Data protection declaration
Data protection declaration The regulations contained in the EU General Data Protection Regulation (hereinafter GDPR) apply across Europe. We wish to inform you of the processing of personal data carried out by our company in accordance with this regulation (see Articles 13 and 14). Should you have any queries or comments concerning this data protection declaration, you can send these to the email address provided in Numbers 2 and 3 at any time.
Content overview:
I. Overview
- Area of applicability
- Responsible body
- Data protection officer
- Data security
II. Data processing broken down
- General information concerning data processing
- Accessing the website/application
- Application
- Tracking
- Social media plugins
III. Rights of affected persons
- Right of information
- Right of correction
- Right of deletion ("right to be forgotten")
- Right to have the processing restricted
- Right of data portability
- Right of revocation in case of consent being issued
- Right to complain
IV. Glossary
I. Overview
In this section of the data protection declaration, you can find information concerning the area of applicability, the responsible body for the data processing, its data protection officer and data security.
1. Area of applicability
The data processing by Ruhr-Petrol GmbH and its subsidiary companies can be essentially broken down into two categories:
- For the purpose of performing contracts, all necessary data in order to carry out a contract with Ruhr-Petrol GmbH will be processed. Should external service providers also be involved in the performance of the contract, your data will also be passed on to these to the necessary extent.
- When you access the website/application of Ruhr-Petrol GmbH, various information will be exchanged between your end device and our server. This can also include personal data. The information which is gathered in this way is used in order to optimise our website amongst other reasons.
This data protection declaration applies to the following services:
- Our online service, which can be accessed at www.ruhr-petrol.de
- Always when reference is made to this data protection declaration from one of our services (for example websites, subdomains, mobile applications, web services or integration into third party sites), regardless of how you access or use these.
The term "services" relates to all of these.
2. Responsible body
The responsible body for the processing, ie the location which takes decisions concerning the purpose and method of the processing of personal data, in connection with the services is:
Ruhr-Petrol GmbH
Huyssenallee 7
45128 Essen
E-Mail: message@ruhr-petrol.de
3. Data security
In order to develop the measures required by Article 32 GDPR and to achieve a level of protection which is reasonable in relation to the risk, we have implemented an information security standard at our company.
II. Data processing broken down
In this section of the data protection declaration, we will inform you in detail of the processing of personal data within the framework of our services. For better understanding, we will break this information down according to specified functions of our services. During normal use of the services, various functions and by extension various processing may follow each other or take place at the same time.
1. General information concerning data processing
Applies to all processing stated below, unless otherwise provided for:
a. No provision obligation
There is neither a contractual nor a legal obligation to provide the personal data. You are not obliged to provide data.
b. Consequences of failure to provide data
In case of necessary data (data which is identified as mandatory information), failure to provide the data will mean that the service concerned cannot be provided. Otherwise, failure to provide the data means that our services cannot be provided in the same form and to the same level of quality.
c. Consent
In various cases, you have the option of issuing us with your consent to further processing in connection with the processing set out below (if applicable for part of the data). In such a case, we will inform you separately in connection with the submission of the respective declaration of consent of all procedures and extension of the consent, and of the purposes we pursue in connection with this processing.
d. Forwarding on of personal data to third countries
Should we transfer data to third countries, ie countries outside of the European Union, the transfer takes place exclusively in compliance with the lawfulness requirements set by legislation. The lawfulness requirements are set out in Articles 44-49 GDPR.
e. Hosting by external service providers
In individual cases, our data processing takes place by using so-called hosting providers, which provide us with storage space and processing capacities in their computer centres and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU, or we have guaranteed a reasonable level of data protection with the assistance of the EU standard data protection clauses.
f. Transfer to state authorities
We transfer personal data to state authorities (including criminal prosecution authorities), should this be necessary to fulfil a legal obligation to which we are subject (legal basis: Article 6 Paragraph 1 Letter c) GDPR) or should this be necessary in order to assert, exercise or defend legal claims (legal basis: Article 6 Paragraph 1 Letter f) GDPR).
g. Duration of the saving
We only save your data for as long as we require it for the respective purposes of the processing. Should the data no longer be necessary in order to fulfil contractual or legal obligations, it is deleted regularly, unless temporary storage of it continues to be necessary. Reasons for this can be as follows:
- Fulfilment of retention obligations under commercial law and tax laws
- Gaining of evidence for legal disputes within the framework of the statutory limitation period regulations
It is also possible for us to continue to save your data if you have issued your express consent to this.
h. Categories of data
- Core personal data: Title, gender, first name, surname, date of birth
- Address data: Road, building number, any additional address data, postcode, town/city, country
- Contact data: Telephone number(s), fax number(s), email address(es)
- Access data: Date and time of the visit to our service; the site from which the accessing system came across our site; pages accessed during the use; data for session identification (Session ID); also the following information relating to the accessing computer system; Internet protocol (IP) address used, browser type and version, device type, operating system and similar technical information.
- Application data: CV, references, proof, work samples, certificates, photos
2. Accessing the website/application
Here, a description concerning how we process your personal data when accessing our services is provided. We particularly wish to point out that the transfer of access data to external content providers (see b below) is necessary due to the technical functions of information transfer over the Internet.
| a. Information concerning processing | ||||
| Data category | Purpose | Legal basis | Any legitimate interest | Duration of the saving |
| Access data | Connection establishment, display of the content of the service, discovery of attacks against our site due to unusual activities, error diagnosis | Article 6 Paragraph 1 Letter f) GDPR | proper function of the services, security of data and business processes, prevention of misuse, prevention of damage due to attacks against information systems | 7 days |
| b. Recipients of the personal data | |||
| Category of recipients | Affected data | Legal basis of the transfer | Any legitimate interest |
| External content providers which make content available (for example photos, videos, integrated postings from social networks, advertising banners, fonts, update information) which is necessary to display the service. | Access data | Order processing (Article 28 GDPR) | Proper functioning of the service (accelerated) display of the content |
| IT security service provider | Access data | Order processing (Article 28 GDPR) | Prevention of attacks by exploiting security loopholes/weaknesses |
3. Application
During an ongoing application process, we process your personal data in the following way:
| a. Information concerning processing | ||||
| Data category | Purpose | Legal basis | Any legitimate interest | Duration of the saving |
| Address and contact details | Identification, contact initiation, communication concerning contractual negotiations | Article 6 Paragraph 1 Letter b) GDPR | 6 months | |
| Core personal data | Identification, contact initiation, age check | Article 6 Paragraph 1 Letter b) GDPR | 6 months | |
| Application data | Applicant selection | Article 6 Paragraph 1 Letter b) GDPR | 6 months | |
4. Tracking
Below, we will describe how your personal data is processed with the assistance of tracking technologies in order to analyse and optimise our services, as well as for advertising purposes.
The description of the tracking process also includes information as to how you can prevent or object to the data processing. Please bear in mind that the so-called "opt out" ie the rejection of the processing, is generally saved via cookies. Should you use our services via a new end device or in a different browser or should you have deleted the cookies which were set by this browser, you need to declare the rejection again.
The tracking procedure described only processes personal data in the form of pseudonyms. No connection to a concrete, identifiable natural person, ie combination of the data with information concerning the holder of the pseudonym takes place.
a. Tracking in order to analyse and optimise our services and their use, as well as to measure the success of advertising campaigns and to optimise the display of adverts
(1) Purposes of the processing
The analysis of the user behaviour by means of tracking helps us check the effectiveness of our services, to optimise them and tailor them to the needs of the users, as well as to correct errors. Also, it serves the purpose of creating numerical values of the use of our services (breadth, use intensity, surfing behaviour of the users) in statistical terms, on the basis of unified standard procedures, and therefore allow values which are comparable across the market to be received.
The tracking in order to measure the success of advertising campaigns serves the purpose of optimising our adverts for the future and also to enable advertisers to optimise their adverts accordingly. The tracking in order to optimise the display of advertising has the purpose of displaying adverts to users which are tailored to their interests, which increases the success of the advertising and by means of this, the revenues generated from it.
(2) Legal basis of the processing
In case of services which enable the behaviour of affected persons on the Internet to be traced and when creating user profiles, informed consent under the GDPR is required.
(3) The tracking procedure used at a glance
| Description of the service | Functionality | Option of preventing the processing (opt out) | Data transfer to third country? | If applicable, reasonableness resolution (Article 45 GDPR) | If applicable, suitable guarantees (Article 46 GDPR) |
| PIWIK | Web analysis | No |
5. Social media plugins
This website may include additional programs (plugins) of social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and by means of which messages can be transferred to the corresponding networks with the assistance of the button, in order to evaluate, recommend or share contents. By means of this, we are pursuing the purpose and legitimate interest in raising awareness of our services. We configure our services in such a way that data transfers do not take place until you click on the button. In such a case, the legal basis for the data transfer is Article 6 I Letter f) GDPR. The respective provider is responsible for ensuring that the data which is transferred is processed in accordance with data protection laws.
| Description of the service | Provider | Data protection information of the provider |
| Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA | https://de-de.facebook.com/about/privacy/ | |
| https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other | ||
| Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA | https://twitter.com/de/privacy | |
| https://privacy.xing.com/de/datenschutzerklaerung |
III. Rights of affected persons
1. Right of information
You have the right to be informed whether personal data relating to you is processed by us, what personal data this is, as well as to receive other information in accordance with Article 15 GDPR.
2. Right of correction
You have the right to request the immediate correction by us of incorrect personal data relating to you (Article 16 GDPR). Taking the purposes of the processing into account, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.
3. Right of deletion ("right to be forgotten")
You have the right to request that the personal data relating to you be immediately deleted, should one of the reasons named in Article 17 Paragraph 1 GDPR be present and should the processing not be necessary for one of the purposes set out in Article 17 Paragraph 3 GDPR.
4. Right to have the processing restricted
You are entitled to request that the processing of your personal data be restricted, should one of the requirements set out in Article 18 Paragraph 1 Letters a) to d) be present.
5. Right of data portability
You have the right to receive the personal data relating to you which you have provided to us in a structured, up-to-date and machine readable format. You also have the right to transfer this data to another responsible body without hindrance by us or to have a direct transfer carried out by us, should this be technically possible. This should always be the case when the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data which is held solely in paper form.
6. Right of revocation in case of consent being issued
| Should the processing be based on your consent, you have the right to revoke the consent at any time. The lawfulness of the processing which took place prior to the revocation will not be affected by this. |
7. Right to complain
You have the right to complain to a supervisory authority.
IV. Glossary
Order processor: A natural or legal person, authority, institution or other body which processes personal data on behalf of the responsible body.
Browser: Computer program for displaying websites (for example Chrome, Firefox, Safari).
Cookies: In connection with the World Wide Web, a cookie is a small text file which is stored locally on the computer of the user when visiting a website. This file saves data concerning the behaviour of the user. Should the browser be opened and the relevant website be accessed again, the cookie is used and informs the web server of the surfing behaviour of the user with the assistance of the data which has been saved.
In this case, cookies are not biscuits, rather information which a website saves locally on the computer of the website visitor in a small text file. This can concern settings which have already been carried out by the user on a site, but can also include information which the website has collected independently from the user itself. Later, these text files which are stored locally can be read once again by the same web server which created them. Most browsers accept cookies automatically. You can administer cookies with the help of the browser functions (usually under "options" or "settings"). By means of these, the saving of cookies can be de-activated, made dependent on your consent or otherwise restricted. You can also delete cookies at any time.
Third countries Country which is not bound by the legal requirements of the GDPR (country outside of the EEA).
Personal data: All information which relates to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to a label, such as a name, number, location data, online profile or one or more special characteristics which express the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.
Pixel: Pixels are also called number pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. Should a document be opened, this small picture is then loaded by a server on the Internet, whereby the downloading is registered there. By means of this, the operator of the server can see if or when an email was opened or a website was visited. This function is usually carried out by accessing a small program (JavaScript). By means of this, certain types of information on your computer system can be recognised and passed on, such as the content of cookies, time and date of the site access, as well as a description of the site which contains the number pixel.
Profiling: Any type of automated processing of personal data which means that this personal data is used in order to evaluate certain personal aspects which relate to a natural person, in particular in order to analyse or forecast the work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
Services: Our services to which this data protection declaration applies (see area of applicability).
Tracking: The collection and evaluation of data in relation to the behaviour of visitors to our services.
Tracking technology: Tracking can take place both via activity protocols (logfiles) saved on our web servers and by means of data gathering from your end device via pixels, cookies and similar tracking technology.
Processing: Any process or succession of processes carried out in connection with personal data with or without the assistance of automated procedures, such as the gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.
Essen, May 2018