The protection of your personal data is particularly important to us. We therefore process your data exclusively on the basis of the legal provisions and in compliance with the relevant data protection regulations. In this data protection declaration we inform you about data processing within the scope of our websites ( www.rotho.com , www.appmybox.com , www.aalta.com , www.madeibox.com , modlife.ch , rotho-renew.com , www.rotholoft.com , www.rothopro.com , mypet.rotho.com ) and when using our web shops ( www.rothoshop.de , www.rothoshop.at , www.rothoshop.ch , www.rothoshop.nl ).
1. Data Controller
The data processing on our websites is carried out by the respective website operator, a company of the Rotho Group. The responsible representatives and the contact details can be found in the imprint of the website.
2. Data Protection Officer
You can reach the data protection officer of the Rotho Group as follows :
Robert Thomas GmbH
Attn: the data protection officer
main street 84
Phone: +49 351 2820 51 75
3. Processing of data
3.1 General, Deletion
Personal data is all data that makes you identifiable as a person, such as name, address, e-mail addresses and online identifiers.
The personal data of our users is used as follows:
- the execution of our services,
- providing technical support.
We only transmit personal data to third parties if this is based on your consent, for billing purposes (carrying out bank transactions), the delivery of goods (delivery by postal service provider) or otherwise necessary to fulfill our contractual obligations towards you.
Personal data will be deleted as soon as they have fulfilled their purpose and the deletion does not conflict with any retention requirements.
3.2 Informational use of our website
If you only use the website for informational purposes, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website . These are:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access Status/HTTP Status Code
- amount of data transferred
- Website from which the request comes
- Operating system and its interface
- Browser software language and version.
We store this data in the form of log files for a limited time in order to be able to analyze and eliminate any technical problems. The legal basis for this is Article 6 (1) (f) GDPR. Due to the nature of the Internet, this data is inevitably processed on a large number of servers until your request arrives on our web server; therefore collection and use in "third countries" (e.g. the USA) is also possible. Our company has no influence on this process. Apart from these technical necessities, the provider of this website does not transmit any personal data to countries outside the scope of the EU General Data Protection Regulation or without an appropriate level of data protection.
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you usually have to provide additional personal data that we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.
3.2 Contact form
If you contact us using the form on the website or by e-mail, your e-mail address, your name, your address, your telephone number and other data you provide will be stored by us in order to answer your questions. Inquiries are answered by unencrypted e-mail. We delete the data arising in this context 6 months after contact has been made, provided that there is no need for longer storage. If there are statutory retention periods, the data will be blocked.
Data processing takes place on the basis of the legal provisions of Art 6 Para 1 lit a (consent) and b (performance of contract) GDPR. Processing, in particular communication via unencrypted e-mail, is lawful as long as you have given your consent to the processing. You can revoke your consent at any time with effect for the future.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . We use this data exclusively for sending the requested information. The legal basis is Article 6 (1) (a) GDPR.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.
3.4 Use of our web shops, creation of a customer account
When you shop in our web shop, personal data is collected that we need to process the order. This concerns the following data: name, e-mail address, street, zip code, city, telephone number, payment details. Also the data of your order: article, date, order number, payment method and invoice number. We store and use your data for the purpose of fulfilling the contract. For this we work together with payment service providers and delivery services. The legal basis for this is Art. 6 Para. 1 Letter b) GDPR. Mandatory information required for the processing of the contracts is marked separately, further information is voluntary. The legal basis for the processing is Art. 6 Para. 1 Letter a or b GDPR.
We delete your order data as soon as we are no longer legally obliged to store it, i.e. generally 10 years after your order. As soon as the warranty periods have expired, we will restrict the processing, ie your data will only be used to comply with legal obligations.
In order to prevent unauthorized access by third parties to your personal data, in particular financial data, the ordering process is encrypted using SSL technology.
If you would like to order something in our web shop, you have the choice of whether you only enter the data required for the order once for this order or whether you want to create a customer account in which your data will be saved for future purchases.
When you create an account under "My Account", the data you provide there will be stored revocably. You can always delete the account in the customer area.
4. Passing on within the Rotho Group, international connection
The transmission of personal data within the companies of the Rotho Group takes place for internal administration purposes of central customer care and order processing. The recipients of the personal data for processing are the companies of the Rotho Group, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) and our production sites in Poland. The Rotho Group obliges your company through internal guidelines to implement technical and organizational measures to ensure the security of processing.
This website uses so-called cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
- Transient cookies (temporary use)
- Persistent cookies (time-limited use),
- Third Party Cookies (from third parties).
Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and e.g. B. refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all the functions of this website.
This stored information is stored separately from any further data given to us. In particular, the data from the cookies are not linked to your other data.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
6. Analytics Services
We have integrated analysis tools on our websites for marketing purposes and to optimize our offers. For this purpose, the data specified under Section 3.2 will be transmitted. The legal basis for this is Article 6 (1) (f) GDPR
6.2 Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We use IP anonymization on our websites. Your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available at this link download and install. You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Disable Google Analytics .
Google Analytics is used in accordance with the requirements that the German data protection authorities have agreed with Google. Information from the third-party provider: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy . Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework .
In our web shops we use Econda, an analysis tool from Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe. For the needs-based design and optimization of this website, anonymous data is collected and stored using solutions and technologies from econda GmbH, and usage profiles are created from this data using pseudonyms. Cookies can be used for this purpose, which enable the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognizable immediately upon receipt, which means that usage profiles cannot be assigned to IP addresses. User behavior is analyzed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize both its website and its advertising.
For this purpose, we have entered into an order processing contract with Shopify, as your personal data is processed by Shopify. This is exclusively personal data that you have made available to us for the purpose of concluding the contract, such as your name, your billing address, your delivery address, your e-mail address, your telephone number and your payment information. The legal basis for this processing is Article 6 (1) (b) GDPR. We delete your order data as soon as we are no longer legally obliged to store them, i.e. up to 10 years after your order. As soon as the warranty periods have expired, we restrict the processing, ie your data will only be used to fulfill legal obligations.
You can object to data processing at any time and revoke your consent by sending an email to firstname.lastname@example.org . For more information, see No. 11 of this privacy statement.
The administrator uses the Clarity tool in his company - namely on the hosted website. This tool is provided by Microsoft Corporation (headquarters address: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA), to which data such as cursor movement, page scrolling, location, operating system and browser, among others, may be shared. The data collected does not allow any conclusions to be drawn about individual persons. For more information about the tool's privacy standards, see the link https://privacy.microsoft.com/en-us/privacystatement . In addition, you can use the following link: https://optout.aboutads.info/?c=2&lang=EN It is possible to deactivate the activity measured by Clarity. The settings can be changed directly after visiting the Administrator's website, after selecting the "Customize settings/Detailed settings" option in the window informing about the possible uses of the data and the tools used for this purpose.
7. Online advertising (Google Adwords)
The legal basis for the processing of your data is Article 6 (1) (f) GDPR.
We use Google Adwords to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the advertising campaign data, we can determine how successful the individual advertising measures are. We are interested in showing you advertising that is of interest to you, in making our website more interesting for you and in achieving a fair calculation of advertising costs.
These advertising media are delivered by Google via so-called "ad servers". To do this, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user does not wants to be addressed more) is saved.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Adwords customer is assigned a different cookie. This means that cookies cannot be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the user based on this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you according to our current level of knowledge: By integrating AdWords, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address.
You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly; in particular, suppressing third-party cookies means that you will not receive any third-party ads; b) by deactivating cookies for tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked, https://www.google.de/settings/ads, whereby these settings are deleted if you delete your cookies; c) by deactivating the interest-based ads of the providers who are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this offer to their full extent.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. Integration of third-party services (LinkedIn, YouTube)
The integration of the third-party services described below is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
8.1 Integration of LinkedIn
We are currently providing access to LinkedIn via a so-called social bookmark on some of our pages. So that you have full data control, LinkedIn is only included as a link. After clicking on the integrated graphic, you will be redirected to the LinkedIn page and only then will user data be transmitted to LinkedIn.
Get more information on the purpose and scope of data collection and processing by LinkedIn. You with their data protection notices:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy .
8.2 Integration of YouTube
(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
8.3 Integration of Instagram
We have integrated the link to Instagram, provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our websites. After clicking on the graphic, you will be redirected to Instagram and only then will user information be transferred to Instagram. Further information on the purpose and scope of data collection can be found at: https://instagram.com/about/legal/privacy/ .
8.4. Integration of Facebook
We have integrated the link to Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the graphic, you will be forwarded to Facebook and only then will user information be transmitted to Facebook. Further information on the purpose and scope of data collection can be found at: https://de-de.facebook.com/policy.php
8.5 Integration of Google Maps
On this website we use the offer of Google Maps. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for this is Article 6 (1) (f) GDPR.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 3.2 of this declaration will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must first log out. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.https://www.privacyshield.gov/EU-US- Framework.https://www.privacyshield.gov/EU-US-Framework.
9. Use of Apps
You can obtain our “APPMyBox” app from our website. With APPMyBox you can organize and archive boxes and objects on your smartphone using a QR code that all Rotho storage boxes are equipped with. To register for the app, enter your last name, first name and other business information. This information is required to fulfill the contract and will be stored on our servers for as long as is necessary to fulfill the service. The legal basis for this is Art. 6 Para. 1 lit b GDPR. When you use the app, our servers temporarily record the IP address of your device and other technical features, such as the requested content (Art. 6 Para. 1 lit. b GDPR). In addition, Rotho does not use the data. In this app you have the opportunity to use various functionalities that are provided by a third party (e.g. Apple or Google) and used as the person responsible for data processing. For details on the functionality and how you can switch use on or off, please contact the respective operating system manufacturer.
In order to be able to use the app on your device, the app must be able to access various functions and data on your end device. This requires that you grant certain permissions (Article 6 (1) (a) GDPR). The authorization categories are programmed differently by the various manufacturers. So e.g. For example, with Android, individual permissions are grouped into permission categories and you can only agree to the permission category as a whole.
You can revoke this consent at any time. Please note, however, that if you object, you may not be able to use all the functions of our app.
10. Data subject rights
You have the right,
a) Information to request categories of the processed data, processing purposes, any recipients of the data, the planned storage period (Art. 15 DS-GVO);
b) the correction or to request the addition of incorrect or incomplete data (Art. 16 GDPR);
c) a given consent at any time with effect for the future withdraw (Article 7 (3) GDPR);
d) to data processing that is to take place on the basis of a legitimate interest object, which arise from your particular situation (Art. 21 Para. 1 DS-GVO);
e) in certain cases within the framework of Art. 17 DS-GVO deletion to request data - in particular if the data is no longer required for the intended purpose or is being processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
f) under certain conditions restriction to request data if deletion is not possible or the obligation to delete is disputed (Article 18 GDPR);
g) on data portability, ie you can receive the data you have provided to us in a common machine-readable format such as CSV and, if necessary, transmit it to others (Art. 20 DS-GVO).
If you have given your consent to the use of data, you can revoke this at any time with effect for the future.
Please send all requests for information, deletion and correction, requests for information, requests for data portability, objections to data processing, etc. by e-mail email@example.com .
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in some way, you can also contact the responsible data protection supervisory authority, such as the data protection officer of the state of Baden-Württemberg (https: //www.baden-wuerttemberg.datenschutz.de/).
11. Data Security
We maintain current technical and organizational measures to ensure the security of processing, in particular to protect your personal data from dangers during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art, the protection requirements for personal data and the risks to your rights and freedoms.
12. Changes to Privacy Notice
We reserve the right to change the data protection information in order to adapt it to the changed legal situation or to changes in our offers.
Status: May 2018