jumpToMain
95098

Data protection information in accordance with Art. 13, 14 EU General Data Protection Regulation (GDPR) for the use of Rheinmetall e-Signature

In connection with the use of our technical solution for electronic signatures ("Rheinmetall e-Signature"; cloud-based application MOXIS from XiTrust Secure Technologies GmbH), processing of personal data is also taking place, about which we would like to inform you below.


A. Name and contact details of the Controller

Rheinmetall Group headquarters is primarily responsible for the operation of the technical solution and the data processing that takes place:

Rheinmetall AG
Rheinmetall Platz 1
40476 Düsseldorf
Germany
signature@rheinmetall.com

The Rheinmetall company that requests an electronic signature from you or otherwise contacts you in this context is generally responsible for data processing in connection with the use of the e-Signature solution.

The contact details of the Rheinmetall companies can be found on the following website:  https://www.rheinmetall.com/en/company/locations-worldwide


B. Contact details of the data protection officer

Rheinmetall AG, Group Data Protection Officer
Rheinmetall Platz 1
40476 Düsseldorf
Germany
E-mail address: DSB-RhAG@rheinmetall.com

The contact details of any data protection officers of other Rheinmetall companies can be found on the following website: https://www.rheinmetall.com/en/meta/navigations/footer/data-protection-officers


C. Data categories & purposes of data processing

The type, scope and purposes of data processing depend on the respective use case/context:

 

1) For the provision of an electronic signature

  • Surname, first name
  • E-mail address
  • Signature drawing ("signature image")
  • Mobile phone number, if applicable (e.g. for qualified electronic signature)
  • Company, function and authorizations, if applicable
  • Any other personal data contained in the document to be signed
  • Timestamp of the signature
  • Audit trail, if applicable: information on the traceability and quality assurance of signature processes (e.g. consecutive ID, time stamp, action description)
  • Log files: Technical information about accessing the website/application (e.g. IP address, browser data, device data, timestamp)

 

2) For the creation and management of users

  • Surname, first name
  • E-mail address
  • Signature drawing ("signature image")
  • Mobile phone number, if applicable (e.g. for qualified electronic signature)
  • Company, function and, if applicable, authorizations
  • Profile picture (optional)
  • Language of the order recipient, if applicable
  • Audit trail, if applicable: information on the traceability and quality assurance of signature processes (e.g. consecutive ID, time stamp, action description)
  • Log files: Technical information about accessing the website/application (e.g. IP address, browser data, device data, timestamp)

 

3) For the creation and management of signature orders

  • Surname,
  • E-mail address
  • Signature drawing ("signature image")
  • Mobile phone number, if applicable (e.g. for qualified electronic signature)
  • Any other personal data contained in the document to be signed
  • Audit trail, if applicable: information on the traceability and quality assurance of signature processes (e.g. consecutive ID, time stamp, action description)
  • Log files: Technical information about accessing the website/application (e.g. IP address, browser data, device data, timestamp)

 

4) To maintain a personal and/or global address book in the e-signature solution

  • Rheinmetall users can create contacts for signature orders in their personal and/or in the Rheinmetall-wide (global) address book within the solution.
  • The following data will be processed: Surname, first name, e-mail address, mobile phone number if applicable, company/function/authorization if applicable

 

5) To ensure traceability, integrity and operational safety

  • Audit trail, if applicable: information on the traceability and quality assurance of signature processes (e.g. consecutive ID, time stamp, action description)
  • Log files: Technical information about accessing the website/application (e.g. IP address, browser data, device data, time stamp)

 

6) For the acquisition of a digital identity via trust service providers for the purpose of a qualified electronic signature

Note: The qualified trust service providers (eIDAS) or the recognized providers of certification services (ZertES) are independently responsible under data protection law for the provision of a digital identity or the issuing of a corresponding certificate. You will receive further information on this from the respective provider as part of the process.

Typically, the following data is processed by the providers: Title, surname, first name, mobile phone number, home address, e-mail address, date and place of birth, nationality, ID card data (in particular ID card type, ID card no., issuer, validity).


D. Legal basis for data processing

Art. 6 para. 1 lit. b GDPR: Necessary data processing for the initiation and/or establishment of a contract with the data subject.

Art. 6 para. 1 lit. f GDPR: Necessary data processing to safeguard legitimate interests of the Rheinmetall companies, in particular

  • Provision and use of a technical solution for electronic signatures for contracts, internal approvals or other documents requiring a signature
  • Communication between signature originators and recipients or contact persons of the respective companies
  • Ensuring traceability, integrity and operational security (log files, audit trails if necessary)

 

Art. 6 para. 1 lit. c GDPR: Necessary data processing for the fulfillment of legal requirements in connection with electronic signatures and digital identities, which arise in particular from commercial, corporate, labor, procurement or civil law obligations to provide evidence and/or retain data.

Art. 6 para. 1 lit. b GDPR in conjunction with § 26 BDSG (only for Rheinmetall employees): Necessary data processing in connection with the use of technical work equipment for electronic signatures, internal approval processes and for business communication.


E. Recipients

Rheinmetall internal:

  • Rheinmetall AG
  • Rheinmetall IT Solutions GmbH
  • Rheinmetall companies / business departments involved
 

Rheinmetall-external:

  • Companies involved in the signature order (e.g. supplier, customer)
  • XITRUST Secure Technologies GmbH (provider of the cloud-based Rheinmetall e-signature solution MOXIS)
  • RRZ, Raiffeisen Rechenzentrum GmbH, Austria (cloud hosting)
  • If applicable, qualified trust service providers (eIDAS) or recognized providers of certification services (ZertES)
  • Other IT service providers involved, if applicable


F. Data sources

The data is collected either directly from you (e.g. by providing an electronic signature) or from the companies/organizations relevant to the signature order (e.g. if you are nominated by your employer to provide an electronic signature).


G. Duration of storage

  • Signature order data (incl. documents, log) are stored in the cloud solution for up to 90 days after the order is created. The subsequent storage of the documents at Rheinmetall depends on the respective storage/archiving rules and is primarily dependent on the type of document.
  • User account data (incl. personal address book) is generally deleted after 399 days have elapsed since the last login or upon request.
  • Log files: 180 days.
  • Audit trails (if activated): Generally up to 3 years.


H. Necessity of the provision of data

In principle, there is no obligation to provide data. However, it is not possible to use the e-signature solution without providing data.


I. Third country transfers

The hosting of data via the e-signature solution takes place exclusively within the EU.

A specific transfer of your data to a country outside the EU/EFTA is generally not intended.

Exceptions:

  • Rheinmetall companies involved outside the EU/EFTA
  • Participating signature order recipients outside the EU/EFTA


 

According to the GDPR, you have the following rights with regard to the processing of your personal data:

  • Right of access under Art. 15 GDPR, right to rectification under Art. 16 GDPR, right to erasure under Art. 17 GDPR, right to restriction of processing under Art. 18 GDPR, right to data portability under Art. 20 GDPR, right to object under Art. 21 GDPR, right to withdraw your consent at any time under Art. 7 (3) GDPR, right to lodge a complaint with a supervisory authority under Art. 77 GDPR.
  • You can exercise these rights in accordance with the legal requirements.

 

To exercise your rights, please contact us by e-mail signature@rheinmetall.com

 

Rheinmetall Platz 1

40476 Dusseldorf

Germany

Contact us

© 2025 Rheinmetall AG