PRIVACY POLICY ACCORDING TO THE REQUIREMENTS OF THE GDPR
1. Scope of the processing of personal data
You can count on us to protect the privacy of your personal data. The protection of your privacy when processing personal data is an important concern for the RAG-Stiftung, and we take it into account in all our business dealings. Therefore, we would like to take this opportunity to explain to you our basic rules of handling your personal data—which, of course, is managed in compliance with the applicable European and national data protection regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6 (1) (b), GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) (c), GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing data.
3. Purpose of data processing
When you visit our websites, your browser transmits certain data to our web server due to technical requirements. We use this technical access information to continuously improve the attractiveness and usability of our internet pages and their contents and to identify possible technical problems of our Internet presence. In addition, in order to protect our legitimate interests, we store this data for a limited time in order to be able to bring about a derivation of personal data in the event of unauthorized access or access attempts to local servers. The following pages will tell you what this information is in detail.
We use so-called “cookies” on our website. You will find further details of this in our Cookie guidelines under Item 5 below.
In addition to automatically collected data we also process the data that you have voluntarily provided us with in the context of e.g. newsletter registrations, making contact, or other online forms.
4. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the invoking computer. This data is recorded in the form of logs.
The following data is collected in the process:
IP address of the user
Date and time of access
HTTP method
HTTP version
Websites from which the user’s system arrived at our website
Websites accessed by the user's system via our website
Browser agent
HTTP status code of the server response
Size of the response in bytes
This processing is technologically necessary for the display of our website. We also use the data to ensure the security and stability of the website.
The processing of the aforementioned data is necessary for the provision of the website and serves to protect a legitimate interest of our company. The legal basis for this processing is thus Article 6 (1) (f) GDPR.
Use of contact forms
There is a contact form on our website which can be used for making electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. To make it more difficult for automated programs and scripts to access websites, we use the "Friendly Captcha" bot protection service on our website. IP addresses are only stored in hashed form and deleted within 30 days. Beyond this, none of the information you enter in the respective input mask is recorded.
In this context, the information you enter is not passed on to third parties. The data is used exclusively for processing the conversation, i.e. the processing of the personal data from the input mask serves only for the purpose of us establishing contact. In the event of contact being made, this also constitutes the necessary legitimate interest in the processing of the data, so the legal basis for the processing is thus Article 6 (1) (f) GDPR.
We will delete the data as soon as it is no longer necessary for achieving the purpose for which it was collected. For the personal data from the input mask of the contact form and that which was sent by e-mail this is the case when the respective conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the matters in question have finally been clarified.
Online presences on social media, external services and content on our website
We maintain online presences on social media platforms to communicate with interested persons and users who are active there and to be able to inform this target group about events and news. In this context, we integrate external services or content on our website via links. If you use such a service (by clicking on the link and opening the platform), or if third party content is displayed to you, communication data (e.g. IP addresses or general device information) will be exchanged between you and the respective provider for technical reasons.
In addition, the provider of the respective external services or content may collect personal data about you—e.g. via the corresponding cookies—and process them thereafter for further purposes of their own. We have configured the services or content of providers who are known to process data for their own purposes to the best of our knowledge and belief in such a way that either communication for purposes other than the presentation of the content or services on our website is omitted, or communication only takes place when you actively decide to use the external service. However, since we usually and/or to a large extent have no influence on the data collected by third parties and its processing by them, we cannot provide any binding information on the purpose and scope of the processing of your data.
Further information on the purpose and scope of the collection and processing of your data by the providers of the corresponding external services and information about the data protection provided by the respective providers of the external services or content integrated by us can be found under the following links:
YouTube:
Data protection notice: policies.google.com/privacy,
Facebook:
Data protection notice: https://www.facebook.com/privacy/policy/
Instagram:
Data protection notice: https://www.instagram.com/about/legal/privacy
X (formerly Twitter):
Data protection notice: twitter.com/de/privacy
LinkedIn:
Data protection notice: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
YouTube
The RAG-Stiftung operates an online presence (channel) on YouTube, where we provide information about the activities of the RAG-Stiftung in the form of videos. The following additional data protection information applies to this channel:
YouTube is a service provided by Google Ireland Limited (“Google”).
You can contact YouTube at:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Irland
Phone: +353 1 543 1000
Fax: +353 1 686 5660
e-mail: support-deutschland(at)google.com
You can contact Google’s data protection team here.
The collection and storage of personal data and the nature and purpose of its use
You can find additional information about the processing of personal data at Google here.
Google collects data regardless of whether you are logged into a Google account or not.
If you are not logged in, technical information such as the IP address, the browser type, the operating system, information about the previously accessed website and the pages you visited on YouTube including unique identifiers are stored.
If you are logged into Google, your name and possibly phone number and payment information and other information you provide (such as in comments) will also be processed.
Google processes this data to provide and maintain its services, develop new ones, detect abuse and recommend appropriate videos.
Go here to modify the data that are collected when you are on YouTube.
When using YouTube, there is a risk that personal data will be transferred to Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The United States does not have a level of data protection comparable to the GDPR. Therefore, Google Ireland Limited uses standard contractual clauses for the transfer, which ensure a corresponding level of data protection.
The RAG-Stiftung has no control over the data collected and is not in a position to use individual data sets. For the RAG-Stiftung, only anonymized aggregated data about activity related to our videos, such as the number of clicks, average viewing time, reaction to the video, and statistics about viewer age and gender, is viewable.
The legal basis for maintaining a YouTube channel is accordingly Article 6 (1) (f) GDPR. The legitimate interest consists in the external presentation of the Foundation, in particular concerning the work of the RAG-Stiftung.
The RAG-Stiftung operates an online presence on Facebook, a so-called Facebook Fanpage. The following information on data processing additionally applies for visits to our Fanpage.
Facebook is a product of Meta Platforms Ireland Limited (“Meta”). You can contact Meta at:
Meta Platforms Ireland Limited
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Irland
According to Article 26 GDPR we are jointly responsible with Meta for the operation of our Facebook Fanpage. To this end, Meta has entered into an arrangement with us that determines who is responsible for fulfilling which obligations with respect to data protection. This agreement can be called up here. According to this agreement, Meta is primarily responsible for providing the data subject with information concerning the joint processing and for enabling the data subject to exercise his or her data protection rights. Independently of this agreement, we hereby inform you concerning your visit to our Fanpage and thus provide you with the information required under data protection legislation.
You will find further information concerning data protection at Meta in general here.
You can contact Meta online here.
You can reach Meta’s data protection officer at
https://www.facebook.com/help/contact/540977946302970.
The collection and storage of personal data and the nature and purpose of its use:
a) Data collected by Meta:
If you are a Facebook user, Meta collects the data described in the Meta Privacy Policy under “What kinds of information do we collect?“ If you are not a Facebook user it is nonetheless possible under certain circumstances that Cookies—small text files—in this case with identifiers, are stored in your browser. Such cookies enable the tracking of your behaviour as a user.
As a rule, the user data for a visit to Facebook is also processed by Meta for market research and advertising purposes. On the basis of the user behaviour (also when visiting our Fanpage), complex user profiles are created which Meta can use in order to display personalized advertising to the visitor within and outside Meta products. You will find more detailed information on this also in the Meta Privacy Policy.
If you do not agree to this you can opt out here.
b) Data used by us (“Page Insights”) and legal basis:
Meta provides us with statistics and user data on the basis of which we can analyse the use of our Fanpage (so-called “Page Insights”). This enables us to continually improve our presence on Facebook. We as operator have no influence over the processing of Insights data and all further information collected according to Article 13 GDPR such as e.g. the storage duration of cookies on users’ terminals. The primary responsibility according to the GDPR for the processing of Insights data lies with Meta. In this regard, we draw attention to the agreement regarding joint responsibility according to Article 26 GDPR that Meta has made with us and the duties that Meta has taken on according to this agreement.
We as the page administrator have no other possibility, also taking into account user tracking, to evaluate user behaviour on our Fanpage. It is also fundamentally not possible for us to identify the visitor to our Fanpage on the basis of the Page Insights. In particular, under the agreement mit Meta with Meta we have no right to demand that Meta disclose individual user data. An identification is only possible if we can assign individual profile photos to “Like” button clicks for the page; this, however, is only possible to the extent that our Fanpage has been marked with “Like” by the corresponding visitor and the “Like” is set to “public.”.
You will find which information Meta uses to create the Page Insights here.
The operation of the Facebook Fanpage and the use of the Page Insights serve our legitimate interest in an effective external representation and the communication with our interested parties. This interest justifies the operation of the page overriding both the legitimate interests of Facebook users and those of visitors to our Fanpage who do not have a Facebook account. The legal basis is accordingly Article 6 (1) (f) GDPR.
The RAG-Stiftung operates an online presence (page) on Instagram. Instagram is an audio-visual platform that enables users to share photographs and videos and also to disseminate them in other social networks.
The operating company of the services offered by Instagram is
Meta Platforms Ireland Limited
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
According to Article 26 GDPR we are jointly responsible with Meta for the operation of our Instagram page. To this end, Meta has entered into an arrangement with us that determines who is responsible for fulfilling which obligations with respect to data protection. This agreement can be called up here. According to this agreement, Meta is primarily responsible for providing the data subject with information concerning the joint processing and for enabling the data subject to exercise his or her data protection rights. Independently of this agreement, we hereby inform you concerning your visit to our Fanpage and thus provide you with the information required under data protection legislation.
You can contact Meta online here.
You can reach Meta’s data protection officer at
https://www.facebook.com/help/contact/540977946302970.
You will find further information and the Data Policy of Instagram at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
a) Data collected by Meta:
If you are an Instagram user, Meta collects the data described in the Instagram Data Policy under “What kinds of information do we collect?” If you are not an Instagram user it is nonetheless possible under certain circumstances that cookies—small text files—in this case with identifiers, are stored in your browser. Such cookies enable the tracking of your behaviour as a user.
As a rule, the user data for a visit to Instagram is also processed by Meta for market research and advertising purposes. On the basis of the user behaviour (also when visiting our Instagram page), complex user profiles are created which Meta can use in order to display personalized advertising to the visitor within and outside Meta products. You will find more detailed information on this also in the Instagram Data Policy.
b) Data used by us (“Page Insights”) and legal basis:
Meta provides us with statistics and user data on the basis of which we can analyse the use of our Instagram page (so-called “Page Insights”). This enables us to continually improve our presence on Instagram. We as operator have no influence over the processing of Insights data and all further information collected according to Article 13 GDPR such as e.g. the storage duration of cookies on users’ terminals. The primary responsibility according to the GDPR for the processing of Insights data lies with Meta.
We as the page administrator have no other possibility, also taking into account user tracking, of evaluating user behaviour on our Instagram page. It is also fundamentally not possible for us to identify the visitors to our Instagram page on the basis of the Page Insights. In particular, under the agreement with Meta we have no right to demand that Meta disclose individual user data. In addition to any personal information provided to us directly by the users, depending on the user’s privacy settings we can also see information on the user’s profile, the user’s Likes and the user’s comments.
The operation of the Instagram page serves our legitimate interest in an effective representation to the public and in communication with our interested parties. This interest justifies the operation of the page overriding both the legitimate interests of Instagram users and those of visitors to our fan page who do not have an Instagram account. The legal basis is accordingly Article 6 (1) (f) GDPR.
X (formerly Twitter)
The RAG-Stiftung operates a channel on X. X is a short message service from the company Twitter Inc. Registered users can publish short messages (“Tweets”) on X.
You can contact X at:
Twitter International Company
One Cumberland Place
Fenian Street
Dublin 2
D02 AX07
Ireland
You can contact X online here.
You can reach X’s data protection officer under https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
You will find further information and the Privacy Policy of X at https://twitter.com/de/privacy.
a) Data collected by X
If you are a X user, X collects the data described in the X Privacy Policy under “Information You Share With Us”. If you do not have a X account, under certain circumstances X nonetheless receives information that X designates as “Log Data” and that enables the tracking of your behaviour as a user. This log data includes information such as your IP address, your location, information on the previously viewed website and the pages you called up, information on your device and cookie information. Additional information is available in X’s Privacy Policy under “2.4 Log Data”:
As a rule, the user data collected during a visit to X is also processed by X for market research and advertising purposes. On the basis of the user behaviour (also when visiting our X channel), complex user profiles are created which X can use in order to display personalized advertising to the visitor within and outside X. You will find more detailed information on this also in the X Privacy Policy.
b) Legal basis
The operation of the X channel serves our legitimate interest in an effective representation to the public and in communication with our interested parties. This interest justifies the operation of the page overriding both the legitimate interests of X users and those of visitors to our channel who do not have a X account. The legal basis is accordingly Article 6 (1) (f) GDPR.
The RAG-Stiftung operates a profile on LinkedIn. LinkedIn is a social network and an online platform for professionals, specialist personnel and managers.
According to Article 26 GDPR we are jointly responsible with LinkedIn for the use of the Page Insights during the operation of our LinkedIn profile. LinkedIn has entered into an arrangement with us that determines who is responsible for fulfilling which obligations with respect to data protection. This agreement can be called up here. According to this agreement, LinkedIn is primarily responsible for providing the data subject with information concerning the joint processing and for enabling the data subject to exercise his or her data protection rights. Independently of this agreement, we hereby inform you concerning your visit to our profile and thus provide you with the information required under data protection legislation.
You can contact LinkedIn at:
LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
You can contact LinkedIn online here.
You can reach LinkedIn ’s data protection officer under
https://www.linkedin.com/help/linkedin/ask/TSO-DPO
You will find further information and the currently valid Privacy Policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy?_l=en-GB .
a) Data collected by LinkedIn
If you are a LinkedIn user, LinkedIn collects the data described in the LinkedIn Privacy Policy under “Data We Collect”. A LinkedIn cookie is not set for members who have not logged in at LinkedIn, so that identification is not possible. Further information is available in the LinkedIn Cookie Policy at: https://de.linkedin.com/legal/cookie-policy?
As a rule, the user data collected during a visit to LinkedIn is also processed by LinkedIn for market research and advertising purposes. On the basis of the user behaviour (also when visiting our LinkedIn profile), complex user profiles are created which LinkedIn can use in order to display personalized advertising to the visitor within and outside LinkedIn. You will find more detailed information on this also in the LinkedIn Privacy Policy.
b) Data used by us and legal basis:
LinkedIn provides us with statistics and usage data on the basis of which we can analyse the use of our LinkedIn page (so-called “Page Insights”). This enables us to continually improve our presence on LinkedIn. We as operator have no influence over the processing of Insights data and all further information collected according to Article 13 GDPR such as e.g. the storage duration of cookies on users’ terminals. The primary responsibility according to the GDPR for the processing of Insights data lies with LinkedIn. In this regard, we draw attention to the agreement regarding joint responsibility according to Article 26 GDPR that LinkedIn has made with us and the duties that LinkedIn has taken on according to this agreement.
We as the page administrator have no other possibility, also taking into account user tracking, of evaluating user behaviour on our LinkedIn page. It is also fundamentally not possible for us to identify the visitor to our LinkedIn page on the basis of the Page Insights. In particular, under the agreement with LinkedIn we have no right to demand that LinkedIn disclose individual user data. In addition to any personal information provided to us directly by the users, depending on the user’s privacy settings we can also see information on the user’s profile, the user’s Likes and the user’s contributions.
You can see which information LinkedIn uses to create the Page Insights profile here.
The operation of the LinkedIn profile and the use of the Page Insights serve our legitimate interest in an effective external representation and the communication with our interested parties. This interest justifies the operation of the page overriding both the legitimate interests of LinkedIn users and those of visitors to our profile who do not have a LinkedIn account. The legal basis is accordingly Article 6 (1) (f) GDPR.
External service providers for online presences in social media
The RAG-Stiftung has commissioned external service providers with the maintenance of its social media. Contracts for contract data processing that provide for the protection of your data have been concluded with these service providers.
5. Cookie guidelines
We use cookies—exclusively with your consent (opt-in)—on our website. Cookies are small files that are automatically generated by your browser and stored on your terminal (laptop, tablet, smartphone etc.) when you visit our site and consent to the cookies according to our cookie banner. Cookies store information arising from the connection with the specific terminal being used. However, this does not mean that we obtain knowledge of your identity. Cookies are used, on the one hand, to improve your experience of our website as a user. For example, we use session cookies in this way in order to recognize that you have already visited individual pages of our website. On the other hand, we use cookies in order to statistically record and evaluate usage statistics for our website in order to optimize our website for you. And finally, we set cookies for the Investor Relations page of our website for legal reasons.
You can alter your preferences for the setting of cookies on our website here at any time.
The changes are effective immediately.
With your consent, we use session cookies (which are a form of technical cookie) in this way in order to recognize that you have already visited individual pages of our website. The following data is collected in the process:
Language settings
Login information
First visit or recurring use
Previous website
Session ID of the user
In addition, we also use—subject to your consent—a further technical cookie that represents your selection regarding the use of cookies. This cookie (“cookieConfig”) prevents the repeated display of the cookie banner on every individual page of our website and adjusts the cookie banner of our website in such a way that the cookie settings that you have made are displayed.
The technical cookies are automatically deleted when the local browser is closed or a certain time (24h) has elapsed without the user carrying out an action on the website.
And finally we set an Investor Relations cookie with your consent when you visit the sub-page Investor Relations on our website. For legal reasons (in particular reasons concerned with liability) the content of our Investor Relations sub-page should not be available to visitors with their primary residence outside Germany (in particular, in the USA). This is ensured by the Investor Relations cookie, which only enables the page access after you have input your postcode and an appropriate location. This cookie is deleted after the end of the session.
You can manage the cookies that have been set with your consent on our website here at any time and you can also change the acceptance or refusal of cookies.
You can deselect cookies that have already been set with immediate effect here. If you change your settings and refuse cookies, it can happen that specific functions and features of our website do not function as intended.
The legal basis for these cookies is your consent, Article 6 (1) (a) GDPR.
Use of Matomo
We use the web analysis tool Matomo (previously Piwik) in order to be able to analyse and improve the use of our website. Matomo is an open source project that emphasizes data protection and conformance with the GDPR (https://matomo.org/gdpr/). You can find the privacy policy of Matomo here. Matomo is operated on a dedicated server of the RAG-Stiftung in Germany (Oberhausen). Matomo has no access to this server. There is no transfer of data from the RAG-Stiftung to Matomo.
The statistics acquired through the operation of Matomo enable us to improve our web presence and to develop it so that it is more interesting for you as a user. For the purpose of this evaluation, cookies are stored on your computer exclusively with your consent (opt-in). You will find details of the cookies set by Matomo here. Our website uses Matomo in the configuration where IP addresses are only processed in abbreviated form (masking of 2 octets). A direct reference to a specific person is thus not possible.
The following data is stored when individual pages of our website are invoked:
Two bytes of the IP address of the calling user system (anonymized IP address)
The current website accessed
The website previously accessed by the user prior to landing on the current website (referrer)
The sub-page accessed from the current website
The time spent on the website
The frequency of website visits
The statistical data is automatically deleted without occasion within 30 days (with a daily deletion interval).
The processing of the named user data enables us to analyse the surfing behaviour of our users. By means of the evaluation of the collected data, we are able to collate information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. The interest of the users in the protection of their personal information are sufficiently taken into account due to the anonymization of the IP address.
The legal basis of the use of Matomo is your consent, Article 6 (1) (a) GDPR.
6. Data deletion and storage time
Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may still be necessary for a longer period if this has been required by the European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. We automatically delete data stored for technical reasons after 90 days.
7. Possibility of objection and erasure
The user has the possibility to revoke his consent regarding the processing of personal data at any time (see also rights of the data subjects). If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The collection of the data for the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
8. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
The right to information about your personal data stored by us, Article 15 GDPR;
The right of rectification, erasure or restriction of processing of your personal data, Articles 16-18 GDPR;
The right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can prove compelling legitimate grounds for processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims, Article 21 GDPR;
Right to data portability, Article 20 GDPR;
The right to lodge a complaint with a supervisory authority, Article 77 GDPR;
The right to withdraw your consent to the collection, processing and use of your personal data at any time with effect for the future, Article 7 (3) GDPR. You will find more detailed information on this in the respective sections above, where data processing on the basis of your consent is described.
If you wish to exercise your rights, you may either address your request to the data protection officer listed below, fill in our contact form on the website or mail to info(at)rag-stiftung.de.
9. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
RAG-Stiftung
Im Welterbe 10
45141 Essen
Germany
Phone: +49 (201) 378-3333
e-mail: info(at)rag-stiftung.de
Website: www.rag-stiftung.de
Name and address of the data protection officer
The data protection officer of the data controller is:
RAG-Stiftung
- Data protection officer -
Im Welterbe 10
45141 Essen
Germany
e-mail: datenschutz(at)rag.de