Privacy Policy

Privacy Policy

ROTHO Group PRIVACY POLICY

The protection of users' personal data is particularly important to us. For this reason, we process user data exclusively on the basis of legal provisions and in accordance with the relevant data protection regulations. This data protection declaration explains how data is processed on our websites ( www.rotho.com , www.appmybox.com , www.madeibox.com , modlife.ch , rotho-renew.com , www.rotholoft .com , www.rothopro.com , mypet.rotho.com ) as well as in our webshops ( www.rothoshop.de , www.rothoshop.at , www.rothoshop.ch , www.rothoshop.nl ).

  1. Data controller

Data processing on our websites is carried out by the respective website operator, a company of the Rotho Group. The responsible representatives and their contact details are listed in the legal notices of the website.

  1. Data Protection Officer

You can contact the Rhoto Group data protection officer in the following ways:

Robert Thoma GmbH
to the data protection officer
Hauptstr. 84
79733 Gorwihl

Email: datenschutz@rotho.com
Tel.: +49 351 2820 51 75

  1. Data processing

3.1 General, cancellation

Personal data means all data that allows us to trace your identity, such as name, address, email addresses and online identifiers.

Our users' personal data is used for the following purposes:

  1. provide our services,
  2. ensure technical support.

We transmit personal data to third parties, only with your consent, for billing purposes (carrying out banking transactions), for the delivery of goods (delivery by postal service providers) or if it is necessary to fulfill our obligations contractual agreements with users.

Personal data is deleted as soon as it has fulfilled its purpose and if there is no obligation to retain it.

3.2 Informational use of our website

In case of purely informational use of the website, i.e. if you do not log in to use it, register or transmit information in any other way, we do not collect any personal data, with the exception of the data that the browser transmits to allow the user to visit the website. That is, the following data:

  • IP address
  • date and time of the request
  • time zone difference from Greenwich Mean Time (GMT)
  • content of the request (specific page)
  • HTTP login status/status code
  • amount of data transmitted
  • website from which the request comes
  • browser
  • operating system and interface
  • browser software language and version.

We store this data in the form of log files for a limited period of time, in order to be able to analyze and resolve any technical problems. The legal basis is art. 6 par. 1 letter f DSGVO. Due to the nature of the Internet, this data is inevitably processed on a large number of servers until the request arrives at our web server; therefore, collection and use may also occur in "Third Countries" (for example, the United States). Our company cannot influence this process in any way. Except for these technical constraints, the website provider does not transmit any personal data to countries that do not fall within the scope of the EU General Data Protection Regulation or do not have an adequate level of data protection.

In addition to the purely informational use of our website, you can use it to take advantage of various services we offer. Normally this involves the communication of further personal data, which is used to provide the requested service. Further information that can be provided on a voluntary basis is specifically indicated.

3.2 Contact form

By contacting us via the form on the website or by email, the email address, name, address, telephone number and other data provided by you will be stored to answer the questions you ask. Requests are processed via unencrypted emails. The data collected in these ways is deleted 6 months after contact, unless it is necessary to keep it longer. If there are retention periods required by law, the data will be frozen.

The data processing takes place on the basis of the legal provisions of the art. 6 par. 1 letter a (consent) and b (performance of contract) GDPR. The processing, in particular communication via unencrypted e-mail, is lawful only if the user has given his consent to the processing. You can revoke your consent at any time with effect for the future.

3.3 Newsletters

If you wish to receive the newsletter offered on the website, we require an email address and information that allows us to verify that the email address provided belongs to the applicant and that he or she agrees to receive the newsletter. This data is used exclusively for sending the requested information. The legal basis is art. 6 par. 1 letter to GDPR.

You can revoke your consent to the storage of your data, your email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

3.4 Use of our webshops, creation of a customer account

When you make a purchase through our web shops, the personal data necessary for processing your order is collected. That is, the following data: name, e-mail address, street, postal code, city, telephone number, payment data. As well as the order data: item, date, order number, payment method and invoice number. We store and use the data for the purpose of contract fulfillment. To this end we collaborate with payment service providers and delivery services. The legal basis is art. 6 par. 1 letter b) GDPR. The mandatory information required for the processing of contracts is expressly indicated, while the other information is optional. The legal basis of the processing is art. 6 par. 1 letter a or b GDPR.

We delete the order data as soon as the statutory retention periods expire, i.e. in principle up to 10 years after the order. After the warranty periods have expired, data processing is already limited and the collected data can only be used to fulfill legal obligations.

To avoid unauthorized access by third parties to personal data, in particular financial data, the ordering process is encrypted using SSL technology.

If you want to place an order in our webshop, you can choose whether to enter the necessary data only for this specific order or whether to create a customer account in which the data will be stored for future purchases.

When you create an account under "My Account", the data you provide is stored with the right to be revoked. You can always delete your account from the customer area.

  1. Sharing within the Rotho Group, cross-border implications

The transmission of personal data within Rotho Group companies takes place for internal administrative purposes of central customer service and order processing. The recipients of personal data for processing are the Rotho Group companies, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) or our production facilities in Poland. These companies are obliged by Rhoto Group, through internal guidelines, to implement organizational technical measures to guarantee the safety of the processing.

  1. Cookies

These Internet pages use so-called cookies. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

We use cookies to identify you on subsequent visits if you have an account. Otherwise, you will need to log in again each time you visit. The legal basis is art. 6 par. 1 letter to GDPR. This website uses the following cookies:

  • transient cookies (temporary use)
  • persistent cookies (use limited in time),
  • third-party cookies (from third-party suppliers).

Transient cookies are automatically deleted when you close your browser. These include in particular session cookies, which store a so-called session ID, with which various browser requests can be assigned to a single session. This allows us to recognize your computer when you return to the site. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a predefined period of time, which may vary depending on the cookie. You can delete cookies in your browser security settings at any time.

You can configure your browser settings according to your preferences and, for example, refuse third-party cookies or all cookies. However, in this case, you may not be able to use all the functions of the website.

This information is stored separately from all other data you provide. In particular, cookie data is not linked to other user data.

You can set your browser so that you are informed about the setting of cookies and allow them only in individual cases, exclude their acceptance for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the website may be limited.

  1. Analysis services

6.1 Purpose of the analysis tools

We have integrated analysis tools into our websites for marketing purposes and to optimize our offers. For this purpose, the data referred to in point 3.2 are transmitted. The legal basis is art. 6 par. 1 letter to GDPR.

6.2 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc, Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer to allow the website to analyze how users use the site. The information generated by the cookie

about the use of these web pages are usually transmitted to a Google server in the Netherlands and stored there. However, your IP address will be truncated beforehand and anonymized by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to the use of the website and the Internet to the website operator. The data will not be transmitted. The data collected is not associated with data from other sources.

Data processing with Google Analytics on our website is based on Art. 6 par. 1 letter to GDPR. Consent is voluntary and can be revoked at any time with effect for the future by changing the current settings in our cookie banner.

You can also prevent the storage of cookies by setting your browser software appropriately.

You can also prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google by opening this link and downloading and installing the browser plug-in.

For more information about the processing of user data with Google Analytics, please see Google's privacy policy .

Google Analytics is used in accordance with the conditions agreed with Google by the German data protection authorities.

Information from the third-party provider: http://www.google.com/intl/de/analytics/learn/privacy.html and privacy policy: http://www.google.de/intl/de/policies /privacy .

6.3 Econda

In our webshops we use Econda, an analysis tool from econda GmbH, Zimmerstr. 6, 76137 Karlsruhe. In order to personalize and optimize the website, the solutions and technologies of econda GmbH collect and store anonymous data and, based on this, create user profiles under pseudonyms. Cookies can be used for this purpose, which enable the recognition of an Internet browser. However, usage profiles cannot be associated with data relating to the bearer of the pseudonym without the explicit consent of the visitor.

In particular, IP addresses are rendered unrecognizable immediately upon receipt, which means that it is not possible to associate usage profiles with IP addresses. The analysis of user behavior is based on art. 6 par. 1 letter to GDPR. The website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize its website and advertising.

You can find more information about Econda's processing of user data here: https://www.econda.de/datenschutz-dsgvo-eprivacy/

  1. Online advertising (Google Adwords)

7.1 Legal basis

The legal basis for data processing is art. 6 par. 1 letter to GDPR.

7.2 Purpose of using Google Adwords

We use the Google Adwords service to advertise our interesting offers on external websites with the help of advertising media (so-called Google Adwords). We can evaluate the success of individual promotional initiatives through advertising campaign data. In this way, we strive to display advertising that is of interest to users, to make our website more attractive and to obtain a reasonable economic return from advertising costs.

These advertisements are served by Google via so-called "Ad Servers". To this end, we use Ad Server cookies, through which it is possible to measure certain parameters to evaluate effectiveness, such as the display of ads or user clicks. By accessing our website via a Google advert, Google Adwords will store a cookie on your PC. These cookies typically expire after 30 days and are not intended to identify the user. The unique cookie ID, number of ad impressions per ad (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be contacted) are usually stored as analysis values ​​for this cookie.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can verify that the user clicked on the ad and was redirected to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be tracked across the websites of Adwords customers. We ourselves do not collect and process any personal data in the context of the aforementioned advertising initiatives, but only receive statistical evaluations from Google. Based on these evaluations, we can see which advertising initiatives used are particularly effective. We do not receive any further data from the use of advertising media; in particular, we cannot draw conclusions about your identity based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We can in no way influence the scope and further use of the data collected by Google through the use of this tool. We are only aware of the following: Through the integration of AdWords, Google becomes aware that the user has called up the corresponding part of our website or clicked on one of our advertisements. If the user is registered with a Google service, Google can associate the visit with this account. Even if you are not registered with Google or are not logged in, it is possible that the provider will obtain and store your IP address.

You can avoid participating in this tracking process in various ways:

  1. a) through an appropriate setting of your browser software, in particular the suppression of third-party cookies which will block adverts;
  2. b) by disabling tracking cookies, setting the browser to block cookies coming from the "www.googleadservices.com" domain, https://www.google.de/settings/ads, a setting which will be eliminated at the time of deletion of cookies;
  3. c) by disabling interest-based ads from suppliers who are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, a setting that will be eliminated when cookies are deleted;
  4. d) by permanently disabling it in the Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. In this case you may not be able to fully use all the functions of the website.

Further information on data protection at Google can be found at the following links: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

  1. Integration of third-party services (LinkedIn, YouTube)

The integration of third-party services described below takes place for the purpose of providing an attractive presentation of our online offers. This constitutes a legitimate interest pursuant to art. 6 par. 1 letter to GDPR.

8.1 LinkedIn Integration

We currently provide access to LinkedIn via a so-called social bookmark on some of our pages. To ensure full control of the data, LinkedIn is only included as a link. After clicking on the embedded graphic, the user will be redirected to the LinkedIn page and only then his data will be transferred to LinkedIn.

For further information on the purpose and scope of data collection and processing by LinkedIn, please see the privacy policy:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy .

8.2 Integration with YouTube

(1) We have integrated YouTube videos into our online offering, which are stored at http://www.YouTube.com and can be played directly from our website.

(2) By visiting the website, YouTube is made aware that you have visited the corresponding subpage of our website. Furthermore, the data referred to in § 3 of this declaration will be transmitted. This occurs regardless of whether you are logged in to a YouTube-provided account or whether no account exists. If the user is logged in to Google, the data will be directly associated with the corresponding account. If you do not wish to be associated with your YouTube profile, you must log out of your profile before activating the button. YouTube stores user data as usage profiles and uses them for the purposes of advertising, market research and/or personalized presentation of its website. This evaluation is carried out in particular (even for users who are not logged in) to provide personalized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these profiles and must contact YouTube to exercise this right.

(3) For further information on the purposes and scope of data collection and processing by YouTube, please see the privacy policy. There you can also find further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the United States and has signed up to the EU-US Privacy Shield., https://www.privacyshield.gov/EU-US-Framework

8.3 Instagram integration

We have integrated the link to Instagram into some of our websites, provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. After clicking on the icon, the user will be redirected to Instagram and only then his data will be transferred. For more information on the purpose and scope of data collection, please see: https://instagram.com/about/legal/privacy/ .

8.4. Facebook integration

We have integrated the link to Facebook into some of our websites, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. After clicking on the icon, the user will be redirected to Facebook and only then his data will be transferred. For further information on the purpose and scope of data collection, please see: https://de-de.facebook.com/policy.php

8.5 Google Maps Integration

On this website we use the Google Maps service. This allows us to display interactive maps directly on the website and allows the user to conveniently use the map function. The legal basis is art. 6 par. 1 letter to GDPR.

By visiting the website, Google is made aware that you have visited the corresponding subpage of our website. Furthermore, the data referred to in point 3.2 of this declaration will be transmitted. This occurs regardless of whether the user is logged in to a Google-provided account or whether no account exists. If the user is logged in to Google, the data will be directly associated with the corresponding account. If you do not want to be associated with your Google profile, you must log out of your profile before activating the button. Google stores user data as usage profiles and uses them for the purposes of advertising, market research and/or personalized presentation of its website. This evaluation is carried out in particular (even for users who are not logged in) to provide personalized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these profiles and must contact Google to exercise this right.

For further information on the purpose and scope of data collection and processing by the plug-in provider, please see the provider's privacy policy. There you will also receive further information on your relevant rights and setting options for privacy protection: http://www.google.de/intl/de/policies/privacy.

  1. Using apps

You can get our application "APPMyBox" via our pages. APPMyBox allows you to organize and store boxes and objects on your smartphone, using a QR code that all Rotho storage boxes are equipped with. To register for the app, enter your last name, first name and other business information. This information is necessary for the execution of the contract and will be stored on our servers for the time necessary to provide the service. The legal basis is art. 6 par. 1 letter b GDPR. When you use the app, our servers temporarily record the IP address of your device and other technical characteristics, such as the requested content (art. 6 par. 1 letter b GDPR). Other than that, Rotho does not use the data in any way. Through this application you can take advantage of various features provided by third parties (e.g. Apple or Google) and use them as a data controller. For detailed information about the feature and how to enable or disable its use, contact the manufacturer of the operating system in question.

In order to use the app on your device, it must be able to access various functions and data on your device. For this purpose, the user must grant certain authorizations (art. 6 par. 1 letter a GDPR). Permission categories are programmed differently by various manufacturers. For example, with Android, individual permissions are combined into categories and the user can only accept them as a whole.

Consent can be revoked at any time. Please note, however, that in the event of an objection you may not be able to use all the functions of our app.

  1. Rights of interested parties

The user has the right

  1. a) to request information on the categories of data processed, the purposes of the processing, any recipients of the data, the expected retention period (Article 15 GDPR);
  2. b) to request the rectification or completion of incorrect or incomplete data (Article 16 GDPR);
  3. c) to revoke the consent given at any time with effect for the future (art. 7 par. 3 GDPR);
  4. d) to oppose the processing of data which must be carried out on the basis of a legitimate interest for reasons deriving from your specific situation (art. 21 par. 1 GDPR);
  5. e) to request the deletion of data in certain cases within the scope of the art. 17 GDPR, in particular if the data is no longer necessary for the intended purpose or is processed unlawfully, or if you have withdrawn your consent pursuant to point c) or have lodged an objection pursuant to of point d);
  6. f) to request the limitation of data under certain conditions, to the extent that deletion is not possible or the deletion obligation is contested (art. 18 GDPR);
  7. g) data portability, i.e. the possibility of receiving the data collected with your consent in a commonly used electronic format, such as CSV, and transmitting them to others if necessary (art. 20 GDPR).
  8. Opposition or revocation regarding data processing

The consent to the use of data granted by the user can be revoked at any time with effect for the future. As soon as the revocation is received by us, it will have immediate effect on the legitimacy of the processing of personal data.

If the processing of personal data is based on a balance of interests, you may object to this. This condition occurs if the processing is not required to fulfill a contract stipulated with the user, as indicated by us in the following description of the functions. When exercising such a revocation, you must explain why we should not process your personal data as we have done. In case of justified objection, we will re-examine the facts and stop or adapt the data processing or set out our legitimate reasons on the basis of which we will continue the processing.

Of course, you can object at any time to the processing of your personal data for advertising and data analysis purposes. You can object to the advertising at the following contact details: datenschutz@rotho.com .

Also for all other requests for information, cancellation, rectification, data, data portability, objections to data processing, etc. please email datenschutz@rotho.com .

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can also contact the competent data protection supervisory authority , such as that of Baden-Württemberg ( https://www.baden-wuerttemberg.datenschutz.de/ ).

Contact details of the Data Protection and Freedom of Information Officer of Baden-Württemberg:

Postfach 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
FAX: 0711/615541-15

Email: poststelle@lfdi.bwl.de

  1. Data security

We adopt advanced technical and organizational measures to ensure the security of processing, in particular to protect your personal data from risks during data transmission and prevent it from falling into the hands of third parties. These measures are adapted to the current state of technology, the need to protect personal data and the risks to the user's rights and freedom.

  1. Changes to the data protection information

We reserve the right to change the data protection information to adapt to legislative changes or changes to our services.

Updated: February 2021