has clicked on the advertising banner via the Conversion Tag integrated on our website.
The LinkedIn tag therefore allows the following data to be logged:
The IP addresses are shortened or (for cross-device use) hashed by LinkedIn. The direct identifiers of the members are removed within 7 days for pseudonymisation of the data. The remaining pseudonymous data is then deleted within 180 days.
LinkedIn does not share the personal data with us, as the website operator, but only provides us with reports and notifications (which do not identify the user) about website visits and ad performance. LinkedIn also offers retargeting, which allows us, as the website operator, to show personalised ads outside of our website using this data without identifying individual members. Data that does not identify you is also used to improve ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customise advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
We process this data to evaluate our advertising campaigns. The legal basis for the processing is your consent, point (a) of Article 6(1) GDPR. Without your consent via our cookie banner, no data is processed for LinkedIn conversion tracking. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. That’s it. The banner with the selection options is then displayed again.
As part of LinkedIn conversion tracking, LinkedIn naturally has access to the listed data. In particular, it is possible that in addition to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA may also have access to your data.
The LinkedIn Corporation is located in an insecure third country where the level of data protection is lower. Since a transfer of the data collected by the pixel described here to the LinkedIn Corporation cannot be ruled out, appropriate guarantees are required to ensure an adequate level of data protection.
In this regard, LinkedIn provides, as part of the respective LinkedIn services contract, a Data Processing Agreement with linked standard contractual clauses for customers of its LinkedIn services, which can be found here: https://www.linkedin.com/legal/l/dpa .
Further information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in LinkedIn's privacy policy.
For more information on LinkedIn conversion tracking, please visit: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started
You can find further information on data processing and storage duration at https://www.linkedin.com/help/linkedin/answer/65521?lang=de .
| Affected data category | Purpose of processing | Legal basis for processing | Storage duration | Deactivation/revocation |
|---|---|---|---|---|
| HTTP header: In an HTTP header there is information about: Visited website, including the URL, referrer, IP address, device and browser properties (user agent), and timestamp. | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Pixel-specific data, such as the pixel ID | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Optional values, such as information on purchases made, information on the conversion value | Interest-based advertising | Consent | 180 days | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | HTTP header: In an HTTP header there is information about: Visited website, including the URL, referrer, IP address, device and browser properties (user agent), and timestamp. |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Pixel-specific data, such as the pixel ID |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Affected data category | Optional values, such as information on purchases made, information on the conversion value |
| Purpose of processing | Interest-based advertising |
| Legal basis for processing | Consent |
| Storage duration | 180 days |
| Deactivation/revocation | You can withdraw your consent by changing your selection in the tracking settings (see above, under Cookies). |
| Name of the provider | Provider type | Data transfer to third country | Third country |
|---|---|---|---|
| LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA. | Processor | Yes | USA |
| Name of the provider | LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA. |
| Provider type | Processor |
| Data transfer to third country | Yes |
| Third country | USA |
We run X Ads to drive traffic to our services and use X conversion tracking on our website to analyse our online advertising. The provider is X Corp., 865 FM 1209, Building 2, Bastrop, TX 78602, USA. The entity responsible for managing the rights of data subjects within the EU/EEA is X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Irland.
In the X Ads Campaign Manager, we define target groups of users based on certain characteristics and then serve them ads within the X network. Users are selected by X based on the profile information they provide, as well as other data provided when using X. X Custom Audiences is not used by us.
X conversion tracking uses the 'X pixel', which can be used to track the actions of users after they have seen or clicked on an X ad. When you click on an ad, a cookie is placed on your computer. These cookies have a term of up to 13 months in some areas. Further information on the use of cookies on X can be found in the X Help Centre . Click here to visit our website. The pixel on our website provides X, and us as the client, with information that a user has clicked on an ad and been directed to our website. Your browsing behaviour is recorded, such as the website visited, content viewed, time of visit, etc., as well as device-related information such as applications and operating systems used. This includes your IP address.
The information is used to generate reports showing how many users have seen or clicked on an ad. In principle, we only receive reports from X in an aggregated, anonymised form that does not reveal who has seen or clicked on our ads. The statistics provided to us by X include the total number of users who clicked on one of our advertisements and, if applicable, whether they were redirected to a page on our website that was tagged with a conversion tag. We can use these statistics to understand what content is relevant to users and make improvements.
Data that exceptionally allows us to identify a specific user on X will be deleted within 90 days of receipt of the data.
Further information on data processing when using X Ads and conversion tracking can be found at https://legal.x.com/ads-terms/international.html .
You can opt out of interest-based advertising you have requested on X via the YourAdchoice website or the Network Advertising Initiative website . Please note that the advertising settings for your X account are only applied if you are also logged into X. For more information on access, see Personalisation and Data Settings .
Data will only be collected and processed with your express consent in accordance with Section 25 (1) sentence 1 TTDSG, Article 6 (1)(a) GDPR. You may withdraw your consent at any time with future effect.
Data may be transferred to an X Corp. server in the USA as part of the processing. Where data is processed outside the EU/EEA, X Corp. is certified under the EU-US Data Privacy Framework (DPF). Data transfers to the USA are therefore authorised on the basis of the European Commission's adequacy decision pursuant to Article 45 GDPR. For more information on the EU-US Privacy Framework Program, please visit the official website of the ITA: https://www.dataprivacyframework.gov/s/)
For more information about the purpose and scope of data collection, further processing and use of data, and privacy settings, please see X's Privacy Policy: https://x.com/en/privacy
We use the TikTok Ads lead forms to offer potential purchasers the opportunity to contact us directly and voluntarily via a contact form displayed there. TikTok Lead Ads is a service provided by the Chinese company ByteDance. The controller for users in the EU/EEA and Switzerland is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland jointly with TikTok Information Technologies UK Limited, One London Wall 6th floor, London, EC2Y 5EB, United Kingdom (hereinafter “TikTok“)
You can use the TikTok Ads lead forms to register for our RATIONAL Live events or webinars.
We use a double opt-in process for registrations via the TikTok Ads lead form. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your registration. If you do not confirm this within 24 hours, your registration will be automatically deleted from the database. Upon confirmation, you will receive personal access to the event or webinar. Furthermore, we store your IP addresses and the times of registration and confirmation each time you register and confirm. The purpose of the procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfilment of accountability, we have a legitimate interest in accordance with Article 6 (1)(f) GDPR in processing the data of the double opt-in procedure.
When you contact us via a TikTok Ads lead form, the data you provide (title, first name, last name, company, street, house number, postcode, city, country, email and phone number) will only be processed by us to respond to your questions and requests and to enable you to participate in our events and features as requested. This also constitutes our legitimate interest in processing as defined by Article 6(1)(f) GDPR. Processing of the data for further purposes is not intended.
Personal data that must be provided is marked as mandatory in the respective registration form; any additional information is voluntary.
Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you. You can object to the described processing of your personal data communicated via TikTok Ads lead form at any time with effect for the future. To do this, send us an e-mail at Datenschutzbeauftragter@rational-online.com and express your wish to withdraw with future effect.
TikTok regulates the data processing in connection with the use of TikTok Lead Ads (lead generation) via the Jurisdiction Specific Terms contractually agreed with us under a data processing agreement within the meaning of Article 28 GDPR in accordance with the Data Processing Terms.
Various recipients within and outside the EU/EEA receive the aforementioned personal data. In detail, these are the following recipients:
Via the Jurisdiction Specific Terms, data transfers to third countries - unless there is an adequacy decision pursuant to Article 45 GDPR of the EU Commission - are governed by standard contractual clauses pursuant to Article 46 (2) GDPR.
According to its own information, TikTok bases internal data transfers on adequacy decisions pursuant to Article 45 GDPR (for third countries for which the European Commission considers there to be an adequate level of data protection, e.g. for data transfers to groups of companies based in Canada, the UK, Israel, Japan and South Korea). For data transfers to countries for which there is no adequacy decision, TikTok states that it uses the EU standard contractual clauses pursuant to Article 46 (2) GDPR.
We expressly state that TikTok collects information about users (e.g. IP address, personal interests, behaviour on TikTok pages, personal information stored by TikTok, etc.) and uses it for its own business purposes.
We have no control over the processing and use of this data, as TikTok alone determines the processing. It is not possible for us to fully trace to what extent, where and for what duration the data are stored, to what extent the data are linked and analysed and to whom the data are transferred. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.
For more detailed information about what information TikTok collects, for what purposes and on what legal basis, please see TikTok‘s Privacy Policy .
The information about TikTok conversion tracking ("TikTok pixel") also applies here.
In order to promote our products and services, we serve ads on TikTok and use the "TikTok Pixel" tracking and conversion tool on our website to analyse our online advertising. TikTok Conversion Tracking is a service provided by the Chinese company ByteDance. The controller for users in the EU/EEA and Switzerland is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, together with TikTok Information Technologies UK Limited, One London Wall 6th floor, London, EC2Y 5EB, United Kingdom (hereinafter "TikTok").
The TikTok pixel allows us to track the effectiveness of TikTok ads for statistical and market research purposes by determining whether users were directed to our website after clicking on a TikTok ad (a "conversion"). Pixels are small, invisible image files used to record information about a user's interaction with a website. When the website is visited, a simple code is automatically launched that loads the pixel onto the device and records certain information about the device and the user's actions on the site. This allows us to measure our ad performance and conversions, as well as build audiences for remarketing. It also allows us to serve interest-based advertising to users of our site and to measure and analyse their behaviour on our site for statistical and market research purposes. Information collected by TikTok pixels includes IP address, a device ID, device type and operating system, and information about activity on our site (e.g., browsing patterns, subpages visited, etc.). For more information about the TikTok Pixel, visit TikTok at About TikTok Pixel. The data is transferred to TikTok. TikTok may use this information to associate a user of our website with a TikTok user account. TikTok uses this information to display personalised advertising to its users and to create interest-based user profiles. TikTok regulates the processing of data in the context of the use of conversion tracking (data collection and exchange of event data, display of conversions) through the Jurisdiction Specific Terms , which we have contractually incorporated as joint controllers within the meaning of Article 26 GDPR (Joint Controller Terms).
TikTok does not share the personal data with us, as the website operator, but only provides us with reports and notifications (which do not identify the user) about website visits and ad performance.
Data will only be collected and processed with your express consent in accordance with Section 25 (1) sentence 1 TTDSG, Article 6 (1)(a) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies).
Various recipients within and outside the EU/EEA receive the aforementioned personal data. External service providers are TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok") and TikTok Information Technologies UK Limited, One London Wall 6th floor, London, EC2Y 5EB, United Kingdom. In addition, if you use TikTok Lead Ads, we cannot guarantee that your personal data will not be transferred to and processed by other companies within the TikTok group of companies around the world.
Via the Jurisdiction Specific Terms , data transfers to third countries - unless there is an adequacy decision pursuant to Article 45 GDPR by the EU Commission -
will be governed by standard contractual clauses pursuant to Article 46 (2) GDPR. According to its own information, TikTok bases internal data transfers on adequacy decisions pursuant to Article 45 GDPR (for third countries for which the European Commission considers there to be an adequate level of data protection, e.g. for data transfers to groups of companies based in Canada, the UK, Israel, Japan and South Korea). For data transfers to countries for which there is no adequacy decision, TikTok states that it uses the EU standard contractual clauses pursuant to Article 46 (2) GDPR.
For more information about TikTok's data processing and retention practices, please see TikTok's Privacy Policy: https://www.tiktok.com/legal/privacy-policy-eea .
We use the Google Ads service. Google Ads is an online advertising programme of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This means that we place Google Ads and also use Google remarketing, conversion tracking and the conversion linker as part of this. The advertisements are displayed on Google’s search results pages and on websites of the Google advertising network. We also use ads remarketing lists for advertisements. This allows us to customise campaigns for users who have previously visited our website. The services allow us to combine our advertisements with certain search terms or to place advertisements for previous visitors promoting, for example, services that visitors have viewed on our website. This means that we can display interest-based advertising to users of our website on other websites within the Google advertising network (as a "Google ad" within Google Search or on other websites).
For interest-based offers, an analysis of online user behaviour is necessary. Google uses cookies to perform this analysis. When clicking on an advertisement or visiting our website, a cookie is set on the user’s computer by Google. These cookies have a duration of 90 days. The information collected by means of the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google's notices on website statistics and in the privacy policy. With the conversion linker, we can also store click data to effectively measure conversion tracking information. This allows us to see whether users perform a certain action on the website specified by us (e.g. whether services are ordered) after clicking on an ad placed by us via Google Ads. We therefore use the conversion linker tag on our pages, which you can land on as a visitor if you have clicked on one of our advertisements. With the conversion linker tag, we are then able to record our ad click information in the URLs of the conversion page and store it in our own first-party cookies (instead of third-party cookies) on our domain.
With the help of this technology, Google and we as a customer receive information that a user has clicked on an advertisement and been redirected to our websites. The information obtained in this way is only used for statistical evaluation to optimise the advertisements. We do not receive any information that could personally identify visitors. Your IP address will be transmitted to Google, but since we use Google Analytics IP masking on this website, your IP address will be anonymised.
The log data is anonymised after 9 months and the cookie information is anonymised after 18 months.
The statistics provided to us by Google include the total number of users who clicked on one of our advertisements and, if applicable, whether they were redirected to a page on our website that was tagged with a conversion tag. Based on these statistics, we can trace which search terms were clicked on our advertisement particularly often and which advertisements lead to the user contacting us via the contact form.
You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=de .
Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection with the service provider, we must comply with the standard data protection clauses adopted by the EU Commission pursuant to Article 46 GDPR, which allows the transfer of personal data to a third country in individual cases.
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again.
You also have the option of changing the display setting ( https://adssettings.google.com/authenticated?hl=de ) to select the types of Google advertisements or to deactivate interest-based advertisements on Google.
In order to capture offline conversions in Google Ad Conversion Tracking - i.e. processes and events in our customer engagement that start online but are completed offline - we also use the option of offline conversion imports into our Google Ad Account. If you click on an advertisement for one of our events and are directed to our website, you will be assigned a Google-assigned click ID (GCLID). This ID is appended as a parameter to the destination URL of the website that is accessed from your advertisement. When you register for our event on our website, we will store your registration details along with your GCLID for a total of 90 days. If offline conversions occur during this period that can be attributed to our advertisements, such as your actual attendance at the event, we will associate this additional information with your data as offline conversions and upload this information to our Google Account along with the GCLID assigned to you. This way we can also show offline conversions in the statistics. For more information about our privacy practices when using Google Ads Offline Conversion Tracking, please see https://support.google.com/google-ads/answer/2998031
As part of Google Ads Conversion Tracking, we use the Enhanced Conversions feature, a service of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
We use the Enhanced Conversions feature for cross-device tracking to improve the measurement of conversions on our website. This also allows us to track across devices when users take a desired action after interacting with our ads. We use this information to show more relevant ads to users across the Google advertising network.
If you visit our website through one of our advertisements and make a conversion there - for example, registering for one of our events through a registration form - certain information you enter (such as your name, email address or phone number) may be collected by our tracking tag. This data is encrypted using a cryptographic hash function or the one-way hash algorithm SHA256. This creates a randomly generated and untraceable hash value, which is then sent to Google.
Google compares this hashed data with hashed user data from Google Accounts. This enables Google to determine whether, for example, a person who has registered with a particular email address has previously clicked on one of our ads. If this is the case, Google will record a conversion.
The enhanced conversions recorded in this way are not shown separately to us, but are only included in the statistical evaluations provided to us by Google to measure the success of our advertising material on the basis of aggregated values; we are not able to identify you as an individual. These statistical reports help us analyse the success of our advertising efforts and optimise our ads.
The legal basis for the described data processing is your consent, point (a) of Article 6 (1) GDPR, and Section 25 (1) TDDDG (German Telecommunications Digital Services Data Protection Act). You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again.
The recipient of the data is Google Ireland Limited, Ireland. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA cannot be excluded. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. This safeguards data transfers to Google LLC based on the adequacy decision pursuant to Article 45 GDPR. Where data is processed outside the EU/EEA, we have also agreed the standard data protection clauses adotped by the EU Commission pursuant to Article 46 GDPR with the service provider Google LLC, USA, to ensure a secure level of data protection. These allow the transfer of personal data to a third country in individual cases.
For more information about how we process data when using Google Ads Enhanced Conversions, please see https://support.google.com/google-ads/answer/2998031
Microsoft Advertising is an online advertising service for displaying advertisements of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The controller for users in the EU, EEA and Switzerland is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland.
We use the Microsoft Advertising service (formerly Bing Ads) to display advertisements via the Microsoft network and the associated search engines (e.g. Bing, Yahoo!, Ecosia, etc.). As part of Microsoft Advertising, we also use the associated conversion tracking. Conversion tracking requires the implementation of the UET tag (Bing Universal Event Tracking), which we have integrated into our website. If you access our website through an advertisement we have placed, a cookie will be placed on your computer. These cookies enable Microsoft and us to recognise that someone has clicked on an advertisement, been directed to our website and taken a predetermined action on the website (conversion). This information helps us to better tailor our website, advertisements and offers to your needs.
We also use remarketing lists to serve interest-based advertisments to website visitors within the Microsoft Advertising Network. Detailed information about the data and cookies used can be found at https://help.ads.microsoft.com/#apex/ads/en/53056/2-500 .
We use the information obtained from conversion tracking solely for statistical purposes to optimise our advertising. We cannot identify the visitor personally. The statistics provided by Microsoft include the total number of users who clicked on one of our advertisements and whether they were redirected to a website with a conversion tag. We may also determine whether a particular action was taken on the website (for example, whether and how many registrations were made for an event, what you clicked on our website, how many people visit our website through Microsoft Advertising, and how long you spend on our website) and the keyword or advertisement you used to reach us.
Microsoft uses the data to optimise its own advertising and other services. If you have a Microsoft account, the data collected may be associated with your account. Microsoft may recognise and store your IP address. The retention period for data collected by UET is 390 days, Microsoft cookies have an expiry date of 13 months.
You can select the types of Microsoft ads you want to see or opt out of interest-based advertising on Microsoft by using the Ads Preferences feature https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings .
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR, and Section 25(1) TTDSG (German Telecommunications Telemedia Data Protection Act). You can withdraw your consent at any time with future effect by changing your tracking preferences or deleting your local storage from this website. The banner with a link to the selections is then displayed again.
The recipient of the data used as part of Microsoft Advertising may also be Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission. Data transfers to the USA are therefore protected in accordance with Article 45 GDPR.
You can find more information on data protection in the context of Microsoft Advertising at: https://privacy.microsoft.com/en-us/privacystatement .
With your consent, we use Customer Match features from Meta (for Facebook and Instagram), LinkedIn and Google to display personalised ads to you through our social media sites or their ad networks. For this purpose, we transmit lists of customer data (e.g. your email addresses/phone numbers) in encrypted form to the relevant platform provider or advertising network provider. They will check to see if the customer information transferred exists in their own customer database. If this is the case, the data can be used to form target groups. This enables us to display personalised advertisements on the platforms or advertising networks in accordance with your interests. We use the Customer Match functions of the following vendors for this purpose:
Meta Custom Audience (via Customer List)
For Facebook and Instagram, we use the Custom Audience (Customer List) service. The provider is Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The responsible service provider in the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin/Ireland. Custom Audience (Customer List) allows us to create target groups and display personalised ads on Facebook and Instagram.
To do this, we upload lists of data (such as first name, last name, company name, postcode, town, email address, telephone number) in hashed and therefore encrypted form into Meta's Advertising Manager. Meta checks if this data is available in its own customer database for Facebook or Instagram users. Meta cannot decrypt the hash values if the corresponding data is not already stored in the database. As a result, Meta does not receive the uploaded data, but can only determine whether or not the data is already available at Meta. If there is a match, the data can be used to form target groups. After the comparison, the transmitted data is deleted.
We are joint controllers with Meta for the use of the Custom Audience (Customer Liste) service in accordance with Article 26 GDPR. We have entered into a joint controllership agreement, which sets out the respective responsibilities for fulfilling our obligations under the GDPR. As joint controllers, we are informing you, with regard to Article 26 GDPR, about the essentials of the joint controllership agreement between us and Meta: https://www.facebook.com/legal/controller_addendum . If you have any further questions about privacy, please contact us by email: privacy@rational-online.com. You can also assert your rights against Meta at https://www.facebook.com/help/contact/367438723733209. Further information on this can be found in the Meta privacy policy. https://www.facebook.com/privacy/policy/
The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin/Ireland. The parent company of Meta Ireland, Meta Platforms Inc., is based in California, USA. A transfer of data to the USA cannot be excluded. Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection with the service provider, we must comply with the standard data protection clauses adopted by the EU Commission pursuant to Article 46 GDPR, which allows the transfer of personal data to a third country in individual cases. For the USA, the European Commission also adopted its adequacy decision on 10 July 2023. Meta Platforms Inc. has been certified under the EU-US Data Privacy Framework (DPF). This means that Meta Platforms Inc. has publicly committed to comply with the DPF obligations, so a transfer of data to the US is already covered by the European Commission's current adequacy decision under Article 45 GDPR. For more information about processing contact information, please see the "Terms of Use for Custom Audiences with Customer List", https://www.facebook.com/legal/terms/customaudience
Google Ads Customer Match
For the Google advertising network, we use the Google Ads Customer Match service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
With Google Customer Match, lists of customer information (such as your email addresses/phone numbers) are uploaded to Google in encrypted form as hash values. Google compares this data with its own customer databases and can create target groups based on matches. Google also cannot decrypt the hash values if the corresponding data is not already stored in the database. After the customer match lists have been created, the encrypted customer data is deleted. These target groups enable us to display personalised ads in Google Ads in Google Search, the Google Shopping tab, Gmail, YouTube and Google networks.
We have concluded an order processing agreement with Google Ireland Limited for data processing with Google Ads Customer Match. In addition, Google Ireland Limited and Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA have entered into standard contractual clauses for the transfer of data to the USA. You will find more information about this at: https://support.google.com/google-ads/answer/6379332 and https://support.google.com/google-ads/answer/6334160.
For the USA, the European Commission also adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. This safeguards data transfers to Google LLC based on the adequacy decision pursuant to Article 45 GDPR.
If you do not want us to show you personalised ads, you can change your preferences in the Privacy tab of your Google Account. This link can be used to disable data processing: https://adssettings.google.com/notarget
LinkedIn Matched Audiences
On LinkedIn, we use the LinkedIn Matched Audiences service to target our advertising campaigns to specific audiences. Matched Audiences is a service of the LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA. The responsible body for EU/EEA users is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We use Matched Audiences to upload encrypted customer data in hashed form to the LinkedIn Campaign Manager to determine the recipients of our LinkedIn ads. We use Contact Targeting to send LinkedIn your customer information (such as your email address, first name and last name). LinkedIn compares this data with its own customer user accounts and forms target groups based on matches. With the Company Targeting function, we load company lists into the campaign manager (company name, website, industry, stock exchange abbreviation and country), which LinkedIn matches with the company pages on the platform, thus capturing employees of the companies as target groups. We do not know whether or to what extent LinkedIn also uses this information for its own purposes.
We have entered into a joint controllership agreement with LinkedIn pursuant to Article 26 GDPR, which sets out the respective responsibilities for the fulfilment of the obligations under the GDPR. You can view this at https://legal.linkedin.com/pages-joint-controller-addendum . For more information about the agreement between us and LinkedIn, please visit: https://www.linkedin.com/help/linkedin/answer/124838
The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. In accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and in other third countries. LinkedIn Corporation USA is not yet certified under the EU-US Privacy Shield. LinkedIn also undertakes to use the new EU standard contractual clauses pursuant to Article 46 GDPR adopted by the EU Commission if a third country transfer takes place. For more information on LinkedIn’s standard contractual clauses, please visit: https://www.linkedin.com/legal/l/eu-sccs
The legal basis for the data processing described when we use the customer matching functions of Meta (Custom Audience Customer List - Facebook/Instagram), LinkedIn (Matched Audiences) and Google (Customer Match) is your consent, Article 6 (1) 1 lit. a GDPR. The data processing described above will not be carried out without your consent. You can withdraw your consent at any time with immediate effect by sending an email to socialmedia@rational-online.com .
You have the option on our website or via "Advertising Lead Forms" (see below) to register for our newsletter and also to leave your telephone number for the purpose of advertising contact, so that we can provide you with information by e-mail and telephone/SMS as part of the consent you have given, provided you have expressly consented (point (a) of Article 6(1) GDPR). By agreeing to receive the newsletter and to be contacted by telephone, you consent to receive:
by RATIONAL AG, Siegfried-Meister-Strasse 1,86899 Landsberg am Lech, or its responsible group companies. Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.
We use the double-opt-in procedure to register for our newsletters and for further consent to be contacted by e-mail for advertising purposes. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm this within 24 hours, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your email address until you unsubscribe. The sole purpose of storing this data is to be able to send you the newsletter. Furthermore, we store your IP addresses and the times of registration and confirmation in order to be able to prove your registration in case of doubt and to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to point (f) of Article 6(1) GDPR on the proof of previously granted consent, see also Article 7(1) GDPR.
The provision of further, separately marked, information is voluntary and will only be used to personalise the newsletter and/or the promotional telephone calls. The legal basis for this is your consent as defined by point (a) of Article 6(1) GDPR.
You can revoke your consent to receive the newsletter or to be contacted by telephone for advertising purposes at any time. You can revoke your consent by clicking on the link provided in every newsletter e-mail or by e-mail to privacy@rational-online.com , as well as during the telephone call.
| Name of newsletter provider | Provider type | Data transfer to third country | Third country | Guarantees pursuant to Article 44 et seq. GDPR |
|---|---|---|---|---|
| salesforce.com, inc, Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA | Processor | Yes | USA | EU standard contractual clauses / more: https://sfdc.co/cakvbB |
| EQS Group AG, Karlstrasse 47, D-80333 Munich | Processor | No |
| Name of newsletter provider | salesforce.com, inc, Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA |
| Provider type | Processor |
| Data transfer to third country | Yes |
| Third country | USA |
| Guarantees pursuant to Article 44 et seq. GDPR | EU standard contractual clauses / more: https://sfdc.co/cakvbB |
| Name of newsletter provider | EQS Group AG, Karlstrasse 47, D-80333 Munich |
| Provider type | Processor |
| Data transfer to third country | No |
| Third country | |
| Guarantees pursuant to Article 44 et seq. GDPR | |
| Data | Purpose of processing | Legal basis for processing | Storage duration |
|---|---|---|---|
| IP address upon registration | Proof of registration | Legitimate interest | up to 3 years after revocation/objection |
| Time of registration | Proof of registration | Legitimate interest | up to 3 years after revocation/objection |
| IP address upon DOI | Proof of double opt-in | Legitimate interest | up to 3 years after revocation/objection |
| Time of DOI verification | Proof of double opt-in | Legitimate interest | up to 3 years after revocation/objection |
| e-mail address | Sending the newsletter | Consent | until revocation/objection |
| *Form of address | Direct approach | Consent | until revocation/objection |
| *First name | Direct approach | Consent | until revocation/objection |
| *Surname | Direct approach | Consent | until revocation/objection |
| *Telephone number | Direct approach | Consent | until revocation/objection |
| Data | IP address upon registration |
| Purpose of processing | Proof of registration |
| Legal basis for processing | Legitimate interest |
| Storage duration | up to 3 years after revocation/objection |
| Data | Time of registration |
| Purpose of processing | Proof of registration |
| Legal basis for processing | Legitimate interest |
| Storage duration | up to 3 years after revocation/objection |
| Data | IP address upon DOI |
| Purpose of processing | Proof of double opt-in |
| Legal basis for processing | Legitimate interest |
| Storage duration | up to 3 years after revocation/objection |
| Data | Time of DOI verification |
| Purpose of processing | Proof of double opt-in |
| Legal basis for processing | Legitimate interest |
| Storage duration | up to 3 years after revocation/objection |
| Data | e-mail address |
| Purpose of processing | Sending the newsletter |
| Legal basis for processing | Consent |
| Storage duration | until revocation/objection |
| Data | *Form of address |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent |
| Storage duration | until revocation/objection |
| Data | *First name |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent |
| Storage duration | until revocation/objection |
| Data | *Surname |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent |
| Storage duration | until revocation/objection |
| Data | *Telephone number |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent |
| Storage duration | until revocation/objection |
We would like to point out that when we send out the newsletter, we measure its success and evaluate your usage behaviour. To facilitate this evaluation, the emails sent contain UTM parameters or individual tracking pixels. These are stored on our servers and provide us with information about when and how you access them. We link the aforementioned data and the web beacons to your email address for the evaluations.
We collect basic information such as opening rates, when you read our newsletters and which links you click on. We use this information to determine your personal interests. We also use the data to analyse reach and optimise content in a targeted manner.
The legal basis for this data processing is your consent (Article 6 (1)(a) GDPR, which you provide by subscribing to our newsletter. You can revoke your consent at any time with effect for the future by clicking on the 'unsubscribe' button in our newsletter. Please note that in this case, the revocation covers the entire newsletter, as separate revocation of tracking is unfortunately not technically possible.
We use "Advertising Lead Forms" on Facebook and LinkedIn to offer potential purchasers the opportunity to contact us directly and voluntarily via a contact form displayed there. Alternatively, you can of course also use the contact forms on our website or by e-mail to contact us directly.
You can register for events using the Advertising lead forms. We then process the data in order to answer your questions and process your requests and to enable you to participate in our webinar offers as requested. This also constitutes our legitimate interest in processing as defined by point (f) of Article 6(1) GDPR.
Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
The provision of your personal data is neither legally nor contractually required.
Automated decision making including profiling by us does not take place.
Various recipients within and outside the EU/EEA receive the aforementioned personal data.
In detail, these are the following recipients:
Recipients within the RATIONAL Group (national subsidiaries) and partner companies
Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.
External service providers as part of contract processing pursuant to Article 28 GDPR:
We expressly state that LinkedIn and Facebook store the data (e.g. IP address, possibly personal interests, behaviour on the pages of the two providers, personal information stored in the networks, etc.) of users and use it for business purposes.
We have no control over the processing and further use of this data, as Facebook/ LinkedIn alone determine the processing. It is currently not possible for us to trace to what extent, where and for what duration the data are stored, to what extent the data are linked and analysed and to whom the data are transferred. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.
Further information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your setting options for protecting your privacy, can be found in LinkedIn's privacy policy.
We use the Google Ads lead forms to offer potential purchasers the opportunity to contact us directly and voluntarily via a contact form displayed there. Google Ads lead form extensions are a service of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Alternatively, you can of course also use the contact forms on our website or by e-mail to contact us directly.
You can register for our (cooking) events using Google Ads lead forms.
When you contact us via a Google Ads lead form, the data you provide (your e-mail address, your full name, your telephone number, your postcode and place of residence as well as your job title and the company name of your place of employment) will be processed by us solely to process your request to participate in one of our cooking events and to enable you to take part in this requested cooking event. This also constitutes our legitimate interest in processing as defined by Article 6(1)(f) GDPR. Processing of the data for further purposes is not intended.
Personal data that must be provided is marked as mandatory in the respective registration form; any additional information is voluntary.
If you register for one of our cooking events, your data that we have received in the course of our contact will be deleted after 24 months at the latest, provided that no further communication with you is required, requested by you or initiated by you by that time.
You can object to the described processing of your personal data communicated via Google lead form at any time with effect for the future. To do this, send us an e-mail at privacy@rational-online.com and express your wish to withdraw with future effect.
Various recipients within and outside the EU/EEA receive the aforementioned personal data.
In detail, these are the following recipients:
Recipients within the RATIONAL Group (national subsidiaries) and partner companies
Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.
In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply.
If data is processed outside the European Economic Area/EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses. You can find more information on how user data is handled in the order data processing conditions for Google advertising products: https://business.safety.google/intl/de/adsprocessorterms/
If you interact within the scope of Google services, Google in the USA will of course also have access to your data. We expressly state that Google stores the data (e.g. IP address, possibly personal interests, behaviour on Google pages, personal information on file with Google, etc.) of users and uses it for business purposes.
We have no control over the processing and further use of this data, as Google alone determines the processing. It is currently not possible for us to trace to what extent, where and for what duration the data are stored, to what extent the data are linked and analysed and to whom the data are transferred. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.
You can find Google’s privacy policy and terms of use HERE .
Information on the data processing conditions between data controllers for Google advertising products can be viewed HERE .
Further information on how Google’s data is handled can also be found at: https://business.safety.google/ .
You can find information on the lead form extensions here:
https://support.google.com/google-ads/answer/9423234?hl=de&ref_topic=9716366
The information on Google Ads, remarketing and conversion tracking also apply here.
With your consent, we use the conversion tracking option provided by the form extensions when using the Google Ads lead forms mentioned above. This allows us to target our advertising campaigns more accurately. This data allows us to optimise and target our advertising campaigns.
You give your consent by completing and submitting the lead form.
When you open a lead form and show interest in our events, you will be assigned a Google ID (called a Google Click ID) and the opening of the lead form will be recorded as a click. If you submit the lead form with the information to us, this will be recorded as a lead form conversion and your form submissions will be made available to us by Google as a registered lead in our Google account for a maximum of 30 days. In our Google Ads account, we also receive information from Google in the form of purely statistical, aggregated evaluations, such as how many users have become aware of our offers through which advertisement and advertising campaign, and are interested in attending a customer event. These evaluations give us an overview of the success of our advertising campaigns, enabling us to optimise and target them more precisely.
In order to capture offline conversions - i.e. processes and events in our customer engagement that start online but are completed offline - we use the option of offline conversion imports into our Google Ad Account. For this purpose, we store the lead data you provide with the Click ID. If offline conversions occur that can be attributed to our lead form advertising, such as actual event attendance and expressed purchase interest, we will associate this additional information with your data as offline conversions and load this information (event attendance, purchase interest and, if applicable, additional lead qualification information) along with the GCLID assigned to you in our Google account. This way we can also show offline conversions in the statistics provided to us by Google. For more information about our privacy practices when using Google Ads Lead Forms, please see
The legal basis for the collection and processing of data is your consent pursuant to Section 25 (1) sentence 1 TDDDG, Article 6 (1) (a) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies).
Various recipients within and outside the EU/EEA receive the aforementioned personal data:
Recipients may be national or partner companies within the RATIONAL Group. Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.
In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply. Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection with the service provider, we must comply with the standard data protection clauses adopted by the EU Commission pursuant to Article 46 GDPR, which allows the transfer of personal data to a third country in individual cases.
If you interact within the scope of Google services, Google will of course also have access to your data. The recipients of the data are Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA cannot be excluded. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. This safeguards data transfers to Google LLC based on the adequacy decision pursuant to Article 45 GDPR. We expressly state that Google stores user data (e.g. IP address, possibly personal interests, behaviour on Google pages, personal information on file with Google, etc.) and uses it for business purposes.
For more information about Google's privacy policy, please see https://policies.google.com/privacy
We use the Google Maps service. Google Maps is a mapping service provided by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the routing function, may be transmitted to the provider's servers. This information is usually transmitted to a Google server in the USA and stored there.
When visiting a website that contains maps from Google Maps, your browser normally establishes a direct connection with Google's servers even without using the map, whereby the map content is sent to your browser and integrated by it. The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to Google Maps. Due to the integration of Google Maps, no data is transferred without your consent.
The provider of this site has no control over this data transfer. As far as we know, this comprises the following data:
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website.
By activating this option in the tracking settings, you consent to Google setting cookies on your device, which may also be used to analyse your usage behaviour for market research and marketing purposes. The legal basis for the described data processing is therefore your consent, point (a) of Article 6(1) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.
You can find more information on how user data is handled in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/ .
We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is normally established and the content transmitted to your browser and displayed on the website. The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to YouTube. Due to the integration of YouTube, no data is transferred without your consent.
In this context, we also use the extended data protection option provided by YouTube to protect your personal data. According to YouTube, however, data is only transmitted to the YouTube server in "extended data protection mode" if you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
Further information on YouTube's privacy policy is provided by Google at the following link: https://policies.google.com/privacy
By activating this in the tracking settings, you agree that YouTube receives data through your use, which may also be used to analyse your usage behaviour for market research and marketing purposes. The legal basis for the described data processing is therefore your consent, point (a) of Article 6(1) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.
We use the service of Vimeo.com, Inc, 330 West 34 Street, 5th Floor, New York NY 10001, USA ("Vimeo") to display and play video content about product information (keynote presentation for a product launch).
These are loaded from Vimeo or transferred via Vimeo. In the process, data may be transferred from you to Vimeo. The purpose of integrating Vimeo videos is to make our website more interesting and attractive for users and to achieve a better presentation of content for the introduction and use of our products. In addition to text and images, Vimeo allows us to present information as video content directly on our website, rather than just providing a link.
When you visit our website that has video embedded via Vimeo, a connection to the Vimeo servers is typically made and data is sent to servers in the USA, which tells the Vimeo server which website you have visited.
We expressly draw your attention to the fact that Vimeo acts as its own data controller and collects personal data from you, including through the use of cookies.
We have no control over the processing and further use of this data, as Vimeo alone determines the processing. The extent to which, where and for what duration the data is stored, the extent to which the data is linked and analysed, and to whom the data is transferred, is only apparent to us from the information in their privacy policy .
The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to Vimeo. Due to the integration of Vimeo, no data will be transferred without your consent.
By opting in to Usercentics, you agree that whether or not you have a Vimeo account, information about you will be transmitted to Vimeo using cookies and similar technologies used by Vimeo when you watch a video. This may include, but is not limited to, your IP address, technical information about your browser type, operating system, pages visited, referrer URL, information provided by users on the site, search queries, geographical location, content viewed or very basic device information. If you are logged in to Vimeo at this time, the information about the videos you have viewed may be assigned to your Vimeo member account. You can prevent this by logging out of your member account before visiting platform.
RATIONAL receives the following video-related data from Vimeo as a controller: Calls, i.e. the number of live video calls, peak viewers, i.e. the highest number of concurrent viewers during the stream, and average dwell time, i.e. the average time a viewer stays with the live event, and dwell time.
Vimeo is based in the USA and therefore in an insecure third country where the level of data protection is lower than in the EU/EEA. Vimeo also uses data centres in the USA to provide the service. Your data may therefore also be processed on servers in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks to the lawfulness and security of data processing. In order to ensure an adequate level of data protection, Vimeo concludes the EU standard contractual clauses in accordance with Article 46 GDPR, which are provided by the EU Commission to ensure that your data is processed in accordance with the European data protection standard even if it is transferred to and stored in third countries such as the USA. Vimeo is also certified for the EU-US Privacy Framework (DPF), the UK extension of the EU-US DPF, and the Swiss-US DPF. This certification can be viewed here: DPF list
For RATIONAL, the legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR and Section 25(1) TTDSG.
You can revoke this consent at any time with future effect by accessing the tracking settings via the link at the bottom of each page (footer) and removing the tick behind the processing to which you had consented. If you do not consent or withdraw your consent, your use of the service will be restricted.
Further information on Vimeo's privacy and cookie policy is provided by Vimeo under the following links:
You have the option of contacting us via our e-mail address or the various contact forms. We will, of course, use the personal data transmitted to us in this way exclusively for the purpose for which you provide it when contacting us.
Where we ask for information in our contact forms that is not required for making contact with you, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request.
Of course, you can revoke this consent at any time for the future. For this purpose, please contact our data protection officer, whose contact details can be found at the top of this page.
| Data | Purpose of processing | Legal basis for processing | Storage duration |
|---|---|---|---|
| IP address upon registration | Transfer of form content to the web server | Consent/initiation /implementation of the contractual relationship | Until the end of the connection |
| Subject area | Improvement of enquiry processing | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| Message | Response to the matter | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| Form of address | Direct approach | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| First name | Direct approach | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| Surname | Direct approach | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| *Function | Improvement of enquiry processing | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| *Company | Improvement of enquiry processing | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| e-mail address | Response to the matter | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| Telephone number | Response to the matter | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| *Fax number | Response to the matter | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| (Company) address | Improvement of enquiry processing | Consent/initiation /implementation of the contractual relationship | Until purpose is achieved/end of obligation to provide evidence |
| Data | IP address upon registration |
| Purpose of processing | Transfer of form content to the web server |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until the end of the connection |
| Data | Subject area |
| Purpose of processing | Improvement of enquiry processing |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | Message |
| Purpose of processing | Response to the matter |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | Form of address |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | First name |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | Surname |
| Purpose of processing | Direct approach |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | *Function |
| Purpose of processing | Improvement of enquiry processing |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | *Company |
| Purpose of processing | Improvement of enquiry processing |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | e-mail address |
| Purpose of processing | Response to the matter |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | Telephone number |
| Purpose of processing | Response to the matter |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | *Fax number |
| Purpose of processing | Response to the matter |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
| Data | (Company) address |
| Purpose of processing | Improvement of enquiry processing |
| Legal basis for processing | Consent/initiation /implementation of the contractual relationship |
| Storage duration | Until purpose is achieved/end of obligation to provide evidence |
* optional information
If we advertise our events and you access our RATIONAL website via these advertisements and register for an event via a contact form, we will, with your consent, set a cookie (the sf_utms cookie) to record the advertising platform and the advertisement that drew you to us.
In the advertisements we place, we generally use techniques known as UTM parameter tracking, i.e. we provide each link to our website in an advertisement (i.e. the URL of an advertisement) with UTM parameters. UTM parameters are short code snippets added to the link. These UTM parameters are used to identify the origin of each click: If you click on an advert on a particular advertising platform and this takes you to our website, we can see which advertising platform you came from and which advertisement / advertisement campaign you clicked on through the added UTM parameters. This allows us to track which of our online advertisements are successful on which advertising platform.
When you click on an advertisement to visit our website, the sf_utms cookie is set with your consent and stores the following information: The website from which you linked to our website (collecting 'referrer' information, e.g. Google websites or social media channels); The advertisement or advertisement campaign that brought you to us (by collecting information from UTM/URL parameters or by matching click IDs). This information stored in the cookie is stored for a maximum of 60 days. If you register for one of our events using our contact form during this period, the information stored in the cookie will be transmitted to us, RATIONAL AG, and stored in our CRM system together with your other registration data.
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR, and Section 25(1) TDDDG (German Telecommunications Digital Services Data Protection Act). You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.
The data transmitted via the sf_utms cookie is deleted as soon as it is no longer required for the processing purposes and there are no statutory retention obligations to the contrary. The maximum storage period for a contact is three years after the processing purpose has expired.
The data collected may be forwarded to other companies, including the international Group companies of RATIONAL AG. Please note that in the context of this service, data may be transferred to a country that does not have the necessary data protection standards. The following link provides a list of countries to which the data is transferred:
You can obtain various whitepapers, articles and infographics from us on our website. Before downloading, you will be asked to enter your contact details (form of address, first and last name, e-mail address, post code, city, country, company). This data is stored by us and used to contact you by e-mail for advertising purposes. The personal data provided constitute the contractual consideration for the provision of the documents.
To verify your e-mail address, we use the double opt-in procedure. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you for confirmation. If you do not confirm this within 24 hours, your data will be automatically deleted from the database. Once you have registered, you will receive the materials you require.
Furthermore, we store your IP addresses and the times of registration and confirmation each time you register and confirm. The purpose of the procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfilment of accountability, we have a legitimate interest in accordance with point (f) of Article 6(1) GDPR in processing the data of the double opt-in procedure.
You may object to the commercial use of your personal data at any time with future effect. To do this, click on the unsubscribe link at the end of each newsletter e-mail or send us an e-mail to privacy@rational-online.com and express your wish with effect for the future
| Name of newsletter provider | Provider type | Data transfer to third country | Third country | Guarantees in accordance with Article 44 et seq. GDPR |
|---|---|---|---|---|
| salesforce.com, inc, Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA | Processor | Yes | USA | EU standard contractual clauses more: https://sfdc.co/cakvbB |
| Name of newsletter provider | salesforce.com, inc, Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA |
| Provider type | Processor |
| Data transfer to third country | Yes |
| Third country | USA |
| Guarantees in accordance with Article 44 et seq. GDPR | EU standard contractual clauses more: https://sfdc.co/cakvbB |
We use the Microsoft Teams service to hold video and audio conferences, webinars and exchanges using the messaging function, as well as to work together on documents in different file formats. Microsoft Teams is software produced by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
In this context, personal data of the participants is processed as part of the communication processes with us and is also stored on Microsoft's servers. These servers are located in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, the Netherlands) and Ireland (1, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland).
The data also depends on the scope of communication and the purpose of use. This may include, in particular, login and contact details, visual and audio contributions as well as chat entries, content of shared files and of shared screens. Processed data types are therefore inventory data (such as name, address), contact data (such as e-mail address, telephone number), content data (such as text entries, photo and video files), usage data (such as access times, interest in content), metadata (e.g. device information, IP address).
Microsoft processes usage and metadata for security purposes and to optimise its own service. You can find more information on this in Microsoft’s privacy policy .
If we ask for your consent to use certain functions, such as regarding a recording of the video conference, the legal basis for the processing is your consent (Article 6 (1)(a) GDPR). Otherwise, your data will be processed on the basis of our legitimate interests (Article 6 (1)(f) GDPR) to ensure efficient and secure communication with our communication partners. We have a legitimate (economic) interest in providing our employees, customers and partners with many different communication channels in order to promote user-friendliness and to make the exchange as simple and convenient as possible. On the other hand, data subjects have an interest in not being recorded by data processing and in refusing the processing of their personal data by certain techniques and service providers. Due to the fact that everyone is free to use other means of communication to make contact (e.g. email or phone), users are given the choice to opt out of having their data processed by Microsoft Teams. These alternatives are also common and reasonable, so that a situation of pressure or constraint cannot be assumed. Therefore, there are no apparent interests of the data subjects which outweigh our interests as data controllers in the processing. As a result, the use of Microsoft Teams as an additional means of contacting us is deemed necessary to safeguard our legitimate interests.
If you have given us your consent to the use of certain functions, you can also revoke this at any time by sending an e-mail to privacy@rational-online.com .
You can object to the processing of your data in the Microsoft Cloud in accordance with legal requirements.
The data will be deleted after the expiry of the following periods:
In addition, an order processing agreement has been concluded with Microsoft.
Further information on data processing can be found in Microsoft’s privacy policy . Insofar as Microsoft processes personal data in the USA, we refer to the EU SCC concluded with the Microsoft Group.
We use the 'Microsoft Clarity' tool from Microsoft Ireland Ltd. , One Microsoft Place, South County Business Park, Carmanhall Road, Leopardstown, Dublin D18 P521, Ireland. Microsoft Clarity is a screen recording tool that captures users' activities on our websites during a session and presents them to us in a traceable format. We record and evaluate website activities to improve user-friendliness and analyse errors.
In addition, your personal data will be processed for the following purposes:
The following data is collected in pseudonymised form: click data (e.g. internet presentations visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); location data (information on the geographical position of a device or person); movement data (e.g. mouse movements, scroll movements); and incorrect interactions with buttons (dead clicks). Data is used to create behavioural patterns, heatmaps and session recordings.
Click data is stored for up to 13 months.
The legal basis for the processing of your personal data for the stated purposes is your consent, pursuant to Article 6(1(a) GDPR and Section 25 (1) TDDDG. You can revoke your consent at any time with effect for the future via the consent tool.
The data is also transferred to Microsoft. We would like to point out that Microsoft considers itself to be the controller in this case. Microsoft may process your personal data further for its own purposes, such as improving its products and advertising. We do not know what data is being processed or for what purposes. We have no influence over this.
Further information on the data collected can be found at the following website: https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data.
Microsoft Corporation, based in the USA, also carries out data processing. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework, meaning that transfers of personal data to Microsoft are subject to an adequacy decision by the European Commission under Article 45 of the GDPR. In addition, Microsoft Ireland Ltd has entered into standard contractual clauses (SCCs) with Microsoft Corporation.. Further information on data processing at Microsoft can be found in the Microsoft Privacy Statement - Microsoft privacy.
The following types of personal data are processed as part of the entry and processing of reports in the internal reporting system:
The personal data will be processed for the purpose of investigating the reports. In addition, the data will be processed to prevent, detect and/or follow up on violations of applicable law or company policies (such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported violation, including through internal enquiries, investigations, prosecutions, measures to (re-)recover funds or close the case).
The personal data processed as part of a notification is processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, on behalf of and in accordance with instructions. Personal data will only be transferred to third parties if there is a legal basis for this. This is the case in particular if the transfer serves to fulfil legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a weighing of interests justifies this. In addition, external service providers, such as external data centres or telecommunications providers, process personal data on our behalf as processors. Depending on the area of responsibility of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.
Compliance-relevant information is stored for 3 years after completion in accordance with Section 11(5) Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG). Reports with no relevanec to compliance are stored for up to 1 year for reporting purposes.
We use the Euroland key figures tool, a service provided by Euroland.com, Sweden, as an iFrame on our website. RATIONAL AG uses Euroland for the presentation of animated financial information on its website for investors.
If you access a page in which the key figure tool is embedded, a connection to the Euroland servers is normally established and the content transmitted to your browser and displayed on the website. The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to Euroland. This means that no data will be transferred without your consent. Only a preview image is displayed.
The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR, and Section 25(1) TTDSG (German Telecommunications Telemedia Data Protection Act).
You can revoke this consent at any time with future effect by accessing the tracking settings via the link at the bottom of each page (footer) and removing the tick behind the processing to which you had consented. If you do not consent or withdraw your consent, your use of the service will be restricted.
Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.
More information about Euroland can be found at https://www.euroland.com/cookiepolicy/en-gb.html .
We use the ‘Friendly Captcha’ service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany, on our websites. Friendly Captcha is a globally available service headquartered in Germany.
As a service user, we conclude a data processing agreement with Friendly Captcha for the processing of end-user data by the processor Friendly Captcha. Friendly Captcha is used to check whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program (a so-called bot). To do this, Friendly Captcha analyses the behaviour of the website visitor based on various characteristics.
When an end user visits a website that contains the Friendly Captcha widget, the following log data is collected to evaluate the puzzle request:
The data processing that takes place in connection with the use of Friendly Captcha is carried out for the purpose of ensuring the security of our websites. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in fulfilling legal requirements to ensure the security of data processing (e.g. protection against spam and bots).
The data is stored in dedicated data centres (e.g. only in the EU). Friendly Captcha ensures that every data transfer is protected by appropriate safeguards, using standard data protection clauses adopted by the European Commission or binding corporate rules.
We store your personal data for the duration of the purposes stated above. If personal data is stored, this data will be deleted within 30 days. After that, we no longer store your personal data, unless we are obliged by law to store it for a longer period or if a longer storage period is necessary to assert, exercise or defend legal claims.
For more information about how Friendly Captcha handles your data, please visit the provider's websites and read its privacy policy, which can be accessed via the following links:
Your personal data will not be transferred to third parties for purposes other than those listed.
We will only share your personal information with third parties if:
In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply. Where data is transferred, it is possible that there is no adequacy decision by the EU Commission as defined in Article 45(1), (3) GDPR. This means that the EU Commission has not yet decided that this country ensures an adequate level of protection in accordance with the data protection standards of the European Union on the basis of the EU GDPR, and we have therefore made the above-mentioned appropriate guarantees. Possible risks that may not be completely excluded in connection with the transfer of data are in particular:
There is a possibility that your personal data could be processed outside the scope of the actual purpose.
In addition, there is the possibility that you may not be able to sustainably assert and enforce your data protection rights, such as your right of access, to rectification, erasure or data portability.
There could also be a higher probability that your data is not correctly processed and that the protection of your personal data does not fully meet the requirements of the EU GDPR in terms of quantity and quality.
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
Third-party content such as YouTube videos or map material from Google Maps is used within our online presence on the basis of point (f) of Article 6(1) GDPR. This always requires that the providers of this content (hereinafter referred to as "third-party providers") perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. As far as we are aware, we will inform the users of this.
Every data subject has a right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG (Federal Data Protection Act) apply.
You also have the right to lodge a complaint with the competent data protection supervisory authority about our processing of your personal data.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
Pursuant to Article 21(2) GDPR, you have the right to object to processing of personal data concerning you at any time. In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by this.
Insofar as we base the processing of your personal data on a balancing of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have described. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or explain to you our compelling reasons worthy of protection.
Our websites may contain links to websites of other providers. We would like to point out that this data privacy statement applies exclusively to the websites of RATIONAL AG. We have no influence on and do not check whether other providers comply with the applicable data protection regulations.
We reserve the right to change or adapt this data privacy statement at any time in compliance with the applicable data protection regulations.
Last revised: July 2022