RAG_Stiftung_Logo_small

PRIVACY POLICY ACCORDING TO THE REQUIREMENTS OF THE GDPR

1. Scope of the processing of personal data

You can rely on the protection and security of your personal data: The protection of your privacy when processing personal data is an important concern for the RAG-Stiftung, and we take it into account in all our business dealings. Therefore, we would like to take this opportunity to explain to you our basic rules of handling your personal data—which, of course, is managed in compliance with the applicable European and national data protection regulations. We only collect and use personal data of our users insofar as this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users will only regularly occur provided the user has given consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6 (1) (b), GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) (c), GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing data.

3. Purpose of data processing

When you visit our websites, your browser transmits certain data to our web server due to technical requirements. We use this technical access information to continuously improve the attractiveness and usability of our internet pages and their contents and to identify possible technical problems of our Internet presence. In addition, in order to protect our legitimate interests, we store this data for a limited time in order to be able to be able to bring about a derivation of personal data in the event of unauthorized access or access attempts to local servers. The following pages will tell you what this information is in detail.

We use so-called “cookies” on our website. You will find further details of this in our Cookie guidelines under Item 5 below.

In addition to automatically collected data we also process the data that you have voluntarily provided us with in the context of e.g. newsletter registrations, making contact, or other online forms.

4. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the invoking computer. This data is recorded in the form of logs.

The following data is collected in the process:
IP address of the user
Date and time of access
HTTP method
HTTP version of websites from which the user’s system arrived at our website
Websites accessed by the user's system via our website
Browser agent
HTTP status code of the server response
Size of the response in bytes

Use of contact forms

There is a contact form on our website which can be used for making electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. Apart from the information you enter in the respective input mask, no other data is recorded.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation, i.e. the processing of the personal data from the input mask serves only for the purpose of establishing contact. In the event of making contact, this also constitutes the necessary legitimate interest in the processing of the data.

We will delete the data as soon as it is no longer necessary for achieving the purpose for which it was collected. For the personal data from the input mask of the contact form and that that was sent by e-mail this is the case when the respective conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the matters in question have finally been clarified.

Online presences on social media, external services and content on our website

We maintain online presences on social media platforms to communicate with interested persons and users who are active there and to be able to inform this target group about events and news. In this context, we integrate external services or content on our website via links. If you use such a service (by clicking on the link and opening the platform), or if third party content is displayed to you, communication data (e.g. IP addresses or general device information) will be exchanged between you and the respective provider for technical reasons.

In addition, the provider of the respective external services or content may collect personal data about you—e.g. via the corresponding cookies—and process them thereafter for further purposes of their own. We have configured the services or content of providers who are known to process data for their own purposes to the best of our knowledge and belief in such a way that either communication for purposes other than the presentation of the content or services on our website is omitted, or communication only takes place when you actively decide to use the external service. However, since we usually and/or to a large extent have no influence on the data collected by third parties and its processing by them, we cannot provide any binding information on the purpose and scope of processing your data.

Further information on the purpose and scope of the collection and processing of your data by the provider of the corresponding external services and information about the data protection provided by the providers of the external services or content integrated by us can be found under the following links:

Google Maps:
Data protection notice = policies.google.com/privacy
Cookie guidelines = policies.google.com/technologies/types

Facebook:
Data protection notice = www.facebook.com/business/gdpr

Facebook Fanpage

The RAG-Stiftung operates an online presence on Facebook, a so-called Facebook Fanpage. The following information on data processing additionally applies for visits to our Fanpage.
Joint responsibility, contact information, operational data protection officer:

According to Article 26 GDPR we are jointly responsible with Facebook for the operation of our Facebook Fanpage. Facebook has entered into an arrangement with us that determines who is responsible for fulfilling which obligations with respect to data protection. This agreement can be called up here. According to this agreement, Facebook is primarily responsible for providing the data subject with information concerning the joint processing and for enabling the data subject to exercise his data protection rights. Independently of this agreement, we hereby inform you concerning your visit to our Fanpage and thus provide you with the information required under data protection legislation.

You will find further information concerning data protection at Facebook in general here.

You can contact Facebook at:

Facebook Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2,
Irland

You can contact Facebook online here
You can reach Facebook’s data protection officer under https://www.facebook.com/help/contact/540977946302970.

You will find our contact information and the contact information of our data protection officer in our Privacy Policy under Item 9.

The collection and storage of personal data and the nature and purpose of its use:

a)     Data collected by Facebook:

If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under “What kinds of information do we collect?“ If you are not a Facebook user it is nonetheless possible under certain circumstances that Cookies—small text files—in this case with identifiers, are stored in your browser. Such cookies enable the tracking of your behaviour as a user.

As a rule, the user data for a visit to Facebook is also processed by Facebook for market research and advertising purposes. On the basis of the user behaviour (also when visiting our Fanpage), complex user profiles are created which Facebook can use in order to display personalized advertising to the visitor within and outside Facebook. You will find more detailed information on this also in the Facebook Data Policy.

If you do not agree to this you can opt out here.

b)     Data used by us (“Page Insights”) and legal basis:

Facebook provides us with statistics and user data on the basis of which we can analyse the use of our Fanpage (so-called “Page Insights”). This enables us to continually improve our presence on Facebook. We as operator have no influence over the processing of Insights data and all further information collected according to Article 13 GDPR such as e.g. the storage duration of cookies on users’ terminals. The primary responsibility according to the GDPR for the processing of Insights data lies with Facebook. In this regard, we draw attention to the agreement regarding joint responsibility according to Article 26 GDPR that Facebook has made with us and the duties that Facebook has taken on according to this agreement.

We as the page administrator have no other possibility, also taking into account user tracking, to evaluate user behaviour on our Fanpage. It is also fundamentally not possible for us to identify the visitors to our Fanpage on the basis of the Page Insights. In particular, under the agreement with Facebook we have no right to demand that Facebook disclose individual user data. A identification is only possible if we can assign “Like” button clicks for the page to individual profile photos; this, however, is only possible to the extent that our Fanpage has been marked with “Like” by the corresponding visitor and the “Like” is set to “public.”.

You will find which information Facebook uses to create the Page Insights here.

The operation of the Facebook Fanpage and the use of the Page Insights serve our legitimate interest in an effective representation and the communication with our interested parties. This interest justifies the operation of the page overriding both the legitimate interests of Facebook users and those of visitors to our Fanpage who do not have a Facebook account. The legal basis is Article 6 (1) (f) GDPR.

External service providers for online presences in social media

The RAG-Stiftung has commissioned external service providers with the maintenance of its social media. Contracts for contract data processing that provide for the protection of your data have been concluded with these service providers.

Use of Matomo

We use the web analysis tool Matomo (previously Piwik) in order to be able to analyse and improve the use of our website. Matomo is an open source project that emphasizes data protection and conformance with the GDPR (https://matomo.org/gdpr/). You can find the privacy policy of Matomo here: https://matomo.org/privacy-policy/. Matomo is operated on a dedicated server of the RAG-Stiftung in Germany (Oberhausen). Matomo has no access to this server. There is no transfer of data from the RAG-Stiftung to Matomo.

The statistics acquired through the operation of Matomo enable us to improve our web presence and to develop it so that it is more interesting for you as a user. For the purpose of this evaluation, cookies are stored on your computer—exclusively with your consent (opt-in)—(for further details of this see our Cookie guidelines under Item 5 of this privacy policy). You will find details of the cookies set by Matomo here: https://matomo.org/faq/general/faq_146/. Our website uses Matomo in the configuration where IP-addresses are only processed in abbreviated form (masking of 2 octets). A direct reference to a specific person can thus be excluded.

The following data is stored when individual pages of our website are invoked:

Two bytes of the IP address of the calling user system (anonymized IP address)
The current website accessed
The website previously accessed by the user prior to landing on the current website (referrer)
The sub-pages accessed from current website
The time spent on the website
The frequency of website visits

The statistical data is automatically deleted without occasion within 30 days (with a daily deletion interval).

The processing of the named user data enables us to analyse the surfing behaviour of our users. By means of the evaluation of the collected data, we are able to collate information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. The interest of the users in the protection of their personal information are sufficiently taken into account due to the anonymization of the IP address. The legal basis of the use of Matomo is Article 6 (1) (f) GDPR.

5. Cookie guidelines

We use cookies—exclusively with your consent (opt-in)—on our website. Cookies are small files that are automatically generated by your browser and stored on your terminal (laptop, tablet, smartphone etc.) when you visit our site and consent to the cookies according to our cookie banner. Cookies store information arising from the connection with the specific terminal being used. However, this does not mean that we obtain knowledge of your identity. Cookies are used, on the one hand, to improve your experience of our website as a user. For example, we use session cookies in this way in order to recognize that you have already visited individual pages of our website. On the other hand, we use cookies in order to statistically record and evaluate usage statistics for our website in order to optimize our website for you. And finally, we set cookies for the Investor Relations page of our website for legal reasons.

With your consent, we use session cookies (which are a form of technical cookie) in this way in order to recognize that you have already visited individual pages of our website.

The following data is collected in the process:
Language settings
Login information
First visit or recurring use
Previous website
Session ID of the user

In addition, we also use—subject to your consent—a further technical cookiee that represents your selection regarding the use of cookies. This cookie (“cookieConfig”) prevents the repeated display of the cookie banner on every individual page of our website and adjusts the cookie banner of our website in such a way that the cookie settings that you have made are displayed.

The technical cookies are automatically deleted when the local browser is closed or a certain time (24h) has elapsed without the user carrying out an action on the website.

Furthermore, we also use cookies—subject to your consent—for the statistical evaluation of your visit to our website by the Internet service Matomo (for the details of Matomo see Item 4 above). Matomo sets various tracking cookies on the terminal of the user. These are used to support the analysis of user behaviour on our website. You will find details of the cookies used here. Insofar as the cookies have not already been deleted after the end of the session (as for the cookie _pk_ses), they will be deleted after seven days.

And finally we set an Investor Relations cookie with your consent when you visit the sub-page Investor Relations on our website. For legal reasons (in particular reasons concerned with liability) the content of our Investor Relations sub-page should not be available to visitors with their primary residence outside Germany (in particular, in the USA). This is ensured by the Investor Relations cookie, which only enables the page access after you have input your postcode and an appropriate location. This cookie is deleted after the end of the session.

The data processed using cookies is necessary for the stated purposes in accordance with our legitimate interests pursuant to Article 6 (1) (f) GDPR.

6. Data deletion and storage time

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may still be necessary for a longer period if this has been required by the European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. We automatically delete data stored for technical reasons after 90 days.

7. Possibility of objection and erasure

The user has the possibility to revoke his consent regarding the processing of personal data at any time (see also rights of the data subjects). If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The collection of the data for the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

8. Rights of data subjects

a. Description and scope of the data processing

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

the right to information about your personal data stored by us; the right to rectification, erasure, or restriction of processing of your personal data;
the right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can prove compelling legitimate grounds for processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims;
the right to data portability;
the right to lodge a complaint with a supervisory authority;
the right to withdraw your consent to the collection, processing and use of your personal data at any time with effect for the future. You will find more detailed information on this in the respective sections above, where data processing on the basis of your consent is described.

If you wish to exercise your rights, you may either address your request to the data protection officer listed below, fill in our contact form on the website or mail to info(at)rag-stiftung.de.

9. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

RAG-Stiftung
Im Welterbe 10
45141 Essen
Deutschland
Phone: +49 (201) 378-3333
E-mail: info(at)rag-stiftung.de
Website: www.rag-stiftung.de

Name and address of the data protection officer

The data protection officer of the data controller is:
Data protection officer
Im Welterbe 10
45141 Essen
Deutschland
E-Mail: datenschutz(at)rag.de

7. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

the right to information about your personal data stored by us;
the right of rectification, erasure or restriction of processing of your personal data;
the right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can prove compelling legitimate grounds for processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims;
the right to data portability;
the right to lodge a complaint with a supervisory authority;
the right to withdraw your consent to the collection, processing and use of your personal data at any time with effect for the future. You will find more detailed information on this in the respective sections above, where data processing on the basis of your consent is described.

If you wish to exercise your rights, you may either address your request to the data protection officer listed below, fill in our contact form on the website or mail to info(at)rag-stiftung.de</a.</p>