Privacy Statement and Cookie Notice

“Personal data” is all information that relates to an identified or identifiable natural person (hereafter, “data subject”). An identifiable data subject is a person who can be identified directly or indirectly, in particular through assignment to an identifier such as a name, identification number, location data, online identifier or one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this data subject.

“Controller” is the designation of the natural or legal person, authority, institution or other body that determines the purposes and means of the processing of personal data, alone or jointly with others. If the purposes and means of processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

“Processing” is any operation or set of operations that is performed in the context of personal data with or without the help of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, export, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

1. Use of the website

You can use the Rieter website without actively disclosing your personal data. The active provision of personal data is not a condition of use for the Rieter website, unless they are required for delivery of a product or service upon request. However, in the course of the standard operation of the website, specific data from you or about you in the context of your visit to the website will be automatically or passively acquired. The server can automatically collect information “website use information”, such as described below, or Rieter (or service providers from Rieter), in line with many companies, can use cookies and other tracking technologies (such as pixels, beacons and tags) to collect, save, and track information about the use of the website. This information is used to provide, improve and adapt the Rieter web pages. For further information on how Rieter uses cookies and other similar technologies, see the Notes on Cookies.

The following information is automatically saved in the log data when you visit and access the Rieter website:

• Internet protocol (IP) address
• Date
• Time
• Browser requirement
• General information on your operating system and browser

This data can be used to improve this website in terms of its content and appropriateness, to understand your use of the website and, based on this, to adapt its content to you as an individual. The data that is automatically or passively acquired from or about you is occasionally used for statistical purposes or other purposes (including for the purposes of third-party providers of cookies and/or related technologies). See the Notes on Cookies from Rieter.

“Website use information” includes at least the following:

1. your browser type, device type, operator (if any), device address, operating system, operating system address, IP address, and the name of the domain from which you accessed a website
2. information about your region, continent, country, city, postal code, time zone, and general location
3. information about your surfing behavior on and about a website (also called “clickstream data”), such as (a) the data and time of your visit to a website, (b) the areas or pages of a website that you visited, (c) the duration of your visit to a website, (d) the website or pages that you visited before visiting the website in question, (e) the website or pages that you visited after visiting the website in question, (f) the social plug-ins that you interacted with on the Rieter website, and (g) other similar website use data.

The data that is automatically or passively acquired from or about you, can possibly be used to identify you, but Rieter will not use the data for this purpose.

Further, you can use various forms to actively provide personal data for requesting and receiving information, products, etc. Such personal data is used to fulfill your request (e.g., asking a question or submitting an order, subscribing to a newsletter, customer magazines, media announcements, financial reports, customer surveys, etc.) and their processing is based on your consent.

Even if Rieter is possibly able to combine the data you actively provided with the data automatically or passively acquired from you, Rieter will not do this. With regard to the personal data that you provide (e.g., for products or services you have requested or for another purpose you have authorized), Rieter will rely on technical and organizational means to ensure compliance with the applicable data privacy protection provisions.

The following information is automatically saved in the log data when you visit and access the Rieter website:

• Internet Protocol (IP) address
• Date
• Time
• Browser request
• General information about your operating system and browser.

This data may be used to improve the content and usefulness of the website, understand your use of the website and tailor the content to you based on the information collected.

"Website usage information" includes but is not limited to the following:

1. Your browser type, device type, operator (if applicable), device address, operating system, operating system address, IP address and the name of the domain from which you accessed the website
2. Information about your region, continent, country, city, zip code, time zone, general location and
3. Information about your surfing behavior on and through a website (also known as "clickstream" data), such as (a) the date and time of your visit to one of the websites, (b) the areas or pages of a website you visited, (c) the duration of your visit to a website, (d) the website or pages you visited before visiting a website, (e) the websites or pages you visit after leaving a website, (f) social plugins used for interacting on the Rieter website and (g) other similar website usage data.

The data collected from or about you automatically or without your input could lead to the identification of your person. However, Rieter will not use the data for this purpose.

In addition, you can provide personal data in various forms for requesting and receiving information about products and services. Such personal data will be used in all cases, based on your consent, to fulfill your request (e.g. placing an inquiry or an order, subscribing to newsletters, customer magazines, media releases, business reports, customer surveys, etc.).

Even if Rieter were able to combine the data provided by you with the data collected automatically or without the input from you, Rieter will not do so. Concerning the personal data that you provide (e.g. for products or services you have requested or for other purposes authorized by you), Rieter relies on technical and organizational means to ensure compliance with the applicable data security regulations.

2. Data of business partners

As part of our business activities, Rieter processes the personal data of customers, suppliers, and other business partners. This data encompasses:

• The first and last names and contact data of the contact person, position and title, affiliated company/function, sector, possible cross connections (e.g., shareholder or related persons), creditworthiness data, references, and other background information
• Communication with existing, former, and potential business partners and third parties
• Performance and billing data, bank account information, insurance coverage
• Documentation and further information in the context of the business relationship

Rieter receives this data directly from its business partners or from other persons involved in a business relationship. To the extent permitted, Rieter also collects data from publicly accessible sources (e.g., trade registers, debt collection registers, land registers, and the Internet) or receives data from companies in the Rieter Group, from authorities and other third parties (e.g., credit agencies).

Rieter primarily processes this personal data in order to conclude and process contracts with its business partners, to document, invoice and improve its services, to develop new products and services, or to procure services from its business partners. This includes processing to fulfill legal and contractual duties in Germany and abroad (e.g., compliance with export restrictions or sanctions) and to implement or reject legal claims. Rieter also processes the data of its business partners in order to communicate with them, answer questions, and provide them with newsletters, information about the offers of companies in the Rieter Group, customer surveys, invitations to events, and similar information.

The personal data collected under the “Data collection” section remain with data processors or on servers acting on behalf of Rieter and for which Rieter is responsible. Neither Rieter nor representatives of Rieter pass on personal data collected by Rieter for use by third parties in any form, unless this is required for fulfilling the purpose for which they were collected (e.g., for processing an order), or if Rieter previously received your consent or is legally obligated to do so.

The data that is passively collected on the Rieter website through cookies from third parties and related technologies are an exception. Third-party providers of such cookies/related technologies can use your personal data for their own purposes and transfer such data into other jurisdictions (also see the notices regarding cookies from Rieter).

Some of your personal data may be saved on computers or processed at locations that are in other jurisdictions whose laws regarding data privacy protection are different from those in the jurisdiction of your residence. In particular, you must expect your data to be transmitted to all countries in which Rieter has subsidiaries and locations, and to other countries in Europe and outside of Europe where the service providers commissioned by Rieter and their sub-contractors are located. If data is transmitted to a country that does not have suitable legal data protection, Rieter will ensure that suitable protective measures are in place (namely, by concluding relevant contracts based on the “standard contract clauses” of the European Commission or another set of regulations designed to safeguard data protection), or will be based on one of the legal exceptions such as your consent, the conclusion of a contract or contract execution, and the establishment, exercise or enforcement of legal claims. You can receive further information about recipient countries and the implemented measures at the contact address listed in this Data Privacy Policy.

Rieter uses the collected data for the purposes listed in the Data Privacy Policy. Further, Rieter will process your personal data and those of others to the extent permitted and if it appears appropriate to Rieter, also for the following purposes in which Rieter (and third parties from time to time) has a legitimate interest in line with one of the following purposes:

• Exercise of legal claims and defense in the context of legal disputes and official procedures
• Prevention and clarification of criminal offenses and other misconduct (e.g., the execution of an internal investigation, data analyses in the fight against fraud)
• Video surveillance and other measures for safeguarding the operation, for IT, building and plant security, and for protecting employees, other persons, plants and assets (e.g., access control, visitor lists, network and email scanners)
• Purchase and sale of business units, companies or parts of companies as well as other corporate transactions and the related transmission of personal data
• Risk management and prudent corporate management and development
• Compliance with laws, directives, and recommendations of the authorities and the internal rules of the Rieter Group

Insofar as Rieter requires a basis in law for processing personal data, Rieter acts based on your consent (in the meaning of Art. 6 (1) (a) GDPR), Rieter processes your personal data for the initiation or fulfillment of an agreement (in the meaning of Art. 6 (1) (b) GDPR), in order to comply with legal provisions (in the meaning of Art. 6 (1) (c) GDPR) or to preserve the legitimate interests of Rieter or third parties (in the meaning of Art. 6 (1) (f) GDPR). A particular legitimate interest is to fulfill the purposes described in this Data Privacy Policy and enable Rieter to carry out the corresponding measures.

Rieter uses technical and organizational security precautions in order to protect your personal data against manipulation, loss, destruction, or access by unauthorized persons. All the personal data that you provide Rieter through the website is transmitted in encrypted form as a means of preventing any misuse by third parties. The security precautions of Rieter are continuously revised and improved on the basis of the latest technological developments.

Subject to the data protection laws applicable in your case, you have the right to demand from the controller (1) information about and (2) the rectification or (3) deletion of your personal data or (4) the limitation of the processing of your personal data, and you can (5) object to the processing of your personal data. Further, you have (6) a right to data portability.

Simply send an email to the controller of your data dataprivacy(at)rieter.com or contact the controller at the address listed in the “Contact information” section. The controller will process your request while complying with the applicable data protection law and can also reject or fulfill your request on a limited basis in accordance with the statutory provisions.

You have the right to withdraw your consent to future processing of your personal data at any time. For the sake of clarity, however, this withdrawal does not influence the legality of processing based on the consent you granted before submitting your withdrawal.

In this case as well: Simply send an email to the controller of your data dataprivacy(at)rieter.com or contact the controller at the address listed in the “Contact information” section.

Remember that exercising your right to withdraw consent may conflict with contractual agreements and can have consequences such as premature termination of the contract or costs. The controller will inform you of such consequences in advance in cases where this has not already been contractually prescribed.

Rieter saves personal data as long as required for the purposes pursued by their processing, the legal retention periods, and the legitimate interests of processing for the purposes of documentation and proof, or for technical reasons. The purposes of documentation and proof encompass the interest of Rieter to document transactions, interactions and other facts for the case of legal claims, irregularities, for purposes of IT and infrastructural security, and as proof of good corporate governance and compliance. For technical reasons, personal data can be retained if specific data cannot be separated from other data and it must be stored together (e.g., in the case of backups or document management systems). With respect to your passively collected data, please observe the Notes on Cookies of Rieter.

If you are a resident of the EU or Switzerland, you probably have the right to file a complaint with a supervisory authority if you do not agree with the processing of your personal data.

The body responsible for the data processing described in this Data Privacy Policy is the specific Rieter company upon whose website the processing of your personal data takes place or which is your specific business partner in the context of the processing in question.

If you have issues or questions with regard to your personal data, please contact Rieter Holding AG at the following contact data:

Rieter Holding AG
Klosterstrasse 20
CH-8406 Winterthur, Switzerland

dataprivacy(at)rieter.com

The continuous further development of the Internet occasionally requires this Data Privacy Policy to be adapted. Rieter reserves the right to make the necessary changes.