DATA PRIVACY STATEMENT OF THE ROTHO Group
The protection of your personal data is of particular importance to us. We therefore process your data exclusively on the basis of legal provisions, and observing the applicable data protection regulations. In this data privacy statement, we notify you of the data processing done within the scope of our websites www.rotho.com, www.appmybox.com, www.aalta.com, www.madeibox.com, www.modlife.ch, www.rotho-renew.com, www.rotholoft.com, www.rothopro.com, mypet.rotho.com as well as when using our webshops (www.rothoshop.de, www.rothoshop.at, www.rothoshop.ch, www.rothoshop.nl).
1. Data Controller
The data processing on our websites is done by the respective website operator, a company of the Rotho Group. The responsible representatives and their contact details can be seen in the legal notice of the respective website.
2. Data Protection Controllers
The Data Protection Controllers of the Rotho Group can be contacted as follows:
Robert Thoma GmbH
FAO The Data Protection Controllers
Tel.: +49 351 2820 51 75
3. Processing of data
3.1 General, deletion
Personal data comprises all data which makes you identifiable as a person, such as your name, address, e-mail address and online credentials.
The personal data of our users is used as follows:
- To provide our services,
- To ensure technical support.
We only transfer personal data to third parties if this is done on the basis of their consent, and is necessary for invoicing purposes (executing bank transactions), the delivery of goods (delivery by postal service operators) or for any other reason, to fulfil our contractual obligations to you.
Personal data is deleted as soon it has fulfilled its purpose and provided the deletion does not conflict with storage obligations.
3.2 Informational use of our website
The pure informational use of our website, i.e. if you do not register or login to use the website, or if you transfer information to us in any other way, we will not collect any personal data, except for data transmitted by your browser, to make it possible to visit the website. This data is:
- The IP address
- The date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- The quantity of any data transferred
- The website from which the request comes
- The browser
- The operating system and its interface
- The language and version of the browser software.
We save this data in the form of log files for a limited period of time, so that we can analyse and rectify any technical problems. The legal basis for this is Art. 6, paragraph 1f, GDPR. Due to the nature of the internet, it is necessary for this data to be processed on a range of servers, before your request reaches our web server. Consequently, the collection and use of data in “third-party countries” (e.g. in the USA) is also possible. Our company has no influence on this process. Aside from reasons of technical necessity, the provider of this website does not transfer any personal data to countries outside of the area of application of the EU Data Protection Regulation, or without a suitable level of data protection.
In addition to the pure informational use of our website, we also offer a range of services which you can use if you are interested. To do so, you normally have to provide personal data, which we will use to provide the respective service. If additional voluntary details are possible, they are marked accordingly.
3.3 Contact form
If you want to contact us via this website or by e-mail, your e-mail address, name, address, telephone number and other details you have specified, are saved by us to answer your questions. Queries are answered by unencrypted e-mail. The data collected in accordance with this is deleted six months after contact, provided there is no need to save it for longer. Provided no legal storage periods apply, the data is blocked.
The data processing is done on the basis of legal provisions of Art. 6, paragraph 1a (consent) and b (execution of contract), EU-GDPR. The processing, in particular communication by non-encrypted e-mail, is legal, provided you have given your consent for it. You can reject your consent at any time with effect for the future.
If you wish to receive the newsletter offered on the website, we require an e-mail from you, as well as information which allows us to verify that you are the owner of the specified e-mail address and agree to the receipt of the newsletter. We exclusively use this data for the delivery of the requested information. The legal basis for this is Art. 6, paragraph 1a, GDPR.
You can reject your consent to the saving of the data, the e-mail address and the use of this data to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
3.5 The use of our web shop, creating a customer account
When making a purchase via our web shop, we collect personal data needed to process the order. This concerns the following data: Name, e-mail address, street address, post code, city, telephone number, payment details. Plus your order data: Article, date, order number, means of payment and invoice number. We save and use your data for the purpose of executing the contract. To do so we work with payment service providers and delivery services. The legal basis for this is Art. 6, paragraph 1 b) of the GDPR. Mandatory details required to process the orders are marked separately, other details are voluntary. The legal basis for the processing is Art. 6, paragraph 1 a) and b) of the GDPR.
We delete your order data as soon as we are no longer legally obliged to save it, i.e. in general, 10 years after your order. After the expiry of the warranty period, we will limit the processing, i.e. your data is only used to comply with legal obligations.
To prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted with SSL.
If you want to order something from our webshop, you have the choice to just enter the data necessary for the order once, or to create a customer account, in which your data is saved for any future purchases.
Once you have created an account, the data you have provided is revocably saved under “My Account”. You can delete the account at any time in the customer area.
4. Transfer of data within the Rotho Group involving foreign elements
The transfer of personal data within the companies of the Rotho Group is done for internal administrative purposes concerning central customer support and order processing. The recipients of personal data for processing are the companies of the Rotho Group, in particular Rotho Kunstoff AG in Würenlingen (Switzerland) and our production sites in Poland. The Rotho Group obliges its companies, by internal guidelines, to implement technical-organisational measures in order to guarantee safe processing.
These websites use so-called cookies. Cookies are used to make our website more user-friendly, effective and safer. Cookies are small text files which are stored on your computer and are saved by your browser.
- Transient cookies (for temporary use)
- Persistent cookies (for time-limited use)
- Third party cookies (from third party providers)
Transient cookies are deleted automatically, when you close the browser. In particular, they include session cookies. They save a so-called session ID, which allows the various requests of your browser to be allocated to a common session. This allows your computer to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a specified period of time, which can differ per cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings as you wish and, for example, reject the acceptance of third party cookies or all cookies. We would, however, like to point out that doing so may mean that you are unable to use all of the functions of this website.
This saved information is stored separately from any other data provided to us. In particular, the data of the cookies is not linked with any other data of yours.
You can make settings in your browser so that you are notified about the setting of cookies, only allow cookies in individual cases, reject the acceptance of cookies for particular cases or in general, as well as automatically delete cookies when the browser is closed. If cookies are deactivated, the functioning of this website may be restricted.
6. Analysis services
On our website we have integrated analysis tools for marketing purposes and to optimise our offer. Therefore, the data which are described under section 3.2 of the data protection Statement are transmitted. The legal basis for this is Art. 6, paragraph 1f, GDPR.
6.2 Google Analytics
Our websites use Google Analytics, a web analyst service of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”). Google Analytics uses “cookies”, text files which are saved on your computer and which allow an analysis of the use of the websites by you. The information generated by the cookie about your use of these websites is normally transferred to a server of Google in the USA and saved there. We use IP anonymisation on our websites. In this process, your IP address is first shortened by Google within member states of the European Union or in other EEA countries. Only in exceptions is the full IP address first sent to a server of Google in the USA, and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, to compile reports about the website activities and to provide other services for the website operator associated with the use of the website and the internet.
The IP address transferred by your browser due to Google Analytics is not consolidated with other data of Google.
You can prevent the saving of cookies by making corresponding settings in your browser software; we would, however, like to point out that in this case all of the functions of this websites many not be able to be used.
You can also prevent the recording of data generated by the cookies and related to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout.
You can prevent the recording of your data by Google Analytics, by clicking on the following link. This sets an opt-out cookie, which prevents the recording of your data on future visits to this website: Deactivate Google Analytics.
More information about the handling of user data by Google Analytics can be found in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245.
The use of Google Analytics is done in accordance with the prerequisites that the German data protection authorities have agreed with Google. Information about the third party provider: https://support.google.com/analytics/answer/6004245, as well as the data privacy statement: https://policies.google.com/privacy. Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
In our web shops we use Econda, an analysis tool of Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe. To allow this website to be designed according to the visitor’s needs and to optimise the page, anonymised data is collected and saved by the solutions and technology of Econda GmbH, and user profiles are created from this data using pseudonyms. Cookies, which allow the recognition of an internet browser, can be used for this purpose. User profiles are, however, not compiled with data about the holder of the pseudonym without the explicit consent of the user. In particular, IP addresses are made unrecognisable after receipt, thereby making it impossible to allocate user profiles to IP addresses. The analysis of user behaviour is done on the basis of Art. 6, paragraph 1f, GDPR. The website operator has a justified interest in the anonymised analysis of the user’s behaviour, so that it can optimise both its website and its adverts.
7. Online – Advertising (Google Adwords)
The legal basis for the processing of your data is Art. 6, paragraph 1f, GDPR.
We use the services of Google Adwords to make visitors of external websites aware of our attractive offers using an advertising tool (so-called Google Adwords). We can track how successful the individual advertising measures are in relation to the data. Our interest here is to show you an advert which is interesting to you, allowing us to design our website so that it is more interesting to you and to achieve a fair price for advertising costs.
These advertising tools are provided by Google via so-called “Ad servers”. To do so we use Ad Server cookies, which provide certain parameters for measuring success, such as the number of fade-ins or clicks by the user. If you reach our website via a Google advert, a cookie is saved on your PC by Google Adwords. These cookies normally become invalid after 30 days and should not be used to identify you in person. With this cookie, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) as well as opt-out information (a note that the user no longer wishes to be contacted) are normally also saved as analysis values.
These cookies allow Google to recognise your internet browser. If a user visits particular pages on the website of an Adwords customer, and the cookie saved on his/her computer has not yet expired, Google and the customer can see that the user clicked on the advert and was forwarded to this page. Each Adwords customer is allocated a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. We do not collect and process any personal data in the afore-mentioned advertising measures. We merely receive statistical evaluations from Google. Using these evaluations, we can see which of the advertising tools used are particularly effective. We do not receive any data from the use of advertising tools, in particular, we are not able to identify users using this information.
Based on the marketing tools used, your browser automatically creates a direct connection with the Google server. We have no influence on the extent and further use of data, which is collected by the use of this tool by Google and hereby notify you about the state of our knowledge: By linking Adwords, Google receives information that you have accessed the corresponding part of our website or have clicked on an advert of ours. If you are registered with a Google service, Google is able to allocate the visit to your account. Even if you are not registered with Google, or you are not logged in, it is still possible for the provider to discover your IP address and save it.
You can prevent the participation in this tracking process in a variety of ways: a) by making a corresponding change to the settings in your browser software, in particular, rejecting third party cookies means that you do not receive any adverts from third party providers; b) by deactivating the cookies for tracking, by adjusting your browser settings so that cookies from the ” www.googleadservices.com” domain are blocked via https://www.google.com/settings/ads, whereby this setting is deleted if you delete your cookies; c) by deactivating the interest-based ads of the provider, which are part of the self-regulated “About Ads” campaign, via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by the permanent deactivation of ads in your browser (Firefox, Internet Explorer or Google Chrome) via the link: http://www.google.com/settings/ads/plugin. We hereby point out that, in this case, not all of the functions of this website may be able to be used.
Further information about data protection at Google can be found here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org/. Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
8. The use of social media plug-ins on madeibox.com
We currently use the following social media plug-ins: Facebook, Google+, Twitter, Xing, LinkedIn, Pinterest. We apply the so-called “two-click” solution for them. That means, when you visit our website, no personal data is forwarded at first to the plug-in provider. You can recognise the provider of the plug-in by the marking on the box above its respective initial letter, or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via this button. Only if you click on the marked field and then archive it, does the plug-in provider receive the information that you have visited the corresponding website of our online presence. Furthermore, the data stated in section 3.2 of this statement is transferred. In the case of Facebook and Xing, the IP address is immediately anonymised according to the specifications of the respective provider in Germany. By activating the plug-ins, personal data is therefore transferred by you to the respective plug-in provider, and saved there (by US providers, in the USA). As the plug-in provider collects data in particular via cookies, we recommend deleting all cookies using the safety settings of your browser, before you click on the grey box.
We have no influence on the collected data and the data processing methods, and we are also not aware of the full scope of the data collection, the purpose of the processing and the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.
The plug-in provider saves the data collected about you in user profiles, and uses it for advertising and market research purposes, and/or for the legitimate design of their website. In particular, these analyses result in relevant advertising being shown (including for users who are not logged in), and are also used to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created. To exercise it, you must contact the respective plug-in provider. With the plug-ins we give you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as the user. The legal basis for the use of the plug-ins is Art. 6, paragraph 1 lit. 1f, GDPR.
The forwarding of data occurs irrespective of whether you have an account with this plug-in provider and are logged into it. If you are logged in to the plug-in provider, the data we have collected about you is directly linked to your account with the plug-in provider. If you click the activated button, for example to share the page, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you regularly log out of social networks after using them, in particular, however, before clicking on the button, as by doing so you can prevent an allocation to your profile with the plug-in provider.
Further information about the purpose and scope of data collection and data processing by the plug-in provider is available in the following data privacy statements of these providers. There you can also find further information about your rights and customisation options in respect of the protection of your privacy.
Please find the addresses of the respective plug-in providers and the URLs with the data privacy statements here:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the collection of data: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
f) Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, https://policy.pinterest.com/en/privacy-policy.
9. Linking third party services (LinkedIn, YouTube)
The linking of the third party services described below is done in the interest of presenting our online content in an appealing way. This represents a justified interest as per Art. 6, paragraph 1f, GDPR.
9.1 Linking of LinkedIn
We currently provide a link to LinkedIn on some of our pages via a so-called social bookmark. To ensure that you have full control over your data, LinkedIn is merely embedded as a link. After clicking on the linked image, you are forwarded to the LinkedIn website and only then is user data transferred to LinkedIn.Further information about the purpose and scope of the data collection and its processing by LinkedIn can be seen in their data privacy guidelines:LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
9.2 Integration of YouTube videos
We have embedded YouTube videos into our web presence. These are stored on http://www.YouTube.com and are directly playable on our website.
When you visit our website, YouTube receives the information that you have visited the respective page of our website. Furthermore, the data stated in section 3 of this statement is transferred. This occurs irrespective of whether you have a YouTube account that you are logged into, or whether you do not have a YouTube account. If you are logged in to Google, this data is directly linked to your account. If you do not wish your interaction with these videos to be linked to your YouTube profile, you must log out before activating the button. YouTube saves your data as a user profile, and uses it for advertising and market research purposes, and/or for the legitimate design of their website. In particular, such analyses result in relevant advertising being shown (including for users who are not logged in), and also to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created. To exercise it, you must contact YouTube.
Further information about the purpose and scope of data collection and data processing by YouTube is available in their data privacy statement. There you can also find further information about your rights and customisation options in respect of the protection of your privacy. https://policies.google.com/privacy?hl=en Google also processes your personal data in the USA, and is subject to the terms of the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
9.3 Linking of Instagram
We have included a link to Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our websites. After clicking on the image, you are forwarded to Instagram and only then is data transferred to Instagram. Further information about the purpose and scope of data collection is available at: https://instagram.com/about/legal/privacy/.
9.4 Linking of Facebook
We have included a link to Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the image, you are forwarded to Facebook and only then is user information transferred to Facebook. Further information about the purpose and scope of data collection is available at: https://en-gb.facebook.com/policy.php
9.5 Linking of Google Maps
On this website, we use Google Maps. Thereby, we can show you an interactive map directly on our website and we enable you the comfortable usage of the map function. Legal Basis is Art. 6 sec. 1 lit. f GDPR.
By surfing on this website, Google receives the information that you did access the corresponding subpage of our webpage. Therefore, the personal data that are described in section 3.2 of the data protection Statement are transmitted. This happens independently of whether Google provides a user account you are logged in or there does not exist a user account.
If you are logged into your Google account, your data will be assigned to your account directly. If you do not want that your data will be directly assigned to your Google profile, you need to log off before. Google saves your personal data as user profiles and uses your personal data for purposes like advertising, market research and/or needs-based design of Google’s website. Such a data processing is particularly made (even for users which are not logged in) to create personalized advertisements and to inform other users of the social network about your activities on our website. You have the right to object the creation of such a user profile but you need to address this request directly to Google.
You can receive further information about the purpose and the extent of the data collection and their processing through the plug-in provider in the privacy statement of the plug-in provider. There, you will also receive further information about your rights relating thereto and possibilities to change the privacy setting to protect your personal data: https://policies.google.com/privacy?hl=en-GB.
Google does also process your personal data in the US and has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.
10. Fan pages on Facebook, Xing, LinkedIn, Instagram, Youtube and Twitter
Rotho operates fan pages on Facebook, Xing, LinkedIn, Instagram, YouTube and Twitter. These pages are operated on the basis of our justified interests in a contemporary and supporting opportunity to inform and interact with our users and visitors as per Art. 6, paragraph 1f, GDPR.
In the event of access to the afore-mentioned websites of Rotho on social networks, various data is compiled such as the transferred quantity of data, the IP address used or the time of access. The respective network operator sets cookies to save this information, and to use it later, which are small text files saved on the various end devices of the user. If the user has a corresponding profile on the network and is logged in, the saving and analysis is also done across several devices.
The technical access and the further use of this data, which occurs within the scope of the access to the fan page, is generally the responsibility of social network operator. Rotho has neither access to the recorded usage data nor can we determine how this data is used by the operator of the network.
Furthermore, we would like to point out that the data processing by the social networks could occur outside of the EU or the EEA. For more details about the handling of the collected data by the social network, please contact the respective operator of the social network.
The respective data privacy statements can be found at:
11. The use of apps
You can download our app “APPMyBox” via our website. With appmybox, you can organise and archive boxes and objects clearly in your smartphone, using the unique QR code provided on all storage boxes from Rotho. To register for the app, enter your surname, first name and other business information. These details are necessary for the execution of the contract and are saved on our servers as long as is necessary for the performance of the service. The legal basis for this is Art. 6, paragraph 1b, GDPR. If you use the app, our server temporarily records the IP address of your device and other technical characteristics, such as the content of the request (Art. 6, paragraph 1b, GDPR). Furthermore, this data is not used by Rotho. In this app you have the opportunity to use a range of functions, which are provided by a third party (e.g. Apple or Google) responsible for the data processing. For details about the function, and how to switch the usage on and off, please enquire with the respective operating system manufacturer.To be able to use the app on your device, the app must be able to access various functions and data of your end device. For this, it is necessary for you to provide certain authorisations (Art. 6, paragraph 1a, GDPR). The authorisation categories are programmed differently by various manufacturers. With Android devices, for example, individual authorisations are consolidated into authorisation categories, and you can also only agree to the overall authorisation category.
You can revoke this consent at any time. Please be aware, however, that in the event of rejection, it may not be possible to use all the functions of our app.
12. Rights of affected people
You have the right
a) to request information about the categories of processed data, the processing purposes, any recipients of data, the planned duration of storage (Art.15 EU-GDPR);
b) to request the correction or supplementation of incorrect or incomplete data (Art. 16, EU-GDPR);
c) to revoke any consent given, with effect for the future (Art. 7, paragraph 3, EU-GDPR);
d) to reject the processing of data, based on a justified interest, for reasons which arise due to your own special situation (Art. 21, paragraph 1, EU-GDPR);
e) in specific cases within the scope of Art. 17, EU-GDPR, to request the deletion of data – in particular if the data is no longer required for the intended purpose or is processed illegally, if you have revoked your consent as per (c) or have declared your rejection as per (d) above;
f) to request the restriction of data under certain conditions, if a deletion is not possible or the obligation to delete is disputed (Art. 18, EU-GDPR);
g) to request the transfer of data, i.e. you can receive the data which you have provided to us in a normal machine-readable format, such as CSV, and where necessary transfer it to others (Art. 20, EU-GDPR).
If you have provided consent for the use of your data, you can revoke this at any time with effect for the future.
Please send all information, deletion and correction requests, requests for information, requests for data transfer, rejections of data processing etc. by e-mail to firstname.lastname@example.org.
If you are of the opinion that the processing of your data violates the data protection right, or that your data protection law claims have been violated in any other way, you can also contact the responsible data protection supervisory authorities, such as the Data Protection Commissioner of the State of Baden-Württemberg ( https://www.baden-wuerttemberg.datenschutz.de/).
13. Data security
We undertake the latest technical and organizational measures to ensure the processing is safe, in particular to protect your personal data from hazards due to the transfer of data as well as to prevent third parties gaining knowledge of it. They are adjusted to meet the latest state of technology, the need to protect personal data and the risks to your rights and freedoms.
14. Change to data protection guidelines
We reserve the right to change the data protection guidelines, to adjust them to the altered legal situation or changes to our offers.
Last updated: August 2018