deen

Data Protection

We care about your privacy.

INFORMATION PROVIDED PURSUANT TO ARTICLES 12 ET SEQ.
OF THE EU GENERAL DATA PROTECTION REGULATION

Below you will find both our ‘General Data Protection Policy for our website and the ‘Data Protection Policy for Events’. The latter applies when you participate in one of our RSU events.

I. GENERAL DATA PROTECTION POLICY

CONTROLLER AND SCOPE

The controller as referred to in the EU General Data Protection Regulation (GDPR) and other, national data protection laws of the member states as well as other regulations on data protection is:

RSU GmbH & Co. KG
Karlstraße 35
80333 München
Germany
4HV6+MJ
Tel +49.(0)89.442340-0
Fax +49.(0)89.442340-999
infos@rsu.one

CONTACT INFORMATION OF DATA PROTECTION OFFICER

You can reach our data protection officer by e-mail at Datenschutzbeauftragter@rsu.one.de, by regular mail by adding “der Datenschutzbeauftragte” to our postal address or by telephone at +49 89/442340-0.

PRINCIPLES OF DATA PROCESSING

The present text is to inform users about the nature, extent, and purpose of the processing of personal data by RSU GmbH & Co. KG, Karlstraße 35, 80333 München (hereinafter: “RSU”). The relevant statutory provisions on data protection are contained in the GDPR.

Since changes in legislation or to our internal processes may require us to amend this data protection statement from time to time, we would ask you to check this statement regularly.

“Personal data” as defined in Article 4 of the GDPR means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more specific properties. For example, personal data include the name, e-mail address, telephone number or IP address of an individual.

Information which we cannot connect to you (or which we could only connect to you at disproportionate cost), for example because it has been anonymized, is not personal data. Any processed personal data will be erased once the purpose of the processing has been achieved and there is no legal requirement to store the data any more.

RSU will only process personal data if this is legal or the data subject agrees to the collection of the data. In case we process your personal data, the concrete operations, extent and purpose of and legal basis for the processing and the time for which the data are stored are stated below.

INDIVIDUAL PROCESSING OPERATIONS

1. Setting up and operating a website
a) Nature and extent of data processing
RSU (or its web space provider) collects data on every instance in which the website is accessed (referred to as server log files). The data collected include: domain, IP address, name of website retrieved, file, date and time of retrieval, amount of data transmitted, information on success of retrieval, type and version of browser, user’s operating system, referrer URL (site previously visited) and requesting provider.
RSU only uses the log data for statistical evaluation in support of the operation, protection and optimisation of the website. However, RSU reserves the right to check the log files at a later time if there are specific indications of illegal use.

b) Legal basis
This processing of data is based on Article 6(1)(f) of the GDPR. It is necessary for operating a website and thus for pursuing a legitimate interest of our company.
You may object to this processing at any time for reasons arising from your special situation. If you do, RSU will stop processing these personal data unless it has compelling and legitimate reasons which take priority over the interests, rights or liberties affected or it is necessary to process these data for asserting, exercising or protecting legal claims.

c) Storage period
Recording the data required for operating the website and saving the data in log files is indispensable for operating an Internet page. Your personal data will be erased as soon as they are no longer needed for the aforementioned purpose. If personal data are saved in log files, they are erased after three days. Data may be stored more extensively in individual cases if this is required by law.

2. Enabling people to contact RSU
a) Nature and extent of data processing
If you contact RSU via contact form or by e-mail, the information you provide is stored for the processing of your inquiry and in case further questions arise.

b) Legal basis
This processing of personal data is generally based on Article 6(1)(f) of the GDPR. Our legitimate interest referred to in this provision is to answer inquiries from people interested in RSU. We may even have a legal obligation to do so, in which case the relevant legal basis is Article 6(1)(c) of the GDPR.

c) Storage period
Once the personal data gathered in this context are no longer needed, they will be erased or their processing will be restricted if they must be stored by law. You may object to the future processing of your personal data at any time when contacting RSU.

3. Employment applications
a) Nature and extent of data processing
We process the personal data of applicants during the application process. Applications can be submitted to us via our application portal or by e-mail.
The data that you provide to us during the application process will be processed solely for the purposes of this process and will be made available only to the individuals involved. The application portal is operated by comvaHRo GmbH (85630 Grasbrunn), which acts as a processor on our behalf as referred to in Article 28 of the GDPR.

b) Legal basis
The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR in conjunction with Article 88 of the GDPR and § 26 of the Bundesdatenschutzgesetz as processing the data is necessary for performing an agreement to which the data subject is a party or for carrying out preliminary measures to an agreement upon an inquiry made by the data subject.

c) Storage period
The data will be erased after six months. Applicants may withdraw their application at any time. If they do so, their application documents are disregarded in the further application process and are erased unless they must be stored by law.

4. Direct marketing (such as newsletters and customer surveys)
4.1. Newsletter subscription and event registration
a) Nature and extent of data processing
On our website you can subscribe to receive newsletters by e-mail and register for events. In this context, the data you provided via the input mask and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this Privacy Policy.

In order to verify that a registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called “double opt-in” procedure. After registration, you will receive an email in which you are asked to confirm your subscription. This confirmation is necessary to avoid anyone using others’ email addresses for the registration. Hence, the registration process is only completed once the confirmation link in the confirmation e-mail has been activated. In this context, date and time of activation of the confirmation link are transmitted to us.

You can unsubscribe from the newsletter at any time by using the unsubscribe link contained in each newsletter or by contacting us using the contact details provided above.
If you also provide us with your telephone number as part of your event registration or participation, your consent also extends to being contacted by telephone for marketing and sales purposes. You can also object to this processing at any time.

b) Legal basis
The processing of personal data is based on Art. 6 (1) lit. a) GDPR following the consent given by you.

c) Storage period
Please note that if you withdraw your consent, we will retain the data relating to the consent expiry of the statutory limitation period (three calendar years after the last e-mail newsletter was sent in accordance with Section 195 of the German Civil Code (BGB)) in order to be able to defend ourselves legally if necessary. In this context, the duty of accountability takes precedence over the duty of erasure for this period (Art. 17 (3) lit. e) GDPR). The legal basis for the retention of consent data is Art. 6 (1) lit. c) in conjunction with Art. 5 (1) lit. a), (2), Art. 7 (1) GDPR and Art. 6 (1) lit. f) GDPR.

4.2. E-mail newsletters and customer surveys in the context of an existing customer relationship
a) Nature and extent of data processing
If you are a customer of RSU and provide us with your e-mail address, we may subsequently use it to send you an e-mail newsletter or other marketing messages (such as customer surveys) if you have not objected to such use. In such a case, the email will only be used to send direct advertising for our own similar goods or services (such as surveys pertaining to RSU-services that you have been using). You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using i.e. the unsubscribe link contained in every newsletter or by contacting us at the above-mentioned contact details.

b) Legal basis
The legal basis for sending the newsletter or conducting customer surveys as a result of the sale of goods or services is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR.

c) Storage period
Please note that if your data has already been used for the sending of email advertising during an existing customer relationship, we will retain the data in the event of an objection to further advertising use until the expiry of the statutory limitation period (based on Section 7 (3) of the German Unfair Competition Act (UWG) in accordance with § 195 BGB, three calendar years after the last advertising email was sent) in order to be able to defend ourselves legally if necessary. The duty of accountability takes precedence over the duty of erasure for this period (Art. 17 para. 3 lit. e) GDPR). The legal basis for the retention of consent data is Art. 6 (1) lit. c) in conjunction with Art. 5 (1) lit. a), (2), Art. 7 (1) GDPR and Art. 6 (1) lit. f) GDPR.

4.3. Newsletter Analytics/Tracking
A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.
The legal basis for this analysis is your consent pursuant to Art. 6 (1) lit. a) GDPR.

4.4. Newsletter Service Provider
The newsletter is sent via the service provider “Brevo”. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. The data collected is stored on Brevo’s servers in the EU. Brevo uses this information to send the newsletter on behalf of RSU.

You can find more information about Brevo’s privacy policy here: https://www.brevo.com/legal/privacypolicy/

5. Establishment, exercise or defence of legal claims
a) Nature and extent of data processing
In the context of the establishment, exercise or defence of legal claims, we process your personal data to refute unfounded claims and enforce claims and rights.

b) Legal basis
The legal basis for processing your personal data to establish, exercise or defend legal claims is our legitimate interest as referred to in Article 6(1)(f) of the GDPR.

c) Storage period
Your personal data will be erased as soon as they are no longer needed for the purposes for which they have been collected.

6. Whistleblowing system
a) Nature and extent of data processing
For confidential communication with whistleblowers according to the German Whistleblower Protection Act (HinSchG), RSU uses a digital whistleblower system of the service provider ‘Compliance.One’. This provider also assumes the function of the internal reporting office as ombudsperson.
The whistleblower system enables the submission of anonymous reports for which no personal data of the whistleblower is collected or otherwise processed. However, depending on the content of the submitted report and any accompanying documents, it cannot be ruled out that personal data of the whistleblower or of other persons named in the report will be processed.

b) Legal basis
Art. 6 (1)(c) of the GDPR in conjunction with Section 10 of the German Whistleblower Protection Act (HinSchG) forms the legal basis.
Further information can be found in the privacy policy for the whistleblower system at
https://platform.compliance.one/case/legal/150/7a78fa9a77b2/

7. Electronic Signatures (DocuSign)

a) Nature and extent of data processing
RSU uses DocuSign software for the digital signature of contracts. The provider of this service is DocuSign International (EMEA) Limited, Hanover Quay, Grand Canal Dock, Dublin, Ireland. As part of the service, you will receive an email with a link that enables you to submit a legally valid and binding digital signature on the DocuSign platform.

In connection with the digital signature, the personal data listed in the documents to be signed will be processed. This includes, in particular, the name, e-mail address, device and transaction data.

You can find more information on data protection at DocuSign here: https://www.docusign.com/privacy

b. Legal basis
The legal basis for the processing is our legitimate interest as referred to in Article 6(1)(f) of the GDPR. We have a legitimate interest in digitizing our processes and in offering a digital method to conclude contract. The use of your e-mail address serves to send the relevant information and to facilitate the process of obtaining the necessary signatures and documents.

All personal data remains in data centers in the EU. No personal data leaves the EU; only transaction data required for billing and worldwide access to DocuSign services is transferred to the US. To this end, the transfer takes place on the basis of the certified DocuSign Binding Corporate Rules (BCRs) and the EU Standard Contractual Clauses (SCCs).

c. Storage period
Your personal data will be deleted as soon as it is no longer required for the respective purpose and until the end of the legally regulated retention periods.

DISCLOSURE OF DATA

We only disclose your personal data to third parties if:

– You have given your express consent to this in accordance with Art. 6 (1) lit. a) GDPR;
– this is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 (1) lit. b) GDPR;
– there is a legal obligation for the disclosure pursuant to Art. 6 (1) lit. c) GDPR; or
– the disclosure pursuant to Art. 6 (1) lit. f) GDPR is necessary to safeguard the legitimate interests of RSU, as well as to assert, exercise or defend legal claims and there is no reason to assume that your interests are overridden when disclosing your data.

TRACKING AND ANALYSIS

We use the open source web analytics service Matomo (previously named Piwik, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769). With this tool we gather and analyze anonymized data about how our website is used. This allows us among other things to find out which web pages have been accessed, when and from which area.

The legal basis for our use of this analytical tool is article 6(1)(f) of the GDPR because we have a legitimate interest in analyzing how people use our website so that we can optimize it and adapt it to the users’ needs on a continuous basis.

Protecting your data matters to us, which is why we perform IP anonymization when using Matomo. This means that your IP address is truncated before any analysis takes place so that it can no longer be clearly linked to you.

Further, we only use our own servers to host Matomo to ensure that all data gathered remain in our possession and are not shared with anyone else.

You can prevent your actions on this website from being analyzed and put into context. This will protect your privacy but will also prevent the operator from learning from your actions and improving your and other people’s user experience.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

COOKIES

a) Nature and extent of data processing
We use cookies on our website. Cookies are small files that are sent to and stored in your browser when you visit our website. Some of the functions of our website cannot be provided without using specific cookies.
The following cookies are used on our website:
• Session cookie (JSESSIONID): saves the user’s page request status for the application form
• Language selection cookie (wp-wpml_current_language): indicates the country code inferred from the user’s IP address; this determines the language used

b) Legal basis
The legal basis for the processing of cookies that are necessary for technical reasons is our legitimate interest in the processing of personal data according to article 6(1)(f) of the GDPR.

c) Storage period
The data provided to us through cookies are erased as soon as they are no longer needed for the purposes described above, in particular when the cookies are deactivated. Data may be stored more extensively in individual cases if this is required by law.

d) Browser configuration
You can manage cookies by defining the relevant settings below or by configuring your browser according to your preferences. Most browsers are pre-configured to accept cookies by default. You may, however, configure your browser to accept only certain cookies or even none at all. Note that you may not be able to use all functionalities of our website if cookies are deactivated through your browser settings. Your browser settings also allow you to delete cookies already stored in your browser or check the storage period of cookies. You can also configure your browser to inform you before cookies are stored. Since browsers may differ in their functionalities, we ask you to refer to your browser’s help menu for details. If you would like to get a complete list of all external connections established with your browser, we recommend that you install a dedicated plug-in for this purpose.

e) Refusing cookies
Note that you may not be able to use all functionalities of our website if cookies are deactivated through your browser settings.

HYPERLINKS

Our website contains hyperlinks to RSU’s pages on LinkedIn and XING. The websites of LinkedIn and XING are subject to the data protection provisions of these service providers.

RIGHTS OF DATA SUBJECTS

If we process your personal data, you are a data subject and have the following rights with regard to the personal data concerning you:

Pursuant to Article 15 of the GDPR you are entitled to information about the personal data processed by us. In particular, you are entitled to information on the purposes for which the data are processed, the categories of personal data processed, the categories of recipients to which your data are or were disclosed, the period for which the data are intended to be stored, any existing right to rectification, erasure or restriction of processing, right to object or right to lodge a complaint, the source of your data if your data have not been collected at our company, and any transfer made to a third country or an international organisation. You are also entitled to information about whether there is an automated decision-making system, including profiling, and to meaningful details on any such system.

Pursuant to Article 16 of the GDPR you are entitled to have any inaccurate personal data about you that we have stored corrected and to have any incomplete personal data about you that we have stored completed without undue delay.

Pursuant to Article 17 of the GDPR you are entitled to have your personal data stored by us erased unless processing the data is necessary for exercising freedom of speech and information, complying with legal obligations or establishing, exercising or defending legal claims or is in the public interest.

Pursuant to Article 18 of the GDPR you may have the way in which we can process your personal data restricted if you contest the accuracy of the data, the data are processed unlawfully or we do not need the data any more and you object to their erasure because you need them for the establishment, exercise or defence of legal claims. This applies even if you have objected to the processing of your personal data on the grounds set forth in Article 21 of the GDPR.

Pursuant to Article 20 of the GDPR you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have the data transmitted to a different controller.

Pursuant to Article 21 of the GDPR you have the right to object to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR for reasons arising from your special situation. If you do, RSU will stop processing these personal data unless it has compelling and legitimate reasons which take priority over the interests, rights or liberties affected or it needs to process these data for asserting, exercising or protecting legal claims. Further, you have a general right to object to the processing of your personal data for direct marketing purposes according to Article 21(3) of the GDPR, with which we will comply without any need for you to invoke special circumstances.

Pursuant to Article 7(3) of the GDPR you may withdraw your consent at any time, in which case we are prohibited from processing the data based on such consent in the future.

Pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, this may be the competent authority at your habitual residence, your place of work or our registered seat. The supervisory authority responsible for RSU in matters of data protection is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Germany
Telefon: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

DATA SECURITY AND SAFEGUARDS

We undertake to protect your privacy and treat your personal data as confidential. To prevent any manipulation, loss or abuse of the data stored in our systems we take extensive technical and organisational precautions, which we check and update in line with technological progress on a regular basis. This includes the use of acknowledged encryption methods (SSL or TLS). However, please be aware that due to the structure of the Internet there may be persons or institutions outside our area of responsibility which disregard data protection rules or fail to observe the aforementioned precautions. In particular, third parties may have access to data that are made available unencrypted, for example via e-mail. We have no way of preventing this by technical means. Users are responsible for protecting the data they make available, for example by means of encryption.

II. DATA PROTECTION POLICY FOR EVENTS

As part of our events, we process personal data, for example the data that you provide when registering, but also data that is collected as part of your participation, i.e. if you provide one of our employees with your contact details for inquiries or if photos are taken.

CONTROLLER AND SCOPE

The controller as referred to in the EU General Data Protection Regulation (GDPR) and other, national data protection laws of the member states as well as other regulations on data protection is:

RSU GmbH & Co. KG
Karlstraße 35
80333 München
Germany
4HV6+MJ
Tel +49.(0)89.442340-0
Fax +49.(0)89.442340-999
infos@rsu.one

CONTACT INFORMATION OF DATA PROTECTION OFFICER

You can reach our data protection officer by e-mail at Datenschutzbeauftragter@rsu.one.de, by regular mail by adding “der Datenschutzbeauftragte” to our postal address or by telephone at +49 89/442340-0.

PRINCIPLES OF DATA PROCESSING

1. Contact details and prospect enquiries
a) Nature and extent of data processing

As part of the event registration process, we collect information that you provide to us when you register for the event. This data is processed to complete your registration and to be able to enter into a contract with you regarding your participation which is subject to our terms and conditions for events.

We also process your data to create/issue name badges and participation lists and to provide you with information about the event before, during or after the event.

Information which is provided voluntarily during the event (i.e., via meeting notes or exchange of business cards, etc.) is processed to respond to customer requests. RSU may therefore contact you by mail, telephone and/or email.

b. Legal basis
The legal basis for the aforementioned processing is Art. 6 (1) lit. b) GDPR, as this information is required to enter into a contract with you (event) and in order to take steps at your request prior to entering into this contract. Our direct marketing activities are based on your consent in accordance with Art. 6 (1) lit. a) GDPR. You can withdraw your consent at any time.

c. Storage period
Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

2. Photos and videos
a) Nature and extent of data processing

As part of our events, we also take photos and videos (“recordings”) for internal and external communication, in particular for press and advertising purposes as well as for editorial and public relations activities. This includes use in all types of media, “offline” (i.e. print material such as brochures, flyers, and other advertising materials) as well as “online” (i.e. on our website and social media pages). In addition to the recordings, metadata such as the date and time of the recording may be collected. Even if the primary purpose of the recoding is the documentation of the event as such, it cannot be excluded that participants of the event may be identifiable in the recordings.

b. Legal basis
The legal basis for the creation and publication of recordings where a person is an insignificant or coincidental element (so called “Beiwerk” according to the German Artistic Copyright Act) is our overriding legitimate interest in documenting and reporting about the event, Art. 6 (1) lit. f) GDPR.

Recordings of individuals or small groups of people who stand out or are clearly identifiable are only taken and published based on the consent of the individuals captured in these recordings. This consent can be withdrawn at any time with effect for the future, Art. 6 (1) lit. a) GDPR.

c. Storage period
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

3. Creating and publishing recordings by event participants
We would ask you to respect the privacy rights of other participants when taking part in an event. If you take or publish photographs of other participants, especially for social media purposes, you are required to obtain the consent of the respective individual(s).

4. Survey Tool (Slido)
a. Nature and extent of data processing
During the event, participants have the option to engage in surveys. RSU currently uses the service provider Slido/sli.do, headquartered in Vajnorská 100/A, 831 04 Bratislava (EU), Slovakia, with whom a data processing agreement had been concluded.
Slido processes certain personal data for survey purposes, which includes your IP address and may include other technical information like browser type, and the date and time of access. Additionally, any personal information you submit, such as your name and email address, may also be processed.
More details about the nature, type, and purpose of data processing by Slido, including information about the service providers involved, can be found in their privacy policy: https://www.slido.com/terms#slido-privacy

Participants also have the option to use Slido anonymously, thereby not requiring the submission of any personal information (e.g., name, email address) to partake in the surveys. It is therefore highly recommended to utilize this anonymous feature as no information will be shared with Slido or other participants in this mode.

b. Legal basis
The processing of your personal data is based on our legitimate interest in conducting surveys in accordance with Art. 6 (1) lit. f) GDPR or based on consent in accordance with Art. 6 (1) lit. a GDPR, if such consent has been provided.

c. Storage period
All personal data collected for the purpose of conducting surveys will be promptly deleted following the event.

d. Data recipient
Slido is a service of Cisco Systems Inc. based in the USA. However, Cisco Systems Inc. is certified under the EU-US Data Privacy Framework, ensuring an approved level of data protection. Slido also utilizes subprocessors that are based in the US, but which are offering the appropriate safeguards under GDPR.

RIGHT TO OBJECT

You can object to photographs to be taken in which you are shown alone or in a (small) group of people at any time (i.e. by addressing the photographer directly or indicating by hand signal that you do not wish to be photographed). If you declare your objection after the event, you can also contact us directly (i.e. by e-mail to Datenschutzbeauftragter@rsu.one.de).

If you object to a recording to be published or withdraw your consent to the publication of a recording in which you are shown together with other people, the photograph will not necessarily be deleted. In this case, it is sufficient if you are made unrecognizable/anonymized (i.e. by pixilation).

YOUR RIGHTS

You have a right of access to the data stored about you, you have the right to rectification of your data, restriction of processing, erasure, data portability and objection and you have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data is not lawful.

Further information can be found in RSU’s ‘General Data Protection Policy

Munich, January 2, 2025

Questions? We’ll be happy to answer them.
Write to info@rsu.one or call +49.(0)89.442340-0