Over­view

Data protection information for employees
Data protection information for applicants
Data protection information for suppliers

Privacy policy status: 11.04.2025

The protection of your personal data is important to us, and we want you to feel secure when visiting our website. We comply with the provisions of data protection law, in particular the EU General Data Protection Regulation ("GDPR").

In this privacy statement, we explain to you what information (including personal data) we process when you visit and use our website www.rst-rostock.com ("Website").

We would like to point out that security gaps can occur during data transmission on the inter-net (e.g. communication by e-mail). It is not possible to completely protect data from access by third parties.

I. Who is responsible for data processing?

Responsible for the processing of personal data within the meaning of data protection law:
RST Rostock System-Technik GmbH ("wir")
Friedrich-Barnewitz-Str.9
18119 Rostock, Deutschland
Tel.: +49 (0)381 56-0
E-Mail: info@rst-rostock.de

Contact details of the data protection officer
Data Protection Officer
RST Rostock System-Technik GmbH
Friedrich-Barnewitz-Str.9
18119 Rostock, Deutschland
Tel.: +49 (0)381 56-0
E-Mail: datenschutzbeauftragter@rst-rostock.de

II. What data do we process?

You can access our website without providing any personal information (such as name, postal address or e-mail address). However, to enable you to access our website, we need to collect and store certain information.

  1. Log files: We collect information about you when you use this website. We automatically collect information about your usage patterns and your interaction with us and register information about your computer or your mobile device. We collect, store and use data about each access on our website (so-called server log files). Access data includes the name and URL of the retrieved file, date and time of retrieval, transferred data volume, notification of successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider. We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit in some places (e.g. when registering, logging in, clicking links, etc.).
     
  2. Contact: If you contact us via one of the options offered on our website, we will process all personal data contained and indicated in your message in order to process your enquiry and respond to it.
     
  3. Cookies: We use cookies to make our website as user-friendly as possible. Cookies are small text files that are stored by your internet browser. These files allow us to recognize our visitors' preferences when they browse the site and to design our site accordingly. Most of the cookies we use are called session cookies. They are automatically deleted when you leave the website. We also use permanent cookies. Our cookies do not collect any personal data, nor are they suitable to identify you on third-party websites, unless otherwise stated for usage of specific tools in this privacy statement. You can adjust the settings of your browser so that you are notified when cookies are set. This makes the use of cookies transparent to you. You can completely reject cookies via your browser settings. As a result, you may not be able to use all the features of our website.
     
  4. Website-Analyse with Google Analytics: On our website we also use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), to continuously improve our website. Google Analytics also uses cookies that are stored on your computer and that enable analyzing the usage of this website. The website uses an extended version of Google Analytics for the purpose of anonymous collection of IP addresses (also known as IP masking). Google will use the data collected on our behalf to analyse your use of our website, to compile reports on activities on the website and to provide us with additional services in connection with the use of the website. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can deactivate the storage of cookies by changing the corresponding settings of your browser software. Please note that in this case you may not be able to use all functions of the website to their full extent. You can also prevent the data generated by the cookie about your use of this website (including your IP address) from being recorded and transmitted to Google, and the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com; then a logout cookie is installed, which prevents your data from being collected when you visit this website. Further information about data protection at Google Analytics can be found under the following link: www.google.com/terms and www.google.com/privacyoverview.
     
  5. Marketing Activities: When you visit our website, there will be cookies set by the technologies of Google Inc. ("Google"), that are used for general marketing, retargeting and statistical purposes. These cookies can trigger personalized advertising on external websites. Also, with this procedure we generate exclusively anonymous user data. Most browsers are automatically set to accept cookies. If you wish, however, you can configure your browser by changing your browser settings so that cookies are restricted or completely blocked.
    5.1 Moccabirds Conversion Tracking:
    This website uses Moccabirds Conversion Tracking, a service provided by Moccabirds GmbH, Sichelstr. 6, 54290 Trier, Germany. Here, the conversion rate (applications submitted) is measured by means of a tracking pixel (gtag). The results cannot be traced back to a natural person.
     
  6. Customer Relationship Management (CRM): Data that you provide to us via our website (e.g., in application forms, consent queries) is currently used in the Salesforce Sales Cloud (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich) on servers in Germany and France to handle sales and recruiting processes. The data in the Salesforce Sales Cloud is used exclusively by us. The processing of your data in the Salesforce Sales Cloud is based, where relevant, on our legitimate interest in using a CRM system in accordance with Article 6 (1) f) EU-DSGVO, otherwise on your consent in accordance with Article 6 (1) sentence 1 a) EU-DSGVO.
    6.1 Salesforce Marketing Cloud Account Engagement:
    We use Marketing Cloud Account Engagement, the CRM marketing automation solution linked to our sales force system from Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. In addition to the sales force infrastructure, Marketing Cloud Account Engagement uses Amazon Web Services, Inc. as a third-party hosting provider. Here, data processing is carried out for use and based on an Order Processing Agreement we have concluded with Salesforce.  We apply sales force Marketing Cloud Account Engagement in marketing for:
    • Systematic recording, evaluation and optimisation of our website
    • Provision of personalised contents and product recommendations
    • Implementation of (automated) marketing campaigns and advertising activities
    • Assessing the success of marketing campaigns
    • Implementation of our E-mail Newsletter Service
    • Provision of landing pages and forms
     
    The legal basis is Art. 6, para. 1 p. 1 lit. f GDPR.

    You can register for our E-mail newsletter service or also do so independent of this via our website. For this, we provide you with a Marketing Cloud Account Engagement form which is integrated in our website or – if your browser doesn’t display the form – a direct link to the form created in Marketing Cloud Account Engagement. If you click on the registration button in this Marketing Cloud Account Engagement form, Marketing Cloud Engagement sets a session cookie called “Marketing Cloud Engagement” in your browser. We cannot exert any influence on cookie setting and contents.

    Marketing Cloud Engagement creates a user profile on this website, based on information regarding your interaction with our website and the contents it provides (including your IP address, the click path, the data listed in the section ”Collection of personal data when visiting our website” and cookies). We can merge the user profiles created via Marketing Cloud Account Engagement and your customer data stored here and also with further activities.

    Here, Marketing Cloud Account Engagement respects the “Do Not Track” initiative. You can configure this option in your browser. If this option is activated, Marketing Cloud Account Engagement does not use cookie-based tracking. If you wish to prevent Marketing Cloud Account Engagement tracking, you can ensure this as follows: 

    • Via data protection settings
    • Via your browser settings
    • Via browser add-on

    However, this may cause certain restrictions in the functionality and user-friendliness of our offer.
     
    Marketing Cloud Account Engagement sets cookies from initial suppliers for tracking purposes and cookies from third-party suppliers for redundancy reasons. The joint use of cookies from initial and third-party suppliers is common in marketing automation. No personal data is stored in Marketing Cloud Account Engagement-Cookies, but only a unique identifier. An overview of the cookies set by Marketing Cloud Account Engagement with a maximum validity of 365 days can be found below:

    • visitor_id<accountid>: The visitor cookie consists of a unique visitor ID and the unique identifier of your business division. For example, visitor ID 1010101010 is saved in the cookie name visitor_id12345. Account-ID 12345 ensures that the visitor is tracked in the correct business division. The visitor value is the visitor_id in your business division. This cookie is set for Account Engagement Tracking Code visitors.
    • pi_opt_in<accountid>: If “Registration settings for tracking" is activated, the cookie pi_opt_in is labelled with the value true or false as soon as the visitor decides in favour of or against tracking. If a visitor decides in favour of it, the value is determined as true and the visitor is allocated a cookie and tracked. If, on the other hand, the visitor decides against it or ignores the registration banner, the value of the respective cookie is determined as false. The visitor cookie is deactivated, the visitor is not tracked.
    • visitor_id<accountid>-hash: A visitor’s hash cookie includes the account ID and is used to save a unique hash value. For example, in the cookie name visitor_id12345-hash, the hash value "855c3697d9979e78ac404c4ba2c66533" is saved and the account ID is 12345. This cookie is a safety measure in order to ensure that a malicious user cannot fake being a visitor and access information about potential customers.
    • lpv<accountid>: This LPV cookie is set to hinder that we track several page views for a single object during a 30-minute session. If, for example, a visitor reloads a target page several times within a period of 30 minutes, this cookie hinders that each reload is tracked as a page access.
    • pardot: A session cookie with the name pardot is set in your browser whilst you are registered as a user or if a visitor accesses a target page or a page with an Account Engagement tracking code. The cookie marks an active session and is not used for tracking.

    You can find further information from the provider Salesforce/Marketing Cloud Account Engagement under: www.salesforce.com/company/privacy/ and www.pardot.com/legal/.
     
  7. Plug-Ins und Tools

    7.1 YouTube:Our website uses plugins provided by the website operated by Google: YouTube. The sites are operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages with a YouTube plugin, a connection is established to the YouTube servers. This will tell the YouTube server which pages of our website you have visited. Once you've signed in to your YouTube account, you enable YouToube to link your surfing habits directly to your personal profile on YouTube. You can prevent this by logging out of your YouTube account. For more information about user data handling by YouToube, please see YouTube's privacy policy at www.google.de/privacy.

    7.2 Google Web-Fonts:This website uses web fonts from Google to ensure a consistent display of the fonts. When a page is visited, your browser loads the necessary web fonts into your browser cache so that texts and fonts are displayed correctly. Web fonts are stored on our servers for this purpose. A data transfer to Google does not take place. If your browser does not support web fonts, a default font of your computer will be used. More information about Google's web fonts is available at developers.google.com/fonts  and at Google's privacy policy at www.google.com/privacy.

    7.3 Google Maps:This website uses the Mapbox mapping service via an API. Mapbox is provided by Mapbox Inc. To use the functionalities of Mapbox, it is necessary to process your IP address. These data may be transmitted to Mapbox servers in the United States and stored there. The operator of this website has no control over this data transfer. Mapbox is an active participant in the EU-US Data Privacy Framework, ensuring the proper and secure transfer of personal data of EU citizens to the United States.
    For more information on how Mapbox handles user data, please refer to their privacy policy: www.mapbox.com/legal/privacy

    7.4 Pingdom: This website uses Pingdom, a tool for measuring the performance of websites. The tool is provided by Solarwinds Software Europe Ltd, Unit 1101, Building 1000, City Gate, Mahon, Cork, Ireland. Pingdom stores certain information about the visitor's surfing behaviour locally on the visitor's computer, including a session ID, information about the browser used, visiting times and whether the visitor has visited the site before within 30 days. This information cannot be linked to natural persons but is only used for the purpose of anonymous evaluations of the website's performance, including website loading time, active sessions, users by country, platform (desktop, phone, tablet), browser, most visited pages. Further information on this can be found at https://help.pingdom.com.

    7.5 Messenger & communication functions: We offer various ways to communicate with us on our website. In addition to traditional means of communication such as e-mail, contact forms or telephone, we also offer chats and messengers. If content is encrypted end-to-end, this will be indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption means that the content of a message itself is not visible to the provider. However, information about your device, location settings and other technical data can still be processed and stored. Please note that when using our built-in elements, your data may also be processed outside the European Union. The specific legal bases for processing your data outside the European Union can be found in the respective privacy policy for the individual services.

    What data is processed?
    Exactly which data is stored and processed depends on the respective provider of the messenger & communication functions. Basically, this is data such as name, address, telephone number, email address and content data such as all information that you enter in a contact form. This also includes information about your device and IP address. In principle, personal data is only processed for as long as is necessary for the provision of our services.

    Legal basis
    If you have consented to your data being processed and stored by integrated messenger & communication functions, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). We process your enquiry and manage your data in the context of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer enquiries. The basis for this is Art. 6 para. 1 sentence 1 lit. b. GDPR. In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners if you have given your consent.
     
    WhatsApp privacy policy

    We use the WhatsApp Business instant messaging service on our website. The service provider is the American company WhatsApp Inc, a subsidiary of Meta Platforms Inc (until October 2021 Facebook Inc.). WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European region. WhatsApp also processes your data in the USA, among other places. WhatsApp uses the so-called standard contractual clauses as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries (see Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
     
    Information on data transmission with WhatsApp Business, which complies with the standard contractual clauses, can be found at www.whatsapp.com/legal/business-data-transfer-addendum-20210927. You can find out more about the data processed through the use of WhatsApp Business in the Privacy Policy at  https://www.whatsapp.com/legal/business-data-processing-terms?lang=de_DE
     
  8. Links to other websites:Our website also provides links to other webpages (including our profiles on Facebook, YouTube, Google+, LinkedIn and Xing). These links are not "social plug-ins" (i.e. buttons through which the operator providing the corresponding website or profile can collect information about the users of our website when accessing our website). Please note, however, that if you access this other site, the operator of this site may collect information (possibly including personal data) about your visit. Further information can be found in the privacy policy of the operator of the corre-sponding website or profile.

III. For what purposes and on which legal basis do we process your data?

  1. Any personal data contained in the log files will be processed in order to enable you to use our website; processing will be carried out in accordance with Article 6 Para. 1 f) GDPR in order to safeguard our legitimate interest in operating our website.
     
  2. The data collected via cookies (including web analysis services, plugins and tools) and the pseudonymised user profiles may be processed for advertising and market research purposes as well as for the purpose of userfriendly design of our website on the basis of Article 6 Para. 1 f) GDPR in order to safeguard our legitimate interest in an analysis of the use and in a userfriendly design of our website.
     
  3. The data provided in connection with the subscription to the newsletter will be processed on the basis of Article 6 para. 1 a) GDPR (consent).
     
  4. Data processing for answering a request is based on Article 6 (1) f) GDPR to protect our legitimate interest in establishing and maintaining business contacts. If your request relates to the conclusion of a contract or to precontractual measures, we process your personal data on the basis of Article 6 paragraph 1 b) GDPR.
     
  5. We may also process the personal data processed in connection with your use of our website in order to fulfil legal obligations to which we are subject; this is done in ac-cordance with Article 6 (1) c) GDPR.
     
  6. If necessary, we process personal data not only for the above-mentioned purposes but also to safeguard our legitimate interests or the interests of third parties; this is done on the basis of Article 6 para. 1 f) GDPR. Our legitimate interests include asserting legal claims and defending our interests in litigation, preventing and resolving criminal offences, and managing and developing our business, including risk management. 

IV. Do I have to provide data?

The information required for ordering the newsletter is marked as mandatory in the cor-responding section of this website (e.g. in the corresponding online form). In order to be able to respond to a request addressed to us, we need at least your name and information on how we can contact you (e.g. postal address or e-mail address). We will not be able to process your request if we are not provided with the required information.

If we collect additional personal data from you, we will inform you whether the provision of this data is based on a legal or contractual obligation or a requirement necessary for the conclusion of a contract. In this regard, we usually identify the information that can be voluntarily provided and the provision of which is not based on the above obligations or is not necessary for the conclusion of a contract.

V. Who is the recipient of my data?

Usually, your personal data is processed in our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. A role and authorization concept restricts access within our company to the functions required for the respective processing purpose and to the scope required in this respect.

To the extent permitted by law, we may also disclose your personal data to third parties outside of our company. In particular, the following persons may belong to these external recipients:

• Companies that belong to our group of companies, insofar as they are involved in the processing of enquiries or orders,
• Service providers commissioned by us who provide services for us on the basis of a separate contract, which may also include the processing of personal data, as well as all subcontractors commissioned by our service providers with our consent,
• shipping companies involved in processing your order,
• credit institutions involved in the processing of payments,
• non-public and public authorities to the extent that we are obliged by law to transmit your personal data.

VI. Is automated decision making used?

In connection with the operation of our website, we do not normally use automated de-cision making (including profiling) within the meaning of Article 22 GDPR. If we use such procedures in special cases, we will inform you separately to the extent required by law

VII. Are data transmitted to countries outside the EU/EEA?

As part of our web analytics services, plugins and tools as well as in connection with the use of our website and contacting us, information may be transmitted to recipients in "third countries", in particular the USA. "third countries' means countries outside the European Union or the European Economic Area for which the level of data protection cannot easily be considered comparable to that of the European Union. Insofar as the information transferred also includes personal data and we are not obliged to transfer the data due to a legal obligation, we will ensure before the transfer that the required appropriate level of data protection in the respective third country or by the recipient in the third country is complied with. In particular, this can take the form of an "adequacy decision" by the European Commission ensuring that an adequate level of data protection has been established for a given third country as a whole. Such a decision of adequacy exists in relation to Israel. Alternatively, we may also transfer data in particular pursuant to "EU standard contractual clauses" agreed with or for recipients in the United States, if and to the extent required by applicable data protection laws. Upon request, we will be happy to provide you with more information about the appropriate and reasonable safeguards for maintaining an adequate level of data protection; the appropriate contact information can be found at the top of this privacy notice. Information on the participants in the EU-US Privacy Shield can be found at: www.privacyshield.gov/list; for information on the EU standard contractual clauses please visit:  http://eur-lex.europa.eu and for information on the adequacy decisions please visit: https://ec.europa.eu.

VIII. How long will my data be stored?

Usually, we store your personal data as long as we have a justified interest in the storage and this interest outweighs your interest in discontinuing the storage. We may also continue to store the data without legitimate interest if we are legally obliged to do so (e.g. to fulfil archiving obligations). We will delete your personal data as soon as the data is no longer required for the fulfilment of the processing purpose or its storage is otherwise prohibited by law.

The personal data that we must store in order to fulfil our archiving obligations will be stored until the respective archiving obligation expires. If we only store personal data for the fulfilment of archiving obligations, the data is generally blocked so that it can only be accessed if it is necessary for the purpose of the archiving obligation.

IX. What rights do I have?

The following rights apply only:

• for data subjects who are located in the EU and whose personal data are processed by us as described above, insofar as the processing activities are connected with the offer of goods or services or insofar as the behaviour of the data subjects is monitored, insofar as their behaviour takes place within the EU;
• for data subjects whose personal data are processed as part of the activities of the RST Rostock System-Technik GmbH, regardless of whether the processing takes place in the EU or not.

a) The right of objection under Article 21 GDPR
You have the right at any time to object to the processing of your personal data on the basis of Article 6 (1) e) or 1 f) GDPR for reasons relating to your particular situation; this also applies to profiling on the basis of these provisions. Should you object to the processing, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which take precedence over your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling, insofar as this is in connection with direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

b) Further rights
As a data subject, you have the following rights:

• Access/Information about your stored personal data, Article 15 GDPR
• Rectification of inaccurate or incomplete data, Article 16 GDPR
• Erasure of personal data, Article 17 GDPR
• Restriction of processing, Article 18 GDPR and
• Data portability, Article 20 GDPR

You can revoke your consent to the data processing granted to us at any time with effect for the future. A notification by e-mail is sufficient for this purpose. The legality of any data processing carried out before your revocation remains unaffected by the revocation. Furthermore, data processing may be continued despite your revocation of consent if another legal basis (e.g. Article 6 para. 1 b) GDPR or Article 6 para. 1 f) GDPR) has been proven.

In order to exercise your rights, you can contact us at any time, e.g. by using one of the contact options listed at the beginning of this information on data protection.

In addition, you have the right to lodge a complaint with the supervisory authority responsible for data protection, Article 77 GDPR.