Party responsible for data processing
The person responsible pursuant to Art. 4 (7) GDPR is:
RIB Software GmbH
Vaihinger Str. 151
70567 Stuttgart, Germany [RIB]
E-mail: [email protected]
You can reach our data protection officer at: [email protected]
Purpose and legal basis for the processing
Personal data is only collected if you provide it to us of your own accord, e.g. by entering a contract via our website or filling out the contact form. We use this data exclusively for the purpose for which you entered your data. It will only be used for other purposes after explicit notification or after obtaining your consent, Art. 6 para. 1 lit. a) GDPR. In certain cases, personal data is used on the basis of a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
Processing based on a legitimate interest according to Art. 6 para. 1 lit. f) GDPR
A processing of personal data on the basis of Art. 6 para. 1 lit. f) GDPR takes place in the following cases:
Collection of personal data when visiting our website
When you use the website for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The legitimate interest lies in the flawless presentation of its internet presence and the guarantee of the stability and security of our website.
Cookies are data that are stored on your computer by a website you visit and enable your browser to be recognised repeatedly. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognise preferences and to tailor content according to areas of interest.
There are different types of cookies: Session cookies are sets of data that are only temporarily held in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. Insofar as you have given us your consent, the legal basis is Art. 6 para. 1 lit. a) GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.
The full list of cookies in use on this website is available in the Usercentrics Consent Management here.
For the purpose of analysing and optimising our websites, we use various services, which are described below. For example, we can analyse how many users visit our site, which information is most in demand or how users find the offer. Among other things, we collect data on which website a data subject came to a website from (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected in this way does not serve to identify individual users personally.
You have the following rights in relation to personal data relating to you:
- General Rights
You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke this consent with effect for the future.
- Your Rights Regarding Processing based on Legitimate Interest
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) e GDPR (data processing in the public interest) or on the basis of Art. 6 (1) f GDPR (data processing for the protection of a legitimate interest); this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- Your Rights in Case of Direct Marketing
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) of the German Data Protection Act (GDPR); this also applies to profiling insofar as it is associated with such direct marketing.
In the event of your objection to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes
- Right to complain to a Supervisory Authority
You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.
Contact us by e-mail or contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address and name) is stored by us in order to answer your questions. Insofar as we request input via our contact form that is not required for contacting us, we have always marked this as optional. We use this information to specify your enquiry and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 lit. a) GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. Of course, you can revoke this consent at any time for the future.
We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations.
Processing of your data as a new and existing customer of RIB
If you place an order with us, whether via an order form, e-mail, telephone, live chat (only available in Middle East and Africa regions), or in person at one of our trade fair stands, we will add you to our customer file. The scope of the data corresponds to the mandatory data required for the specific enquiry, which are marked as such in the respective forms etc.
Our customer file is maintained in a uniform manner for the entire RIB Group, which means that your data can also be viewed by employees at all RIB locations. Your data is managed in systems from Salesforce, Microsoft Dynamics, Hubspot, VIS or RIB 4.0. RIB remains responsible for the processing of your data. Your data will be stored in our customer file until the need for processing, including legal retention periods, has expired. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR, if we process your data for the processing of an order, and Art. 6 para. 1 lit. f) GDPR for the further processing of your data as existing customer data. If we are obliged to legally store your data (e.g. due to HGB, tax law, etc.), the legal basis is Art. 6 para. 1 lit. c) GDPR.
Salesforce Marketing Cloud
Data that you provide to us via some of our websites (e.g. in forms for purchase, newsletter registration, contacting us, as well as the fact that you participate in a sweepstake) is currently stored on servers in the EU in the Salesforce Sales Cloud of salesforce.com, Salesforce Tower Dublin, 60 R801, North Dock, Dublin, Ireland, and used to send order confirmations and shipment notices. The parent company of salesforce.com Ireland is salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA.
We use the Salesforce Marketing Cloud to send our newsletters, for automated mailings (e.g. welcome mailings) and for advertising campaigns in social networks. For this purpose, the newsletter subscriber’s data is transferred from Sales Cloud to Marketing Cloud.
The Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. Further documents on Salesforce’s compliance with GDPR can also be found at https://compliance.salesforce.com/en/gdpr.
The collection and storage of data only takes place after explicit consent according to § 25 para. 1 TTDSG, Art 6 para. 1 p. 1 lit. a GDPR. This consent can be revoked at any time with effect for the future.
Further information on data processing by Salesforce can be found at: https://www.salesforce.com/eu/company/privacy/.
LeadLab (Wiredminds GmbH)
We use the LeadLab service from Wiredminds GmbH and its tracking pixel technology on our website to analyse user behaviour and optimise our site based on this. In particular, the service allows us to identify which companies have visited our site. In doing so, we do not receive any information that directly identifies you as an individual.
In connection with the use of LeadLab, cookies and tracking pixels are used to enable a statistical analysis of the use of this website by your visits. Information – including personal information – about your visitor behaviour is stored in the cookie and transmitted to Wiredminds or collected directly by Wiredminds. The information is processed by Wiredminds using a pseudonym in a usage profile for the purpose of analysis and anonymised as far as possible.
The data obtained in this way will not be used to identify you personally without your consent, nor will the data be merged with personal data about you as the bearer of the pseudonym.
Insofar as IP addresses are collected, these are anonymised immediately after collection by deleting the last number block.
Information on data protection at Wiredminds can be found on the company’s website.
Data processing is based on your consent in accordance with Art. 6 para 1 lit. a) GDPR. Wiredminds processes the data on our behalf on the basis of a commission processing agreement between us and Wiredminds. This ensures that the data processing on our behalf is carried out in accordance with the GDPR while guaranteeing the protection of the rights of the data subjects.
Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
We use the User ID feature . The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyse user behaviour across devices.
We use Google Signals . This captures additional information in Google Analytics about users who have enabled personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behaviour is recorded in the form of “events”. Events can be:
- Page views
- First visit to the website
- Start of session
- Your “click path”, interaction with the website
- scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- Ads seen / clicked on
It also collects:
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipients of the data are/could be
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted after 2 OR 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 S.1 lit. a) GDPR.
You can revoke your consent at any time with effect for the future by accessing the cookie settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by selecting the appropriate settings on your browser.
- Do not give your consent to the setting of the cookie or
- Download and install the browser add-on to disable Google Analytics HERE.
Google Web Fonts (Offline variant)
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. We have opted for the offline variant, in which the Google Fonts are stored locally on our web server. The fonts can then be managed – using CSS – as with any other font family. The IP address and other data are not transmitted to Google.
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers with regard to efficiency and cost-saving considerations. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
We use reCaptcha v2 on our website. reCaptcha is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
ReCaptcha serves to prevent abusive automated entries in web forms and thus to protect the technical systems of the hoster.
When you call up one of our websites in which reCaptcha is integrated, a connection to Google’s servers is established. A reCaptcha cookie is set. Your IP address is transmitted to Google.
In addition, reCaptcha collects the following data by means of “fingerprinting”:
- Browser plugins used
- Cookies set by Google in the last 6 months
- Number of mouse clicks and touches you have made on this screen
- CSS information for the page accessed
- Browser language
Where data is processed outside the European Economic Area / the EU, where there is no level of data protection equivalent to the European standard, Google states that it uses standard contractual clauses.
The collection and storage of data only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) GDPR. This consent can be revoked at any time with effect for the future.
YouTube (without DS mode)
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the data controller for your data.
To protect your personal data, we use a two-click solution . If you call up a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the “Confirm” button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your member account with YouTube. You can prevent this by logging out of your member account before visiting our website. Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses.
Further information on YouTube’s data protection is provided by Google at the following link: https://policies.google.com/privacy?hl=en-US
Usercentrics is a consent management platform that enables websites to protect the privacy of users and comply with the GDPR when it comes to cookies and tracking. “Usercentrics” is an offer of the provider Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, hereinafter referred to as “Usercentrics”.
- The user’s IP number
- The date and time of consent
- The user agent of the end user’s browser
- The provider’s URL
- An anonymous, random and encrypted key
The encrypted key and the cookie status are stored in a cookie on the user’s terminal device in order to establish the corresponding cookie status when the page is called up in the future. This cookie is automatically deleted after 12 months.
The legal basis for storing the data is Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR, as Usercentrics is used to fulfil requirements under the TTDSG. Alternatively : The legal basis for storing the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest for the use of Usercentrics lies in the fulfilment of the requirements of the TTDSG.
The user can prevent or terminate the installation of the cookie and its storage, and thus his or her cookie consent, at any time by changing the settings of his or her browser.
Further information on Usercentrics can be found at: https://usercentrics.com/privacy-policy/
If you choose Stripe as your payment method, personal data about you will also be transmitted to and stored by Stripe (Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). This concerns transaction data, which includes the payment method (i.e. credit card, debit card or bank account number), BIC, currency, amount and date of payment. In the case of a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Stripe may also collect your name, address, phone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to fully provide its services.
Customer support on Jira
Should you choose to submit a support request on Jira, you may only do so using your own Jira account. Jira is an offering of Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia and Atlassian’s terms and conditions apply to all interaction with Jira. Atlassian is responsible for the processing of your personal data on Jira.
Customer Support on Zendesk
Should you choose to submit a support request on Zendesk, you may only do so using your own Zendesk account. Zendesk is an offering of Zendesk, 989 Market St San Francisco, CA 94103, USA and Zendesk’s terms and conditions apply to all interaction with Zendesk. Zendesk is responsible for the processing of your personal data on Zendesk. For more details, see Zendesk’s privacy information https://www.zendesk.com/au/company/agreements-and-terms/privacy-notice/#.
Customer support on Salesforce Service Cloud
Should you choose to submit a support request via Salesforce Service Cloud, you will only be able to do so using your own Salesforce account. Salesforce Service Cloud is an offering of salesforce.com, Salesforce Tower Dublin, 60 R801, North Dock, Dublin, Ireland, and Salesforce’s terms and conditions apply to all interactions with Salesforce Service Cloud. The parent company of salesforce.com Ireland is salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA. Salesforce is responsible for the processing of your personal data in Salesforce Service Cloud.
Omnitracker Customer Portal
Through our Omnitracker customer portal, you can sign up for and unsubscribe from newsletters, submit support requests and obtain all software updates. You can register using your customer number at https://www.rib-software.com/rib-login.
Only your e-mail address and customer number are stored in the customer portal. If you provide further personal data in support requests, we will process this data exclusively for the purpose of the specific fulfilment of your request. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as the contractual service provision takes place via or with the help of the Omnitracker customer portal (e.g. with regard to contractually owed software updates). Insofar as you make further enquiries or e.g. subscribe to newsletters, the legal basis is your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR, which you can revoke at any time. As an existing customer registered in the system, we process your data according to our legitimate interest, Art. 6 para. 1 p.1 lit. f) GDPR.
The customer portal is provided by OMNINET Software-, System- und Projektmanagementtechnik GmbH, Dr.-Otto-Leich-Straße 3, 90542 Eckental, Germany.
Chatmarshal customer chat
In Middle Eastand Africa regions, you have the voluntary possibility to contact our support staff via live chat. The live chat is provided by Chatmarshal, a service of Chatmarshal, Bevan Road, Rivonia, Gauteng, South Africa. In order to conduct the live chat, data is transmitted to Chatmarshal, including but not limited to name, e-mail, contact number and location. The servers of the underlying chat system are located in Dallas, Texas, USA. The legal basis is your consent according to Art. 6 para. 1 lit. a) GDPR.
For our website, we use the services of CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107 USA.
Cloudflare provides a so-called Content Delivery Network (CDN). This is a network of globally distributed servers that is able to deliver optimised content to website users. This means that large media files in particular can be delivered via a network of locally distributed servers connected via the Internet. This serves the secure and efficient provision of our website and helps to improve performance and stability.
For this purpose, personal data may be processed in Cloudflare’s server log files. Cloudflare also collects statistical data about visits to this website. The data collected includes:
- Name of the website accessed
- Retrieved file
- Date and time of access
- Amount of data transferred
- Notification of successful retrieval
- Browser type and version
- The user’s operating system
- Referrer URL
- IP address
- Requesting provider
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest here lies in the smooth and secure operation of our website. You have the right to object to the processing in accordance with Art. 21 GDPR. Whether the objection is successful must be determined as part of a balancing of interests.
Insofar as data is processed outside the EU/EEA, Cloudflare Inc. is certified under the Data Privacy Framework (DPF) programme and is listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that Cloudflare has publicly committed to complying with the DPF obligations and any data transfer to the USA is harmless due to the current adequacy decision of the European Commission of 10 July 2023.
A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search. You can find more information on the Data Privacy Framework Programme on the official website of the ITA: https://www.dataprivacyframework.gov/s/.
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of its own services. Further information on data processing by Cloudflare, in particular on data protection and data security, can be found at: https://www.cloudflare.com/privacypolicy/.
We use the “GoToMeeting or GoToWebinar” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings). “GoToMeeting and GoToWebinar” is a service provided by GoTo Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogersons Quay, Dublin 2, Ireland. GoTo’s parent company is based in the USA, which means that some data might be transferred and processed outside of the EU.
When using GoToWebinar, the following data is processed by you: First name, surname, telephone (optional), email address, password, profile picture (optional), department (optional), meeting topic, meeting description (optional), participant IP addresses, device/hardware information
The following data may also be collected for recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
It may be possible to use the chat, question- or survey-functions in an online meeting. In this regard, the text entries made are processed in order to display them in the online meeting and, if necessary, to log them.
We use “GoToMeeting or GoToWebinar” to conduct online meetings. If we want to record, this will be announced in advance. Active recording is also displayed in the app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.
In the case of online seminars, we may also process the questions asked by online seminar participants for the purposes of recording and following up on webinars.
The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings themselves are part of the contract.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective organisation of “online meetings”.
“GoToMeeting and GoToWebinar” is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.
Further information on data protection and data security at GoTo can be found here: https://www.goto.com/company/legal/privacy
Microsoft Booking Calendar
To book appointments with our customer service or support teams, you have the option to use Microsoft Booking Calendar, a tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The usage of Booking Calendar is voluntary. If you don’t want to book an appointment via Booking Calendar, you can reach out to us via another method, e.g. a contact form or E-Mail.
If you chose to use Booking Calendar, we will process your name, e-mail, postal address and any notes in order to book the required appointment. Data will be stored on Microsoft servers in the EU and USA.
The processing is based on Art. 6 para. 1 lit. f) GDPR, in our legitimate interest to organize appointments to match our capacities. In addition, Microsoft processes usage and metadata that is used by Microsoft for security purposes and to optimize the service. As part of the use of the website, Microsoft may store cookies on users’ computers for the purposes of web analysis or to maintain user settings.