Responsible body in terms of data protection laws, and the EU General Data Protection Regulation (DSGVO), is:

ROFA Deutschland GmbH
Walterscheid-Mueller-Str. 10
53797 Lohmar
Germany
Phone: +49 (0) 22 46 . 911 03 02
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Managing Director:
Mag. Matthias Fiedler, business leader

Data protection officer: C. Bergmann
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Your data subject rights

You can exercise the following rights at any time using the contact details provided by the data controller:

  • Information about your data stored by us and its processing (Art. 15 DSGVO),
  • Correction of incorrect personal data (Art. 16 DSGVO),
  • Deletion of your data stored by us (Art. 17 DSGVO),
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
  • Objection to the processing of your data by us (Art. 21 DSGVO),
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us consent, you can revoke it at any time with effect for the future.

You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

Collection of general information when visiting our website

Type and purpose of processing

When you visit our website or use our services, the device with which you call up the page may automatically transmit log data (connection data) to our servers; this data is processed exclusively by our provider.

The following log data may be collected during this process, among others: Customer domain, anonymised client IP, request line, timestamp, status code, size of the response body, referer sent by the client, user agent sent by the client, remote user.

Legal basis

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interest of our service provider with whom an order processing contract has been concluded.

Recipient

The recipient of the data is:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

which acts as an order processor for the operation and maintenance of our website.

Storage period

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

If the provision is prescribed or required:

The provision and processing of the log files is neither legally nor contractually required. If this data were not processed, the function of our website could be limited and the traceability of potential attempts to manipulate our website would not be given.

Cookies

Nature and purpose of processing:

We use cookies based on the legitimate interest of the controller, the legitimate interest is described below. By visiting our website, a session cookie is stored on your computer. The cookie is used to map the visitor's language so that the website is continuously displayed in the chosen language during the session.

In addition, the cookie is used to allow the submission of the enquiry form only if a session cookie is present. This protects us from spam bots that use the request form to send automated spam.

Storage period

The session cookie remains valid until the end of the session and is then deleted by closing the browser window.

Enquiry form

Type and purpose of processing

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide your company and company contact data as well as an e-mail address and your name. This serves the purpose of assigning the enquiry and subsequently answering it.

Legal basis

The processing of the data is based on legitimate interest (Art 6(1)(f) DSGVO). The legitimate interest lies in processing their enquiry correctly and responding to it appropriately, as well as ensuring that they are a corporate customer and not a private individual. Furthermore, by providing them with the enquiry form, we offer them an additional contact option via our website.

Recipients

In the enquiry phase, the data is passed on to our employees (sales/clerks), within our company and to external sales partners for processing. After that, our duty to inform according to Art. 12/13 and 14 of the DSGVO takes effect.

Storage period

The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions at least for the duration of the processing. After this period, your data will be deleted if you request this by telephone or in writing (e-mail/letter) and the deletion is not opposed by any statutory retention period or any other legitimate interest in the form of further customer care and acquisition. Otherwise, the data will generally be entered into our EDP system and our duty to inform pursuant to Art. 12/13 and 14 of the DSGVO applies.

If necessary, your contact form will be forwarded to our in-house web designer for corrections to the formatting of our form, in which case your data will be deleted immediately after the formatting has been adjusted.

Provision mandatory or required

The provision of your personal data is voluntary and necessary to process your request.

Changes to our privacy policy

Where necessary, this privacy notice will be updated regularly

Duty to inform pursuant to Art. 12/13 and 14 of the DSGVO

(For external interested parties - customers, suppliers, applicants, new customers, etc.)

General information

According to Art. 12 of the DSGVO, the controller shall take appropriate measures to provide data subjects with all information according to Art. 13 and 14 of the DSGVO in a precise, transparent, comprehensible and easily accessible form, in clear and simple language. This communication shall be made in writing and may also be made electronically. In special cases, if the identity of the data subject has been proven, also orally.

As far as our order processing allows, you will receive the necessary and required information on our order papers, offers, enquiries, order or order confirmations as a PDF by e-mail, or handed over directly. As a rule, we make the necessary information available to all affected parties, except our employees, on the Internet on our website in the area of our data protection declaration and refer to it in our mail signatures.

We take our duty to inform very seriously and therefore inform you in full about your rights in relation to our duty to inform and the DSGVO. Nevertheless, we cannot rule out the possibility that our presentation of the information is not understood by you. If this is the case, please contact us and we will immediately find a way to inform you in such a way that it is understandable for everyone.

What happens if the purpose of processing stated here changes?

If the original purpose of the processing of your personal data stated here changes, we will inform you about it here via an adapted information. If you do not find the purpose of the processing of your personal data here, please contact us so that we can promptly provide you with the information in person or in writing or inform you where to find this information.

Name and contact details of the responsible person

Mr. Matthias Fiedler / Management, This email address is being protected from spambots. You need JavaScript enabled to view it.

Name and contact details of the data protection officer

Christian Bergmann / This email address is being protected from spambots. You need JavaScript enabled to view it.

Indication of the purpose of the processing and the legal basis.

We generally process data from external interested parties for the purpose of fulfilling their requirements or the requirements of the companies in which the data subjects are employed. These are, for example, business requirements relating to deliveries or the receipt of goods and products or services in the B2B area. However, these are also special requests from natural persons with the desire for employment based on a job application or, in exceptional cases, this can also be the processing of health data if you injure yourself in our company during a visit.

The legal basis in B2B business is basically Art. 6 (1) of the DSGVO, lit. f), i.e. the legitimate interest of the person responsible. In cases where it is a matter of an application and, if applicable, recruitment, the processing is based on Art. 6(1) of the DSGVO, lit. b), i.e. in the first step, the processing of your data is then necessary for the implementation of pre-contractual measures, which take place at the request of the data subject. In principle, however, Art. 6(1) of the DSGVO, lit. f) i.e. the legitimate interest of the controller applies. When it comes to processing in connection with accidents that have happened to you in our company, the legal basis in Art. 6 (1) of the DSGVO is either given according to lit. d) vital interest or c) from the legal obligation and ultimately also justified for your own benefit so that the corresponding BG can take over the insurance benefits.

The legitimate interest is usually to establish or maintain a business relationship.

Designation of recipients or categories of recipients of personal data.

Application
Management, management secretary and deputy, head of department

Suppliers & service providers Enquiries/quotations/invoices/other communication
All employees in the company as well as EDP and QM service providers

First-aid book/accident report
First aider, witnesses, management secretary and representative, BG

If there is a transfer to a third country or an international organisation.

Application
no

Sales customer enquiries quotations
no

Sales customer enquiries quotations
no

First-aid book / accident report
no

How long is the personal data stored or what rules are applied for the storage period?

Application
For the duration of the application process, a deletion, the data no longer required, takes place 6 months after the completion of the application process, if no deviating agreement with the data subject exists, for a longer retention.

Sales Customer enquiries/quotations/invoices/other communication
The data is stored permanently in the EDP system and updated as required or if the data subjects provide the relevant information, and deleted if possible. Invoices are archived for at least 10 years in accordance with the statutory retention periods and only deleted thereafter.

Suppliers & service providers Enquiries/quotes/invoices/other communication
The data is permanently stored in the EDP system and updated if necessary or if the data subjects provide the relevant information, and deleted if possible. Invoices are archived for at least 10 years in accordance with the statutory retention periods and only deleted thereafter.

First-aid book / accident report
Data is documented and filed separately in forms and kept for at least five years. Cases for which proceedings are pending are kept until the proceedings have been concluded. In this respect, deletion takes place after the statutory retention period of 5 years or when no more proceedings are pending.

Your further rights as a data subject

You have the right of access, rectification, erasure or restriction of processing, as well as the right to object to processing and the right to data portability concerning your data processed by the data controller.

If the processing of your personal data is based on your consent, you have the right to object to or revoke this consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

You have the right to complain to a supervisory authority:

In addition, anyone may contact the Federal Commissioner for Data Protection and Freedom of Information if he/she believes that his/her rights have been violated in the collection, processing or use of his/her personal data by federal public bodies. Likewise, you can contact us (see the aforementioned contact details of the data controller and the data protection officer [DPO]) if you would like assistance in the area of freedom of information.

Is the provision and processing of your data required by law/contract or necessary for the conclusion of a contract?

Application
yes contractual (or for pre-contractual measures)

Sales Customer enquiries/offers/invoices/other communication
yes so that a contract can be concluded

Suppliers & service providers Enquiries/quotations/invoices/other communication
yes so that a contract can be concluded

First-aid book/accident report
yes by law

Are you obliged to provide your data and what would be the consequence if you do not provide your data?

Application
Yes, otherwise no recruitment can take place

Sales Customer enquiries/quotes/invoices/other communication
Yes, without this data we would not be able to make an offer and no contract or sufficient communication would take place.

Suppliers & service providers Enquiries/quotes/invoices/other communication
Yes, without this data we would not be able to send an enquiry and no contract or sufficient communication would be concluded.

First-aid book/accident report
Yes, there is a legal obligation to report occupational accidents. Without the report, no insurance lines can be issued by the BG/DGUV.

Does the processing of your data involve automatic decision-making or profiling?

No

What is the source of your data if we have not received the data directly from you personally?

As a rule, we receive your data directly from the contact persons of the respective companies, or directly from the persons concerned and from documents they provide us with, such as e.g. job applications, enquiries/offers/invoices/other communication: Application, enquiries/offers/invoices/other communication.

If we have not received your personal data from you personally, we will obtain your data from public sources such as the telephone directory, Internet (your homepage/search engines/social networks) or other public sources. In some cases, we may have received your contact details from your company via telephone or email contact. Either from your colleagues, superiors or the head office of your company or, in special cases, it may also be that we have received your data in the course of order processing by our customer, as we may deliver goods to you on his behalf which you have ordered from our product range.