Skip to Content

Privacy policy

The German original version of the privacy notice shall be the only legally binding version. 
The English translation is provided solely for reference purposes and shall have no legal effect.
1. General Section


1.1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1.1.  In the following, we, rising systems AG (hereinafter referred to as “Company”, “we” or “us”), provide information about the processing of personal data within our company. Personal data are all data that can be related to you personally, e.g., name, address, email address, user behavior.

 

1.1.2. Even if masculine forms are used in this text, all genders are equally addressed.


1.1.3. The controller responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.


1.1.4. The controller within the meaning of the GDPR is:

rising systems AG

Benrather Schloßallee 99

40597 Düsseldorf

Telephone +49 (0) 211 90 32 94 0

Email info@rising-systems.de

Further information can be found in the legal notice (https://www.rising-systems.de/impressum). 


1.1.5. You can contact our Data Protection Officer at:

Matthias Bungartz

Benrather Schloßallee 99

40597 Düsseldorf

Telephone 0211 903294 0

Email bungartz@rising-systems.de


1.2. Processing Principles and Legal Bases

1.2.1. The legal basis for processing operations for which we obtain consent for a specific processing purpose is generally Art. 6(1) sentence 1 lit. a GDPR. The processing of personal data that we require for the performance of contractual or pre-contractual obligations (e.g., on the basis of a software development agreement) is carried out on the basis of Art. 6(1) lit. b GDPR. Where processing is necessary for compliance with a legal obligation (e.g., statutory retention obligations under Section 257 HGB, Section 147 AO) to which the controller is subject, Art. 6(1) lit. c GDPR serves as the legal basis. Where processing is necessary for the purposes of legitimate interests pursued by us or by a third party and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Art. 6(1) lit. f GDPR serves as the legal basis for the processing of personal data.  


1.2.2. Where the processing of data requires the storage of information in the user’s terminal equipment or access to information already stored in the user’s terminal equipment—particularly cookies—the legal basis is Section 25(1) TTDSG (consent), Section 25(2) No. 1 TTDSG (carrying out the transmission of a message over a public telecommunications network), or Section 25(2) No. 2 TTDSG (provision of a telemedia service explicitly requested by the user).


1.2.3. Processing may also be based on multiple legal grounds.



1.3. Disclosure of Data

As a general rule, your personal data will not be transferred to third parties. Exceptions may apply if:

– you have given your explicit consent pursuant to Art. 6(1) sentence 1 lit. a GDPR,

– the disclosure is necessary pursuant to Art. 6(1) sentence 1 lit. f GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

– there is a legal obligation for disclosure pursuant to Art. 6(1) sentence 1 lit. c GDPR, and

– it is legally permissible and necessary pursuant to Art. 6(1) sentence 1 lit. b GDPR for the performance of contractual relationships with you.



1.4. Categories of Recipients and Third-Country Transfers

1.4.1. Within our company, only those persons have access to your data who are responsible for processing data relating to you (e.g., for billing purposes). In addition, we use external service providers, in particular processors within the meaning of Art. 28 GDPR, where we cannot or cannot reasonably perform services ourselves. These external service providers are primarily providers of IT and telecommunications services, such as:

- Odoo S.A., Chaussée de Namur, 40, 1367 Grand Rosière, Belgium. Information on data protection at this company can be found in its privacy policy at https://www.odoo.com/de_DE/privacy  


1.4.2. For the transfer of personal data to third countries, Section 1.5 applies.



1.5. Categories of Recipients and Third-Country Transfers

1.5.1. In the context of our business relationships, your personal data may be transferred or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively for the performance of contractual and business obligations and in the interest of efficient business operations (legal basis: Art. 6(1) lit. b or lit. f GDPR in conjunction with Art. 44 et seq. GDPR).


1.5.2. The European Commission has determined that certain third countries ensure a level of data protection comparable to that of the EEA by means of so-called adequacy decisions (a list of these countries and copies of the adequacy decisions are available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). 


1.5.3. In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of statutory provisions. In such cases, we ensure that an adequate level of data protection is maintained. This can be achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46(1), (2)(c) GDPR (the 2021 standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certifications, or recognized codes of conduct. Please contact our Data Protection Officer if you would like further information on this matter.



1.6. Storage Period

1.6.1. For the data processing carried out by us, we specify in these privacy notices how long your personal data are stored by us and when they are deleted or restricted. Where no explicit storage period is specified, your personal data will be deleted or restricted as soon as the purpose or legal basis for storage ceases to apply.


1.6.2. Storage may, however, continue beyond the specified period in the event of a (potential) legal dispute with you or other legal proceedings, or if storage is required by statutory provisions to which we are subject as controller (e.g., Section 257 HGB, Section 147 AO). Once the statutory retention period expires, your personal data will be restricted or deleted unless further storage is necessary and a legal basis exists.



1.7. No Obligation to Provide Personal Data

As a general rule, you are under no legal or contractual obligation to provide us with your personal data; however, it may be the case that we can only provide certain services to a limited extent or not at all if you do not provide the data required for this purpose and/or do not grant consent to processing.



1.8. Data Security

1.8.1. We implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


1.8.2. During your visit to our website, we use the widely adopted SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can recognize whether a specific page of our website is transmitted in encrypted form by the closed key or lock symbol displayed in your browser’s status bar.


1.9. Your Rights as a Data Subject

1.9.1. You may assert your rights as a data subject regarding your processed personal data at any time using the contact details provided above. As a data subject, you have the right:


1.9.2. pursuant to Art. 15 GDPR, to request access to your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if not collected from you, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;


1.9.3. pursuant to Art. 16 GDPR, to request without undue delay the rectification of inaccurate or completion of your personal data stored by us;


1.9.4. pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;


1.9.5. pursuant to Art. 18 GDPR, to request restriction of processing of your data where the accuracy of the data is contested by you or the processing is unlawful;


1.9.6. pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller (“data portability”);


1.9.7. pursuant to Art. 21 GDPR, to object to the processing of your personal data where such processing is based on Art. 6(1) sentence 1 lit. e GDPR (processing in the public interest) or Art. 6(1) sentence 1 lit. f GDPR (legitimate interests of the controller). This applies in particular where processing is not necessary for the performance of a contract with you. In the event of a justified objection, we will review the situation and will either cease or adjust the data processing or provide you with our compelling legitimate grounds on the basis of which we continue the processing;


1.9.8. pursuant to Art. 7(3) GDPR, to withdraw at any time your consent once given—that is, your freely given, informed and unambiguous indication of your wishes, expressed by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to you for one or more specific purposes—with the effect that we may no longer continue the data processing based on that consent for the future;


1.9.9. pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the processing of your personal data in our company, for example with the supervisory authority responsible for us. The competent data protection supervisory authority for us is:  


State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2-4

40213 Düsseldorf

Telephone +49 (0)211 38424-0

Fax +49 (0)211 38424-999

Email poststelle@ldi.nrw.de


A list of the German supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html



1.10. No Automated Decision-Making (Including Profiling)

The personal data collected from you are not used for automated decision-making processes (including profiling).



2. Data Processing When Visiting Our Website and Contacting Us by Email


2.1. Personal Data Processed

When using the website for informational purposes only, i.e., if you do not otherwise provide us with information, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary to display our website to you and to ensure stability and security (legal basis: Art. 6(1) sentence 1 lit. f GDPR):

– IP address

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status / HTTP status code

– Amount of data transmitted in each case

– Website from which the request originates

– Browser

– Operating system and its interface

– User’s internet service provider

– Websites accessed by the user’s system via our website

– Language and version of the browser software



2.2. Storage Periods

We delete or anonymize your aforementioned personal data as soon as they are no longer required for the purposes for which we collected or used them as described above. With regard to the storage of data in log files, deletion or anonymization takes place no later than 14 days.



2.4. Use of Cookies

2.4.1. In addition to the data mentioned above, cookies are stored on your device when you use our website. Cookies are small data records that are stored on your persistent storage medium and assigned to the browser you use, through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer.


2.4.2. We use technically necessary cookies on our website in order to operate the website. These technically necessary cookies ensure that the website is usable by enabling basic functions. Without these cookies, the website would not function properly. The legal basis for this is our legitimate interest (Art. 6(1) lit. f GDPR). Our legitimate interest lies in providing a functional website. These cookies are stored until the end of the respective browser session.


2.4.3. In addition, we use functional and performance cookies to collect information about how you use the website. The user is not identified. The information is used solely to determine what interests our users and how we can optimize the website. These cookies are also stored only until the end of the respective browser session. The legal basis is your consent pursuant to Section 25(1) sentence 1 TTDSG. You may withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.


2.4.4. Most browsers automatically accept cookies. You can configure your browser so that no cookies are stored on your device or so that you are always notified before a new cookie is set. However, the complete deactivation of cookies may result in you not being able to fully use all functions of our website.


2.4.5. Details of the cookies we use can be found in our Cookie Policy (https://www.rising-systems.de/cookie-policy).



2.5. Data Processing When Using the Contact Form and Email Contact


2.5.1. A contact form is available on our website which can be used for electronic communication. If a user makes use of this option, the data entered into the input form are transmitted to us and stored (such data include, for example, name, address, email address, telephone number, and message content).


2.5.2. At the time the message is sent, the following data are also stored:

- The user’s IP address

- Date and time of the request


2.5.3. Alternatively, contact may be made via the email address provided. In this case, the personal data transmitted with the email will be stored. No data will be passed on to third parties in this context. The data will be used exclusively for processing the communication.


2.5.4. The legal basis for processing the data transmitted in the course of contacting us via the contact form or by email is Art. 6(1) lit. f GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1) lit. b GDPR.


2.5.5. The processing of personal data from the input form or email serves solely to handle the contact request. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in processing the data.


2.5.6. The data will be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For personal data from the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter has been conclusively clarified.


2.5.7.The personal data additionally collected during the submission process will be deleted no later than seven days thereafter.


2.5.8. You may object to the storage of your personal data by sending an email to info@rising-systems.de . In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted.


3. Processing of Personal Data of Third Parties, Customers, and Suppliers


3.1. Pursuant to Art. 6(1) lit. b GDPR, personal data are processed where you provide them to us for the initiation and performance of a contract and where the execution of the contract would not be possible without such data (e.g., name of a contact person).  


3.2. The personal data collected are evident from the respective contract forms or arise from the information you proactively provide in connection with the conclusion and performance of the contract.


3.3. We may also process personal data in order to safeguard legitimate interests pursued by us or by third parties within the limits of the law pursuant to Art. 6(1) lit. f GDPR, provided there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of personal data override such interests. A legitimate interest generally exists where it is necessary to secure evidence, for example to assert or defend our rights in court or to respond to requests from law enforcement authorities.


3.4. Where applicable, we may transmit information on payment defaults to credit agencies for the purpose of preventing fraud or similar activities. This is carried out in accordance with legal requirements where it is necessary to safeguard our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of personal data override such interests. The processing is therefore carried out for the purpose of fraud and crime prevention on the basis of Art. 6(1) lit. f GDPR.



3.5. Sources and Types of Personal Data


3.5.1. We primarily process personal data that are provided to us by the data subjects themselves in the context of contractual and business relationships or that we receive from the respective contractual and business partners (e.g., from your colleagues with whom we are already in contact), for example in the course of handling an inquiry or an order. In addition, we process personal data that we collect from publicly accessible sources (such as commercial registers, press, or the internet) or receive from third parties (e.g., credit agencies, business partners). Where personal data are collected from third-party sources, we will inform you separately.


3.5.2. Relevant personal data include, in particular, personal details (e.g., name, first name, address, bank details, billing address, tax number/VAT ID) and other contact details (e.g., telephone number, email address). In addition, this may also include contract or order data (e.g., revenue data, volumes, planned quantities), data arising from the performance of our contractual obligations, information about your financial situation (e.g., creditworthiness data), data relating to your person (e.g., business interests, profession, industry, position, tasks, and responsibilities), as well as other data comparable to the categories mentioned.


3.5.3. The scope of data processed for an individual varies depending on the capacity in which the person interacts with us, for example the position they hold with the respective business partner.


3.6. Legal Bases, Purposes of Processing, and Legitimate Interests

3.6.1. We process personal data for the following purposes and to pursue the following legitimate interests, each based on the following legal grounds:


3.6.1.1. Marketing

- Purpose: marketing

- Processing/legitimate interest: selection of and direct contact for advertising via electronic communication (including newsletters) and/or telephone

- Legal basis: Art. 6(1) lit. a GDPR; Art. 6(1) lit. f GDPR in conjunction with Section 7(3) UWG


3.6.1.2. Contracts

- Purpose: preparation, performance, and execution of contracts with you or your employing company

Processing/legitimate interest:  

o (e.g., handling inquiries, authentication, contract preparation, execution, invoicing, payment processing);

o service and work contracts (e.g., reviewing offers, contract execution, payments, communications)

- Legal basis: Art. 6(1) lit. b and lit. f GDPR


3.6.1.3. Customer Care

- Purpose: customer support

- Processing/legitimate interest: maintaining optimal customer relationships, including employees of business partners

- Legal basis: Art. 6(1) lit. f GDPR


3.6.1.4. Internal Processes

- Purpose: own business purposes including process optimization

Processing/legitimate interest:  

o optimization of business processes (e.g., CRM systems)

o centralization or outsourcing

o risk reduction via credit checks and scoring (profiling)

- Legal basis: Art. 6(1) lit. f GDPR


3.6.2. We also process your data to safeguard our legitimate interests (Art. 6(1) lit. f GDPR), in particular for the assertion and defense of legal claims and for market research.


3.6.3. Further processing is carried out based on legal obligations (Art. 6(1) lit. c GDPR), e.g., tax obligations, regulatory requirements, and statutory retention obligations.



4. Changes in Company Structure

In the course of the development of our business, the structure of our company may change, for example through a change in legal form or through the establishment, acquisition, or sale of subsidiaries, parts of companies, or assets. In such transactions, customer information may be transferred together with the part of the company being transferred. In any such disclosure of personal data to third parties within the scope described above, we ensure that this is carried out in compliance with these privacy notices and the applicable data protection laws.



5. Updates and Amendments to these Privacy Notices

5.1. These privacy notices are valid and are effective as of 28 March 2024.


5.2. Due to the further development of our internal processes, offerings, and our website, or due to changes in legal or regulatory requirements, it may become necessary to amend these privacy notices. The current version of the privacy notices can be accessed and printed at any time on our website.