General information

Objective and responsibility

(1) The purpose of this privacy policy is to inform you about the nature, scope and purpose of personal data processing on our internet website and the associated sites, functionalities and content (hereinafter collectively referred to as “website”). The privacy policy applies irrespective of the domains, systems, platforms and devices (e.g., desktop or mobile) on which the website is made available, please see the legal information on our website.

(2) The provider of the website and legally responsible for it under privacy law is the Company, Reinhard-Heraeus-Ring 23, 63801 Kleinostheim Germany (hereafter referred to as the “provider”, “we” or “us”). For further details as well as how to contact us.

(3) Our data protection officer can be reached via the following email address: jvankisfeld@revalyu.com

(4) The term “user” includes all customers and their employees as well as visitors to our website.

(5) The products and services of the Company are intended exclusively for companies. The Company website, including its advertising and any business contact forms on the Company websites, are not directed at children and adolescents (persons under 18 years of age). Persons under 18 years of age are not authorized to fill in and submit these contact forms to the Company. Except as stated below, the Company does not knowingly collect personal information from persons under 18 years of age. The Company will only request data from persons under 18 years of age if such persons apply for a job, an apprenticeship or a student internship at the Company in a application portal which is set up separately for such persons. The requested data is used exclusively for the purpose of the application process. They will not be used for any other purpose and will be deleted after the application procedure has been completed in accordance with the requirements of data protection law.

Legal basis

We collect and process personal data on the following legal basis:

a. Consent in accordance with Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is a statement of intent, freely given in a specific instance in an informed and unambiguous manner in the form of a declaration or another unequivocal affirmative act, where the data subjects make it clear that they consent to the processing of their personal data.

b. Necessity for the performance of a contract or in order to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR, i.e., the data is necessary for us to carry out our contractual obligations to users or we need the data in order to prepare a contract with users.

c. Processing for compliance with a legal obligation in accordance with Art. 6(1)(c) GDPR, i.e., the data processing is required on the basis of a law or some other requirement.

d. Processing to safeguard legitimate interests in accordance with Art. 6(1)(f) GDPR, i.e., the processing is necessary to safeguard our legitimate interests or those of a third party, provided the interests do not outweigh the fundamental rights and freedoms of users who require the protection of personal data.

Data subject rights

(1) Right to information: In accordance with Art. 15 GDPR, users can request confirmation of whether their data is being processed. If this is the case, users have the right to information regarding the information at no charge.

(2) Right to revoke consent: If personal data is processed on the basis of consent, users have the right to revoke this consent at any time in accordance with Art. 7 GDPR.

(3) Right to object: If processing the personal data is necessary to safeguard the legitimate interests of our Company, users can object to the processing at any time in accordance with Art. 21 GDPR.

(4) Right to erasure: If users have revoked their consent, objected to the processing of their personal data (and there are no overriding legitimate reasons for the processing), their personal data is no longer necessary for the original purpose of the processing, there is a corresponding legal obligation or personal data has been processed unlawfully, users have the right to request the deletion of their personal data in accordance with Art. 17 GDPR.

(5) Right to rectification: If personal data has been processed while incorrect, users have the right, to request that this data be corrected immediately in accordance with Art. 16 GDPR.

(6) Right to restriction of processing: Under the provisions of Art. 18 GDPR, users have the right to demand that the processing of their personal data be restricted.

(7) Right to data portability: In accordance with Art. 20 GDPR, users have the right to receive the personal data they provided in a structured, commonly used and machine-readable format.

(8) Right to file a complaint: In accordance with Art. 77 GDPR, users have the right lodge a complaint with the responsible supervisory authorities.

Deletion of data

(1) The data that we store is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements. We review whether the data is still required every two years.

(2) If the user data is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to user data which must be retained for reasons relating to commercial or tax law.

Security measures

(1) We have in place state-of-the-art organizational and technical security measures to ensure compliance with relevant legal provisions and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.

(2) Our security measures include, in particular, the encryption of data for transmission between the user’s browser and our server.

Transfer of data to third parties and third-party providers

(1) The Company transfers data to third parties exclusively in accordance with legal provisions. We only transfer user data to third parties if necessary (for example, for accounting purposes) or for other purposes necessary to meet our contractual obligations to users or legal requirements.

(2) Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.

(3) If, within the scope of this privacy policy, we use content, tools or resources of other providers (hereinafter collectively referred to as “third-party providers“) whose registered office is in a third country, it must be assumed that data are transferred to such third countries.

(4) Third countries are countries where the GDPR does not apply directly, i.e., in principle, all countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if users have given their consent or if the transfer of such data is permitted by law.

External references and links

References or links (“links”) to the content provided by external providers must be distinguished from the content of the Company own website. By embedding a link to an external website (“hyperlinks”), the Company does not endorse same nor adopt such an external website or its content as its own. Should any infringement caused by the external website come to the attention of the Company.  The Company will delete the link as soon as is possible. The Company neither assumes any responsibility for the availability of such external website nor for its content. You access and use such other web sites, including the content, items or services on those websites, solely at your own risk. With regard to the Company liability considering external references and links the provisions under the section Disclaimer  apply accordingly.

Cookies and reach measurement

General information

(1) Cookies are files transmitted by our web server or the web server of third parties to users’ web browsers and stored there so they can be accessed later on. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.

(2) We only use non-essential cookies if you have given your express consent (opt-in). In addition, users who do not want to have cookies stored on their computer can deactivate the corresponding option in their system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionalities of this website.

Opt-out options

Users can opt out of the use of cookies used for reach measurement and advertising purposes via the opt-out page of the network advertising initiative ( http://optout.networkadvertising.org/ ) as well as the U.S. website ( http://www.aboutads.info/choices ) and the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).

Concrete data processing

Collection of access data

(1) When accessing our website, information is automatically transmitted from the user’s browser to us; this includes the name of the website and files that are accessed, the date and time they are accessed, the quantity of data transmitted, reports about successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited prior to visiting our website), the user’s IP address and the requesting provider.

(2) The processing of this information is technically necessary and is carried out on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR regarding the safeguarding of the security of the processing (e.g., to prevent and identify cyber-attacks).

(3) The information is automatically deleted four weeks after the end of the connection – i.e. the use of the website – provided there is no retention period that prevents this.

(4) The collection and storage of the data in log files is necessary for the provision of the website. For this reason, users may not request the deletion or correction of this data or object to its processing.

Contacting us

(1) When a user contacts us (by contact form or email) the user’s data is stored in order to process and carry out the request.

(2) The user information may be stored in our customer relationship management systems (“CRM systems”). The legal basis for the further processing of the data is the preparation of a business transaction (in accordance with Art. 6(1)(b) GDPR).

Use of cookies

(1) The legal basis for the use of cookies for the online marketing measures described below is the consent of the user in accordance with Art. 6(1)(a) GDPR.

(2) The legal basis for the use of cookies that are required for the technical functionality of the online platform is Art. 6(1)(f) GDPR. Our legitimate interest is the user-oriented and economically efficient operation of our website.

Google Tag Manager

If you give us your consent, we use Google Tag Manager. Google Tag Manager is a solution that allows us to use website tags via an interface (and integrate, for example, Google Analytics and other Google marketing services in our website). The tag manager itself (which implements the tags) does not process any of the user’s personal data. Regarding the processing of the user’s personal data, please note the following information about the Google services. Use policy: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Analytics

(1) If you give your consent, we use Google Analytics, a web analysis service of Google Ireland Limited (“Google”) in order to analyze and optimize our website. Google uses cookies. The information generated by the cookies about your use of this website is generally transferred to and stored on a Google server in Ireland.

(2) Google will use this information on behalf of the Company to evaluate your use of our website, to compile reports on website activity, and to provide other services to the Company that are related to the use of the website and the internet. The data retrieved in this context may be used to create pseudonymized user profiles.

(3) We only use Google Analytics with IP anonymization activated. This means that a user’s IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the U.S. and truncated there.

(4) The IP address transferred from the user’s browser will not be linked with other Google data. Users may prevent the storage of cookies by selecting the appropriate system settings in their browser. Users may also prevent the recording and processing by Google of data generated by cookies and data related to their use of the website by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.

(5) Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes), http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).

Changes to the privacy policy

(1) We reserve the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing.

(2) If the consent of the user is required or if elements of the privacy policy contain components of the contract agreed the user, the changes will only be made with the user’s consent.

(3) Users are requested to familiarize themselves regularly with the content of the privacy policy.

Last updated: 10 March 2022