Data protection information

according to Art. 13 GDPR for the website www.federates.eu

I. General information

1. Introduction

With the following Data Protection Information (Privacy Policy), we would like to inform you about which categories of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent when you visit our website www.federates.eu.

2. Controller

The Controller pursuant to Art. 4 (7) of the General Data Protection Regulation (hereinafter referred to as GDPR) for the data processing on this website is

The Consortium of the FEDERATES Project

Represented by the coordinator:
Rheinmetall Electronics GmbH
Brüggeweg 54
28309 Bremen, Germany
Phone: +49 421 1080 - 0
E-mail address: info@rheinmetall.com

3. Data Protection Officer

The contact details of the Data Protection Officer of the coordinator are:
Rheinmetall AG
Group Data Protection Officer
Rheinmetall Platz 1
40476 Düsseldorf, Germany
E-mail address: DSB-RhAG@rheinmetall.com

II. Data processing activities on our website

In principle, you can visit our website without disclosing your identity. If you use certain functions/areas of our website, it may be necessary to provide or collect personal data, depending on the circumstances. In the following, we will go into the details of the respective data processing activities on our website.

1. Hosting of the website / logging of website visits

In order to provide our website securely and efficiently, we use the services of the web hosting provider net.DE AG (Büttnerstraße 57, 30165 Hannover, Germany; hereinafter "net.DE"), from whose servers the website is accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services provided by net.DE. In this regard, net.DE carries out data processing on our behalf in accordance with Art. 28 GDPR. The servers are located in Germany.

When you visit our website, we or net.DE collect data on each access to the server (so-called server log files). The collected data includes:

IP address
Date and time of your visit
The browser you are using (incl. its version)
The operating system you are using (incl. its version)
Which resources (e.g. sub-page, contact form) you access on our website (is logged in the form of the so-called URL)

We process these server log files on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the following purposes:

Ensuring the security and stability of the website (e.g. avoiding server overloads due to abusive attacks, so-called DDoS attacks).
Ensuring a proper connection to the website
Ensuring a comfortable use of the website
Evaluation of system security and stability
For other administrative purposes

We may analyze these server log files retrospectively if we become aware of specific indications of unlawful use. The server log files will be deleted immediately if they are no longer required to achieve these purposes, but no later than 90 days after their collection.

For the specifics of the "Investor Relations" section of this website, please refer to Section II.4 of this Data Protection Information.

2. No use of cookies

This website does not use any "cookies" and similar technologies. When you visit the website, no usage activities are analysed and no processing of personal data for commercial or marketing purposes takes place.

3. Communication

If you contact us (e.g. by contact form, e-mail, telephone), the information or data you provide will be processed to the extent necessary to process or respond to the contact request and any requested activities.

In particular, you may write us via the contact forms provided in the "Contact" section of the website. The information marked as mandatory in the respective contact form (e.g. first name, last name, e-mail address) must be provided. In addition, further data can be provided voluntarily. This also includes all data that you mention in the free text field of your message to us.

All messages received via the contact forms are forwarded to the relevant mailbox. Only a limited number of authorized persons within our company have access to these mailboxes. If necessary to process your request, your inquiry may be forwarded to other departments within our company, to members of the Consortium or to affiliated companies of the Consortium members. In exceptional cases, this may also involve affiliated companies of Consortium members outside the European Union (EU) or the European Economic Area (EEA). We ensure an appropriate level of data protection at affiliated companies of the Consortium outside the EU/EEA in accordance with Art. 44 ff. GDPR. Data will not be forwarded to persons or companies outside the Consortium and its affiliated companies without your prior express consent.

The data processing necessary to adequately answer/respond to your inquiry/message is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. This legitimate interest also includes any necessary forwarding of your inquiry/message to members of the Consortium. If you submit an inquiry/message within the scope of a contractual or pre-contractual relationship with us, the necessary data processing is based on Art. 6 (1) lit. b GDPR for the purpose of fulfilling our contractual obligations or to answer (pre-)contractual inquiries.

Your inquiry/message (including the transmitted data) is usually deleted 7 days after completion, unless there are legal retention periods or other legitimate reasons for further storage (e.g. assertion, exercise or defense of legal claims). In the latter cases, your data will be deleted after expiry of the applicable statutory retention period (e.g. from commercial or tax law) or after the other legitimate reasons for processing no longer apply (the legal basis for further retention for these legitimate reasons is usually Art. 6 (1) lit. f GDPR).

4. Links

On this website, you may find links to online or social media presences of the Consortium members (see corresponding icons in the Consortium list on this website). The Consortium members are each independently responsible as a controller for the processing of personal data on their social media presence. Any statement and contribution on the social media presence reflects only the opinion of the controlling operator of the social media presence and does not represent the opinion of the Consortium.

Clicking on the respective icon or link takes you to the corresponding external online or social media platform of a member of the Consortium. The data protection information stored there applies to the respective presences and the data processing of each individual controller. Clicking on the respective icon/link does not result in any data transmission by us to the external operators of the platforms.

III. Technical and organizational measures

We implement appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Such measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, availability and separation to and of the data. Furthermore, we have established procedures to ensure that data subjects' rights can be exercised, data can be deleted, and responses are made to any threats to the data. Additionally, we already consider privacy matters during the development or selection process of hardware, software and procedures in accordance with the principle of Privacy-by-Design and Privacy-by-Default.

SSL encryption (https): To properly protect your transmitted data, this website uses a so-called SSL encryption. You can recognize such encrypted connections by the prefix "https://" in the page link (URL) in the address line of your browser. Unencrypted pages are prefixed by "http://".

Thanks to this SSL encryption, no data which you transmit to this website – for example in case of inquiries – can be read by third parties without further significant efforts.

IV. Your rights

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

Right to be informed and of access (Art. 15 GDPR): In accordance with the statutory provisions, you have the right to request information as to whether and to what extent we process your personal data.

Right to rectification (Art. 16 GDPR): In accordance with the statutory provisions, you have the right to request the rectification or completion of incorrect or incomplete data concerning yourself.

Right to erasure (Art. 17 GDPR): In accordance with the statutory provisions, you have the right to demand that your personal data be erased. Note: An immediate deletion of your data may be opposed by statutory retention obligations or other justified reasons for further processing.

Right to restrict processing (Art. 18 GDPR): In accordance with the statutory provisions, you have the right to demand that the processing of your personal data be restricted.

Right to data portability (Art. 20 GDPR): In accordance with the statutory provisions, you have the right to receive your personal data in a structured, commonly used and machine-readable format and - as far as technically feasible - to demand that it be transferred to another controller.

Right to object (Art. 21 GDPR): In accordance with the statutory provisions, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that the data processing is carried out on the basis of legitimate interests (cf. Art. 6 (1) lit. e or lit. f GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to such processing, including profiling, insofar as it is connected with such direct marketing.

Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw any consent you have given at any time with effect for the future without having to state reasons. Such withdrawal of consent does not affect the lawfulness of processing that has taken place on the basis of consent until the time of withdrawal.

To exercise your rights, please contact:
Rheinmetall Electronics GmbH
Brüggeweg 54
28209 Bremen, Germany
E-mail: info@rheinmetall.com

Right to lodge a complaint with a supervisory authority (Art. 77 (1) GDPR): In accordance with the statutory provisions, you have the right to lodge a complaint with a data protection supervisory authority of your choice, in particular in the Member State of your habitual residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

V. Miscellaneous

We may adapt this Data Protection Information if changes in the legal situation or the data processing carried out by us make it necessary.

The currently displayed Data Protection Information upon your visit applies. Where necessary and possible, we will inform you if any changes require your involvement (e.g. renewed consent) or individual notification.

Where we provide addresses and contact information of other companies and organizations in this privacy information, please note that the addresses may change over time.

The terms used herein are not gender-specific.

Status of this data protection information: November 28, 2024