Data Privacy Protection

Part I

REHAU Automotive appreciates your interest in our company and our products. We want you to feel comfortable when contacting REHAU Automotive. For this reason, the security of your personal data, such as name, address, telephone number or e-mail address, which is collected when you contact REHAU Automotive, is very important to us.

This data protection information is aimed at all persons with whom REHAU Automotive interacts, including customers, suppliers, service providers, other business partners, interested parties, visitors to our websites, users of our apps/applications, other users of our products or services and visitors to our locations (collectively referred to as ‘you’ or ‘you’). It contains the information pursuant to Art. 13 and 14 GDPR.

Further information on the data protection of the social media company presences used by REHAU Automotive can be found at Part II - Data protection information for REHAU corporate presence on social media.

1. Terms

The processing of personal data takes place within the framework of the statutory provisions.

The term "personal data" refers to any information relating to an identified or identifiable natural person. "Processing" includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Other data protection terms are used in accordance with the definitions in Art. 4 GDPR.

2. Name and address of the responsible bodies

REHAU Automotive SE & Co. KG
Rhenium House
Helmut-Wagner-Str. 1
95111 Rehau

3. General processing purposes and legal bases

REHAU Automotive collects and processes your personal data in the following cases in particular:

  • If you contact us directly, e.g. via our website, via REHAU Automotive customer service or if you visit us at our locations, participate in our events and you are interested in our products or services, for example, or have any other concerns.
  • If you or your employer purchase products or services directly from us.
  • If you or your employer request information about our products and services (e.g. transmission of brochures).
  • If you purchase or use REHAU Automotive products.
  • If you or your employer offer or sell products or services to us.

Please help us to keep your details up to date by informing us of any changes to your personal data, in particular your contact details.

Insofar as REHAU Automotive processes personal data, this relates in particular to your name and your business contact data such as company, function, telephone number or e-mail address as well as contract and transaction data. Other categories of data may be collected for specific purposes, which are described in detail below.

In addition to collecting your data via our contact forms on our website, we also collect the data directly from you or via generally accessible sources (e.g. commercial register, authorities, Internet), insofar as this is necessary for the purpose.

4. Individual processing purposes and legal bases

In the following, we will inform you about the purposes for which REHAU Automotive processes which personal data. In the case of non-repetitive circumstances, REHAU Automotive will generally draw your attention to this information again separately in the specific processing situation and, if necessary, provide additional information.

4.1 Processing of data for the preparation, conclusion and performance of contracts

4.1.1 General

As a manufacturing company, REHAU Automotive processes personal data as part of the acquisition (see also 4.11.) and sales processes as well as for the execution of contracts. For this purpose, data is processed in particular for appropriate communication and salutation, contract initiation, offer processing, customer advice, procurement, production and delivery of goods, contract management and complaint processing.

The following data categories in particular are processed as part of these activities:

  • Contact data/personal master data (title, surname, first name, address, e-mail address, etc.)
  • Logistics data such as delivery address
  • Contract data, payment data

In doing so, it may be necessary for us to pass on the data to third parties who are involved in the supply chain or are otherwise required for the fulfilment of the contract in order to prepare an offer and process the contract.

REHAU Automotive has a Track & Trace platform with which information about the transport of consignments is available at all times. In this context, we also use your e-mail address to share this information with you. At the moment the goods are dispatched, we will send you an automatic e-mail with the shipping documents and a link to the shipment tracking in the Track & Trace platform. The legal basis for this use is the legitimate interest within the meaning of Art. 6 I f GDPR to enable you to track your shipment.

For the purpose of credit checks of our business partners, we process data that we receive from credit agencies (e.g. from Schufa) under the legal requirements. In addition, REHAU Automotive reserves the right to report payment experiences with customers to a payment experience pool of a scoring company (Creditreform, Bisnode) in order to further minimise the risk of default. Payment experiences with natural persons are excluded from this.

In order to optimise financial transactions, REHAU Automotive reserves the right to assign receivables from its business customers to a refinancing company as part of receivables financing. Only company-related data (name of the debtor, reason, amount, due date of the receivable) will be passed on for the purpose of receivables financing. If necessary for the verification of the claim, the refinancing company will pass on the aforementioned company data to third parties for the purpose of a credit check.

The legal basis for receivables financing/factoring, insofar as personal data is affected in exceptional individual cases, is Art. 6 I f GDPR.

Insofar as data is collected directly for the processing of an enquiry or the execution of a contract, REHAU Automotive will inform you in each case which data is absolutely necessary. If the contractual partner is not you, but your employer or another third party contractually connected to you or your employer, the data is processed on the basis of Art. 6 I f GDPR. The data is processed insofar as the data is required to fulfil the contract or to fulfil other legal obligations and duties, e.g. obligations under product liability law (e.g. notification, information and warning obligations).

Insofar as the processing is carried out on the basis of Art. 6 I f GDPR, you can object to this at any time for reasons arising from your particular situation.

4.1.2 Communication

Microsoft Teams

REHAU Automotive uses Microsoft Teams to effectively communicate and share information with you. In some cases, it may be necessary to record or transcribe meetings to make important content and discussions available for future reference or for people who were not present. We would like to explain how we handle your personal data in connection with the recording of meetings.

Before each recording, the meeting leader will inform you of the start of the recording. In the event that you do not wish to be recorded, you have the option of deactivating your camera.

The chair of the meeting will decide whether a recording is necessary, taking into account the interests of the persons concerned. A recording or transcript may be necessary for the following reasons:

  • Documentation and tracking of meeting content - Evidence function
  • Knowledge sharing and training purposes
  • Provision of the recording for participants who were not present
  • Archiving information for future reference

The legal basis for the processing of your data is Art. 6 I f GDPR. Our legitimate interest lies in the effective organisation of meetings and the documentation of meeting content. You can object to the recording at any time for reasons arising from your particular situation. Please inform the chair of the meeting.

If you have activated the video camera of your system and the recording also extends to this video content, this recording is based on your consent in accordance with Art. 6 I a GDPR. By switching on your camera after the recording has started or by not deactivating the switched-on camera, you consent to the recording of the video content.

You can revoke this consent at any time without giving reasons by deactivating the camera function on your end device.

The following personal data may be collected when recording meetings via Microsoft Teams:

  • Personal master data such as name, display name, profile picture and e-mail address of the participants
  • Data on company affiliation and position in the company
  • Audio and video data of the participants; the audio files are automatically transcribed
  • Chat messages, preferred language and files shared during the meeting
  • Screen sharing and presented content
  • Meeting metadata, e.g. date, time, meeting ID, phone numbers, location

We only store your personal data for as long as is necessary for the purposes for which it was collected or as long as storage is required by law or official regulations. We delete or block your data as soon as it is no longer required. Furthermore, we delete or block your data immediately if you withdraw your consent or if you have a justified objection to the processing.

Please note that the recording is generally made available to every meeting participant. If the purpose of the recording is to inform third parties or other persons about the content of the meeting, they will also receive the data. The respective recipient of the data is responsible for the further processing of the data, including deletion. If the purpose of the recording requires it, the data may also be transferred to REHAU Automotive companies outside the European Economic Area. This is done either on the basis of an adequacy decision by the Commission or on the basis of standard contractual clauses that contain appropriate guarantees for the data subject.

Answering machine function

When the answering machine is used by employees of the REHAU Automotive Group, the message is automatically transcribed. The spoken text is sent as a file by e-mail to the subscriber and printed there in the original language and in English translation. This e-mail is subject to the retention period specified for e-mails.

WhatsApp Business

We offer you the opportunity to contact REHAU Automotive via WhatsApp if you have any questions. By contacting us via WhatsApp, you agree that we may receive your telephone number and access to your WhatsApp profile (incl. profile picture). Data processing for the purpose of contacting us is carried out in accordance with Art. 6 I a GDPR on the basis of your voluntarily given consent.

The personal data collected by us through the use of WhatsApp will be automatically deleted after your enquiry has been dealt with. We usually assume that your enquiry has been dealt with 90 days after the final response from us, as no further enquiries are to be expected after this period. You can also revoke your consent at any time by sending a message to your WhatsApp contact at REHAU Automotive.

If your enquiry is related to the preparation of a contract, the legal basis is Art. 6 I b GDPR. In this case, we store your data for the duration of the statutory retention periods. In addition, the data protection provisions of WhatsApp Inc. apply when using WhatsApp: https://www.whatsapp.com/legal

4.2. Use of customer portal

REHAU offers its customers the use of a customer portal to simplify the processing of orders for access to certain product configurators and other services. With the registration you will be informed which data is necessary for the use of the customer portal. Purpose and legal basis are described in section 4.1. Furthermore optional data will be used to contact the customer (according to section 4.10).

When using the customer portal, the individual transactions are stored and archived in accordance with the legal storage regulations based on Art. 6 I c GDPR.

You can terminate the use of the customer portal and the storage of your personal data in the customer portal at any time as long as they are not necessary for the fulfillment of a contract. Please contact the sales office responsible for you (link: “contact us” in the customer portal). The storage of the transactions remains unaffected.

4.2 Use of supplier portal

REHAU Automotive maintains a supplier portal. When registering as a supplier, you will be informed about the type and scope of the data required for registration. The data is used for all business processes in connection with the procurement of goods and services, including measures for quality assurance, management of supplier relationships, processing of contracts, risk management, use of information and communication systems, optimisation of internal processes and administration of the supplier portal. For these purposes, it may also be necessary for us to pass on your personal data to other companies in the REHAU Automotive Group and for these Group companies to contact you.

4.3. Application procedure (Art. 6 I b GDPR)

There are additional data protection notices for the application process, which are communicated separately as part of the application. The following information also applies to all applications.

4.4 Participation in events and on-site visits (Art. 6 I f GDPR)

We look forward to getting to know you personally during a visit on site or at one of our events. We process your personal data in order to organise and carry out events and to provide you with information material. At events, we may forward the data to the speakers and participants. This is important to ensure that the event runs smoothly. We also use the data collected to analyse and follow up on our events. As a rule, you will receive further data protection information when you register for an event.

Of course, you can object to the use on the basis of Art. 6 I f GDPR at any time for reasons arising from your particular situation.

4.5 Utilisation of services (consulting)

In addition to our products and system solutions, REHAU Automotive offers a comprehensive range of services. These include advice and services that we offer you by telephone, e-mail, contact form and, under certain circumstances, on site. With this service we would like to support you in the selection, use and application of REHAU Automotive systems.

As part of this service, the necessary data that you transmit to us in connection with the service enquiry, such as contact data / personal master data (surname, first name, address, e-mail address, etc.) may be stored together with the products concerned and the problem. This is to ensure that we can provide you with targeted advice in the event of any subsequent queries based on your previous service history.

Insofar as the data is only processed on the basis of Art. 6 I f GDPR, you have the right to object to the storage for reasons that are personal to you.

4.6. Access to the company premises to deliver goods or perform a service or work

In this case, in addition to your data that is directly necessary to carry out a contractual relationship, such as last name, first name, company, billing data, vehicle identification data, we also record the duration of your stay at REHAU Automotive on the basis of Art. 6 I f GDPR. The aim is to have knowledge of the people who are in the building or on the premises in the event of an emergency and a necessary evacuation. If you are staying for business purposes, the duration of your stay can also be used to review and optimize internal processes and to check the validity of service information (e.g. invoices).

Video surveillance only takes place openly at our locations. Appropriate signs will inform you of this. This video surveillance serves to secure our production and our data processing systems. This ensures even greater protection of personal data.

Cameras are also used to monitor logistical processes at various locations when goods are delivered.

On the basis of legal requirements or Art. 6 I f GDPR to prove the fulfillment of traffic safety obligations, the safety instructions that the visitor receives are also documented.

Of course, you can object to the use based on Art. 6 I f GDPR at any time for reasons arising from your particular situation.

4.7. Corporate communication and external presentation (Art. 6 I f GDPR)

In the context of participation in events, visits to our trade fair presence and other events, images and video recordings are made of these events for the purpose of documenting the event, for press and public relations work and for corporate communications. Personal (image) data is also processed in the process.

The image material is published both electronically in social media such as Facebook and in print media. The legal basis for this processing is Art. 6 I f GDPR for corporate communication and, where applicable, Section 23 KunstUrhG.

As far as factually possible and legally reasonable, reference will be made once again to the image recordings at the individual event. If the images are processed on the basis of Art. 6 I f GDPR, you can object to this use at any time for reasons arising from your particular situation. You can exercise this right by informing the photographer of these reasons in advance, who will take this into account accordingly in his work. We will be happy to provide you with details on an event-related basis.

4.8. ompliance, law enforcement and prevention of criminal offences (Art. 6 I f GDPR)

To the extent required by law, REHAU Automotive uses personal data to assert legal claims and for defence in legal disputes. As part of the company's compliance requirements, the data may also be used to prevent, investigate or prevent criminal offences.

In addition to the data categories mentioned above, creditworthiness data, visit data, account data as well as correspondence, purchasing and sales data are also used for this purpose, insofar as they are necessary for the purpose. REHAU Automotive also uses an internal whistleblower system for named and anonymous reports of compliance violations. This data is deleted or completely anonymised in accordance with the applicable legislation or immediately after the respective case is closed.

As a rule, systems for building and plant security and for securing our data processing systems, such as access controls or video surveillance, are also used for security purposes. The aforementioned checks are only carried out openly at our locations. You can find out more about this in detail on site.

We continue to process your personal data in connection with the usual reviews of business partners as part of compliance requirements. If we have not requested your personal data directly from you, we have collected it from publicly accessible sources and databases as part of the due diligence process. The data collected from these sources is processed exclusively for this purpose and deleted as soon as it is no longer required for this purpose. The processing is based on Art. 6 I c GDPR, insofar as the due diligence is based on legal requirements, or on Art. 6 I f GDPR, the company's legitimate interest in evaluating its business partners to reduce risks. If the processing is based on Art. 6 I f GDPR, you can object to this on grounds relating to your person.

4.9. Advertising communication and market research

Insofar as legally permissible on the basis of Art. 6 I f GDPR or if you give us your consent (Art. 6 I a GDPR), we process your data for advertising communication, customer satisfaction surveys, advertising campaigns, the organisation of competitions and for other market and competition analyses. This enables us to further improve our range of products and services and act in a more targeted manner.

As part of these activities, the necessary data such as contact data / personal master data (surname, first name, company, address, telephone number, IP address, email address, etc.) may be processed. Other data (1) that you provide to us for this purpose, such as interests, personal preferences, professional situation or (2) that we collect by analysing, individually measuring, storing and evaluating opening rates and click rates in recipient profiles for the purpose of designing future newsletters or other communication, will only be processed if you have given your consent.

In the case of an existing customer relationship or if you have consented to this, you will generally receive the aforementioned information by electronic mail. Otherwise, in the case of business partners who are not consumers, the information is provided by telephone or in analogue form.

As part of our legitimate interest, we analyse the data available to us (e.g. on business transactions, contracts, enquiries and other relevant business behaviour) for the further development of our products, services and business processes as well as for market research.

For all the purposes mentioned, it may be necessary for us to pass on your personal data to third parties who support us in the pursuit of our objectives as part of order processing. Data may also be passed on to other companies in the REHAU Automotive Group in order to better fulfil your wishes or to continuously improve our products and services.

Of course, we will respect your wishes if you do not wish to provide us with your personal data to support our customer relationship - in particular for direct marketing or market research. You can therefore object to the use of your data for direct marketing purposes at any time in accordance with Art. 21 II GDPR or revoke your consent at any time in accordance with Art. 7 III GDPR with effect for the future. You can send your revocation of consent or objection to processing to any of the contact options listed in the legal notice. You can also unsubscribe from newsletters at any time using the unsubscribe link at the end of the respective email.

4.10. Surveys

We use the ‘Microsoft Forms’ tool for external surveys and enquiries, e.g. evaluation of campaigns carried out, registration for company events, etc. Microsoft Forms is a service provided by Microsoft Ireland Operations Limited. The data of users from the European Union are processed within the European Economic Area (EEA).

Nevertheless, it may be necessary to process data at the headquarters of Microsoft Inc. in the USA in order to provide the service and for support purposes. We have agreed the EU standard contractual clauses with Microsoft for any necessary data transfer to third countries (see section 6). Microsoft has taken technical and organisational measures to ensure appropriate data protection. In particular, data is only transmitted in encrypted form via Forms. In addition, Microsoft has contractually undertaken to defend itself against requests for disclosure from US authorities in court as far as possible. Microsoft is basically a processor. Further information on data protection at Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement.

Various types of data are processed when using Microsoft Forms. The scope of the data depends on the questions asked and any upload of additional services. In principle, this involves the following personal data:

  • Surname, first name
  • E-mail address
  • Preferred language
  • Status (optional, if stored in Microsoft 365)
  • Date and time the questionnaire was opened
  • Date and time the response was sent

If you take part in an anonymous survey, your response will not contain any contact information and cannot be traced back to you. The data from surveys/forms/questionnaires (questions and answers) are stored in the Microsoft Cloud and retrieved from there by the project team. In principle, all personal data will be deleted within one year after the purpose has ceased to apply.

Participation in our surveys is voluntary. Insofar as consent is given by participating in the survey, the legal basis is then Art. 6 I a GDPR. Consent given can be revoked at any time with effect for the future. Revoking or withdrawing consent does not result in any disadvantages.

Personal data that is processed in connection with participation in Microsoft Forms surveys and forms will not be passed on to third parties unless the data is intended to be passed on or is necessary to fulfil the purpose. Data may be passed on to external service providers who are used for the fulfilment of the purpose.

4.11. Fulfilment of legal obligations (Art. 6 I c GDPR)

REHAU Automotive is subject to a large number of legal obligations regarding the processing and storage of personal data. These relate, for example, to commercial and tax retention regulations in accordance with the German Commercial Code and the German Fiscal Code.

In order to fulfil these obligations, we process your data to the extent necessary and, if necessary, pass it on to the responsible authorities within the framework of legal reporting obligations.

4.12. Further processing purposes

Data processing also takes place within the context of quality management to determine and improve customer satisfaction, to further develop products and services, to carry out research and development and to improve IT security and IT operations. The last point also includes processing to identify and prevent unauthorized access to personal data.

Legal basis for the processing of these data is art. 6 I f GDPR. Insofar as no consent is given, no conclusions can be drawn about individual natural people.

In individual cases this processing can be objected on grounds relating to your particular situation.

4.13. Transfer of data to third parties

For the aforementioned purposes, the data may be passed on to third parties who support the controller in the pursuit of the aforementioned purposes. The transfer takes place either within the framework of order processing within the meaning of Art. 28 GDPR, joint responsibility pursuant to Art. 26 GDPR or as data transfer within the framework of the commissioning of professional services.

For data transfer to recipients in third countries (see section 6 below).

5. Duration of storage

We only store your personal data for as long as is necessary for the purposes for which it was collected or as long as storage is required by law or official regulations. We delete or block your data as soon as it is no longer required.

Furthermore, we delete or block your data immediately if you withdraw your consent or if you have a justified objection to the processing.

6. Planned data transfer to third countries

We may transfer your personal data to other REHAU Automotive companies for the purposes set out in this Privacy Policy. The other companies may use your personal data in their own interest for the same purposes as we do. In particular, they may process your personal data for the purposes mentioned in their own interest. Within the REHAU Automotive Group, employees will only have access to your personal data to the extent necessary for the fulfilment of their activities.

Data is transferred to branches outside the European Economic Area either on the basis of an adequacy decision by the Commission (Art. 45 III GDPR) or on the basis of standard contractual clauses (Art. 46 II c GDPR), which contain appropriate safeguards for the data subject. We will be happy to send you the text of the standard contractual clauses on request.

We may also disclose your personal data to third parties outside the REHAU Automotive companies in order to make use of technical or organisational services that we require for the fulfilment of the aforementioned purposes or our other business activities. Our service providers are contractually obliged to process the personal data exclusively on our behalf and in accordance with our instructions. We also oblige our service providers to comply with technical and organisational measures that ensure the protection of personal data. If the service providers are located in countries in which the applicable laws do not provide for a level of protection of personal data comparable to European law, we will contractually ensure that the service providers concerned comply with the legally prescribed level of data protection (standard contractual clauses). You can obtain further information on this from our data protection officer.

7. Online data usage / Visiting our websites

Below you will find out what information we may collect when you visit our websites and how we handle it. REHAU Automotive websites may contain links to websites of other providers that are not covered by this privacy policy.

When you visit our website, we store information about the browser and operating system you are using, the date and time of your visit and your IP address. This data is required for the function of the pages, in particular to ensure a smooth connection setup and to guarantee a reasonable use of our website. We cannot assign this data to you.

We do not collect any personal data via our websites without your co-operation. You alone decide whether or not you wish to disclose such data to us, for example in the context of a registration, order or survey.

We also use the following technologies on our website:

7.1. Chatbot

When you use our ‘Chatbot’ service (e.g. via our website https://www.rehau.com or within mobile apps), personal data, including chat histories, IP addresses and cookies, are collected and stored by the service providers Amazon Web Services, Inc. and Google Ireland Limited. This information is necessary to provide the service. Further information can be found at https://aws.amazon.com/de/privacy/ and https://policies.google.com/privacy/.

7.2. Google Analytics web analytics service

If you agree in the cookie preference pages for our website, this website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies, text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. REHAU Automotive has activated IP anonymisation on this website; your IP address will therefore be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the link http://tools.google.com/dlpage/gaoptout?hl=de.

The data we collect at user and result level, which is linked to cookies, user IDs and advertising IDs, is automatically deleted after 14 months. The retention period of the user ID is reset to 14 months for each new event (e.g. page view) of this user on our website. Standard summarised Google Analytics reports are not affected by this.

You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=de.

Please note that the code ‘gat._anonymizeIp();’ has been added to Google Analytics on our website in order to ensure anonymised collection of IP addresses (so-called IP masking).

7.3. Google Tag Manager

Google Tag Manager is a solution with which website tags are managed via an interface. The Tag Manager itself does not collect any personal data. The tool triggers other tags and is therefore necessary so that REHAU Automotive can provide a telemedia service that you have expressly requested. The Google Tag Manager itself does not access personal data.

If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. You can find Google's privacy policy for this tool here: https://policies.google.com/privacy?hl=de

7.4. Google Ads Remarketing

If you give your consent in the cookie preference pages for our website, our website uses the functions of Google Ads Remarketing. This allows us to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited. For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalise ads that you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to create target groups. You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://adssettings.google.com/authenticated?hl=de

Alternatively, you can visit the Digital Advertising Alliance at www.aboutads.info to find out more about the use of cookies and make the appropriate settings. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.

Further information and the data protection provisions regarding advertising and Google can be found here: https://policies.google.com/technologies/ads?hl=de

7.5. Google reCAPTCHA

We use Google's reCAPTCHA service in our contact forms, which you can use to send service and information requests to REHAU Automotive.

The purpose of the query is to recognise a hostile attack on our websites by distinguishing human input from automated, machine input. The use of this application is necessary for the provision of the service that REHAU Automotive offers via its contact forms and is therefore based on Art. 6 I b GDPR. It is necessary for the provision of the service, as otherwise the website would not be adequately protected against automated spying, misuse and spam. Its use is therefore also in the interests of the service recipients. For this purpose, your input is transmitted to Google and processed there. The IP address and any other data used by Google for the service will be transmitted to Google.

The use of Google reCAPTCHA is inextricably linked to Google Fonts. If you use Google reCAPTCHA, fonts are loaded via a Google server without us or you being able to prevent this. Google Fonts are fonts of the company Google Inc. The company Google Ireland Limited is responsible for the European area. Details on data protection issues relating to Google Fonts can be found at https://developers.google.com/fonts/faq/privacy.

In principle, no more or other personal data is processed via Google Fonts than is necessary for the use of Google reCAPTCHA. The legal basis for the use of Google Fonts in connection with the use of reCAPTCHA is the legitimate interest in the defence against automated spying, misuse and spam.

Please therefore note that you can only use our contact forms if you consent to Google reCAPTCHA (and Google Fonts) being used to protect the site. In exceptional cases, your data may also be processed in countries without an adequate level of data protection outside the European Union (in so-called third countries). In order to ensure an adequate level of data protection when transferring personal data in this case as well, we take additional measures in accordance with Art. 44 et seq. GDPR and thus ensure that the transfer is generally permissible (e.g. by concluding EU standard contractual clauses).

You can find more information about Google reCAPTCHA and the privacy policy at https://www.google.com/recaptcha/intro/v3.html or https://www.google.com/privacy.

The controller for this data processing is Google Ireland Limited. The following data is transmitted to the controller for the independent provision of the ‘defence against hostile attacks’ service Your web request, IP address, browser type, browser language, date and time of your request and one or more cookies that may identify your browser.

If you do not agree to the use of Google reCAPTCHA, you may not fill in the contact forms in which Google reCAPTCHA is used. If you wish to use the services of REHAU Automotive without the use of Google reCAPTCHA, you are welcome to send us an e-mail or a letter at any time and we will deal with your enquiry by other means.

7.6. Facebook plugin

If you give your consent in the cookie preference pages for our website, we use the ‘visitor action pixel’ from Facebook Inc. on our website. This allows the behaviour of users to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy: https://de-de.facebook.com/about/privacy/

The data can enable Facebook and its partners to place adverts on and off Facebook. A cookie may also be stored on your computer for these purposes.

7.7. Facebook Remarketing

If you give your consent in the cookie preference pages for our website, we use the remarketing function ‘Custom Audiences’ of Facebook Inc, USA on our website. The purpose of this function is to target visitors to the website with interest-based advertising on the Facebook social network. The Facebook remarketing tag has been implemented on the website for this purpose. This tag is used to establish a direct connection to the Facebook servers when the website is visited. This tells the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalised, interest-based Facebook ads.

You can deactivate the remarketing function ‘Custom Audiences’. For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at https://de-de.facebook.com/about/privacy/.

7.8. Facebook Lead Ads

If you give your consent in the cookie preference pages for our website, we use Facebook Lead Ads to obtain contact details from users who are interested in our products and services on Facebook. Our adverts on Facebook are thereby expanded to include further interaction options, in particular the option for the user to request further information about our products and services via a contact form. When an interested party submits such a form, the data provided by the user is stored as a lead on Facebook and transmitted to us. We only use this data for the purpose specified in the lead ad. This can be, for example, the name for personal contact, the e-mail address for sending the desired product information or the telephone number for contacting us by telephone. You can obtain further information on this directly from Facebook at https://de-de.facebook.com/about/privacy/.

7.9. LinkedIn Ads

If you consent to this in the cookie preference pages for our website, we use website conversion tracking on our website using the LinkedIn Insight Tag from LinkedIn Ads. LinkedIn Ads is the advertising platform of LinkedIn Ireland Unlimited Company. The LinkedIn Insight Tag enables us to analyse the behaviour of users who land on our website via our advertising within the LinkedIn advertising network and subsequently to optimise our website and advertising measures. f you interact with our advertising within the LinkedIn advertising network, we only learn about the overall behaviour of all users and do not collect any personal data in the process. Please note that IP addresses are always transferred with every HTTP request (e.g. when data is sent from your browser to a third-party provider such as LinkedIn) and we have no knowledge of the use of the IP address by third-party providers.The collection of IP addresses can be completely blocked in certain browsers. 

Please note that your data is usually transferred to and stored on a LinkedIn server in the United States of America, outside the EEA. To protect your data, we have accepted LinkedIn's ‘Data Processing Terms’, in which LinkedIn also undertakes to act in accordance with European data protection regulations with regard to your data. We would like to point out that in a third country such as the United States of America, no suitable data protection guarantees and no adequate level of data protection can be guaranteed. 

You can find LinkedIn's data processing conditions at the following link https://de.linkedin.com/legal/l/dpa

You can find LinkedIn's privacy policy at the following link https://de.linkedin.com/legal/privacy-policy

Data processing is carried out in accordance with Art. 6 I f GDPR on the basis of our legitimate interest in optimising our website and advertising measures. The legal basis for the use of website conversion tracking by LinkedIn Ads on our website is your consent in accordance with Art. 6 I a GDPR. You can withdraw your consent at any time by changing your cookie settings on our website accordingly.

7.10. LinkedIn Matched Audiences

If you give your consent in the cookie preference pages on our website, we use the retargeting function of LinkedIn Ads on our website. We create user-defined target groups (‘matched audiences’) based on the behaviour of users who have interacted with our website, our content on LinkedIn (e.g. company page) or with our advertising within the LinkedIn advertising network in order to display personalised advertising to these users within the LinkedIn advertising network or to exclude certain target groups in our advertising measures. In order to protect the privacy of individual users, the retargeting audience must consist of at least 300 users before personalised advertising can be displayed to these users.

We also use the customer matching function of LinkedIn Ads to create customised target groups based on our customer data. This function enables us to reach potential or existing customers with personalised advertising within the LinkedIn advertising network.

The legal basis for the use of the retargeting and customer matching function of LinkedIn Ads is your consent in accordance with Art. 6 I a GDPR. You can withdraw your consent at any time by changing your cookie settings on our website accordingly.

You can find LinkedIn's privacy policy at the following link https://de.linkedin.com/legal/privacy-policy

7.11. YouTube plugin

If you give your consent in the cookie preference pages for our website, we use plugins from YouTube LLC (represented by Google Inc.), among others, to integrate videos on our websites. In this case, as soon as you use our website, a connection to the YouTube servers is established and the plugin is displayed. This tells the YouTube server which of our pages you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plugin, this information is also assigned to your user account after clicking the start button of a video, for example. You can prevent this assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. before using our websites and deleting the corresponding cookies of the companies. Further information on data processing and notes on data protection by YouTube (Google) can be found at: https://policies.google.com/privacy?hl=de

7.12. Microsoft plugin

If you give your consent in the cookie preference pages for our website, our website uses conversion tracking from Microsoft Corporation. This involves Microsoft Bing Ads placing a cookie on your computer if you have reached our website via a Microsoft Bing advert. In this way, Microsoft Bing and we can recognise that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing advert and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. Further information on data protection and the Cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement/

7.13. Outbrain

If you give your consent in the cookie preference pages for our website, we use the technology of the provider Outbrain UK Ltd. on our website, with which our users are referred to further content within our website and on third-party websites that may also be of interest to them. The further reading recommendations integrated by Outbrain, e.g. below an article, are determined on the basis of the content previously read by the user. Outbrain uses cookies to display this further interest-related content. To anonymise the IP address, the last octet of the IP address is removed to ensure full anonymisation.

You can object to tracking by Outbrain to display interest-based recommendations at any time at https://my.outbrain.com/recommendations-settings/home.

7.14. Adform

If you give your consent in the cookie preference pages for our website, the technology of Adform A/S, Denmark is used on this website. This system uses cookies for tracking and controlling digital advertising campaigns. Adform does not store any personal data such as names, e-mail addresses or other personal details by setting cookies. All information is purely anonymised and contains technical information such as the frequency and date of display of advertisements, the browser used or the operating system installed. It is not possible to draw any conclusions about your person. Since IP addresses are considered personal data in Germany, Adform never stores complete IP addresses in Germany, but truncates the last octet in order to comply with data protection regulations.

You can revoke your consent at any time. Use this link to do so: https://site.adform.com/privacy-policy-opt-out. This will save an opt-out cookie on your device, which signals to the technical systems that no further data may be measured and no cookies may be set in future.

7.15 REHAU Account / cidaas

If you use our ‘REHAU Account’ service (e.g. via https://accounts.rehau.com or within mobile apps), the minimum personal data required to provide the service will be requested and stored. The underlying service - product name ‘cidaas’ - is provided by our processor Widas ID GmbH.

You can find further information on this at: https://www.cidaas.com/de/datenschutzhinweise/

7.16. Cloudflare

Wenn Sie unseren Dienst "REHAU Account" (beispielsweise über https://accounts.rehau.com oder innerhalb von Mobile Apps) nutzen, werden personen­beziehbare Daten, u. a. anonymisierte IP-Adressen und Cookies, durch den Dienstleister Cloudflare Inc., USA erhoben und bis zu sieben Tage aufbewahrt. Diese Informationen sind notwendig, um die Sicherheit des Dienstes zu erhöhen und werden ausschließlich zu diesem Zweck erhoben. Weitere Informationen dazu finden Sie unter: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies und https://www.cloudflare.com/de-de/privacypolicy/

7.17. Hotjar

If you give your consent in the cookie preference pages for our website, we use Hotjar, a behavioural analysis service of Hotjar Limited, Malta (hereinafter referred to as ‘Hotjar’), on our website to statistically evaluate the behaviour of users on our website with the help of heat maps and session recordings and subsequently to optimise our website. Hotjar stores its own cookies in your browser with the names _hjSessionUser_<site-id> to distinguish individual users and their sessions and events on our website, and _hjSession_<site-id> to recognise events within a session in the domain of our website (so-called first-party cookies).

When you interact with our website, the following data, among others, is recorded in Hotjar

  • URL of the pages you visit on our website
  • Information about the IP address of your internet service provider (anonymised)
  • Information about the device you are using (e.g. model, version, category)
  • Information about the browser you are using (e.g. name, version, language)
  • Information about the operating system you are using (e.g. name, version)
  • Information about the time you accessed our website and the duration of your visit
  • Information about your user behaviour (e.g. click behaviour, mouse movements, keystrokes)
  • Information about your approximate location (country only)
  • Information about your screen resolution
  • Information about your visitor source (e.g. the website from which you landed on our website)

Please note that IP addresses are always transferred with every HTTP request (e.g. when data is sent from your browser to a third-party provider such as Hotjar) and we have no knowledge of the use of the IP address by third-party providers. The collection of IP addresses can be completely blocked in certain browsers such as Safari from Apple (‘iCloud Private Relay’) and Firefox from Mozilla (‘Firefox Private Network’).

Please note that your data is usually transferred to a Hotjar server within the EEA and stored there. To protect your data, we have concluded a direct customer contract with Hotjar by signing the ‘Data Processing Agreement’, in which Hotjar also undertakes to act in accordance with European data protection regulations with regard to your data.

This processing is carried out in accordance with Art. 6 I f GDPR on the basis of our legitimate interest in optimising our website. The legal basis for the use of Hotjar on our website is your consent in accordance with Art. 6 I a GDPR. You can withdraw your consent at any time by changing your cookie settings on our website accordingly.

In addition, you can prevent Hotjar from using your data by making the appropriate settings under the following link: https://www.hotjar.com/policies/do-nottrack/. Hotjar's privacy policy can be found at the following link https://www.hotjar.com/legal/policies/privacy/

7.18. SalesViewer


On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer technology from SalesViewer GmbH based on the legitimate interests of the website operator (Art. 6 I f GDPR).

For this purpose, Javascript-based code is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-recalculable one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored by SalesViewer will be deleted as soon as it is no longer required for its intended purpose and deletion does not conflict with any legal retention obligations.

The collection and storage of data can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/de/opt-out/ in order to prevent SalesViewer from collecting data within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click on this link again.

7.19. More cookies

Cookies are small text files that are usually placed on the PC from a website. Cookies serve a variety of purposes. However, they are never technically risky as they lack any "active" ability. So you cannot run malicious applications. They contain almost exclusively information that is necessary for convenient Internet use. We have also set ourselves a deadline for deleting cookies. Without your renewed consent, these will be stored for a maximum of 12 months from the time they were first collected. We take technical precautions to ensure automatic deletion.
Classic examples of tasks performed by cookies: login data, securing the shopping cart, user analysis, form fields. Information that can be stored in cookies is: lifespan, server name, unique ID, content data.

Use of cookies:

  • Function
    Functional or session cookies are purely technical cookies that are necessary for our website to function properly.
    We only use all other cookies if you have agreed to this on our Consent Manager preliminary pages.

We have structured these cookies as follows:

  • Statistics
    Statistics and tracking cookies are used to evaluate user behavior when visiting our website - of course in a completely anonymous form. REHAU Automotive and, if applicable, the responsible body receive valuable information about how the website is used, which enables REHAU Automotive and, where applicable, the responsible body to better align it with the interests of visitors.
     
  • Marketing
    In addition to our own cookies, we use third-party cookies to show personalized advertising on our and other websites. This process is called “retargeting”. It is based on your activity on our website.
     
  • Others
    In addition, the plugins used on our website use their own cookies. You can find out more about the types and purposes of cookies on the third-party websites provided.

List of cookie providers
List of cookies

7.20. consentmanager

We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from Jaohawi AB, Sweden, on our website to request consent for data processing or the use of cookies or comparable functions. consentmanager offers you the opportunity to grant or reject your consent to certain functionalities in full or differentiated according to individual functions of our website. This concerns e.g. B. the integration of external elements or streaming content, statistical analysis, reach measurement or personalized advertising.

The settings you have made can also be changed later. The purpose of integrating consentmanager is to allow the users of our website to decide on the above-mentioned things and to offer the opportunity to change settings that have already been made as part of the further use of our website. When using consentmanager, personal data as well as information about the end devices used, such as the IP address, are processed.

The legal basis for processing is Art. 6 I c i. V. m. Art. 6 III a i. V. m. Art. 7 I GDPR and alternatively Art. 6 I f. By processing the data, consentmanager helps us (the person responsible according to the GDPR) to fulfill our legal obligations (e.g. obligation to provide proof). Our legitimate interests in processing lie in storing user settings and preferences regarding the use of cookies and other functionalities. consentmanager stores your data as long as your user settings are active. After two years after the user settings have been made, consent will be asked again. The user settings made will then be saved again for this period.

You can object to the processing. You have the right to object for reasons that arise from your particular situation. To object, please send an email to info@consentmanager.net. 

8. Data security

We have technical and organizational security procedures in place to maintain the security of your personal data and to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access.

9. Your rights

Compliance with data protection regulations is monitored by the following bodies, to which anyone can contact:

Data protection officer of REHAU Automotive SE & Co. KG (head office in accordance with Art. 4 No. 16 GDPR):

Mr. Dr. Alexander Walter
REHAU Industries SE & Co. KG
Rhenium house
Helmut-Wagner-Str. 1
95111 Rehau
Telephone: 09283 770
Email: datenschutz@rehau.com

Lead supervisory authority within the meaning of Art. 56 GDPR:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach

You also have the opportunity to check REHAU Automotive's compliance with data protection regulations. You have the following rights:

  • Right to information
  • Right to information about the data processed by you
  • Right to object
  • For all processing operations based on Art. 6 I f GDPR (see above), you can object to the processing for reasons that arise from your particular situation.

For all processing operations based on Art. 6 I f GDPR (see above), you can object to the processing for reasons that arise from your particular situation.

  • Right to object to direct advertising

You have the right to object to the processing of your data for direct marketing purposes at any time. This also applies to profiling that is associated with such direct advertising.

  • Right to rectification, deletion and restriction
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority

If you have any questions about these rights regarding the processing of your personal data, you can contact our data protection officer, who is also available in the event of requests for information, suggestions or complaints. Upon request, REHAU Automotive will inform you as soon as possible in writing in accordance with applicable law whether and which personal data about you is stored by us. If, despite our efforts to ensure that the data is correct and up-to-date, incorrect information is stored, we will correct it upon your request.

Part II

Data protection information for REHAU corporate presence on social media

Welcome to REHAU and our social media presence! REHAU operates this together with those responsible for the various social media platforms. We (REHAU Automotive SE & Co. KG, Helmut-Wagner-Str. 1, 95111 Rehau, Germany) are responsible for defined processing operations together with the operator of the respective social network within the meaning of Article 4 No. 7 of the General Data Protection Regulation (GDPR).
This privacy policy describes how REHAU handles information (“personal data”) that is collected when you visit us on social networks (Facebook, Instagram, LinkedIn, Automotiveing, Kununu, Automotive, YouTube, Pinterest) or contact us using the information provided here.

1. Responsible people

social networkresponsible Personadress data privacy policy
FacebookMeta Platforms Ireland Limited4 Grand Canal Square
Grand Canal Harbour 
Dublin 2
Ireland 		https://de-de.facebook.com/privacy/explanation
InstagramMeta Platforms Ireland Limited4 Grand Canal Square
Grand Canal Harbour 
Dublin 2
Ireland 		https://help.instagram.com/519522125107875
LinkedInLinkedIn Ireland Unlimited CompanyWilton Place
Dublin 2
Ireland		https://www.linkedin.com/legal/privacy-policy
XingNew Work SEAm Strandkai 1
20457 Hamburg
Deutschland		https://privacy.xing.com/de/datenschutzerklaerung
KununuNew Work SEAm Strandkai 1
20457 Hamburg
Deutschland		https://privacy.xing.com/de/datenschutzerklaerung
XTwitter International Unlimited CompanyOne Cumberland Place
Fenian Street
Dublin 2
Ireland		https://x.com/privacy
YouTubeGoogle Ireland LimitedGordon House
Barrow Street
Dublin 4
Ireland		https://policies.google.com/privacy
PinterestPinterest Europe Ltd.Palmerston House
2nd Floor
Fenian Street
Dublin 2
Ireland		https://policy.pinterest.com/de/privacy-policy

The operator of the respective platform is solely responsible for the processing of personal data on the social media platforms. This operator usually processes your personal data that is generated when you visit a social media platform, regardless of whether you have a user account there and/or are logged in. If you agree, cookies and other storage and tracking technologies (sometimes across devices) will be used.

Social media platforms usually create their own personalized usage statistics, e.g. B. for market research, advertising and other commercial purposes. Personal data can also be processed outside the European Union. REHAU has no access to this data and cannot influence the collection of this data.

2. Contact person at REHAU

If you have any questions about data protection, our data protection officer is available to you at datenschutz@rehau.com.

We would like to point out that REHAU's agreements with the operators of the social media platforms mean that requests for information and the rights of those affected should be asserted directly with the respective operator of the social network. Only the provider of the social network has immediate access to the necessary information and can also take necessary measures and provide information. If our support is still necessary, you can contact us at REHAU at any time.

If you assert your right to information directly to us, we will of course inform you as far as we can. Further information on data protection at REHAU, in particular on other general processing purposes and your rights, can be found at www.rehau.com/datenschutz-dach.

3. Processing of personal data
Data categories

a) If you visit a REHAU company page, we, as the operator of the respective page, process the data that you provide to us during your direct actions and interactions (e.g. inquiries, contributions, comments, likes, forwards) as well as your publicly accessible profile data. The public visibility of your personal profile data depends on your profile settings, which you can adjust yourself on the respective social media platform. When using all social media channels, it is strongly recommended not to share sensitive data or confidential information.

b) The social media platforms provide REHAU with anonymous usage statistics (analytics services or page insights data) for our company pages, which are based on the usage behavior of visitors. We receive assigned demographic and geographical evaluations for this data. We cannot access or influence the creation and processing of these usage statistics and the underlying data. This is the responsibility of the operator of the respective social media platform. REHAU has no way of viewing personal data of individual users.

Purposes and legal basis of processing

We operate our company pages and process the above-mentioned data to provide information about us and our products and to communicate with interested parties. The legal basis for this processing is the necessity to protect our legitimate interests (Art. 6 Para. 1 lit. f) GDPR). If you send us a specific request, processing can also take place to fulfill a contract or to carry out pre-contractual measures (Art. 6 Para. 1 lit. b) GDPR).

REHAU uses the data provided by the operator to better understand the use and reach of the content, to identify user preferences and to tailor our company pages to our target groups as effectively as possible.
We can use this information to display targeted interest-based advertisements without having direct knowledge of the visitors' identities. If visitors use social media applications on multiple devices, the recording can take place across devices if they are registered and logged in visitors.

This data is processed to pursue our legitimate interests mentioned above (Art. 6 Para. 1 lit. f GDPR).
Further processing takes place exclusively on the basis of consent (Art. 6 Para. 1 lit. a GDPR), within which REHAU provides information in detail about the data processing to which consent is given.

As part of the provision of our company pages, we work with service providers (e.g. advertising and content agencies who support us in creating our posts and providing and optimizing our social media activities).


Duration of processing

We only process your personal data for as long as it is needed for the aforementioned purposes.

In the event of an objection to processing to protect our legitimate interests (Art. 6 Para. 1 lit. f) GDPR), we will delete personal data unless their further processing is permitted under the relevant legal provisions. We will also delete personal data if we are obliged to do so for other legal reasons. In accordance with these general principles, we generally delete personal data as soon as the legal basis no longer applies, if it is no longer necessary for the stated purposes or if the stated purposes no longer apply and no other legal basis exists (e.g. commercial and tax law retention periods), or otherwise if the other legal basis no longer applies.

Engineering progress

Enhancing lives

Maximum cart size of 3 items has been reached!

Your sample cart items:
Type
Decor
Collection