Your trust is important to us. The protection of your data is our top priority, and we hereby gladly inform you how we ensure compliance with the relevant legal regulations.
On Rail Gesellschaft für Eisenbahnausrüstung und Zubehör mbH
Phone: +49 (0)2104/9297-0
Fax: +49 (0)2104/9297-33
Types of data processed
- Contact data (such as first/last name, phone number)
- Usage data (such as websites visited, interest in contents, access times)
- Communication data (such as IP address, browser version)
Categories of data subjects
Users of this website.
Purpose of processing
- Provision of company information
- Provision of contact options
- Security measures to protect the website
- Marketing and analysis of user behaviour
Personal data include any information relating to an identified or identifiable natural person (hereinafter referred to as “the data subject”). Identifiable refers to a natural person who, directly or indirectly, can be identified in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or using one or more special characteristics, such as the expression of physical, physiological, genetic, psychological, economic, cultural or social identity.
Processing is any process performed with or without the aid of automated procedures or any process associated with personal information, such as collecting, organizing, storing, adapting or altering, reading, querying, disclosure through transmission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.
The controller shall be the natural or legal entity, authority, institution or other body that decides alone or jointly with others about the purposes and means of processing personal data.
Relevant legal bases
The basis of data protection law is the informational right of individual self-determination. In accordance with Article 13 GDPR, we hereby inform you about the legal basis of our data processing. The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 GDPR, the legal basis for the processing of our services and the performance of contractual measures and answering requests is Article 6 (1) (b) GDPR, the legal basis for processing for compliance with our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) GDPR. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
Cooperation with third parties or processors
If, in the course of our processing, we disclose data to other persons and companies (third parties), transmit them or otherwise grant access to the data, this will only be done on the basis of a legal authorisation, if you have given your consent, or if a legal obligation so provides or based on our legitimate interest.
If we commission third parties to process data for order processing, this is done on the basis of Article 28 GDPR.
Transfers to third countries
If we process data in a third country or in the context of the use of third party services or disclose or transmit data to third parties, we shall only do so to fulfil our contractual or pre-contractual obligations, based on your consent, due to a legal obligation or on the basis of our legitimate interest. As far as permissible processing is concerned, this takes place on the basis of special guarantees, such as the officially acknowledged determination of an EU level of data protection or observance of officially recognised special contractual obligations.
Rights of the data subject
Information (Article 15 GDPR)
The data subject has the right to request confirmation as to whether any personal data relating to him or her will be processed. If this is the case, the data subject shall have the right to obtain information on such data and also about the processing purposes, their origin, the recipient, the duration of the storage and their rights.
Correction (Article 16 GDPR)
The data subject has the right to demand rectification or completion of any incorrect personal data.
Deletion (Article 17 GDPR)
Data subjects have the right to request the deletion of their data - for example, if they are no longer required for the purpose for which they were originally collected or processed, or if they revoke their consent. A special form of the claim for deletion – the “right to be forgotten” – exists in cases where the controller has made the data to be deleted public. It must then take reasonable steps to inform the entities handling this information that the data subject requires them to delete all links to that data, copies or replications.
Limitation of processing (Article 18 GDPR)
The data subject may also request the restriction of processing in certain cases. For example: if the data subject has objected to the processing and it is not yet certain whether the legitimate reasons of the controller outweigh those of the data subject.
Right to transferability (Article 20 GDPR)
The right to data transfer entitles data subjects, under certain conditions, to receive a copy of their personal data in a standard and machine-readable file format.
Complaints (Article 77 GDPR)
Data subjects have the right to lodge a complaint with the competent supervisory authority.
Right of withdrawal (Article 7 (3) GDPR)
Data subjects have the right to revoke granted consent with effect for the future.
Right of objection (Article 21 GDPR)
Data subjects can object to the future processing of your data at any time. The objection may in particular be made against processing for direct marketing purposes.
Deletion of data
Collection of access and log data
Based on our legitimate interest (Article 5 (1) (f) GDPR), we store data on every access to the web server to ensure availability. The access data includes the name of the retrieved web page, file, date and time of the retrieval, data volume, status messages, browser type and version, the user’s operating system, IP address and possibly further technical information.
For security reasons, log files are stored for a maximum of 7 days and then deleted. Data for evidence will be exempted from the deletion requirement until clarification of the incident.
When contacting us (such as via email, contact form, telephone) user details are processed to handle the request and to take the steps necessary to settle the request. User information may be stored in a suitable client management programme or equivalent organisational system.
We delete the data that has been saved as a result of the requests, if these are no longer required and do not contradict the legal archiving obligations.
Cookies and right to object to direct advertising
Cookies are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie may serve to store information about a user (such as browser version, user’s interest) during or after his or her visit to a web page. These cookies can be stored temporarily or permanently.
Data protection officer
If you have questions about data protection, you can also contact our data protection officer directly:
Phone: +49 (0) 211 72139550