Privacy policy and instructions for data processing

With the following privacy policy we would like to inform you which types of your personal data we process for which purposes and in which scope.

Protecting your data is important to us

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as “data”) we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).

The terms used are not gender-specific.

Last Update: 24. March 2023

1. Contact details responsible authority and data protection officer

1.1 Responsible authorities

Rudolf Riester GmbH
Bruckstrasse 31
72417 Jungingen
Fax: +49 7477 9270 70

Authorised Representatives:
Irina Zhdanova, Managing Director
E-mail address:
Phone: +49 7477 9270 0

1.2 Data Protection Officer

Name: Athanasios Tziotzios
Contact information of our data protection officer

1.3 Overview of processing operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

2. Purposes of processing

In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

2.1 Consent (Article 6 (1) (a) GDPR)

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

2.2 Performance of a contract and prior requests (Article 6 (1) (b) GDPR)

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

2.3 Legitimate Interests (Article 6 (1) (f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2.4 Balance of interests (Art. 6 para. 1b GDPR)

Furthermore, data processing occurs for the protection of legitimate interests of this company or third parties for specific purposes after prior balancing of interests, e.g to secure the domiciliary right, protection of legal claims, investigation of criminal offences, determination of default risks, optimised product development, optimised customer approach for advertising purposes such as telephone contact to other companies, postal delivery of promotional information (e.g. invitation to functions and events, presentation of new products and services), optimised requirement planning, or to ensure data security.


In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

3. Further data processing in the context of website use

3.1 Contact form

The data recorded via our contact form will only be used to process inquiries received through the contact form. After processing the request, the collected data will be deleted.

3.2 Login for registered users

After registering on a login form, we offer customers the use of an internal area. Registered users can call up various documents in the internal area. We use the data collected to complete registration for the use of the internal area as well as the data resulting from that use only for the purpose of retrieving internal documents. We log usage data when you visit or otherwise use our website, such as when you view or click on content (e.g., learning module) or ads (on or off our sites and apps), perform a search or share content. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.

3.3 External content / processing of data outside the EU

On our websites we use active JavaScript content such as Google Maps from external providers such as Google Inc. By visiting our website, these external providers may receive personal information about your visit to our website. You can prevent this by using a JavaScript blocker such as the browser plugin ‘NoScript’ ( or by disabling JavaScript in your browser. This may result in functional restrictions on websites you visit.

3.4 Cookies

Our website, (hereinafter: “the website”) uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website. More details on Cookies-Policy.

3.5 Anonymous or pseudonymous usage possibilities

You can always visit our websites without giving us personal data. Pseudonymised usage data are not merged with the data of the bearer of the pseudonym. A creation of pseudonymous usage profiles does not take place.

4. Categories of recipients

In order to fulfil the intended purposes, there is interdepartmental access within our company to the respectively required data. Likewise, as part of a balance of interests, an inter-site data exchange may take place within the Halma Group, to which we belong. A current overview of the branches can be found here: Our contract processors may also receive data for specific purposes, e.g. for IT services, document destruction and marketing. Other recipients of personal data may also be e. g. public authorities, credit and financial services institutions, lawyers and accountants or credit bureaus.

5. Transmission to a third country or to an international organisation

A data transmission in third countries takes place only if this is required, for example, for the execution of a contract or by law, you have given us your consent, or in the context of a group data transfer after balancing of interests. In addition, as part of the maintenance of IT components, it cannot be ruled out that an IT service provider from a third country (e. g. USA) could in rare cases obtain access to personal data. Otherwise, there will be no transfer of personal data to third countries or to an international organisation.

6. Duration of data storage

For the duration of the contractual relationship, the personal data are stored with us; furthermore, statutory limitation periods generally last three years. After completing an application selection process, we will generally delete your information within 3 months unless you are hired by our company. There are different storage and documentation requirements, for example, from the Commercial Code (HGB) and the Tax Code (AO), which can last up to ten years.

7. Right to information, correction, deletion, restriction, data portability, existence of a right of

You have the right to information according to Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to cancellation under Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability from Art. 20 GDPR. In addition, you have the right of appeal to a data protection supervisory authority (Art. 77 GDPR).

8. Obligation to provide data

You will only need to provide the personal information necessary to create, conduct and terminate a contract, or which we are required to collect by law. If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.

9. Automated decision-making in individual cases

In principle, we do not use fully automated decision-making to justify and execute the business relationship. If we use these procedures in individual cases, we will inform you about this separately, if required by law.

10. Profiling

We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling), e.g. evaluation for targeted customer approach, needs-based advertising including market and opinion research as well as for scoring or rating. In the evaluation, for example, data on payment behaviour (e. g. account sales, balances) as well as criteria such as industry affiliation and experience from the previous business relationship can be of influence.

11. Categories of personal data

We process the following categories of personal data, for example: personal master data, contract master data, contract implementation and termination data, order data, data to fulfil legal obligations, creditworthiness data, scoring / rating data, advertising and sales data, data about your use of our offered telemedia (e.g. time of the visit to our web pages) as well as other data comparable to the mentioned categories.

12. Data sources

We process data that we have received from you in the framework of our business relationship as well as data lawfully transmitted to us by other third parties. We also collect data from publicly available sources (e. g. trade and debtor directories, commercial registers, press).

Information about your right to object according to Art. 21 General Data Protection Regulation (GDPR)

Case-specific right of objection

You have the right to object, for reasons that arise from your particular situation, at any time to the processing of your personal data, which occurs based on Article 6 para. 1e GDPR (data processing in the public interest) and Article 6 (1f) of the GDPR (data processing based on a balance of interests); this also applies to profiling based on this provision. If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or that serve to assert, exercise or defend legal claims.

Right to object to the processing of data for direct marketing purposes

We process your personal data in order to operate direct mail. You have the right to object at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be free of form and should be directed if possible to:

Rudolf Riester GmbH
Bruckstraße 31
DE-72417 Jungingen
Fax: (+49) +74 77-92 70-70
Scroll to top