1. data controllers
Data processing on our websites is handled by the relevant website operator, a Rotho Group company. Information about the representatives responsible for data processing and contact information is available in the editorial footer of the website.
2 Data Protection Officer
The Rotho Group Data Protection Officer can be contacted as follows:
On behalf of Rotho Ltd:
Robert Thoma GmbH
z.Hd. die Datenschutzbeauftragte
Tel: +49 351 2820 51 75
3. data processing
3.1 General information, removal
Personal information is all data that identifies a person, such as name, address, email addresses and Internet identifiers.
Personal data of our users is used as follows:
- performance of our services,
- Providing technical support.
We transfer personal data to third parties only if you have given your consent, it is necessary for the purposes of conducted settlements (execution of bank transactions), delivery of goods (delivery by postal service provider) or it is necessary for other reasons so that we can fulfill our contractual obligations to you.
Personal data will be deleted as soon as it has served its purpose and its deletion does not conflict with any storage requirements.
3.2 Use of our website for information purposes
If you use the website for informational purposes only, i.e., you do not log in, register or otherwise provide us with information, then we do not collect any personal information except that which your browser transmits to enable you to visit the website. These include:
- IP address
- date and time of entry
- Time zone difference relative to Greenwich universal time (GMT)
- content of the request (specific page)
- access status/http status code
- the amount of data transmitted each time
- the website from which the query originated
- operating system and its interface
- browser language and software version
We store this data for a certain period of time in the form of log files so that we can analyze and eliminate any technical problems. The legal basis for these activities is Article 6(1)(f) of the RODO. Due to the nature of the Internet, this data is inevitably processed on numerous servers until your request reaches our web server; therefore, it is possible that data may be collected and used in "third countries" (e.g., USA). Our company does not have the slightest influence on this process. Apart from these technical requirements, the provider of this website does not transfer any personal data to countries that are not within the scope of the EU General Data Protection Regulation or countries that do not provide an adequate level of data protection.
In addition to using our website for purely informational purposes, we offer various services that you can use if you are interested. To do so, you usually have to provide additional personal information that we use to provide the relevant service. If there is an option to voluntarily provide additional information, this is marked accordingly.
3.2 Contact form
If you contact us via a form on the site or by e-mail, your e-mail address, name, address, telephone number and other data you provide will be stored by us to answer your inquiries. We respond to your inquiries by unencrypted e-mail. We will delete the data collected under such circumstances 6 months after contact is made, unless a longer retention period is required. If statutory retention periods apply, the data will be blocked.
The processing is carried out on the basis of the legal provisions of Article 6(1)(a) (consent) and (b) (performance of contract) of the RODO. Processing, in particular communication via unencrypted email, is lawful as long as you have given your consent. You may revoke your consent at any time with effect for the future.
If you would like to receive the newsletter available on the site, we need your e-mail address and information from you to verify that you are the owner of the e-mail address provided and agree to receive the newsletter. We use this data only to send you the requested information. The legal basis is Article 6(1)(a) of the RODO.
You can revoke your consent to the storage of your data and email address and their use for sending the newsletter at any time, for example, through the "unsubscribe" link in the newsletter.
3.4 Using our online stores, creating a customer account
When you shop at our online stores, we collect personal information that we need to prepare your order. This includes the following data: name, email address, street, postal code, city, phone number, payment details. Also, data about your order: items, date, order number, form of payment and invoice number. We store and use your data to fulfill the contract. For this purpose we cooperate with payment and transportation service providers. The legal basis for these activities is Article 6(1)(b) of the RODO. Mandatory information required to process an order is specifically marked, other information is voluntary. The legal basis for processing is Article 6(1)(a) or (b) RODO.
We delete your order data as soon as we are no longer legally obligated to store it, i.e. up to 10 years after your order. After the warranty periods, we limit the processing, i.e. your data will only be used to fulfill statutory obligations.
In order to prevent unauthorized access by third parties to your personal information, especially financial information, the ordering process is encrypted using SSL technology.
If you want to order something from our online store, you can choose whether you enter the data required for the order only once for that order, or whether you want to create a customer account where your data will be saved for future purchases.
When you create an account in "My Account", the data you provide there will be stored with the option to revoke your permission to store it. You can always delete your account in the customer area.
4. transfer of data within the Rotho Group, transfer of data abroad
The transfer of personal data between Rotho Group companies is carried out as part of the management of the central customer service and order processing system. The recipients of the personal data to be processed are Rotho Group companies, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) and our production facilities in Poland. The Rotho Group obliges its companies through internal guidelines to implement technical and organizational measures to ensure the security of data processing.
These websites use so-called cookies. Cookies are used to make our offerings more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
- Temporary cookies (temporary use)
- Persistent cookies (time-limited use),
- Third-party cookies (third-party vendors).
Temporary cookies are automatically deleted when you close your browser. These include session cookies in particular. They store a so-called session identifier by which various requests from your browser can be assigned to a common session. This allows your computer to be recognized when you access our site again. Session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can configure your browser settings according to your preferences, including but not limited to the ability to refuse third-party cookies or all cookies. Please note, however, that if you do so, you may not be able to use all the features of this site.
This stored information is kept separate from any other data you may provide to us. In particular, cookie data is not combined with your other data.
You can set your browser to notify you when cookies appear and allow them only on a case-by-case basis, exclude acceptance of cookies in certain cases or exclude them altogether, and activate automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of such a site may be limited.
6. analytical services
6.1 Tasks of analytical tools
We have integrated analytical tools on our websites for marketing purposes and for the optimization of our offers. For this purpose, the data listed in Section 3.2 are transferred. The legal basis for these activities is Article 6(1)(a) of the DPA
6.2 Google Analytics
information about your use of these websites is usually transferred to a Google server in the Netherlands and stored there. However, Google will previously truncate and anonymize your IP address in member states of the European Union or other signatory states to the Agreement on the Establishment in the European Economic Area.
On our behalf, Google will use this information to evaluate your use of the site in order to create reports on site traffic and to provide other services related to site activity and Internet usage to the site operator. The data will not be passed on. In addition, the data collected will not be linked to any data from other sources.
The processing of data via Google Analytics on our website is based on Article 6(1)(a) of the DPA. Your consent is voluntary and you can revoke it at any time with future effect by changing your current settings in our cookie banner.
You can also prevent cookies from being stored by adjusting your browser software settings accordingly.
You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and prevent Google from processing this data by using a plug-in that you can download and install at this link.
Google Analytics is used in accordance with the requirements agreed with Google by German data protection authorities.
The administrator uses Hotjar tools in its operations - specifically, on the hosted website. This tool is provided by Hotjar Ltd (headquarters address: Hotjar Limited Dragonara Business Centre, 5th Floor, Dragonara Road,, Paceville St Julian's STJ 3141, Malta), to which data such as cursor movement, page scrolling, location, operating system and browser, among others, may be shared. The data collected prevents identification of any specific individual, and more information about the tool's privacy standards is available at the link https://www.hotjar.com/legal/compliance/gdpr-commitment/. In addition, using the following link: https://www.hotjar.com/opt-out/istniejeyou can disable the activity measured by Hotjar. The settings can be changed directly after visiting the Administrator's website, after expanding the "Customize settings/Detailed settings" option visible in the window informing about the possible uses of data and the tools used for these purposes.
For this purpose, we have entered into an order processing agreement with Shopify, as your personal data is processed by Shopify. This applies only to the personal data you provided to us for the purpose of concluding the contract, such as your name, billing address, delivery address, email address, phone number and payment information. The legal basis for this processing is Article 6 (1) (b) DSGVO. We delete your order data as soon as we are no longer legally obligated to store it, i.e. generally up to 10 years after the order is placed. We already limit the processing of your data after the expiration of the guarantee periods, i.e. your data will only be used to fulfill legal obligations.
You can object to the processing of your data and withdraw your consent at any time by sending an e-mail to firstname.lastname@example.org. For more information, please see Item No. 11 of this Privacy Statement.
7. internet advertising (Google Adwords)
7.1 Legal basis
The legal basis for processing your data is Article 6(1)(a) of the RODO.
7.2 Purpose of using Google Adwords
We use Google Adwords to draw attention to our attractive offers through advertising materials (called Google Adwords) on external websites. With reference to data from advertising campaigns, we can determine the effectiveness of individual advertising activities. Thus, we are interested in showing you ads that interest you, making our website more attractive and obtaining a reliable calculation of advertising costs.
These advertising tools are provided by Google through so-called "Ad Servers" [ad servers]. We use ad server cookies for this purpose, which can be used to measure certain performance metrics, such as ad impressions or clicks by users. If you access our site through a Google ad, Google Adwords will store a cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. The cookie's unique identifier, the number of ad impressions per ad placement (frequency), last impression (relevant to conversion after viewing) and opt-out information (indicating that you no longer wish to be targeted by ads) are usually stored as analytical values for this cookie.
These cookies allow Google to recognize your web browser. If you visit certain pages of an Adwords client's website and the cookie stored on your computer has not yet expired, Google and the client can recognize that you clicked on an ad and were redirected to that page. Each Adwords customer is assigned a different cookie. This means that cookies cannot be tracked by Adwords customer websites. We ourselves do not collect or process any personal data as part of the mentioned advertising measures. We only receive statistical analyses from Google. Based on these analyses, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, in particular, we cannot identify you from this information.
With the marketing tools you use, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through this tool and therefore inform you according to our state of knowledge: Through the use of AdWords, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with Google, Google can attribute this visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will know and record your IP address.
There are several ways you can prevent participation in this tracking process:
a) through the appropriate settings of your browser software - in particular, disabling third-party cookies means that you will not receive advertising from third-party providers;
(b) by disabling tracking cookies by setting your browser to block cookies from the "www.googleadservices.com" domain, https://www.google.de/settings/ads, with these settings deleted if you delete the cookies;
(c) by deactivating vendor-preferred ads that are part of the "About Ads" self-regulatory campaign by clicking on the link http://www.aboutads.info/choices, with this setting removed if you delete your cookies;
d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to take full advantage of all the features of this offer.
More information on Google's data protection can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. You can also visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
8. integration of third party services (LinkedIn, YouTube)
The integration of third-party services described below is intended to attractively present our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(a) of the DPA.
8.1 LinkedIn integration
On some of our sites, we now provide access to LinkedIn via a so-called social bookmark. In order to have full control over the data, LinkedIn is included only as a link. When you click on the integrated graphic, you will be redirected to the LinkedIn page and only then will the user data be transferred to LinkedIn.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
8.2 YouTube integration
(1) We have included YouTube videos in our online offerings, which are stored on http://www.YouTube.com and can be played directly from our website.
8.3 Instagram integration
We have a link to Instagram, the provider is: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, embedded on some of our websites. When you click on the graphic, you will be redirected to Instagram and only then will your information be transferred to Instagram. For more information about the purpose and scope of data collection, please visit: https://instagram.com/about/legal/privacy/.
8.4 Facebook integration
On some of our pages we have integrated a link to Facebook, the provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. When you click on the graphic, you will be redirected to Facebook and only then will your information be sent to Facebook. For more information on the purpose and scope of data collection, please visit: https://de-de.facebook.com/policy.php
8.5 Google Maps integration
On this site, we use the Google Maps offering. This allows us to display interactive maps directly on the website and conveniently use the map function. The legal basis for these activities is Article 6(1)(a) of the RODO.
9. use of applications
You can download our "APPMyBox" app from our website. With APPMyBox, you can organize and archive boxes and items on your smartphone using the QR code that all storage boxes from Rotho come with. To register with the app, enter your name, first name and other company information. This information is required for the performance of the contract and will be stored on our servers for as long as necessary to perform the service. The legal basis for these activities is Article 6(1)(b) of the DPA. When you use the application, our servers temporarily record your device's IP address and other technical features, such as the content you search for, for example (Article 6(1)(b) RODO). Rotho does not otherwise use the data. In this application, you have the option to use various functionalities that are provided by third parties (e.g. Apple or Google) and used by them as data processors. For details on this functionality and how to enable and disable use, please contact the manufacturer of the relevant operating system.
In order to use the app on your device, the app must have access to various functions and data on your end device. This requires the granting of certain authorizations (Article 6(1)(a) RODO). Authorization categories are programmed differently by different manufacturers. So, for example, in Android, individual authorizations are grouped into authorization categories, and you can only agree to an authorization category as a whole.
You can withdraw this consent at any time. However, please note that if you withdraw it, you may not be able to use all the features of our application.
10. rights of data subjects
You are entitled to:
a) request information aboutcategories of data processed, purposes of processing, recipients of data, planned storage period (Article 15 RODO);
b) request torectify or complete erroneous or incomplete data (Article 16 RODO);
c) to revoke expressed consent at any time with effect for the future (Article 7(3) RODO);
d) toobject to the processing to be carried out on the basis of legitimate interest on the grounds of your particular situation (Article 21 (1) RODO);
(e) in certain cases within the framework of Article 17 of the DS-GVO, demand deletion of data - in particular, if the data are no longer needed to achieve the intended purpose or are being processed unlawfully, or if you revoke your consent in accordance with point (c) above or file an objection in accordance with point (d) above;
(f) request torestrict data under certain conditions if deletion is not possible or the obligation to delete is a matter of dispute (Article 18 RODO);
(g) to data portability, i.e. you can receive the data you have provided to us in a commonly available machine-readable format, such as CSV, and transmit it to others as needed (Article 20 RODO).
11. object or withdraw consent to the processing of your data
If you have given your consent to the use of your data, you may effectively revoke it at any time. Such revocation affects the permissibility of processing your personal data after you have communicated it to us.
If we base the processing of your personal data on a balance of interests, you may object to the processing. This is the case if the processing of your data in particular is not necessary for the performance of the contract concluded with you, which we inform you about in each case in the description of the function below. If you exercise such an appeal, we ask you to explain the reasons why we should not process your personal data as we have done. If you raise a legitimate objection, we will investigate the facts and stop or adjust the processing, or provide you with our compelling and protective reasons on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to receiving advertising content by emailing us at email@example.com.
For any other information, requests for deletion and correction, for information, for data transfer, for objections to data processing, etc., send an email to firstname.lastname@example.org.
If you believe that the processing of your data violates data protection laws or your data protection rights have otherwise been violated, you may also contact the relevant data protection supervisory authority.
12. data security
We have state-of-the-art technical and organizational measures to ensure the security of data processing, in particular to protect your personal data from threats during transmission and from obtaining information by third parties. They are adapted to the current state of technology, the requirements of personal data protection and the threats to your rights and freedoms.
Status as of: March 2021