Privacy

DATA PROTECTION DECLARATION OF THE ROTHO Group

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations In this data protection declaration, we inform you about data processing within the scope of our websites(www.rotho.com, www.appmybox.com, www.aalta.com,www.madeibox.com, modlife.ch, rotho-renew.com, www.rotholoft.com, www.rothopro.com, mypet.rotho.com) as well as when using our webshops(www.rothoshop.de, www.rothoshop.at, www.rothoshop.ch, www.rothoshop.nl).

1. data controller

The data processing on our websites is carried out by the respective website operator, a company of the Rotho Group. The responsible representatives and contact details can be found in the imprint of the respective website.

2. data protection officer

You can reach the Rotho Group's data protection officer as follows:

Robert Thoma GmbH
for the attention of the data protection officer
Hauptstr. 84
79733 Görwihl

E-mail: datenschutz@rotho.com
Tel.: +49 351 2820 51 75

3. processing of the data

3.1 General, deletion

Personal data is any data that makes you identifiable as a person, such as name, address, e-mail addresses and online identifiers.

The personal data of our users is used as follows:

the execution of our services,
the guarantee of technical support.

We transmit personal data to third parties only if this is done on the basis of your consent, for billing purposes (execution of bank transactions), the delivery of goods (delivery by postal service providers) or otherwise necessary to fulfill our contractual obligations to you.

Personal data is deleted as soon as it has fulfilled its purpose and there is no obligation to retain it.

3.2 Informational use of our website

In the case of mere informational use of the website, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:

IP address
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (concrete page)
Access status/HTTP status code
Data volume transferred in each case
Web page from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

We store this data in the form of log files for a limited time in order to be able to analyze and remedy any technical problems. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. Due to the nature of the Internet, this data is inevitably processed on a number of servers until your request arrives on our web server; therefore, collection and use is also possible in "third countries" (e.g. the USA). Our company has no influence on this process. Apart from these technical constraints, the provider of this website does not transmit any personal data to countries outside the scope of the EU General Data Protection Regulation or without an adequate level of data protection.

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide additional personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

3.2 Contact form

If you contact us by form on the website or by e-mail, your e-mail address, name, address, telephone number and other data provided by you will be stored by us in order to answer your questions. The answering of the inquiries takes place by unencrypted e-mail. We delete the data accruing in this context 6 months after contacting you, unless there is a need for longer storage. As far as legal retention periods exist, the data will be blocked.

The data processing is based on the legal provisions of Art 6 para 1 lit a (consent) and b (performance of contract) DSGVO. The processing, in particular the communication by unencrypted e-mail, is lawful as long as you have given your consent to the processing. You can revoke your consent at any time with effect for the future.

3.3 Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. We use this data exclusively for sending the requested information. The legal basis is Art. 6 para. 1 lit. a DSGVO.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

3.4 Use of our webshops, creation of a customer account

When you make a purchase via our webshops, personal data is collected that we need to process the order. This concerns the following data: Name, e-mail address, street, postal code, city, telephone number, payment data. In addition, the data of your order: article, date, order number, payment method and invoice number. We store and use your data for the purpose of fulfilling the contract. For this purpose, we work together with payment service providers and delivery services. The legal basis for this is Art. 6 para. 1 letter b) DSGVO. Mandatory information necessary for the execution of contracts is marked separately, other information is voluntary. The legal basis for the processing is Art. 6 para. 1 letter a or b DSGVO.

We delete your order data as soon as we are no longer legally obliged to store it, i.e. basically 10 years after your order. Already after the expiration of the warranty periods we make a restriction of processing, i.e. your data will only be used for compliance with legal obligations.

To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using SSL technology.

If you want to order something in our webshop, you have the choice whether you want to enter your data necessary for the order only once for this order or whether you want to create a customer account where your data will be stored for later further purchases.

When you create an account under "My account", the data you provide there will be stored revocably. You can always delete the account in the customer area.

4. passing on within the Rotho Group, foreign reference

The transfer of personal data within the companies of the Rotho Group takes place for internal administrative purposes of central customer support and order processing. The recipients of the personal data for processing are the companies of the Rotho Group, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) or our production sites in Poland. The Rotho Group obliges your companies by internal guidelines to implement technical organizational measures to ensure the security of the processing.

5. cookies

These Internet pages use so-called cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit. The legal basis is Art. 6 para. 1 lit. f DSGVO. This website uses cookies to the following extent:

Transient cookies (temporary use)
Persistent cookies (time-limited use),
Third Party Cookies (from third party providers).

Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all functions of this website.

This stored information is stored separately from any further data provided to us. In particular, the data of the cookies are not linked with your other data.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

6. analysis services

6.1

We have integrated analysis tools on our websites for marketing purposes and to optimize our offers. For this purpose, the data mentioned in section 3.2 are transmitted. The legal basis for this is Art. 6 para. 1 lit. f DSGVO

6.2 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of these web pages is usually transmitted to a Google server in the USA and stored there. We use IP anonymization on our websites. This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing thebrowser plug-in available at this link. You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Google Analytics deaktivieren.

For more information on how Google Analytics handles user data, please seeGoogle's privacy policy at .

Google Analytics is used in accordance with the conditions agreed upon by the German data protection authorities with Google. Information from the third-party provider: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

6.3 Econda

We use Econda, an analysis tool of Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, in our web stores. For the purpose ofdemand-oriented design as well as optimization of this website, solutions and technologies of econda GmbH collect and store anonymized data and create user profiles from this data using pseudonyms. Cookies may be used for this purpose, which enable the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognizable immediately after receipt, making it impossible to assign usage profiles to IP addresses. The analysis of user behavior is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising.

Disable Econda tracking

6.4 Shopify

We use Shopify to offer our services to you. Shopify is a platform through which e-commerce services are offered and performed. The service provider is Shopify International Limited, Victoria Buildings, 2nd Floor,1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify's privacy policy can be found at the following link: https://www.shopify.com/legal/privacy/customers. In addition, Shopify uses cookies to provide us with their services, for example, to provide us with analytics about how many people visit our store and to help us troubleshoot and improve our store. The legal basis for this processing is Art. 6 (1) lit. a DSGVO.

For this purpose, we have concluded an order processing agreement with Shopify, as your personal data is processed by Shopify. This is exclusively personal data that you have provided to us for the purpose of concluding the contract, such as your name, billing address, delivery address, email address, telephone number and payment information. The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO. We delete your order data as soon as we are no longer legally obliged to store it, i.e. in principle up to 10 years after your order. Already after the expiration of the warranty periods, we make a restriction of processing, i.e. your data will only be used for the fulfillment of legal obligations.

You can object to data processing and revoke your consent at any time by sending an e-mail to datenschutz@rotho.com. For more information, please refer to No. 11 of this privacy statement.

6.5 Clarity

The Administrator uses the Clarity tool in its operation - namely on the hosted website. This tool is provided by Microsoft Corporation (headquarters address: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA), to which data such as cursor movement, page scrolling, location, operating system and browser, among others, may be disclosed. The collected data does not allow any conclusions to be drawn about individual persons. For more information about the privacy standards of the tool, please visit the link https://privacy.microsoft.com/en-us/privacystatement. In addition, you can use the following link: https://optout.aboutads.info/?c=2&lang=EN It is possible to disable the activity measured by Clarity. The settings can be changed directly after visiting the administrator's website, after selecting the "Customize settings/Detailed settings" option in the window that informs about the uses of the data and the tools used for this purpose.

7. online advertising (Google Adwords)

7.1

The legal basis for the processing of your data is Art. 6 para. 1 lit. f DS-GVO.

7.2

We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

You can prevent participation in this tracking process in several ways: a) by setting your browser software accordingly, in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign, using the link http://www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers, using the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

More information about Google's privacy practices can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8. integration of third-party services (LinkedIn, YouTube)

The integration of third party services described below is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

8.1 Integration of LinkedIn

We currently provide on some of our pages the call of LinkedIn via a so-called social bookmark. To ensure that you have full data control, LinkedIn is only included as a link. After clicking on the embedded graphic, you will be redirected to the LinkedIn page and only then will user data be transferred to LinkedIn.

Further information on the purpose and scope of data collection and processing by LinkedIn. You with their privacy policy:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

8.2 YouTube integration

(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

8.3 Instagram integration

We have included the link to Instagram, provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our web pages. After clicking on the graphic, you will be redirected to Instagram and only then will user information be transferred to Instagram. For more information on the purpose and scope of data collection, please visit: https://instagram.com/about/legal/privacy/.

8.4 Facebook integration

We have included the link to Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the graphic, you will be redirected to Facebook and only then will user information be transferred to Facebook. For more information on the purpose and scope of data collection, please visit: https://de-de.facebook.com/policy.php

8.5 Integration of Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably. The legal basis for this is Art. 6 para. 1 lit. f DSGVO.

By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in section 3.2 of this declaration are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out first. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.https://www.privacyshield.gov/EU-US-Framework.https://www.privacyshield.gov/EU-US-Framework.

9. use of apps

Through our pages you can get our app "APPMyBox". With APPMyBox you organize and archive boxes and items in your smartphone, by means of a QR code with which all Rotho storage boxes are provided. To register for the app, enter your last name, first name and other business information. This information is required for the fulfillment of the contract and is stored on our servers for as long as it is necessary for the fulfillment of the service. The legal basis for this is Art. 6 para. 1 lit b DSGVO. When you use the app, our servers temporarily record the IP address of your device and other technical characteristics, such as the requested content (Art. 6 para. 1 lit. b DSGVO). Beyond that, Rotho does not use the data. In this app, you have the option to use various functionalities provided by a third party (e.g. Apple or Google) and used as data controller. For details on the functionality and how you can switch the use on or off, please contact the respective operating system manufacturer.

In order to use the app on your device, the app must be able to access various functions and data on your end device. For this purpose, it is necessary that you grant certain authorizations (Art. 6 para. 1 lit. a DSGVO). The authorization categories are programmed differently by the various manufacturers. For example, on Android, individual authorizations are combined into authorization categories and you can also only agree to the authorization category as a whole.

You can revoke this consent at any time. Please note, however, that in the event of an objection you may not be able to use all the functions of our app.

10. data subject rights

You have the right,

a)requestinformation on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 DS-GVO);

b) demand the correction or completion of incorrect or incomplete data (Art. 16 DS-GVO);

c)revoke a given consent at any time with effect for the future to (Art. 7 para. 3 DS-GVO);

d)object todata processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Article 21 (1) of the GDPR). ;

e) in certain cases, within the framework of Art. 17 DS-GVO, to demand the deletion of data - in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;

f) under certain conditions, to demand the restriction of data, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 DS-GVO);

g) to data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and transmit it to others if necessary (Art. 20 DS-GVO).

If you have given your consent to the use of data, you can revoke this consent at any time with effect for the future.

All requests for information, deletion and correction, requests for information, requests for data portability, objections to data processing, etc. should be sent by e-mail to datenschutz@rotho.com.

If you are of the opinion that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you may also contact the competent data protection supervisory authority, such as the Data Protection Commissioner of the State of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).

11. data security

We maintain up-to-date technical and organizational measures to ensure the security of processing, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art, the protection requirements of the personal data and the risks to your rights and freedoms.

12. changes to the data protection notice

We reserve the right to change the data protection information in order to adapt it to changes in the legal situation or to changes in our offers.

Status: May 2018