keyboard_arrow_up

SUPPLEMENTARY DATA PROTECTION INFORMATION FOR LINKEDIN AND LINKEDIN COMPETITIONS

1. Overview

Below you will find privacy notices for the LinkedIn profile of:

 

Rhenus Warehousing Solutions SE & Co. KG / CC International

Rhenus-Platz 1
459439 Holzwickede

 

Rhenus Warehousing Solutions SE & Co. KG processes personal data itself via its LinkedIn account (see VI.), and data processing by LinkedIn takes place at the same time (see V.).

 

2. Jointly Responsible for Processing:

We use the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, for the service offered here.

 

We are jointly responsible with LinkedIn for processing. You can find the agreement at https://legal.linkedin.com/pages-joint-controller-addendum

 

3. Data Protection Contact Details

The contact details of our data protection officers:

Norbert Geyer; Deputy: Michaela Berger

RDP Röhl, Dehm & Partner Rechtsanwälte mbH

Moritzplatz 6
86150 Augsburg

[email protected]

 

4. General Information on Processing Data

We must emphasise that you use the social service of LinkedIn as well as its range of functions on offer on your own responsibility in accordance with the user agreement you have concluded with LinkedIn. This applies equally to the interactive functions such as sharing or commenting.

 

For more information on the processing of data by LinkedIn, in particular on the purposes of the processing, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

 

We have no influence whatsoever on the data processing at and by LinkedIn, particularly not on the type of processing or the use and possible forwarding of data to third parties. We also have no effective means of control over this.

 

5. Automatic Processing by LinkedIn

If you use LinkedIn's service, your personal data will be processed by LinkedIn and will be processed regardless of your residence or domicile in Ireland or your residence or domicile in any country in which LinkedIn does business through your ability to download it.

When using LinkedIn, all personal and non-personal data that you voluntarily provide to LinkedIn for processing is processed, in particular through your own entries, as well as when you synchronise or upload data with LinkedIn.

 

While using the service, LinkedIn uses analytics tools to evaluate which topics and content interest you. Similarly, confidential messages that you send to other users via the service are processed and stored.

 

For the evaluation of this data, LinkedIn may use its own analysis tools or third-party services. LinkedIn also collects, among other things, personal data via our company page about their visitors, their followers or users who engage with our page in order to provide us with this data in anonymised form as statistics or as so-called “insights” (InSights).

 

This also gives us anonymised insight into how people visit and perceive our company website.

 

In particular, LinkedIn processes the following data:

 

  • Information about the user's profile
  • Functional data
  • Country
  • Industry
  • Seniority
  • Company size
  • Employee status
  • Type and manner of interaction (e.g. followers, visitors, etc.)

 

Personal data is also processed and stored via LinkedIn if you have not created an account with this service yourself. Even if you are only a temporary visitor, data such as the IP address, browser type, operating system, information on previously accessed websites, location, mobile phone provider, the end device and search terms used and cookie information are processed.

 

If you want to restrict the processing of your data by LinkedIn, you can adjust this in the settings of your LinkedIn account. Similarly, you can also restrict the service's access to contact and calendar data, photos, location data, etc. via the system settings of your end device.

 

For more information on the processing of data by the LinkedIn Ireland Unlimited Company service, please refer to the following information pages:

 

https://www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_privacy-policy&lang=de

 

https://www.linkedin.com/legal/privacy-policy

 

6. Data Processed by us via our LinkedIn Company Presence

On our LinkedIn company profile, you have the possibility to react to our posts, to write comments, to create a post on our page yourself or to send us private messages. All data provided and disclosed by you in this context will be used and processed by us.

 

The sole purpose of this data processing is to communicate with users on the basis of our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

 

In addition, LinkedIn provides us with access to the page insights. However, this is not personal data. We are only provided with summarised data as page insights, which do not allow us to draw conclusions about individual persons or members. The processing of the data via the page insights is carried out by LinkedIn and us as joint controllers within the meaning of the GDPR. The purpose of this data processing is exclusively the evaluation and analysis of the actions and activities on our LinkedIn company page as well as the improvement based on this data. Accordingly, the legal basis for the processing of the data is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.

 

1. Categories of persons concerned:

Data subjects are registered and non-registered visitors of our LinkedIn company presence on the social network LinkedIn.

 

2. Personal data that we process from registered visitors:

User ID under which you have registered and approved profile data.

 

Data that is generated when sharing content, exchanging messages and communicating and is required as part of a contract processing at the request of registered visitors.

 

3. Data we process from non-registered visitors:

Statistical data on use.

 

4. Origin of the data we processed:

We collect the data directly from you or receive it from LinkedIn.

 

5. Purposes of processing:

We process the data primarily for purposes of external presentation and advertising. In addition, we process the data for communication with the users. Finally, the data may also be processed for contract initiation or contract execution.

 

6. Storage period:

The deletion of the data as well as the retention period of the data is subject to the deletion routines of the platform operator in accordance with its data protection notices and terms of use.

 

7. Categories of recipients:

Only our employees can access the data we process via our LinkedIn account.

If the data subjects post their data publicly on our LinkedIn company profile, this can be viewed at any time by other registered and possibly also non-registered visitors.

 

8. Data transfer to third countries:

If you publicly post or comment on your data on our LinkedIn profile, this data will be visible to other registered and non-registered visitors to our LinkedIn profile worldwide.

In addition, LinkedIn transmits data to third countries, in particular the USA.

This data transfer is secured by standard contractual clauses of the EU Commission.

 

7. Processing of Personal Data in the Context of LinkedIn Competitions

 

1. Description and scope of data processing:

If you would like to participate in our LinkedIn competition, we need to process personal data from you. Without this information, participation in the competition is not possible.

 

We process your personal data exclusively for the purpose of the competition and for sending the prizes.

 

When participating in our competition, the following personal data will be processed:

LinkedIn username

Name, forename

Address

 

2. Legal basis for the data processing:

The legal basis is Art. 6 para. 1 lit. b) lit. c) GDPR, as the data processing is necessary for the implementation of the competition and in fulfilment of the contract concluded in this regard, as well as due to our legal obligations to retain data.

 

3. Purpose of the data processing:

The processing of personal data within the scope of the competition serves the purpose of carrying out the competition. In addition, the data becomes the basis of the sweepstake contract and serves the execution of the contract and the sending of the prizes. Furthermore, it serves the legitimate interests of the responsible party to enable a sweepstake event.

 

4. Duration of storage:

The deletion of the comments as well as the retention period of the data is subject to the deletion routines of the platform operator in accordance with its data protection notices and terms of use.

 

Messages exchanged for prize notification via LinkedIn will be deleted 6 months after the competition has closed.

 

The winners' data (name, address) will be retained in accordance with the statutory retention obligations under the AO until the expiry of these retention periods and then deleted.

 

8. Legal Bases

We process the data via our company profile together with LinkedIn as joint controllers within the meaning of Art. 26 GDPR. Accordingly, we have entered into a joint controller agreement with LinkedIn. In this agreement, we have, among other things, defined the distribution of data protection obligations between us and LinkedIn.

 

You can access this agreement via the following link:

https://legal.linkedin.com/pages-joint-controller-addendum.

 

By virtue of this agreement, the following shall apply:

 

  • LinkedIn is responsible for enabling users to exercise their rights under the GDPR
  • To exercise your rights, you can contact LinkedIn via the following link: https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de.
  • Alternatively, you can also reach LinkedIn via the contact details in LinkedIn's privacy policy.
  • To contact LinkedIn's data protection officer, you can use the following link: https://www.linkedin.com/help/linkedin/ask/ppq. 
  • You can also contact us at any time to exercise your respective rights under the GDPR. Based on the agreement reached with LinkedIn, we will transmit your request to LinkedIn.
  • Due to the agreement with LinkedIn, the Irish Data Protection Commission is the lead supervisory authority overseeing the processing of page insights.
  • You have the right to lodge a complaint regarding the processing of your data directly with the Irish Data Protection Commission (www.dataprotection.ie) or any other data protection supervisory authority.

 

Legal basis for data processing by us:

 

Data processing by us via our LinkedIn company profile is carried out in accordance with the statutory provisions and on the basis of the following legal grounds:

 

  • The processing is carried out for the fulfilment of the contract or for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR
  • The processing is carried out on the basis of a legal obligation to which we are subject, pursuant to Art. 6 (1) lit. c) GDPR
  • The processing is carried out to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR

 

Our legitimate interest in processing the data outweighs the interests, fundamental rights and freedoms of the data subjects.

 

Our interest in the processing is the provision of a platform with up-to-date information, the improvement of our offer as well as our web presence, the presentation of our company and the effective communication with users in case of questions and other concerns.

 

Legal basis for data processing by LinkedIn:

The legal bases on which LinkedIn bases its data processing can be found in the following link: https://www.linkedin.com/legal/privacy-policy

If you are tracked through the collection of your data, whether through the use of cookies or similar technologies or through the storage of IP addresses, LinkedIn is responsible for obtaining your consent in advance.

 

In particular, LinkedIn is obliged to inform you for what purposes and on what legal basis the initial call-up of a LinkedIn profile also generates entries in the so-called local storage for non-registered visitors and whether personal data of non-registered visitors (e.g. IP address or other data that aggregates to personal data) is also used to create profiles.

 

9. Rights of the Data Subject

If personal data is processed by you, you are the data subject within the meaning of the General Data Protection Regulation. You therefore have the following rights vis-à-vis the controller.

 

As only the platform operator has full access to all user data, we recommend that you contact LinkedIn Ireland Unlimited Company directly to assert your rights.

To exercise your data protection rights against us as the data controller, please contact the following e-mail address: [email protected]

 

1. Right to Information - Art. 15 GDPR

You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed.

If there is such processing, you have the right to access this personal data and to receive the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • if possible, the planned period for which the personal data will be stored or, if it is not possible, the criteria for determining the storage period;
  • the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
  • In addition, you have the right to request information on whether the personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may also request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

 

2. Right to Correction – Art. 16 GDPR

You have the right to obtain from the controller the correction and/or completion of data relating to you without undue delay if the personal data processed is inaccurate or incomplete.

 

3. Right to Deletion – Art. 17 GDPR

 

Obligation to Delete:

 

You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You have revoked your consent on which the processing was based pursuant to Art. 6 (1) a) or Art. 9 (2) a) GDPR and there is no other legal basis for the processing;
  • You have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21(2) GDPR;
  • the personal data concerning you have been processed unlawfully;
  • the deletion of the personal data concerning you is necessary for compliance with a legal obligation to which the controller is subject under European Union or member state law;
  • the personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

Exceptions:

  • A right to erasure does not exist insofar as the processing is necessary;
  • To exercise the right to freedom of expression and information;
  • To comply with a legal obligation which requires processing under EU or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller;
  • for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89
  • of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defence of legal claims.

 

4. Right to Restriction of Processing – Art. 18 GDPR

You have the right to request the restriction of processing of personal data concerning you under the following conditions:

  • if you contest the accuracy of personal data concerning you for a period enabling the controller to verify its accuracy;
  • if the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of its use;
  • if the controller no longer needs the personal data for the purposes of processing but you need it for the assertion, exercise or defence of legal claims; or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

 

Where the processing of personal data relating to you has been restricted, such data may, with the exception of storage,  be processed only with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or due to substantial public interest on the part of the European Union or a member state. If the restriction of processing has itself been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.

 

5. Right to Information – Art. 19 GDPR

If you have exercised one of your rights to rectification, deletion or restriction of processing, we are obliged to communicate the rectification, erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

 

6. Right to Data Portability – Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, as long as:

 

a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and

 

(b) the processing is carried out with the aid of automated procedures.

 

In exercising this right to data portability, you also have the right to ensure that the personal data concerning you is transferred directly from one controller to another insofar as this is technically feasible.

 

7. Right of Objection – Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

 

The controller shall no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

 

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.

 

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.

 

8. Right to Revoke the Declaration of Consent under Data Protection Law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

9. Right to Complain to a Supervisory Authority – Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the general data protection regulation.

 

The supervisory authority with which you lodge a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.