DATA PROTECTION DECLARATION OF THE ROTHO Group
The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations In this data protection declaration, we inform you about data processing within the scope of our websites(www.rotho.com, www.appmybox.com, www.aalta.com,www.madeibox.com, modlife.ch, rotho-renew.com, www.rotholoft.com, www.rothopro.com, mypet.rotho.com) as well as when using our webshops(www.rothoshop.de, www.rothoshop.at, www.rothoshop.ch, www.rothoshop.nl).
1. data controller
The data processing on our websites is carried out by the respective website operator, a company of the Rotho Group. The responsible representatives and contact details can be found in the imprint of the respective website.
2. data protection officer
You can reach the Rotho Group's data protection officer as follows:
Robert Thoma GmbH
for the attention of the data protection officer
Tel.: +49 351 2820 51 75
3. processing of the data
3.1 General, deletion
Personal data is any data that makes you identifiable as a person, such as name, address, e-mail addresses and online identifiers.
The personal data of our users is used as follows:
- the execution of our services,
- the guarantee of technical support.
We transmit personal data to third parties only if this is done on the basis of your consent, for billing purposes (execution of bank transactions), the delivery of goods (delivery by postal service providers) or otherwise necessary to fulfill our contractual obligations to you.
Personal data is deleted as soon as it has fulfilled its purpose and there is no obligation to retain it.
3.2 Informational use of our website
In the case of mere informational use of the website, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Data volume transferred in each case
- Web page from which the request comes
- Operating system and its interface
- Language and version of the browser software.
We store this data in the form of log files for a limited time in order to be able to analyze and remedy any technical problems. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. Due to the nature of the Internet, this data is inevitably processed on a number of servers until your request arrives on our web server; therefore, collection and use is also possible in "third countries" (e.g. the USA). Our company has no influence on this process. Apart from these technical constraints, the provider of this website does not transmit any personal data to countries outside the scope of the EU General Data Protection Regulation or without an adequate level of data protection.
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide additional personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.
3.2 Contact form
If you contact us by form on the website or by e-mail, your e-mail address, name, address, telephone number and other data provided by you will be stored by us in order to answer your questions. The answering of the inquiries takes place by unencrypted e-mail. We delete the data accruing in this context 6 months after contacting you, unless there is a need for longer storage. As far as legal retention periods exist, the data will be blocked.
The data processing is based on the legal provisions of Art 6 para 1 lit a (consent) and b (performance of contract) DSGVO. The processing, in particular the communication by unencrypted e-mail, is lawful as long as you have given your consent to the processing. You can revoke your consent at any time with effect for the future.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. We use this data exclusively for sending the requested information. The legal basis is Art. 6 para. 1 lit. a DSGVO.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.
3.4 Use of our webshops, creation of a customer account
When you make a purchase via our webshops, personal data is collected that we need to process the order. This concerns the following data: Name, e-mail address, street, postal code, city, telephone number, payment data. In addition, the data of your order: article, date, order number, payment method and invoice number. We store and use your data for the purpose of fulfilling the contract. For this purpose, we work together with payment service providers and delivery services. The legal basis for this is Art. 6 para. 1 letter b) DSGVO. Mandatory information necessary for the execution of contracts is marked separately, other information is voluntary. The legal basis for the processing is Art. 6 para. 1 letter a or b DSGVO.
We delete your order data as soon as we are no longer legally obliged to store it, i.e. basically 10 years after your order. Already after the expiration of the warranty periods we make a restriction of processing, i.e. your data will only be used for compliance with legal obligations.
To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using SSL technology.
If you want to order something in our webshop, you have the choice whether you want to enter your data necessary for the order only once for this order or whether you want to create a customer account where your data will be stored for later further purchases.
When you create an account under "My account", the data you provide there will be stored revocably. You can always delete the account in the customer area.
4. passing on within the Rotho Group, foreign reference
The transfer of personal data within the companies of the Rotho Group takes place for internal administrative purposes of central customer support and order processing. The recipients of the personal data for processing are the companies of the Rotho Group, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) or our production sites in Poland. The Rotho Group obliges your companies by internal guidelines to implement technical organizational measures to ensure the security of the processing.
These Internet pages use so-called cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
- Transient cookies (temporary use)
- Persistent cookies (time-limited use),
- Third Party Cookies (from third party providers).
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all functions of this website.
This stored information is stored separately from any further data provided to us. In particular, the data of the cookies are not linked with your other data.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.
6. analysis services
We have integrated analysis tools on our websites for marketing purposes and to optimize our offers. For this purpose, the data mentioned in section 3.2 are transmitted. The legal basis for this is Art. 6 para. 1 lit. f DSGVO
6.2 Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of these web pages is usually transmitted to a Google server in the USA and stored there. We use IP anonymization on our websites. This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing thebrowser plug-in available at this link. You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Google Analytics deaktivieren.
We use Econda, an analysis tool of Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, in our web stores. For the purpose ofdemand-oriented design as well as optimization of this website, solutions and technologies of econda GmbH collect and store anonymized data and create user profiles from this data using pseudonyms. Cookies may be used for this purpose, which enable the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognizable immediately after receipt, making it impossible to assign usage profiles to IP addresses. The analysis of user behavior is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising.
For this purpose, we have concluded an order processing agreement with Shopify, as your personal data is processed by Shopify. This is exclusively personal data that you have provided to us for the purpose of concluding the contract, such as your name, billing address, delivery address, email address, telephone number and payment information. The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO. We delete your order data as soon as we are no longer legally obliged to store it, i.e. in principle up to 10 years after your order. Already after the expiration of the warranty periods, we make a restriction of processing, i.e. your data will only be used for the fulfillment of legal obligations.
You can object to data processing and revoke your consent at any time by sending an e-mail to firstname.lastname@example.org. For more information, please refer to No. 11 of this privacy statement.
The Administrator uses the Clarity tool in its operation - namely on the hosted website. This tool is provided by Microsoft Corporation (headquarters address: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA), to which data such as cursor movement, page scrolling, location, operating system and browser, among others, may be disclosed. The collected data does not allow any conclusions to be drawn about individual persons. For more information about the privacy standards of the tool, please visit the link https://privacy.microsoft.com/en-us/privacystatement. In addition, you can use the following link: https://optout.aboutads.info/?c=2&lang=EN It is possible to disable the activity measured by Clarity. The settings can be changed directly after visiting the administrator's website, after selecting the "Customize settings/Detailed settings" option in the window that informs about the uses of the data and the tools used for this purpose.
7. online advertising (Google Adwords)
The legal basis for the processing of your data is Art. 6 para. 1 lit. f DS-GVO.
We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
You can prevent participation in this tracking process in several ways: a) by setting your browser software accordingly, in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign, using the link http://www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers, using the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
More information about Google's privacy practices can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. integration of third-party services (LinkedIn, YouTube)
The integration of third party services described below is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
8.1 Integration of LinkedIn
We currently provide on some of our pages the call of LinkedIn via a so-called social bookmark. To ensure that you have full data control, LinkedIn is only included as a link. After clicking on the embedded graphic, you will be redirected to the LinkedIn page and only then will user data be transferred to LinkedIn.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
8.2 YouTube integration
(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
8.3 Instagram integration
We have included the link to Instagram, provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our web pages. After clicking on the graphic, you will be redirected to Instagram and only then will user information be transferred to Instagram. For more information on the purpose and scope of data collection, please visit: https://instagram.com/about/legal/privacy/.
8.4 Facebook integration
We have included the link to Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the graphic, you will be redirected to Facebook and only then will user information be transferred to Facebook. For more information on the purpose and scope of data collection, please visit: https://de-de.facebook.com/policy.php
8.5 Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably. The legal basis for this is Art. 6 para. 1 lit. f DSGVO.
By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in section 3.2 of this declaration are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out first. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
9. use of apps
Through our pages you can get our app "APPMyBox". With APPMyBox you organize and archive boxes and items in your smartphone, by means of a QR code with which all Rotho storage boxes are provided. To register for the app, enter your last name, first name and other business information. This information is required for the fulfillment of the contract and is stored on our servers for as long as it is necessary for the fulfillment of the service. The legal basis for this is Art. 6 para. 1 lit b DSGVO. When you use the app, our servers temporarily record the IP address of your device and other technical characteristics, such as the requested content (Art. 6 para. 1 lit. b DSGVO). Beyond that, Rotho does not use the data. In this app, you have the option to use various functionalities provided by a third party (e.g. Apple or Google) and used as data controller. For details on the functionality and how you can switch the use on or off, please contact the respective operating system manufacturer.
In order to use the app on your device, the app must be able to access various functions and data on your end device. For this purpose, it is necessary that you grant certain authorizations (Art. 6 para. 1 lit. a DSGVO). The authorization categories are programmed differently by the various manufacturers. For example, on Android, individual authorizations are combined into authorization categories and you can also only agree to the authorization category as a whole.
You can revoke this consent at any time. Please note, however, that in the event of an objection you may not be able to use all the functions of our app.
10. data subject rights
You have the right,
a)requestinformation on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 DS-GVO);
b) demand the correction or completion of incorrect or incomplete data (Art. 16 DS-GVO);
c)revoke a given consent at any time with effect for the future to (Art. 7 para. 3 DS-GVO);
d)object todata processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Article 21 (1) of the GDPR). ;
e) in certain cases, within the framework of Art. 17 DS-GVO, to demand the deletion of data - in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
f) under certain conditions, to demand the restriction of data, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 DS-GVO);
g) to data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and transmit it to others if necessary (Art. 20 DS-GVO).
If you have given your consent to the use of data, you can revoke this consent at any time with effect for the future.
All requests for information, deletion and correction, requests for information, requests for data portability, objections to data processing, etc. should be sent by e-mail to email@example.com.
If you are of the opinion that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you may also contact the competent data protection supervisory authority, such as the Data Protection Commissioner of the State of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).
11. data security
We maintain up-to-date technical and organizational measures to ensure the security of processing, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art, the protection requirements of the personal data and the risks to your rights and freedoms.
12. changes to the data protection notice
We reserve the right to change the data protection information in order to adapt it to changes in the legal situation or to changes in our offers.
Status: May 2018