Data protection
This privacy policy informs you about the nature, scope and purpose of processing personal data (hereinafter “data”) within our online offering and the associated websites, functions and content as well as external online presences, such as our social-media profiles (collectively referred to below as the “online offering”). With regard to the terminology used—such as “processing” or “controller”—please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
ROWEKO Kunststoffverarbeitung GmbH
Hoher Steg 5
Industrial Estate “Vorderes Burgfeld”
D-74348 Lauffen a. N., Germany
Tel. +49 7133 228808-0
e-mail: info(at)roweko.de
Managing directors authorised to represent the company:
Michael Selle, Alexander Selle
Categories of data processed
– Inventory data (e.g. names, addresses)
– Contact data (e.g. e-mail, telephone numbers)
– Content data (e.g. text entries, photographs, videos)
– Usage data (e.g. pages visited, interest in content, access times)
– Meta/communication data (e.g. device information, IP addresses)
Purposes of processing
– Provision of the online offering, its functions and content
– Responding to contact enquiries and communicating with users
– Security measures
– Reach-measurement / marketing
Terminology
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymisation” means processing personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.
A “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal bases
Unless the legal basis is specified elsewhere in this privacy policy, the following applies: the legal basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR; the legal basis for processing for the performance of our services, execution of contractual measures and answering enquiries is Art. 6 (1)(b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6 (1)(c) GDPR; the legal basis for processing to safeguard our legitimate interests is Art. 6 (1)(f) GDPR. Where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1)(d) GDPR serves as the legal basis.
Security measures
Please review the contents of this privacy policy regularly. We will adapt it whenever changes in our data-processing activities make this necessary. We will inform you if such changes require your cooperation (e.g. consent) or any other individual notification.
Co-operation with processors and third parties
If we disclose, transmit or otherwise grant access to data to other persons and companies (processors or third parties) within the scope of our processing, this is done only on the basis of a legal permission (e.g. if transmission of data to third parties, such as payment-service providers, is necessary for the performance of a contract under Art. 6 (1)(b) GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts).
If we commission third parties to process data on the basis of a “processing agreement”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the EU or EEA) or if this is done in the context of utilising third-party services, or disclosing or transmitting data to third parties, this is done only to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow data to be processed in a third country only under the special conditions of Art. 44 ff. GDPR (i.e. processing is carried out, for example, on the basis of special guarantees such as the officially recognised establishment of a level of data protection equivalent to that of the EU—e.g. the EU-U.S. Privacy Shield—or compliance with officially recognised special contractual obligations, known as “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data concerning you are being processed and to obtain information about these data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have the right under Art. 16 GDPR to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Under Art. 17 GDPR you have the right to demand that data concerning you be deleted without delay, or alternatively to demand restriction of the processing of data under Art. 18 GDPR.
You have the right to receive the data concerning you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transmission to other controllers.
You also have the right to lodge a complaint with the competent supervisory authority under Art. 77 GDPR.
Right of withdrawal
You may revoke consent granted under Art. 7 (3) GDPR with effect for the future at any time.
Right to object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct-marketing purposes.
Cookies & right to object to direct marketing
“Cookies” are small files that are stored on users’ devices. Cookies can store various information. A cookie’s primary purpose is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. “Session” or “transient” cookies are cookies that are deleted after a user leaves an online offering and closes their browser. The contents of a shopping basket in an online shop or a login status can be stored in such a cookie. “Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be stored if users revisit a site after several days. Likewise, the interests of users can be stored in such a cookie for reach-measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller who operates the online offering (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).
We may use both session and permanent cookies and will inform you about this in the context of our privacy policy.
If users do not want cookies stored on their device, they can disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may limit the functionality of this online offering.
A general objection to the use of cookies employed for online-marketing purposes—especially in the case of tracking—can be declared via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You can also prevent cookies from being stored by disabling them in your browser settings. Please note that, if you do so, not all functions of this online offering may be available.
Supplementary information on cookies and external services used
Cookie Banner (Cookie Management Platform)
To comply with the GDPR, the TDDDG (Telecommunications-Digital-Services-Data-Protection-Act), and the ePrivacy Directive, we use the Consent Management Platform (CMP) Cookiebot by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot automatically scans our website for cookies and trackers, displays a cookie banner, and stores the user's consent decision. As a result, non-essential cookies (Preferences, Statistics, Marketing) are only set/blocked after explicit consent.
Processed Data:
IP address (for geolocation and correct banner display), User Agent/browser information (type, version), timestamp, consent status (categories: Necessary/Statistics/Marketing).
Purpose of Processing:
Provision of a data protection-compliant cookie banner, storage and implementation of user consent, optimization of website functionality, and compliance with legal obligations.
Legal Basis:
§ 25 para. 2 no. 2 TDDDG (strictly necessary for the expressly requested service) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in legally compliant consent management).
Storage Duration:
CookieConsent / CrossConsent: typically 1 year (or until withdrawal). Log data (IP etc.): max. 7 days (then deleted or anonymized). Consent data: deleted after 12 months or upon withdrawal/termination.
Data Transfer:
Data is transferred to Usercentrics servers (EU/Denmark); partially to processors (e.g., Akamai/CDN in the USA) with EU Standard Contractual Clauses. No transfer for advertising purposes.
Further Information:
Privacy Policy of Cookiebot/Usercentrics: https://www.cookiebot.com/en/privacy-policy/
Visiontrade
To record and evaluate user statistics on our web pages, we use the service of Visiontrade Ltd, Maruti House, 1st Floor, 369 Station Road, Harrow, Middlesex HA1 2AW, UK (api1.websuccess-data.com), following your consent to marketing cookies. In this process, a Local Storage entry "geolocated" is stored in the browser. Additionally, data such as User Agent, browser type/version, operating system, and IP address may be processed.
Processed Data:
IP address, approximate geographical location, User Agent, browser information (type, version, operating system).
Purpose of Processing:
Optimization of user experience and website usability.
Legal Basis:
The legal basis is the consent of the website visitor according to § 25 para. 1 TDDDG as well as Art. 6 para. 1 lit. a GDPR.
Storage Duration:
Persistent, until manual deletion by the user in the browser (possible at any time).
Data Transfer / Disclosure:
The data is processed solely for the provision of the service and is not passed on to third parties unless legally required. Storage takes place securely on Visiontrade Ltd systems. A transfer to third countries (UK) takes place; Visiontrade Ltd processes data in accordance with the GDPR.
Contact / Data Protection:
Data Protection Officer: Mr. Kapila, Visiontrade Ltd, Maruti House, 1st Floor, 369 Station Road, Harrow, Middlesex HA1 2AW, UK. E-Mail for Opt-out or information: data@vtrade1.com.
Further Information:
You can access Visiontrade's privacy notices via the following link: https://visiontrade.co.uk/privacypolicy.html
Static Caching
To accelerate the website and reduce server load, we use static caching (TYPO3 StaticFileCache). In this process, the HTTP cookie "staticfilecache" is set. It signals to the server whether a static HTML version exists to avoid dynamic generation. The cookie contains no personal data and is not used for tracking or advertising.
Purpose of Processing:
Performance optimization and resource-saving operation (technically necessary).
Legal Basis:
§ 25 para. 2 no. 2 TDDDG (strictly necessary for accessing the website).
Storage Duration:
Session (usually until the browser is closed).
Data Transfer:
Only between the browser and our server; no transfer to third parties.
YouTube Videos
To integrate YouTube videos on our website, we use the YouTube service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Domain: www.youtube-nocookie.com in Privacy-Enhanced Mode). We exclusively use the Privacy-Enhanced Mode (youtube-nocookie.com) to minimize tracking: No cookies are set by YouTube merely by loading the page. Instead, we only load the video after your consent to marketing cookies to protect personal data.
Processed Data:
IP address, approximate geographical location, User Agent, browser information (type, version, operating system), cookies (e.g., CONSENT, NID, YSC), and Local Storage entries (e.g., yt-remote-device-id, yt.innertube::requests incl. Visitor-ID) for device recognition, video playback, and potentially personalized recommendations/ads. This data may be linked to a Google account.
Purpose of Processing:
Provision of video content to improve user experience, information about our services, and promotion of the communicative character of the website.
Legal Basis:
The legal basis is the consent of the website visitor according to § 25 para. 1 TDDDG as well as Art. 6 para. 1 lit. a GDPR.
Storage Duration:
Cookies/Local Storage: variable (session to several years, depending on Google Policy).
Data Transfer:
Data is transferred to Google servers (including Ireland, USA). Google processes data under its own responsibility (see Google Privacy Policy: https://policies.google.com/privacy).
Further Information:
Details on Privacy-Enhanced Mode and YouTube data protection at https://support.google.com/youtube/answer/171780 and https://policies.google.com/privacy
Deletion of Data
The data we process are deleted in accordance with Art. 17 and 18 GDPR, or their processing is restricted. Unless expressly stated otherwise in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations prevent deletion. Where data cannot be deleted because they are required for other, legally permissible purposes, their processing is restricted; i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Under German law, records are kept in particular for ten years pursuant to §§ 147 (1) AO, 257 (1) Nos. 1 and 4, (4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and six years pursuant to § 257 (1) Nos. 2 and 3, (4) HGB (commercial correspondence).
Hosting
The hosting services we use serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.
In doing so, we—and/or our hosting provider—process inventory data, contact data, content data, contract data, usage data as well as meta and communication data of customers, prospects and visitors to this online offering on the basis of our legitimate interest in an efficient and secure provision of this online offering pursuant to Art. 6 (1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing agreement).
Collection of Access Data and Log Files
No log files are collected by our hosting provider.
Privacy Information for the Application Procedure
We process applicant data solely for the purpose and within the scope of the application procedure, in accordance with statutory provisions. Processing of applicant data is carried out to fulfil our (pre-)contractual obligations within the application procedure in the sense of Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR where processing becomes necessary for us, for example, in the course of legal proceedings (in Germany, § 26 BDSG also applies).
The application procedure requires applicants to provide us with their data. Mandatory applicant data are indicated where we offer an online form, otherwise they result from the job descriptions and generally include information about the person, postal and contact addresses and documents related to the application such as cover letter, CV and certificates. Applicants may also voluntarily provide additional information.
By submitting an application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as a severe disability or ethnic origin) are voluntarily communicated within the application procedure, their processing is additionally carried out under Art. 9 (2)(b) GDPR. Where special categories of personal data are requested from applicants within the application procedure, their processing is additionally based on Art. 9 (2)(a) GDPR (e.g. health data if required for the exercise of the profession).
Where provided, applicants can submit their applications to us via an online form on our website; data are transmitted to us in encrypted form in line with the state of the art.
Applicants can also send us applications via e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure encryption themselves. We therefore cannot assume responsibility for the transmission path of the application between the sender and receipt on our server and recommend using the online form or postal mail instead. Applicants may still send applications by post rather than via the online form or e-mail.
The data provided by applicants may, in the event of a successful application, be further processed by us for the purposes of employment. Otherwise, if an application for a job offer is unsuccessful, the applicants’ data are deleted. Applicants’ data are also deleted if an application is withdrawn, which applicants are entitled to do at any time.
Deletion takes place, subject to a justified withdrawal by the applicants, after a period of six months so that we can answer any follow-up questions regarding the application and meet our burden of proof under the German Equal Treatment Act. Invoices for any travel-expense reimbursement are archived in accordance with tax regulations.
Contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), the user’s details are processed to handle and respond to the contact enquiry pursuant to Art. 6 (1)(b) GDPR. User information may be stored in a Customer-Relationship-Management system (“CRM system”) or comparable enquiry-management system.
We delete enquiries when they are no longer necessary; we review necessity every two years. Statutory archiving obligations apply.
