Privacy

DATA PROTECTION INFORMATION OF Robert Thoma GmbH / ROTHO Group

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations. In this data protection information, we inform you about data processing in the context of our websites (www.rotho.com, www.appmybox.com, www.rotho-renew.com, www.rothopropremium.com, www.rothomypet.com, www.rotho-babydesign.com, www.jive-be-organized.com) and when using our web stores (www.rotho-shop.com).

1. Data controller

Responsible for the processing of personal data is

Robert Thoma GmbH
Hauptstr. 84
79733 Görwihl

Data processing on our websites is carried out by the respective website operator (as listed above), a company of the Rotho Group. The responsible representatives and contact details can be found in the website's legal notice.

2. Data protection officer

You can contact the Rotho Group's data protection officer as follows:

Robert Thoma GmbH
for the attention of the data protection officer
Hauptstr. 84
79733 Görwihl

E-Mail: datenschutz@rotho.com

3. Data processing

3.1 General, deletion

Personal data is any data that makes you identifiable as a person, such as name, address, e-mail addresses and online identifiers.

The personal data of our users is used as follows:

1. the execution of our services,
2. the guarantee of technical support.

We transmit personal data to third parties only if this is done on the basis of your consent, for billing purposes (execution of bank transactions), the delivery of goods (delivery by postal service providers) or otherwise necessary to fulfill our contractual obligations to you.

Personal data is deleted as soon as it has fulfilled its purpose and there is no obligation to retain it.

3.2 Informational use of our website

If you use the website for informational purposes only, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Access status/HTTP status code
• Data volume transferred in each case
• Web page from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

We store this data in the form of log files for a limited period of time in order to be able to analyze and rectify any technical problems. The legal basis for this is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Due to the nature of the Internet, this data is inevitably processed on a large number of servers until your request arrives on our web server; therefore, it may also be collected and used in "third countries" (e.g. the USA). Our company has no influence on this process. Apart from these technical constraints, the provider of this website does not transmit any personal data to countries outside the scope of the EU General Data Protection Regulation or without an adequate level of data protection.

Our web server is hosted by Hetzner Online GmbH, the information on the processing activities and scope of the processed data can be found at

• Information on order processing https://www.hetzner.com/de/legal/system-policies/
• Information on data protection https://www.hetzner.com/de/legal/privacy-policy

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide additional personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

3.3 Contact form

If you contact us using the form on the website or by e-mail, your e-mail address, name, address, telephone number and other data you provide will be stored by us in order to answer your questions. Inquiries are answered by unencrypted e-mail. We delete the data collected in this context 6 months after contacting you, unless there is a need for longer storage. If statutory retention periods apply, the data will be blocked.

Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. a) (consent) and b) (fulfillment of contract) GDPR. The processing, in particular the communication by unencrypted e-mail, is lawful as long as you have given your consent to the processing. You can withdraw your consent at any time with effect for the future.

3.4 Processing for advertising purposes

3.4.1 Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided (so-called double opt-in) and that you agree to receive the newsletter. We use this data exclusively for sending the requested information. The legal basis is consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

3.4.2 Special offers

Several times a year, the Rotho Group prepares special marketing campaigns such as "Black Week", "Summer Sale" or other special promotions where special offers are made available to you.

The personal data of customers collected for these advertising purposes is processed for the implementation of special marketing campaigns. It is not a newsletter, therefore the processing is permitted for legitimate interests (non-continuous direct advertising) of the controller in accordance with Art. 6 para. 1 lit. f GDPR. In the event that personal data is processed, you will find the exact details of the processing in the terms and conditions of the respective advertising campaign.

If you do not wish to be informed about these special offers in the future, you have the right to object to the processing in accordance with Art. 21 para. 1 GDPR.

3.5 Using our web stores, creating a customer account

Our webshop is operated by Shopify International Ltd. Ireland. Shopify is a processor of the Rotho Group. You can find the data protection information about Shopify here.

For our webshop we use the e-commerce software solution Plentymarkets from plentysystems AG, the information on data protection can be found here.

When you make a purchase via our web stores, we collect personal data that we need to process your order. This concerns the following data: Name, e-mail address, street, zip code, city, telephone number, payment details. In addition, your order data: item, date, order number, payment method and invoice number. We store and use your data for the purpose of fulfilling the contract. To this end, we work together with payment service providers and delivery services. The legal basis for this is the fulfillment of the purchase contract in accordance with Art. 6 para. 1 lit. b) GDPR. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The legal basis for processing is consent in accordance with Art. 6 para. 1 lit. a) or the processing of personal data for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

We delete your order data as soon as we are no longer legally obliged to store it, i.e. generally up to 10 years after your order. As soon as the warranty periods have expired, we restrict processing, i.e. your data will only be used to comply with legal obligations.

To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using SSL technology.

If you want to order something in our webshop, you have the choice whether you want to enter your data necessary for the order only once for this order or whether you want to create a customer account where your data will be stored for later further purchases.

When you create an account under "My account", the data you provide there will be stored revocably. You can always delete the account in the customer area.

4. Transfer within the Rotho Group, foreign reference

The transfer of personal data within the companies of the Rotho Group takes place for internal administrative purposes of central customer support and order processing. The recipients of the personal data for processing are the companies of the Rotho Group, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) and our production sites in Poland. The Rotho Group obliges its companies through internal guidelines to implement technical and organizational measures to ensure the security of processing.

5. Cookies

These Internet pages use so-called cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. This website uses cookies to the following extent:

• Transient cookies (temporary use)
• Persistent cookies (time-limited use),
• Third Party Cookies (from third party providers).

Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all functions of this website.

This stored information is stored separately from any further data provided to us. In particular, the data of the cookies are not linked with your other data.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

You can find the individual cookies here.

6. Analysis services

6.1 Legal basis

The legal basis for the processing of your data is the consent Art. 6 para. 1 lit. a) GDPR. Google LLC is on the list of companies whose data protection is at the same level as in the European Union (EU - US Privacy Framework). For this reason, the transfer of data to Google LLC does not require separate consent.

6.2 Purpose of the analysis tools

We have integrated analysis tools on our websites for marketing purposes and to optimize our offers. The data mentioned under section 3.2 is transmitted for this purpose. The legal basis for this is consent in accordance with Art. 6 para. 1 lit. a) GDPR

6.3 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc, Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the Netherlands and stored there. However, your IP address will be shortened and anonymized beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The data will not be passed on. No data from other sources is associated with the data collected.

Data processing with Google Analytics on our website is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Your consent is voluntary and you can revoke it at any time with effect for the future by changing your current settings in our cookie banner or under the data protection settings.

You can also prevent the storage of cookies by setting your browser software accordingly.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at browser plug-in available at this link and installing it.

You can find more information on how Google Analytics handles user data in the Google privacy policy.

Google Analytics is used in accordance with the conditions agreed between the German data protection authorities and Google.

Information from the third-party provider: http://www.google.com/intl/de/analytics/learn/privacy.htmland the privacy policy: http://www.google.de/intl/de/policies/privacy.

7. Online advertising (Google Adwords)

7.1 Legal basis

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Google LLC is on the list of companies whose data protection is at the same level as in the European Union (EU - US Privacy Framework). For this reason, the transfer of data to Google LLC does not require your consent.

7.2 Purpose of the use of Google Adwords

We use Google Adwords to draw attention to our attractive offers on external websites with the help of advertising material (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of AdWords, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

You can prevent participation in this tracking process in various ways:

1. a) by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers;
2. b) by deactivating cookies for tracking by setting your browser to block cookies from the Google domain or by changing your settings to https://www.google.de/settings/ads whereby this setting will be deleted when you delete your cookies;

We would like to point out that if you delete cookies, you may not be able to use all the functions of this website to their full extent.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

8. Integration of third-party services

The integration of the third-party services described below is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

8.1 Integration of LinkedIn

We currently provide on some of our pages the call of LinkedIn via a so-called social bookmark. To ensure that you have full data control, LinkedIn is only included as a link. After clicking on the embedded graphic, you will be redirected to the LinkedIn page and only then will user data be transferred to LinkedIn.

Further information on the purpose and scope of data collection and processing by LinkedIn. You with their privacy policy:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

Data is transferred to the USA on the basis of the standard contractual clauseswhich guarantee secure data transfer.

8.2 YouTube integration

We have integrated YouTube videos into our online offering, which are available at http://www.YouTube.com and can be played directly from our website.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration is transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

YouTube is a service of the company Google LLC which is on the list of companies whose data protection is at the same level as in the European Union(EU - US Privacy Framework). For this reason, the transfer of data does not require your consent.

8.3 Instagram integration

We have included the link to Instagram, provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our web pages. After clicking on the graphic, you will be redirected to Instagram and only then will user information be transmitted to Instagram. Further information on the purpose and scope of data collection can be found at https://instagram.com/about/legal/privacy/.

Instagram is a service of Meta Platforms Inc. which is on the list of companies whose data protection is at the same level as in the European Union(EU - US Privacy Framework). For this reason, the transfer of data does not require your consent.

8.4 Facebook integration

We have integrated the link to Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the graphic, you will be redirected to Facebook and only then will user information be transmitted to Facebook. Further information on the purpose and scope of data collection can be found at https://de-de.facebook.com/policy.php

Facebook is a service of the company Meta Platforms Inc. which is on the list of companies whose data protection is at the same level as in the European Union (EU - US Privacy Framework). For this reason, the transfer of data does not require your consent.

8.5 Integration of Google Maps

We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 3.2 of this declaration is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must first log out. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

10. Rights of data subjects

You have the right,

1. a) to requestinformation on the categories of data processed, processing purposes, any recipients of the data, the planned storage period (Art. 15 GDPR);
2. b) to request the correction completion of incorrect or incomplete data (Art. 16 GDPR);
3. c)revoke consent given at any time with effect for the future to (Art. 7 para. 3 GDPR);
4. d)objectto data processing that is to take place on the basis of a legitimate interest for reasons relating to , that arise from your particular situation. In addition, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time, without giving reasons. (Art. 21 para. 1 GDPR);
5. e) to request thedeletion of data in certain cases within the framework of Art. 17 GDPR - in particular if the data is no longer required for the intended purpose or is processed unlawfully, or if you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
6. f) under certain conditions, to demand the restriction of data if deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);
7. g) to Data portability, h. You can receive the data you have provided to us in a commonly used, machine-readable format, such as CSV, and, if necessary, transmit it to others (Art. 20 GDPR).

For information, deletion and correction requests, requests for information, requests for data portability, objections to data processing, etc., please send an e-mail to datenschutz@rotho.com.

11. Right to lodge a complaint (Art. 77 GDPR)

If you are of the opinion that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can also contact the responsible data protection supervisory authority, such as the data protection officer of the state of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).

Contact details of the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg:

P.O. Box 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
FAX: 0711/615541-15

E-Mail: poststelle@lfdi.bwl.de

12. Data security

We maintain up-to-date technical and organizational measures to ensure the security of processing, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art, the protection requirements of the personal data and the risks to your rights and freedoms.

13. Telecommunications Telemedia Data Protection Act (TTDSG)

We would like to point out that the legal basis for storing information in terminal equipment or accessing information that is already stored in the terminal equipment is your consent in accordance with Section 25 (1) sentence 1 TTDSG. This reservation of consent only does not apply if the storage on or reading from a terminal device is absolutely necessary in order to provide a service expressly requested by you. This could be, for example, the shopping cart function or contact forms. The relevant legal basis here is Section 25 (2) No. 2 TTDSG.

14. Changes to the data protection information

We reserve the right to change the data protection information in order to adapt it to changes in the legal situation or to changes in our offers.

Status: November 2023