Declaration of Data Privacy
RP Photonics Consulting GmbH takes privacy matters very serious. We consider them not as a nasty obligation, but care about them due to our sincere convictions. We do our best to observe the German data protection law and the European General Data Protection Regulation (GDPR), and we want to provide all our services with particularly high respect for privacy. Therefore, on this page we explain in detail and with clarity, how we deal with data and for which purposes.
In addition, we have a detailed and regularly updated internal document which lists the data processing activities and the applied rules.
The subject of data protection are all data which are directly or indirectly related to persons such as names, postal addresses, e-mail addresses, telephone numbers and IP addresses.
Hosting and E-Mail Provider
Our web and e-mail services are provided with the help of the German provider DomainFactory. The used servers are located in Germany and operated based on German privacy laws and the GDPR. As the provider has technical access to some personal data (e.g. concerning e-mail newsletters, see below), we have made a contract for data processing according to Art. 28 GDPR, which binds the provider to strictly respect those laws.
As essentially the provider only provides the technical infrastructure, but does not actively deal with our data and is bound by privacy law, in the following we do not consider the sole technical access to data by our provider as sharing data with a third party.
Data Transfers to Other Countries
We strictly refrain from transmitting any data of our contact persons, customers or users on computers outside the European Union, where it would be hard to verify that German privacy rules are respected.
Similarly, we do not work with advertising networks.
Surfing on our Website
The majority of our very comprehensive Internet services can be used totally anonymously, i.e., without entering any personal data. We do not require that users register on our website for such services.
If you call pages on our website or download documents or programs, these requests are automatically registered by our provider DomainFactory (see above) in agreement with privacy law. The following data are stored: domain, IP address, request, user agent, time stamp and status code. All this is stored for three days and then deleted. We have configured the server such that we do not get access to those data.
In addition, our own web software collects some log data, but not including personal information. In particular, we do not store the IP addresses of our users, but only store anonymized hash values, from which the original IP addresses could not be retrieved, and the country information obtained from the IP address (using a local database, i.e., not by sending the IP address to an external service). We also store the so-called “user agent”, a specification delivered by your browser. The combination of the hash value of the IP address and the user agent is used for estimating the number of unique users in our usage statistics and for the analysis of usage patterns on our website, thus finally for the further improvement of our website. The country information is used for statistical purposes.
We do not use so-called “browser fingerprinting”. The stored data are used only for statistical analysis of the website usage and are not transmitted to third parties. We never try to identify particular users of our website. Therefore, we also do not undertake any attempts to identify or localize users (except concerning their country) based on IP addresses, for example.
Our web server is operated in Germany according to German data protection law. For example, it is configured such that no Apache web logs are stored, since they would contain IP addresses and thus be questionable in terms of privacy. In principle, the operator of our Web server has access to various data mentioned on this page; however, this company is bound by German data protection law.
Since 2015-08-16, the web server delivers all pages in encrypted form (via HTTPS). Since 2020-01-16, it enforces the use of HTTPS with HSTS. That improves security and privacy in various respects. For example, if you surf on our encyclopedia, using your notebook in a hotel with a non-encrypted WLAN connection (and without a VPN tunnel), other parties in that hotel cannot watch any longer which pages you are visiting and what feedback you are submitting. Also, it is prevented that someone can manipulate the page content on the way to you (e.g. with insertion of malicious code). Further, encryption protects data which you send to us e.g. via web forms. We also use various other techniques for maximum security; for example, we have implemented a strict Content Security Policy (CSP) as an effective second line of defense against cross-site scripting (XSS) attacks.
We use certain buttons for using social media such as Google+, Facebook and Twitter. As the original forms of these buttons appear questionable to us, we use modified forms (Shariff from Heise-Verlag), which ensure that data of users are transmitted to the operators of these services only if the users really use these buttons.
We also do our best to ensure that no third parties obtain access to our usage data, as far as that would go beyond the very restricted data transfers explicitly mentioned on this page. In particular, we do not cooperate with any advertising networks, also not with Google Analytics.
Some search pages use Google custom search; however, they send information to a Google server only if the search functionality is actually used.
We publish some data of our usage statistics (for example, in relation to our advertising offers), which however do not contain any personal data.
Feedback of the Users
Many of our pages contain a form with which users can send their feedback in a privacy-friendly manner. Here, it is not required for them to identify themselves as users, except of course if they wish an answer from us. Again, we store the related data in a form which is uncritical in terms of privacy, in particular without direct storage of IP addresses, and do not share them with any third parties. Thus we do not store any personal data unless you voluntarily enter them in the feedback form, which implies your consent; we then store the data based on Art. 6 (1) (a) of GDPR. We will use it only for the purpose of improving our website and possibly giving you a response.
Our website describes various software products and contains a page with a web form for inquiries. There, we acquire your data based on Art. 6 (1) (b) of GDPR and use them for the purpose of giving you the requested information, apart from internal statistical evaluations in anonymous form. The data are transmitted in encrypted form. We may occasionally (but certainly not frequently) contact you after your inquiry to check whether you require more information and whether you are still interested in our products; we will not do that if you used the above mentioned form without checking the corresponding option, or if you tell us not to do it. We will not use the data for any other purposes. We will not send your data to third parties, except perhaps to one of our distributors which is active in your country, but only with your explicit consent.
We offer various newsletters, which you can receive via e-mail. If you register for a newsletter (via “double opt-in”) or cancel your subscription, the corresponding processes are automatically logged on our server. The only personal information stored in that context is your e-mail address, as required for sending the newsletter; it is stored together with the date and time of your order, the names of the selected newsletters and an anonymized signature. At least once per year, we anonymize all data for which a cancellation of a subscription has been received, i.e., we remove all personalized data (i.e., your e-mail address) from both the original registrations and the later cancellations. (For statistical purposes only, we permanently retain the logs of orders and cancellations, but anonymized such that it is impossible to reconstruct the corresponding addresses or any other personal data.) We then also anonymize data for subscriptions which have not been confirmed within 30 days. If you want your data to be immediately anonymized from the files, please tell us (ideally via letter or telephone, as e-mails are occasionally lost). The e-mail addresses used for confirmation mails or newsletters are not logged and archived in our e-mail system.
Further, we assure you that we use these data only for sending these newsletters, and acquire the data based on Art. 6 (1) (b) of GDPR. We do not share these data with third parties.
Our newsletters contain html links, mostly to our own website (e.g. encyclopedia articles), and images are also loaded from our website. Those links are not used for personal tracking; they at most transmit the information that some unidentified reader has opened a newsletter. Therefore, we can not track which registered users actually open the newsletter mails.
We strictly avoid sending our newsletters too frequently, which might be disturbing for our readers.
In rare cases, we do some surveys, e.g. related to users of our software, consulting customers or users of our website. We limit the collected information to what is required for the purpose (essentially statistics). Personal data are not acquired, except if users enter them voluntarily. We do not share such data with third parties; at most, we would release non-personal statistical evaluations.
Our RP Photonics Buyer's Guide contains many entries from companies offering products in the area of photonics. Occasionally, these companies receive statistical usage data, but never in a form which would allow them to identify users.
The same holds for companies using banners on our website.
The published data are partly taken from public sources (in particular, from the suppliers' websites) and partly taken as received through our web forms. If we become aware of any inaccuracies, we do our best to correct the as soon as possible.
Of course, we will delete any supplier data if an authorized person of that company asks us to do so.
Of course, we grant you all rights according to GDPR. Among other things, this implies the following:
On request, we will inform you on your data which are stored by us. You can have such data corrected or deleted at any time, also you can withdraw any consent to the processing of data or limit its use, but with the following limitations:
- We will not delete data which we need to store for legal reasons (e.g. need to store documents which are relevant for taxation).
- The lawfulness of the data processing before the withdrawn consent is not affected by the withdrawal.
If you have any concerns or complaints against our data handling practices, please contact our responsible person (see below). You also have the right to file a complaint with the appropriate authorities: Landesbeauftragter für den Datenschutz Baden-Württemberg.
This website is operated under the legal responsibility of RP Photonics Consulting GmbH, Waldstr. 17, 78073 Bad Dürrheim, Germany. Being a small company, we do not have a dedicated privacy officer. In such matters, please use your general contact page. The responsible person is Dr. Paschotta, the managing director; you find his contact data on the mentioned contact page.