You can prevent the recording of your data by Google Analytics, by clicking on the following link. This sets an opt-out cookie, which prevents the recording of your data on future visits to this website: Deactivate Google Analytics.

More information about the handling of user data by Google Analytics can be found in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245.

The use of Google Analytics is done in accordance with the prerequisites that the German data protection authorities have agreed with Google. Information about the third party provider: https://support.google.com/analytics/answer/6004245, as well as the data privacy statement: https://policies.google.com/privacy. Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

6.3 Econda

In our web shops we use Econda, an analysis tool of Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe. To allow this website to be designed according to the visitor’s needs and to optimise the page, anonymised data is collected and saved by the solutions and technology of Econda GmbH, and user profiles are created from this data using pseudonyms. Cookies, which allow the recognition of an internet browser, can be used for this purpose. User profiles are, however, not compiled with data about the holder of the pseudonym without the explicit consent of the user. In particular, IP addresses are made unrecognisable after receipt, thereby making it impossible to allocate user profiles to IP addresses. The analysis of user behaviour is done on the basis of Art. 6, paragraph 1f, GDPR. The website operator has a justified interest in the anonymised analysis of the user’s behaviour, so that it can optimise both its website and its adverts.

7.  Online – Advertising (Google Adwords)

7.1

The legal basis for the processing of your data is Art. 6, paragraph 1f, GDPR.

7.2

We use the services of Google Adwords to make visitors of external websites aware of our attractive offers using an advertising tool (so-called Google Adwords). We can track how successful the individual advertising measures are in relation to the data. Our interest here is to show you an advert which is interesting to you, allowing us to design our website so that it is more interesting to you and to achieve a fair price for advertising costs.

These advertising tools are provided by Google via so-called “Ad servers”. To do so we use Ad Server cookies, which provide certain parameters for measuring success, such as the number of fade-ins or clicks by the user. If you reach our website via a Google advert, a cookie is saved on your PC by Google Adwords. These cookies normally become invalid after 30 days and should not be used to identify you in person. With this cookie, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) as well as opt-out information (a note that the user no longer wishes to be contacted) are normally also saved as analysis values.

These cookies allow Google to recognise your internet browser. If a user visits particular pages on the website of an Adwords customer, and the cookie saved on his/her computer has not yet expired, Google and the customer can see that the user clicked on the advert and was forwarded to this page. Each Adwords customer is allocated a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. We do not collect and process any personal data in the afore-mentioned advertising measures. We merely receive statistical evaluations from Google. Using these evaluations, we can see which of the advertising tools used are particularly effective. We do not receive any data from the use of advertising tools, in particular, we are not able to identify users using this information.

Based on the marketing tools used, your browser automatically creates a direct connection with the Google server. We have no influence on the extent and further use of data, which is collected by the use of this tool by Google and hereby notify you about the state of our knowledge: By linking Adwords, Google receives information that you have accessed the corresponding part of our website or have clicked on an advert of ours. If you are registered with a Google service, Google is able to allocate the visit to your account. Even if you are not registered with Google, or you are not logged in, it is still possible for the provider to discover your IP address and save it.

You can prevent the participation in this tracking process in a variety of ways: a) by making a corresponding change to the settings in your browser software, in particular, rejecting third party cookies means that you do not receive any adverts from third party providers; b) by deactivating the cookies for tracking, by adjusting your browser settings so that cookies from the ” www.googleadservices.com” domain are blocked via https://www.google.com/settings/ads, whereby this setting is deleted if you delete your cookies; c) by deactivating the interest-based ads of the provider, which are part of the self-regulated “About Ads” campaign, via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by the permanent deactivation of ads in your browser (Firefox, Internet Explorer or Google Chrome) via the link: http://www.google.com/settings/ads/plugin. We hereby point out that, in this case, not all of the functions of this website may be able to be used.

Further information about data protection at Google can be found here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org/. Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

8. The use of social media plug-ins on madeibox.com

We currently use the following social media plug-ins: Facebook, Google+, Twitter, Xing, LinkedIn, Pinterest. We apply the so-called “two-click” solution for them. That means, when you visit our website, no personal data is forwarded at first to the plug-in provider. You can recognise the provider of the plug-in by the marking on the box above its respective initial letter, or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via this button. Only if you click on the marked field and then archive it, does the plug-in provider receive the information that you have visited the corresponding website of our online presence. Furthermore, the data stated in section 3.2 of this statement is transferred. In the case of Facebook and Xing, the IP address is immediately anonymised according to the specifications of the respective provider in Germany. By activating the plug-ins, personal data is therefore transferred by you to the respective plug-in provider, and saved there (by US providers, in the USA). As the plug-in provider collects data in particular via cookies, we recommend deleting all cookies using the safety settings of your browser, before you click on the grey box.

We have no influence on the collected data and the data processing methods, and we are also not aware of the full scope of the data collection, the purpose of the processing and the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.

The plug-in provider saves the data collected about you in user profiles, and uses it for advertising and market research purposes, and/or for the legitimate design of their website.  In particular, these analyses result in relevant advertising being shown (including for users who are not logged in), and are also used to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created. To exercise it, you must contact the respective plug-in provider. With the plug-ins we give you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as the user. The legal basis for the use of the plug-ins is Art. 6, paragraph 1 lit. 1f, GDPR.

The forwarding of data occurs irrespective of whether you have an account with this plug-in provider and are logged into it. If you are logged in to the plug-in provider, the data we have collected about you is directly linked to your account with the plug-in provider. If you click the activated button, for example to share the page, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you regularly log out of social networks after using them, in particular, however, before clicking on the button, as by doing so you can prevent an allocation to your profile with the plug-in provider.

Further information about the purpose and scope of data collection and data processing by the plug-in provider is available in the following data privacy statements of these providers. There you can also find further information about your rights and customisation options in respect of the protection of your privacy.

Please find the addresses of the respective plug-in providers and the URLs with the data privacy statements here:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the collection of data: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the terms of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
f) Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, https://policy.pinterest.com/en/privacy-policy.

9.  Linking third party services (LinkedIn, YouTube)

The linking of the third party services described below is done in the interest of presenting our online content in an appealing way. This represents a justified interest as per Art. 6, paragraph 1f, GDPR.

9.1 Linking of LinkedIn

We currently provide a link to LinkedIn on some of our pages via a so-called social bookmark. To ensure that you have full control over your data, LinkedIn is merely embedded as a link. After clicking on the linked image, you are forwarded to the LinkedIn website and only then is user data transferred to LinkedIn.Further information about the purpose and scope of the data collection and its processing by LinkedIn can be seen in their data privacy guidelines:LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

9.2 Integration of YouTube videos

We have embedded YouTube videos into our web presence. These are stored on http://www.YouTube.com and are directly playable on our website.

When you visit our website, YouTube receives the information that you have visited the respective page of our website. Furthermore, the data stated in section 3 of this statement is transferred. This occurs irrespective of whether you have a YouTube account that you are logged into, or whether you do not have a YouTube account. If you are logged in to Google, this data is directly linked to your account. If you do not wish your interaction with these videos to be linked to your YouTube profile, you must log out before activating the button. YouTube saves your data as a user profile, and uses it for advertising and market research purposes, and/or for the legitimate design of their website. In particular, such analyses result in relevant advertising being shown (including for users who are not logged in), and also to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created. To exercise it, you must contact YouTube.

Further information about the purpose and scope of data collection and data processing by YouTube is available in their data privacy statement. There you can also find further information about your rights and customisation options in respect of the protection of your privacy. https://policies.google.com/privacy?hl=en Google also processes your personal data in the USA, and is subject to the terms of the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

9.3 Linking of Instagram

We have included a link to Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, on some of our websites. After clicking on the image, you are forwarded to Instagram and only then is data transferred to Instagram. Further information about the purpose and scope of data collection is available at: https://instagram.com/about/legal/privacy/.

9.4 Linking of Facebook

We have included a link to Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on some of our pages. After clicking on the image, you are forwarded to Facebook and only then is user information transferred to Facebook. Further information about the purpose and scope of data collection is available at: https://en-gb.facebook.com/policy.php

9.5 Linking of Google Maps

On this website, we use Google Maps. Thereby, we can show you an interactive map directly on our website and we enable you the comfortable usage of the map function. Legal Basis is Art. 6 sec. 1 lit. f GDPR.

By surfing on this website, Google receives the information that you did access the corresponding subpage of our webpage. Therefore, the personal data that are described in section 3.2 of the data protection Statement are transmitted. This happens independently of whether Google provides a user account you are logged in or there does not exist a user account.
If you are logged into your Google account, your data will be assigned to your account directly. If you do not want that your data will be directly assigned to your Google profile, you need to log off before. Google saves your personal data as user profiles and uses your personal data for purposes like advertising, market research and/or needs-based design of Google’s website. Such a data processing is particularly made (even for users which are not logged in) to create personalized advertisements and to inform other users of the social network about your activities on our website. You have the right to object the creation of such a user profile but you need to address this request directly to Google.

You can receive further information about the purpose and the extent of the data collection and their processing through the plug-in provider in the privacy statement of the plug-in provider. There, you will also receive further information about your rights relating thereto and possibilities to change the privacy setting to protect your personal data: https://policies.google.com/privacy?hl=en-GB.

Google does also process your personal data in the US and has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

10. Fan pages on Facebook, Xing, LinkedIn, Instagram, Youtube and Twitter

Rotho operates fan pages on Facebook, Xing, LinkedIn, Instagram, YouTube and Twitter. These pages are operated on the basis of our justified interests in a contemporary and supporting opportunity to inform and interact with our users and visitors as per Art. 6, paragraph 1f, GDPR.

In the event of access to the afore-mentioned websites of Rotho on social networks, various data is compiled such as the transferred quantity of data, the IP address used or the time of access. The respective network operator sets cookies to save this information, and to use it later, which are small text files saved on the various end devices of the user. If the user has a corresponding profile on the network and is logged in, the saving and analysis is also done across several devices.

The technical access and the further use of this data, which occurs within the scope of the access to the fan page, is generally the responsibility of social network operator. Rotho has neither access to the recorded usage data nor can we determine how this data is used by the operator of the network.

Furthermore, we would like to point out that the data processing by the social networks could occur outside of the EU or the EEA. For more details about the handling of the collected data by the social network, please contact the respective operator of the social network.

The respective data privacy statements can be found at:

Facebook: https://www.facebook.com/policy.php
Xing: https://privacy.xing.com/en/privacy-policy
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=
Instagram: https://help.instagram.com/519522125107875
YouTube: https://policies.google.com/privacy
Twitter: https://twitter.com/en/privacy

11. The use of apps

You can download our app “APPMyBox” via our website. With appmybox, you can organise and archive boxes and objects clearly in your smartphone, using the unique QR code provided on all storage boxes from Rotho. To register for the app, enter your surname, first name and other business information. These details are necessary for the execution of the contract and are saved on our servers as long as is necessary for the performance of the service. The legal basis for this is Art. 6, paragraph 1b, GDPR. If you use the app, our server temporarily records the IP address of your device and other technical characteristics, such as the content of the request (Art. 6, paragraph 1b, GDPR). Furthermore, this data is not used by Rotho. In this app you have the opportunity to use a range of functions, which are provided by a third party (e.g. Apple or Google) responsible for the data processing. For details about the function, and how to switch the usage on and off, please enquire with the respective operating system manufacturer.To be able to use the app on your device, the app must be able to access various functions and data of your end device. For this, it is necessary for you to provide certain authorisations (Art. 6, paragraph 1a, GDPR). The authorisation categories are programmed differently by various manufacturers. With Android devices, for example, individual authorisations are consolidated into authorisation categories, and you can also only agree to the overall authorisation category.

You can revoke this consent at any time. Please be aware, however, that in the event of rejection, it may not be possible to use all the functions of our app.

12. Rights of affected people

You have the right

a) to request information about the categories of processed data, the processing purposes, any recipients of data, the planned duration of storage (Art.15 EU-GDPR);

b) to request the correction or supplementation of incorrect or incomplete data (Art. 16, EU-GDPR);

c) to revoke any consent given, with effect for the future (Art. 7, paragraph 3, EU-GDPR);

d) to reject the processing of data, based on a justified interest, for reasons which arise due to your own special situation (Art. 21, paragraph 1, EU-GDPR);

e) in specific cases within the scope of Art. 17, EU-GDPR, to request the deletion of data – in particular if the data is no longer required for the intended purpose or is processed illegally, if you have revoked your consent as per (c) or have declared your rejection as per (d) above;

f) to request the restriction of data under certain conditions, if a deletion is not possible or the obligation to delete is disputed (Art. 18, EU-GDPR);

g) to request the transfer of data, i.e. you can receive the data which you have provided to us in a normal machine-readable format, such as CSV, and where necessary transfer it to others (Art. 20, EU-GDPR).

If you have provided consent for the use of your data, you can revoke this at any time with effect for the future.
Please send all information, deletion and correction requests, requests for information, requests for data transfer, rejections of data processing etc. by e-mail to datenschutz@rotho.com.

If you are of the opinion that the processing of your data violates the data protection right, or that your data protection law claims have been violated in any other way, you can also contact the responsible data protection supervisory authorities, such as the Data Protection Commissioner of the State of Baden-Württemberg ( https://www.baden-wuerttemberg.datenschutz.de/).

13. Data security

We undertake the latest technical and organizational measures to ensure the processing is safe, in particular to protect your personal data from hazards due to the transfer of data as well as to prevent third parties gaining knowledge of it. They are adjusted to meet the latest state of technology, the need to protect personal data and the risks to your rights and freedoms.

14. Change to data protection guidelines

We reserve the right to change the data protection guidelines, to adjust them to the altered legal situation or changes to our offers.

Last updated: August 2018