Privacy statement in accordance with GDPR:
www.roehm.biz, https://eshop247.roehm.biz, RÖHM Social Media Channels on Facebook, Instagram, Youtube, Twitter and LinkedIn
General notes and mandatory information
The following provides you with information regarding the collection of personal data when using our website. Personal data are all data pertaining to you personally, such as name, address, email addresses, user behaviour, IP address.
I. Name and address of controller
Controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and other national data protection legislation of Member States as well as other data protection provisions is:
Röhm GmbH Sontheim
Heinrich-Röhm-Str. 50
89567 Sontheim
Germany
Tel: +49 7325 160
Email: info@ roehm.biz
Website: www.roehm.biz
II. Name and address of data protection officer
Korbinian Nieß
Head of Legal Department
Röhm GmbH
Heinrich-Roehm-Straße 50, 89567 Sontheim / Germany
Tel.: +49 7325 16 306
Email: datenschutz@roehm.biz
III. General information on data processing
1. Scope of personal data processing
We collect and use the personal data of our users solely to the extent necessary to provide a functionally operational website and our content and services. Collection and application of the personal data of our users is consistently carried out solely with the consent of the user. An exception applies in certain cases where prior acquisition of consent is not de facto possible and processing of the data in question is permitted on the basis of statutory provisions.
2. Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) provides the legal basis for the processing of personal data.
With regard to the processing of personal data that are necessary for the performance of a contract to which the data subject is party, the commensurate legal basis is provided under Art. 6 (1) (b) GDPR. This also applies in respect of processing necessary for steps undertaken prior to entering into a contract. To the extent that processing of personal data is required for compliance with a legal obligation to which our company is subject, the commensurate legal basis is provided under Art. 6. (1) (c) GDPR.
In the event that the vital interests of the data subject or of another natural person require the processing of personal data, the commensurate legal basis is provided under Art. 6 (1) (d) GDPR.
Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the commensurate legal basis for processing is provided under Art. 6 (1) (f) GDPR.
3. Data erasure and period of storage
Personal data pertaining to the data subject will be promptly erased or rendered unavailable where the intended purpose of storage no longer applies. Storage may also occur where provided for by the European or national legislatures in Union directives, laws or other regulations to which the controller is subject. Data is also rendered unavailable or erased upon expiry of a storage period prescribed under the aforestated standards, save for where continued storage of the data in question is necessary for the conclusion of a contract or contract performance.
4. Use of service providers within the scope of the website
To some extent we use third-party service providers to process your data on our website. We carefully select and appoint these providers, who are subject to our instructions and regularly audited. Data is not transmitted to countries outside the EU or EEA (so-called third-countries).
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our Internet website is accessed, our system automatically collects data and information from the accessing computer system. When use of the website is purely for informational purposes, we collect solely the personal data that is transmitted to our server by your browser. Accordingly, this involves the following data:
- IP address
- Information on the browser type and version being used
- User operating system
- Date and time of access
These data are also stored in log files on our system; not, however, the IP addresses of the user or other data enabling assignment of the data to an individual user. Storage of these data together with other personal user data does not occur.
1. Legal basis for data processing
Legal basis for the temporary storage of data is provided under Art. 6 (1) (f) GDPR.
2. Purpose of data processing
Temporary storage of the IP address is required by the system to facilitate delivery of the website to the user's computer. As such, the user IP address must be stored for the duration of the session.
These purposes define our legitimate interests in data processing in compliance with Art. 6 (1) (f) GDPR.
3. Period of storage
The data are erased once they are no longer required to achieve the purpose for which they were collected. Where data are collected to facilitate provision of the website, this occurs when the respective session is concluded.
4. Option for opt-out and deletion
Collection of data to facilitate provision of the website and the storage of data in log files is a necessary requirement for operation of the Internet site; consequently, the user is not availed of an opt-out option.
I. Use of technically required cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the user's computer system in/by the Internet browser. Accessing a website by the user enables a cookie to be stored on the user's operating system. This cookie contains a character string that allows the browser to be clearly identified upon renewed access to the website.
We use cookies to enhance the user-friendliness of our website. Some elements on our website require that the accessing browser is identifiable following a page change.
2. Legal basis for data processing
The commensurate legal basis for processing personal data with the use of cookies is provided under Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Technically necessary cookies are used for the purpose of simplifying use of the website for the user. Some functions of our website cannot be provided without the use of cookies. Accordingly, these functions require that the browser is also recognised following a page change.
User data collected by technically necessary cookies are not used to create user profiles.
These purposes define our legitimate interests in the processing of personal data in compliance with Art. 6 (1) (f) GDPR.
4. Period of storage, option for op-out and deletion
Cookies are stored on the user's computer and transmitted to our website by such. Consequently, as the user you have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings in your Internet browser. Cookies already stored can be deleted at any time. This can also be carried out automatically. Deactivation of cookies relating to our website may mean that some functions of the website can only be used to a limited extent.
II. Contact form and email contact
1. Description and scope of data processing
Our website contains a contact form which can be used to contact us electronically. When a user employs this option, data entered into the input screen are transmitted to us and stored.
Your consent to process such data is obtained with reference to this privacy statement within the scope of the submitting procedure.
Alternatively, you can also contact us using the email address provided. In this case, personal user data that are transmitted with the email are stored.
In this connection, the data are not sent to any third parties and are used solely to process the dialogue.
2. Legal basis for data processing
The commensurate legal basis for processing the data with the consent of the user is provided under Art. 6 (1) (a) GDPR.
The commensurate legal basis for processing data transmitted within the course of sending an email is provided under Art. 6 (1) (f) GDPR. Where email contact is for the purpose of concluding a contract, the additional legal basis for commensurate processing is provided under Art. 6 (1) (b) GDPR.
3. Purpose of data processing
We use the personal data obtained from the input screen solely for the purposes of processing your communication with us. In the case of contact by email, this also defines the requisite legitimate interests for processing the data.
Other personal data processed during the dispatching procedure serve to prevent misuse of the contact form and ensure the security of our IT systems.
4. Period of storage
The data are erased once they are no longer required to achieve the purpose for which they were collected. In respect of personal data provided within the contact form input screen and data sent by email, this is when the respective dialogue with the user has ended. Accordingly, the dialogue is deemed concluded once the relevant circumstances demonstrate that the issue has been finally resolved.
Additional personal data collected during the sending process are erased within a period of seven days at the latest.
5. Option for opt-out and deletion
The user may withdraw their consent for the processing of personal data at any time. Users contacting us by email can object to the storage of their personal data at any time. In such cases, the commensurate dialogue cannot be continued. Withdrawal can be effected without observing any formal requirements and should be addressed to the controller.
In any such case, all personal data stored within the course of communication will be erased.
III. Use of Google Analytics
1. Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc ('Google'). Google Analytics uses so-called 'cookies', text files that are stored on your computer to enable analysis of your website usage. The information generated by the cookie concerning your use of this website will generally be forwarded to a Google server in the USA and stored there. Within member states of the European Union or other states that are party to the European Economic Area Agreement, if IP anonymisation is activated on this website Google will first truncate your IP address. Only in exceptional cases will the full IP address be passed to and truncated by Google on a server in the USA. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports on website activity and provide additional services associated with use of the website and the Internet to the website operator.
The IP address sent from your browser within the scope of Google Analytics will not be combined with other Google data.
This website uses Google Analytics with the extension '_anonymizeIp()', with the result that IP addresses are processed in truncated form to prevent individual persons being identified. Should any data concerning you become personally identifiable, this action will be instantly precluded and the commensurate personal data immediately erased.
2. Legal basis for data processing
The commensurate legal basis for processing personal data with the use of cookies for the purposes of analysis and with the consent of the user is provided under Art. 6 (1) (a) GDPR.
3. Purpose of data processing
We use Google Analytics to analyse use of our website and facilitate regular improvement. The statistical information obtained is used to enhance our services and make them more appealing for you as the user. For the exceptional cases where personal data is transmitted to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is provided under Art. 6 (1) (f) GDPR.
4. Period of storage, option for op-out and deletion
You can prevent the storage of cookies by setting your browser software accordingly; however, please be aware that this may mean you are unable to use the full functionality of the website. You can also prevent the collection and processing by Google of data generated by the cookie regarding your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.
5. Information on the third-party provider
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy statement: http://www.google.de/intl/de/policies/privacy.
[(7) This website also uses Google Analytics for cross-device analysis of visitor flows carried out via a user ID. You can deactivate cross-device analysis of your use in your customer account under 'My data', 'Personal data'.]
IV. Use of social media plug-ins
1. Use of [Google +]
In this respect we employ the so-called two-click solution. As a basic principle, when you visit our website we do not initially send any personal data to the plug-in providers. You can recognise the plug-in provider by the mark on the box above its initial letter or the logo. We give you the option of using the respective button to communicate directly with the plug-in provider. Only if you click on the marked field to activate it, will the plug-in provider receive the information that you have visited our respective online service website. In addition, the data specified in section IV of this statement will also be transmitted. According to information given by the respective providers, in the case of Facebook and Xing, in Germany the IP address is anonymised immediately upon collection. By activating the plug-in, your personal data will be transmitted to the commensurate plug-in provider and stored there (in the USA in the case of American providers). Given that the plug-in provider primarily uses cookies for data collection, we recommend that you delete all cookies in your browser security settings before clicking on the greyed-out box.
The plug-in provider stores data collected in relation to you as a user profile and uses this profile for the purposes of advertising, market research and/or demand-oriented design of its website. Analysis of this kind is carried out (including for users not logged on), in particular, for the presentation of demand-oriented advertising and to inform other users of the social network about your activities on our website.
The data transfer occurs regardless of whether you have an account and are logged on with the plug-in provider. If you are logged on with the plug-in provider, the data we collect concerning you will be directly assigned to your account with the plug-in provider. If you click the activate button and, for example, link the page, the plug-in provider will also store this information in your user account and publicly share it with your contacts. We recommend that you regularly log out after using a social network and particularly before activating the button in order to prevent assignment of your profile to the plug-in provider.
Further information on the purpose and extent of data collection and respective processing by the plug-in provider can be obtained from the privacy statements of these providers listed in the following. You will also find additional information regarding your commensurate rights and setting options for the protection of your privacy. Addresses of the respective plug-in providers and URLs containing their privacy notices:
a) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. Legal basis for the processing of personal data
Legal basis for the use of plug-ins is provided under Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Plug-ins allow us to offer you the option of interacting with the social networks and other users so that we can enhance our services and make them more appealing for you as the user.
4. Period of storage
Please note that we have no influence over the data collected and data processing procedures, nor are the full extent of data collection, purposes of processing or storage periods known to us. Similarly, we do not have any information regarding the erasure of data collected by the plug-in provider.
5. Option for opt-out and deletion
You have the right to object to the creation of this user profile; to exercise this right you will need to contact the plug-in provider in question.
V. Google reCAPTCHA
1. Description, purpose and scope of data processing
We use 'Google reCAPTCHA' (hereinafter 'reCAPTCHA') on our websites. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ('Google').
reCAPTCHA is used to check whether data input on our websites (e.g. in a contact form) is entered by a human or an automated program. To this end, reCAPTCHA uses various features to analyse the website user's behaviour. This analysis starts automatically when the website visitor accesses the website. reCAPTCHA evaluates various information for the analysis (e.g. IP address, length of time spent on the website by the website visitor or user mouse movements). Data collected by the analysis are sent to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not notified that such analysis is occurring.
2. Legal basis for the processing of personal data
The commensurate legal basis for data processing is provided under Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web services from misuse through automated spying and SPAM.
3. Information on the third-party provider
Further information on Google reCAPTCHA and the Google privacy statement is available under the following links: https://www.google.com/intl/de/policies/privacy/
and
https://www.google.com/recaptcha/intro/android.html.
VI. Rights of the data subject
Each data subject has the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With respect to the right of access and the right to erasure, limitations in accordance with Ss. 34 and 35 BDSG (German Federal Data Protection Act) apply. In addition, the right to lodge a complaint with a supervisory authority is also afforded (Article 77 GDPR in combination with S. 19 BDSG).
Consent granted to us for the processing of personal data can be withdrawn at any time. This also applies for withdrawal of declarations of consent communicated to us prior to application of the EU General Data Protection Regulation, i. e. before 25 May 2018. Please note that withdrawal has future effect and will not apply to processing carried out prior to withdrawal. Withdrawal can be effected without observing any formal requirements and should be addressed to the controller.
Right to lodge a complaint with a supervisory authority
In the event of infringement of data protection provisions, the data subject has the right to lodge a complaint with the commensurate supervisory authority. The responsible supervisory authority for issues concerning data protection regulations is the state data protection officer in the German federal state in which our company is domiciled. A list of the data protection officers and their respective contact details is provided under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
VII. Newsletter
1. Description, Purpose, and Scope of Data Processing
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, D-26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data that you provided in order to receive a newsletter (e.g. your email address) will be stored on CleverReach servers located in Germany respectively Ireland.
Using CleverReach to send our newsletters allows us to analyze the behavior of newsletter recipients. For example, how many recipients opened the newsletter email and how often which link in the newsletter was clicked. By using so-called “conversion tracking” we can also analyze whether a pre-determined action (e.g. purchase of a product on our website) took place after the recipient clicked the link in the newsletter. For more information on data analysis based on the CleverReach newsletter visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
2. Legal Basis for Data Processing
Data processing takes place on the basis of your consent (Art. 6 Para. 1 (a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing procedures that have already taken place will remain unaffected by this withdrawal of consent.
3. Objection and Removal Options
If you do not wish CleverReach to carry out an analysis, then you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter to allow you to do so. In addition to this, you can also unsubscribe from the newsletter directly on the website.
4. Duration of Storage
We will store the data that you provide to us to facilitate sending of the newsletter until you unsubscribe from the newsletter. After you have unsubscribed, this data will be deleted from our servers and the CleverReach servers. Data that we have stored for other purposes will remain unaffected by this.
For further information please consult the data protection information provided by CleverReach at: https://www.cleverreach.com/de/datenschutz/.
5. Conclusion of a Contract to Regulate Contract Processing
We have concluded a contract with CleverReach to regulate contract processing and, when using CleverReach, implement the strict regulations specified by the German data protection authorities to their full extent.