Privacy Policy
We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.
This Privacy Policy explains the nature, scope, and purpose of the processing of personal data within our online platform and the associated websites, features, and content, as well as external online presences, such as our social media profiles. (Hereinafter collectively referred to as the “Online Platform”).
I. Definition
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Wherever the term “data” is used in the following, it always refers to personal data.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any interaction with data.
The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
The term “users” refers to visitors and users of our website.
"GDPR" stands for the General Data Protection Regulation.
II. Data Controller:
Name/Company: Roos & Roos GmbH & Co. KG
Street Address: Leintelstraße 2
State, ZIP Code, City: D-73262 Reichenbach / Fils
Commercial Register/No.: Stuttgart Local Court HRA 720895
Managing Director:
Represented by the general partner: Roos & Roos Verwaltungs GmbH
Headquarters: 73262 Reichenbach an der Fils
Commercial Register: Stuttgart Local Court HRB 722019
Represented by the managing directors: Steven Roos
Phone number: +49 (0)7153 6168-0
Email address: kontakt@roos-u-roos.deRepresented by the general partner: Roos & Roos Verwaltungs GmbH
Headquarters: 73262 Reichenbach an der Fils
Commercial Register: Stuttgart Local Court HRB 722019
Represented by the managing directors: Timo Roos, Steven Roos
Phone number: +49 (0)7153 6168-0
Email address: kontakt@roos-u-roos.de
You can contact our Data Protection Officer at:
Name: Daniel Mager
Street Address: Leintelstraße 2
State, ZIP Code, City: D-73262 Reichenbach / Fils
Phone Number: +49 (0) 7153 616825
Email Address: daniel.mager@roos-u-roos.de
III. Types of data processed:
1. Every time our website is accessed, our system automatically collects data and information from the accessing computer’s system.
The following data is collected in this process:
- Information about the browser type and version used;
- the user’s operating system;
- the user’s Internet service provider;
- the user’s IP address;
- the date and time of access;
- websites from which the user’s system accessed our website;
- websites accessed by the user’s system via our website.
2. If a contract is concluded, we also collect and process the following customer data:
Name (including first and last names of contacts), address, phone and fax numbers, email address, date of birth of contacts, VAT identification number.
To the extent that this relates to the provision of contractual services, we process customer data and contract data (e.g., services used, payment information).
IV. Legal Basis for the Processing of Personal Data
Where we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis. When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis.
This also applies to processing operations necessary for the implementation of pre-contractual measures.
To the extent that the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override that interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
V. Security, Data Processing, Transfer to Other Countries
1. Safety Measures
In accordance with Article 32 of the GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and its segregation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data, and a response to data breaches. Furthermore, we take the protection of personal data into account from the very beginning of the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
These security measures include, in particular, the encrypted transmission of data between your browser and our server.
2. Cooperation with Data Processors and Third Parties
If, in the course of our data processing activities, we disclose data to other individuals or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this is done only on the basis of a legal authorization (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR), you have consented, a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we engage third parties to process data on the basis of a so-called “data processing agreement,” this is done in accordance with Article 28 of the GDPR.
3. Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, we do so only if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permissions, we process or have the data processed in a third country only if the specific requirements of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the U.S. through the “Privacy Shield”) or compliance with officially recognized specific contractual obligations (so-called “Standard Contractual Clauses”).
VI. Rights of Data Subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You may request confirmation from the controller as to whether we are processing personal data concerning you. If such processing is taking place, you may request the following information from the controller:a) die Zwecke, zu denen die personenbezogenen Daten verarbeitet werden;
b) die Kategorien von personenbezogenen Daten, welche verarbeitet werden;
c) die Empfänger bzw. die Kategorien von Empfängern, gegenüber denen die Sie betreffenden personenbezogenen Daten offengelegt wurden oder noch offengelegt werden;
d) die geplante Dauer der Speicherung der Sie betreffenden personenbezogenen Daten oder, falls konkrete Angaben hierzu nicht möglich sind, Kriterien für die Festlegung der Speicherdauer;
e) das Bestehen eines Rechts auf Berichtigung oder Löschung der Sie betreffenden personenbezogenen Daten, eines Rechts auf Einschränkung der Verarbeitung durch den Verantwortlichen oder eines Widerspruchsrechts gegen diese Verarbeitung;
f) das Bestehen eines Beschwerderechts bei einer Aufsichtsbehörde;
g) alle verfügbaren Informationen über die Herkunft der Daten, wenn die personenbezogenen Daten nicht bei der betroffenen Person erhoben werden;
h) das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling gemäß Art. 22 Abs. 1 und 4 DSGVO und – zumindest in diesen Fällen – aussagekräftige Informationen über die involvierte Logik sowie die Tragweite und die angestrebten Auswirkungen einer derartigen Verarbeitung für die betroffene Person.
You have the right to request information regarding whether your personal data will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer.
2. Right to rectification
You have the right to request that the controller correct and/or complete your personal data if the personal data being processed is inaccurate or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
- a) if you contest the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
- b) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
- c) the controller no longer needs the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims; or
- d) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If the processing of your personal data has been restricted, such data—apart from its storage—may be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If the restriction on processing has been imposed in accordance with the above conditions, you will be notified by the controller before the restriction is lifted.
4. Right to erasure
You may request that the controller erase your personal data without delay, and the controller is obligated to erase such data without delay if any of the following grounds apply:
- a) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- b) You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
- c) You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
- d) The personal data concerning you has been processed unlawfully.
- e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- f) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
The right to erasure does not apply if the processing is necessary
- a) for the exercise of the right to freedom of expression and information;
- b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- c) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
- d) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
- e) for the establishment, exercise, or defense of legal claims.
5. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format.
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
7. Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of any processing carried out on the basis of your consent prior to its withdrawal.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR.
The regulatory authority responsible for us is: State Commissioner for Data Protection
and Freedom of Information, Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
oder
Königstraße 10a
70173 Stuttgart
Phone: 07 11/61 55 41-0
Fax: 07 11/61 55 41-15
E-Mail: poststelle@lfdi.bwl.de
VII. Deletion of Data
The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this Privacy Policy, the data we store will be deleted as soon as it is no longer necessary for the purpose for which it was collected and there are no legal retention obligations preventing its deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. In accordance with legal requirements in Germany, data is retained for 6 years in particular pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, business correspondence, accounting documents, etc.) as well as for 10 years pursuant to Section 147(1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate cases of misuse or fraud) and is deleted thereafter. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
We delete email inquiries and contact requests submitted via our website within a reasonable period of time, during which no contract conclusion or similar action is to be expected.
VIII. Purpose of Data Processing
1. With regard to the use of our website, we generally process our users’ personal data only to the extent necessary to provide a fully functional website and to deliver our content and services. The processing of our users’ personal data is generally carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.
2. With regard to the provision of contractual services, we process customer data and contract data (e.g., services utilized, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Article 6(1)(b) of the GDPR. The fields marked as mandatory in online forms are required for the conclusion of the contract.
When you use our online services, we store the IP address and the time of the respective user action. This data is stored based on our legitimate interests, as well as the users’ interests in protection against misuse and other unauthorized use. This data is not disclosed to third parties under any circumstances, unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) of the GDPR.
We process usage data (e.g., the pages visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) in a user profile for advertising purposes, in order to display product recommendations to the user based on the services they have used so far.
IX. Making Contact
When you contact us (via the contact form or email), your information is processed in accordance with Article 6(1)(b) of the GDPR for the purpose of handling your inquiry and processing it. The following data is collected: email address, message, and—on a voluntary basis—first and last name, phone number, and mailing address.
X. Social Media Presence
We maintain online presences on social networks and platforms to communicate with customers, prospective customers, and users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise specified in our Privacy Policy, we process users’ data when they communicate with us on social networks and platforms, such as by posting comments on our online presence or sending us messages.
XI. Cookies
"Cookies" are small files that are stored on users' computers. Various types of information can be stored in cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent.” For example, the login status can be stored so that users can access it again after several days. Similarly, such a cookie can store the user’s interests, which are used for audience measurement or marketing purposes. “Third-party cookies” are cookies provided by providers other than the controller operating the online service (otherwise, if only the controller’s own cookies are used, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies; when we do so, it is to pursue our legitimate interests (Art. 6(1)(f) of the GDPR).
If users do not wish to have cookies stored on their computer, they are asked to disable the corresponding option in their browser's settings. Stored cookies can be deleted in the browser's settings. Disabling cookies may result in limited functionality of this website.
A general objection to the use of cookies for online marketing purposes can be submitted for a wide range of services—particularly in the case of tracking—via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent cookies from being stored by disabling them in your browser settings. Please note that this may prevent you from using all features of this website.
XII. Data Minimization
We retain the personal data we collect only for as long as necessary or as required by law. Once the retention period (10 years) has expired or the purpose for which the data was collected no longer applies, we delete the data.
XIII. Changes to the Privacy Policy
To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy needs to be updated due to new or revised offers or services.
XIV. Google Maps
We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, users’ IP addresses and location data; however, this data is not collected without their consent (which is typically provided through the settings on their mobile devices). The data may be processed in the United States. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
XIII. Google Fonts
We use fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Roos & Roos GmbH & Co. KG
Privacy Policy
Daniel Mager
Leintelstraße 2
D-73262 Reichenbach / Fils
Telefon: +49 (0)7153 6168-25
Stand 01.02.2021
© Roos & Roos GmbH & Co. KG | Tel: +49 (0)7153 6168-0 | kontakt@roos-u-roos.de | Leintelstr. 2 | D-73262 Reichenbach / Fils