Privacy policy

Data protection

PRIVACY POLICY of the ROTHO Group

The protection of your personal data is particularly important to us. Therefore, we process your data solely on the basis of legal provisions and relevant data protection regulations. With the information below regarding our privacy policy, you will learn how we process data on our websites (www.rotho.com,www.appmybox.com, www.madeibox.com,modlife.ch,rotho-renew.com,www.rotholoft.com,www.rothopro.com,mypet.rotho.com) and when using our online stores (www.pl.rotho.com; www.rotho-shop.com, www.rothoshop.ch).

1. Data controllers

The processing of data on our websites is handled by the appropriate website operator, a company belonging to the Rotho Group. Information about the representatives responsible for data processing and contact details are available in the editorial footer of the website.

2. Data protection officer

You can contact the data protection officer of the Rotho Group in the following way:

On behalf of Rotho Sp. Z o.o.:

Robert Thoma GmbH
Attn: Data Protection Officer
Hauptstr. 84
79733 Görwihl

Email: datenschutz@rotho.com
Tel.: +49 351 2820 51 75

3. Data processing

3.1 General information, deletion

Personal data is any data that allows the identification of a person, such as name, address, email addresses, and online identifiers.

The personal data of our users is used in the following ways:

  1. to perform our services,
  2. to provide technical support.

We only pass personal data to third parties if you have given your consent, it is necessary for the purposes of conducting transactions (execution of bank transactions), delivery of goods (delivery by postal service providers), or it is necessary for other reasons so that we can fulfill our contractual obligations to you.

Personal data will be deleted as soon as it has fulfilled its purpose, and its deletion is not contrary to any storage requirements.

3.2 Use of our website for informational purposes

If you use the website solely for informational purposes, i.e., you do not log in, register, or otherwise provide us with information, we do not collect any personal data, except for those that your browser transmits to enable you to visit the site. These are:

  • IP address
  • date and time of access to the site
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (specific page)
  • access status/HTTP status code
  • amount of data transmitted at each instance
  • website from which the request originates
  • browser
  • operating system and its interface
  • language and version of the browser software

We store this data for a limited time in the form of log files to analyze and eliminate potential technical problems. The legal basis for these activities is Article 6(1)(f) of the GDPR. Due to the nature of the Internet, this data is inevitably processed on numerous servers until your request reaches our web server; therefore, it is possible to collect and use data in "third countries" (e.g., the USA). Our company has no influence over this process. In addition to these technical requirements, the provider of this website does not transmit any personal data to countries outside the scope of the EU General Data Protection Regulation or countries that do not provide an adequate level of data protection.

In addition to using our website for purely informational purposes, we offer various services that you can take advantage of if you are interested. To do this, you usually need to provide additional personal data, which we use to provide the relevant service. If there is an option to voluntarily provide additional information, it is appropriately marked.

3.2 Contact form

If you contact us via the form on the site or by email, your email address, name, address, phone number, and any other data you provide will be stored by us to respond to your inquiries. Responses to inquiries are provided via unencrypted email. The data collected in such circumstances will be deleted 6 months after contact is made, unless there is a requirement for longer storage. In the case of statutory retention periods, the data will be blocked.

The processing of data is based on legal provisions Article 6(1)(a) (consent) and (b) (performance of a contract) of the GDPR. Processing, in particular communication via unencrypted email, is lawful as long as you have given your consent. You can withdraw your consent at any time with effect for the future.

3.3 Newsletter

If you want to receive the newsletter available on the site, we need your email address and information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. We use this data solely to send the requested information. The legal basis is Article 6(1)(a) of the GDPR.

You can withdraw your consent to the storage of data and the email address and their use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter.

3.4 Use of our online stores, creating a customer account

When you shop in our online stores, personal data is collected that we need to prepare the order. This includes the following data: name, email address, street, postal code, city, phone number, payment details. Also, data regarding your order: items, date, order number, payment method, and invoice number. We store and use your data to fulfill the contract. For this purpose, we cooperate with payment and transport service providers. The legal basis for these activities is Article 6(1)(b) of the GDPR. Mandatory information required to process the order is specially marked, while other information is voluntary. The legal basis for processing is Article 6(1)(a) or (b) of the GDPR.

We delete data regarding your order as soon as we are no longer legally obliged to store it, i.e., up to 10 years from the order date. After the warranty periods expire, we limit processing, i.e., your data will only be used to fulfill legal obligations.

To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using SSL technology.

If you want to order something in our online store, you can choose whether to enter the data required for the order only once for this order or whether you want to create a customer account in which your data will be stored for future purchases.

When you create an account in "My Account," the data provided there will be stored with the option to withdraw consent for its storage. You can always delete your account in the customer area.

4. Data transfer within the Rotho Group, data transfer abroad

The transfer of personal data between companies of the Rotho Group takes place within the framework of managing a central customer service and order processing system. The recipients of personal data intended for processing are the companies of the Rotho Group, in particular Rotho Kunststoff AG in Würenlingen (Switzerland) and our production facilities in Poland. The Rotho Group obliges its companies through internal guidelines to implement technical and organizational measures to ensure the security of data processing.

5. Cookies

These websites use so-called cookies. Cookies are used to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

We use cookies to identify you on subsequent visits if you have an account with us. Otherwise, you would have to log in again on each visit. The legal basis is Article 6(1)(a) of the GDPR. This site uses cookies to the following extent:

  • Temporary cookies (temporary use)
  • Permanent cookies (limited time use),
  • Third-party cookies (other providers).

Temporary cookies are automatically deleted after closing the browser. These include session cookies in particular. They store a so-called session ID, which allows various requests from your browser to be assigned to a common session. This allows your computer to be recognized when you return to our site. Session cookies are deleted after logging out or closing the browser.

Permanent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

You can configure your browser settings according to your preferences, including refusing to accept cookies from third-party providers or all cookies. However, we would like to point out that in such a case, you may not be able to use all the features of this site.

The stored information is stored separately from any other data that may be transmitted to us. In particular, data from cookies is not combined with your other data.

You can set your browser to inform you about the appearance of cookies and allow them only in individual cases, exclude the acceptance of cookies in certain cases or exclude them altogether and activate the automatic deletion of cookies after closing the browser. If cookies are disabled, the functionality of such a site may be limited.

6. Analytical services

6.1 Tasks of analytical tools

We have integrated analytical tools on our websites for marketing purposes and to optimize our offers. For this purpose, the data mentioned in point 3.2 is transmitted. The legal basis for these activities is Article 6(1)(a) of the GDPR.

6.2 Google Analytics

Our websites use Google Analytics, a web analysis service provided by Google Inc., Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland (“Google”). Google Analytics uses cookies, which are text files stored on your computer and allow the analysis of the use of websites. The information generated by the cookie

about the use of these websites is usually transmitted to a Google server in the Netherlands and stored there. However, Google shortens and anonymizes your IP address in member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area.

On our behalf, Google will use this information to evaluate the user's use of the website in order to create reports on website traffic and provide other services related to website activity and internet usage for the website operator. The data will not be passed on. In addition, the collected data will not be linked to any data from other sources.

The processing of data using Google Analytics on our website is based on Article 6(1)(a) of the GDPR. Your consent is voluntary, and you can withdraw it at any time with effect for the future by changing your current settings in our cookie banner.

You can also prevent the storage of cookies by appropriately adjusting the settings of your browser software.

You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and prevent the processing of this data by Google using a plugin that you can download and install at this link.

For more information on how Google Analytics handles user data, please see the Google privacy policy.

Google Analytics is used in accordance with the requirements agreed upon with Google by German data protection authorities.

Information from the external provider: http://www.google.com/intl/de/analytics/learn/privacy.html and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

6.3 Hotjar

The administrator uses Hotjar tools in its operations - specifically on the managed website. This tool is provided by Hotjar Ltd (head office address: Hotjar Limited Dragonara Business Centre, 5th Floor, Dragonara Road,, Paceville St Julian's STJ 3141, Malta), to which data such as cursor movement, page scrolling, location, operating system, and browser may be provided. The collected data does not allow the identification of a specific person, and more information about the privacy standards of the tool is available at https://www.hotjar.com/legal/compliance/gdpr-commitment/. Additionally, by using the link below: https://www.hotjar.com/opt-out/ there is an option to disable activity measured by Hotjar. Settings can be changed directly after visiting the Administrator's site by expanding the "Customize settings/Detailed settings" option visible in the window informing about possible ways of using data and tools used for these purposes.

6.4 Shopify

We use Shopify to provide our services to you. Shopify is a platform through which e-commerce services are offered and executed. The service provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The Shopify privacy policy can be found at the following link: https://www.shopify.com/legal/privacy/customers. Additionally, Shopify uses cookies to provide us with its services, e.g., to provide us with analytics regarding the number of visitors to our store and to help us troubleshoot and improve our store. The legal basis for this processing is Article 6(1)(a) of the GDPR.
For this purpose, we have entered into a processing agreement with Shopify, as your personal data is processed by Shopify. This only concerns personal data that you provided to us for the purpose of entering into a contract, such as name, billing address, delivery address, email address, phone number, and payment information. The legal basis for this processing is Article 6(1)(b) of the GDPR. We delete your order data as soon as we are no longer legally obliged to store it, i.e., generally up to 10 years after the order is placed. We are already limiting data processing after warranty periods expire, meaning your data will only be used to fulfill legal obligations.
You can object to the processing of data and withdraw consent at any time by sending an email to datenschutz@rotho.com. More information can be found in point 11 of this privacy statement.

7. Online advertising (Google Adwords)

7.1 Legal basis

The legal basis for processing your data is Article 6(1)(a) of the GDPR.

7.2 Purpose of using Google Adwords

We use Google Adwords to draw attention to our attractive offers through advertising materials (so-called Google Adwords) on external websites. Regarding the data from advertising campaigns, we can determine the effectiveness of individual advertising measures. Thus, we are interested in showing you ads that interest you, enhancing our website, and obtaining a reliable calculation of advertising costs.

These advertising tools are provided by Google through so-called "Ad Servers." For this purpose, we use advertising server cookies, which can be used to measure certain effectiveness parameters, such as ad impressions or clicks by users. If you access our site via a Google ad, Google Adwords will save a cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie identifier, the number of ad impressions for each placement (frequency), the last impression (relevant for conversion after viewing), and opt-out information (indicating that the user does not want to receive ads anymore) are usually stored as analytical values of this cookie.

These cookies allow Google to recognize your web browser. If a user visits specific pages of the Adwords client's website, and the cookie stored on their computer has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. Each Adwords client is assigned a different cookie. This means that cookies cannot be tracked across Adwords client websites. We do not collect or process any personal data within the framework of the mentioned advertising measures. We only receive statistical analyses from Google. Based on these analyses, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, in particular, we cannot identify the user based on this information.

With the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through this tool and therefore inform you according to our state of knowledge: By using AdWords, Google receives the information that you accessed the relevant part of our website or clicked on one of our ads. If you are registered with Google, Google can assign this visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will learn and save your IP address.

You can prevent participation in this tracking process in several ways:

a) by appropriate settings of your browser software – in particular, disabling third-party cookies means that you will not receive ads from external providers;

b) by disabling tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com," https://www.google.de/settings/ads, noting that these settings will be removed if you delete cookies;

c) by deactivating ads preferred by providers who are part of the self-regulatory campaign "About Ads," by clicking on the link http://www.aboutads.info/choices, noting that this setting will be removed if you delete your cookies;

d) by permanently deactivating in your browsers Firefox, Internet Explorer, or Google Chrome at the link http://www.google.com/settings/ads/plugin. Please note that in such a case, it may not be possible to fully utilize all features of this offer.

More information about data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. You can also visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

8. Integration of third-party services (LinkedIn, YouTube)

The integration of services from other providers described below aims to present our offers online attractively. This constitutes a legitimate interest within the meaning of Article 6(1)(a) of the GDPR.

8.1 Integration of LinkedIn

On some of our pages, we currently provide access to LinkedIn via a so-called social bookmark. To have full control over the data, LinkedIn is only included as a link. By clicking on the integrated graphic, you will be redirected to the LinkedIn page, and only then will user data be transmitted to LinkedIn.

Learn more about the purpose and scope of data collection and processing by LinkedIn. The company and its privacy policy statements:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

8.2 Integration of YouTube

(1) We have included YouTube videos in our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.

(2) When you visit the website, YouTube receives the information that you accessed the relevant subpage of our website. In addition, data mentioned in § 3 of this privacy policy will be transmitted. This happens regardless of whether YouTube provides a user account through which you log in or whether such an account does not exist. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research, and/or designing its website based on needs. Such analysis is carried out in particular (even for non-logged-in users) to provide content tailored to needs and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

(3) More information about the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. You will also find further information about your rights and options for settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

8.3 Integration of Instagram

We have a link to Instagram, the provider is: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, embedded on some of our websites. By clicking on the graphic, you will be redirected to Instagram, and only then will user information be transferred to Instagram. More information about the purpose and scope of data collection can be found at: https://instagram.com/about/legal/privacy/.

8.4 Integration of Facebook

On some of our pages, we have integrated a link to Facebook, the provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. By clicking on the graphic, you will be redirected to Facebook, and only then will user information be transmitted to Facebook. More information about the purpose and scope of data collection can be found at: https://de-de.facebook.com/policy.php

8.5 Integration of Google Maps

On this page, we use the Google Maps service. This allows us to display interactive maps directly on the website and conveniently use the map functions. The legal basis for these activities is Article 6(1)(a) of the GDPR.

When you visit the site, Google receives the information that you accessed the relevant subpage of our website. In addition, data listed in point 3.2 of this privacy policy will be transmitted. This happens regardless of whether Google provides a user account through which you log in or whether such an account does not exist. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be associated with your Google profile, you must log out first. Google stores your data as user profiles and uses them for advertising, market research, and/or designing its website based on needs. Such analysis is carried out in particular (even for non-logged-in users) to provide content tailored to needs and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Further information about the purpose and scope of data collection and processing by the provider of the plugin can be found in the provider's privacy policy. You will also find further information about your rights in this regard and options for settings to protect your privacy: http://www.google.de/intl/de/policies/privacy.

9. Use of the application

You can download our "APPMyBox" application from our website. With APPMyBox, you can organize and archive boxes and items on your smartphone using the QR code that all Rotho storage boxes are equipped with. To register in the app, enter your last name, first name, and other company information. This information is required to fulfill the contract and will be stored on our servers as long as necessary to provide the service. The legal basis for these activities is Article 6(1)(b) of the GDPR. When you use the app, our servers temporarily log your device's IP address and other technical features, such as searched content (Article 6(1)(b) of the GDPR). Otherwise, Rotho does not use the data. In this app, you have the option to use various functionalities provided by third parties (e.g., Apple or Google) and used by them as data processors. For detailed information about this functionality and how to enable and disable its use, please contact the manufacturer of the relevant operating system.

To be able to use the app on your device, the app must have access to various functions and data on your end device. This requires granting certain permissions (Article 6(1)(a) of the GDPR). Authorization categories are programmed differently by different manufacturers. For example, in the Android system, individual permissions are grouped into permission categories, and you can only consent to the permission category as a whole.

You can withdraw this consent at any time. However, please note that if you withdraw it, you may not be able to use all the features of our app.

10. Rights of data subjects

You have the right to:

a) request information about the categories of processed data, purposes of processing, recipients of data, planned storage period (Article 15 of the GDPR);

b) request correction or completion of incorrect or incomplete data (Article 16 of the GDPR);

c) withdraw consent given at any time with effect for the future (Article 7(3) of the GDPR);

d) object to the processing of data that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Article 21(1) of the GDPR);

e) in certain cases under Article 17 of the GDPR, request deletion of data – in particular if the data is no longer necessary for the intended purpose or is being processed unlawfully, or if you withdraw your consent according to point (c) above or object according to point (d) above;

f) request restriction of data under certain conditions if deletion is not possible or the obligation to delete is disputed (Article 18 of the GDPR);

g) to data portability, i.e., you can receive the data you provided to us in a commonly used, machine-readable format, such as CSV, and, if necessary, transfer it to others (Article 20 of the GDPR).

11. Objection or withdrawal of consent to the processing of your data

If you have given consent to the use of data, you can effectively withdraw it at any time. Such withdrawal affects the admissibility of processing your personal data after you have communicated it to us.

If we base the processing of your personal data on balancing interests, you can object to their processing. This is the case if the processing of data is not necessary for the performance of the contract concluded with you, which we inform you of in the description of functions below. In the event of such a withdrawal, please explain the reasons why we should not process your personal data as we have done. If you raise a justified objection, we will examine the factual situation and cease or adjust the processing of data or present you with our significant and compelling reasons for continuing the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection regarding receiving advertising content by sending us an email at: datenschutz@rotho.com.

For any other information, requests for deletion and correction, requests for information, data portability objections regarding data processing, etc., please send an email to datenschutz@rotho.com.

If you believe that the processing of your data violates data protection regulations or your rights to data protection have been otherwise violated, you can also contact the relevant supervisory authority for data protection.

12. Data security

We have modern technical and organizational measures in place to ensure the security of data processing, particularly protecting your personal data from threats during transmission and from being accessed by third parties. These are adapted to the current state of technology, requirements for personal data protection, and threats to your rights and freedoms.

13. Changes to the Privacy Policy

We reserve the right to change the provisions of this privacy policy to adapt it to changing legal situations or changes made to our offers.

Status as of: March 2021