Data protection
Privacy
Policy
Unless
otherwise stated below, the provision of your personal data is neither required
by law nor by contract, nor is it necessary for the conclusion of a contract.
You are under no obligation to provide such data. Failure to provide it will
have no consequences. This applies only insofar as no other information is
provided regarding the processing operations described below.
‘Personal
data’ refers to any information relating to an identified or identifiable
natural person.
Server log
files
You may
visit our website without providing any personal information.
Each time
you access our website, usage data is transmitted to us or our web host/IT
service provider via your internet browser and stored in log files (so-called
server log files). This stored data includes, for example, the name of the page
accessed, the date and time of access, the IP address, the amount of data
transferred and the requesting provider.
Processing
is carried out on the basis of Article 6(1)(f) of the GDPR, based on our
overriding legitimate interest in ensuring the smooth operation of our website
and in improving our services.
Contact
Data
Controller
Please
contact us if you wish. The data controller is: Birgit Jaser, Kirchweg 5, 6991
Riezlern AT, 06642339885, info@rohn-shop.com
Customer
contacting us on their own initiative via email
If you
contact us on your own initiative via email, we will collect your personal data
(name, email address, message text) only to the extent that you provide it. The
data processing serves to process and respond to your contact enquiry.
If the
contact serves to carry out pre-contractual measures (e.g. advice regarding
purchase interest, preparation of a quotation) or relates to a contract already
concluded between you and us, this data processing is carried out on the basis
of Article 6(1)(b) of the GDPR. If contact is made for other reasons, this data
processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on
our overriding legitimate interest in processing and responding to your
enquiry. In this case, you have the right to object at any time, on grounds
relating to your particular situation, to the processing of your personal data
based on Article 6(1)(f) of the GDPR.
We use your
email address solely to process your enquiry. Your data will subsequently be
deleted in accordance with statutory retention periods, provided you have not
consented to further processing and use.
Customer
account Orders
Customer
account
When you
open a customer account, we collect your personal data to the extent specified
there. The purpose of data processing is to improve your shopping experience
and simplify order processing. Processing is carried out on the basis of
Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at
any time by notifying us, without this affecting the lawfulness of the
processing carried out on the basis of your consent prior to its withdrawal.
Your customer account will then be deleted.
Collection,
processing and disclosure of personal data in connection with orders
When you
place an order, we collect and process your personal data only to the extent
necessary to fulfil and process your order and to handle your enquiries. The
provision of this data is necessary for the conclusion of the contract. Failure
to provide the data means that no contract can be concluded. Processing is
carried out on the basis of Article 6(1)(b) of the GDPR and is necessary for
the performance of a contract with you.
Your data
may be disclosed, for example, to shipping companies, dropshipping or
fulfilment providers, payment service providers, service providers for order
processing and IT service providers. In all cases, we strictly adhere to the
legal requirements. The scope of data transfer is kept to a minimum.
Your data
may be transferred to and processed in third countries outside the EU, in
particular to Canada and the USA. An adequacy decision by the European
Commission exists for Canada.
An adequacy
decision by the European Commission is in place for the USA, namely the
Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under
the TADPF. This data transfer is based on contractual obligations comparable to
those set out in the European Commission’s Standard Contractual Clauses.
Advertising
Use of your
email address for sending newsletters
We use your
email address to send you information and offers via our newsletter, provided
you have expressly consented to this. The data processing serves exclusively
for the purpose of sending you advertising. To this end, we process your email
address and, where applicable, any further data you have voluntarily provided
when subscribing to our newsletter.
Processing
is carried out on the basis of Article 6(1)(a) of the GDPR with your consent.
You may withdraw your consent at any time without this affecting the lawfulness
of the processing carried out on the basis of your consent prior to withdrawal.
You can
unsubscribe from the newsletter at any time by using the relevant link in the
newsletter or by notifying us. Your email address will then be removed from the
mailing list. Even if you have unsubscribed from our mailing list, we may still
store your email address on a so-called blacklist to prevent you from receiving
future newsletter emails from us. This storage is based on Article 6(1)(f) of
the GDPR, in accordance with our and your legitimate interest in preventing the
reuse of your email address for the purpose of sending our newsletter. You have
the right to object at any time to the processing of your personal data on
grounds relating to your particular situation.
Shipping
providers Inventory management
Disclosure
of your email address to shipping companies for information regarding the
shipping status
We will
pass on your email address to the transport company as part of the contract
processing, provided you have expressly consented to this during the ordering
process. The purpose of this transfer is to inform you of the dispatch status
by email. Processing is carried out on the basis of Article 6(1)(a) of the GDPR
with your consent. You may withdraw your consent at any time by notifying us or
the transport company, without this affecting the lawfulness of the processing
carried out on the basis of your consent prior to withdrawal.
Use of an
external merchandise management system
We use a
merchandise management system for contract processing as part of a data
processing arrangement. To this end, your personal data collected during the
ordering process is transferred to
Hiltes
Softwear
.
The
processing of your personal data serves the purpose of fulfilling the contract
concluded with you and is carried out on the basis of Article 6(1)(b) of the
GDPR.
Payment
service providers Credit
checks
Use of
PayPal Express
On our
website, we use the PayPal Express payment service provided by PayPal (Europe)
S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”).
The purpose of data processing is to enable us to offer you payment via the
PayPal Express payment service. To integrate this payment service, it is
necessary for PayPal to collect, store and analyse data (e.g. IP address,
device type, operating system, browser type, location of your device) when you
visit the website. Cookies may also be used for this purpose. The cookies
enable your browser to be recognised. The processing of your personal data is
carried out on the basis of Article 6(1)(f) of the GDPR, based on our
overriding legitimate interest in offering a customer-focused range of payment
methods. You have the right to object at any time to the processing of your
personal data on grounds relating to your particular situation.
When you
select and use PayPal Express, the data required for payment processing is
transmitted to PayPal in order to fulfil the contract with you using the
selected payment method. This processing is carried out on the basis of Article
6(1)(b) of the GDPR. Further information on data processing when using the
PayPal Express payment service can be found in the relevant privacy policy at
www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.
Use of
PayPal Checkout
We use the
PayPal Checkout payment service provided by PayPal (Europe) S.à.r.l. et Cie,
S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The
purpose of this data processing is to enable us to offer you payment via this
payment service. By selecting and using payment via PayPal, credit card via
PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required
for payment processing is transmitted to PayPal in order to fulfil the contract
with you using the selected payment method. . This processing is carried out on
the basis of Article 6(1)(b) of the GDPR.
In this
context, cookies may be stored that enable your browser to be recognised. The
resulting data processing is carried out on the basis of Article 6(1)(f) of the
GDPR, based on our overriding legitimate interest in offering a
customer-oriented range of payment methods. You have the right to object at any
time to the processing of your personal data on grounds relating to your
particular situation.
Credit card
via PayPal, direct debit via PayPal & ‘Pay Later’ via PayPal
For certain
payment methods such as credit card via PayPal, direct debit via PayPal or ‘Pay
Later’ via PayPal, PayPal reserves the right to obtain a credit check, where
necessary, based on mathematical and statistical methods using credit reference
agencies. To this end, PayPal transmits the personal data required for a credit
check to a credit reference agency and uses the information received regarding
the statistical probability of a payment default to make a balanced decision on
the establishment, performance or termination of the contractual relationship. The credit report may contain probability
scores calculated using scientifically recognised mathematical and statistical
methods, which incorporate, amongst other things, address data. Your legitimate
interests will be taken into account in accordance with the statutory
provisions. The data processing serves the purpose of a credit check for the
initiation of a contract. The processing is carried out on the basis of Article
6(1)(f) of the GDPR, based on our overriding legitimate interest in protection
against payment default where PayPal makes an advance payment.
You have
the right to object at any time to the processing of your personal data based
on Article 6(1)(f) of the GDPR for reasons arising from your particular
situation by notifying PayPal. The provision of the data is necessary for the
conclusion of the contract using your preferred payment method. Failure to
provide the data will result in the contract not being concluded using your
chosen payment method.
Third-party
providers
When paying
via a third-party payment method, the data required for payment processing is
transmitted to PayPal. This processing is carried out on the basis of Article
6(1)(b) of the GDPR. To facilitate this payment method, the data may then be
passed on by PayPal to the relevant provider. This processing is carried out on
the basis of Article 6(1)(b) of the GDPR. Examples of local third-party
providers include:
• Apple Pay (Apple Distribution International
Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
• Google Pay (Google Ireland Limited, Gordon
House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on
account via PayPal
When paying
via the ‘Purchase on account’ payment method, the data required for payment
processing is first transmitted to PayPal. To facilitate this payment method,
PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587
Berlin; ‘Ratepay’) in order to fulfil the contract with you using the selected
payment method. This processing is carried out on the basis of Article 6(1)(b)
of the GDPR. Ratepay may carry out a credit check based on mathematical and
statistical methods (probability or score values) using credit reference
agencies in accordance with the procedure described above. The data processing
serves the purpose of a credit check for the initiation of a contract. The
processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on
our overriding legitimate interest in protection against payment default, where
Ratepay provides advance payment. Further information on data protection and
which credit reference agencies Ratpay uses can be found at
https://www.ratepay.com/legal-payment-dataprivacy/ and
https://www.ratepay.com/legal-payment-creditagencies/.
For further information on data processing when using PayPal, please refer to the relevant privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of
Klarna payment options
We use the
payment service provided by Klarna Bank AB (publ) (Sveavägen 46, 111 34
Stockholm, Sweden; “Klarna”) on our website. When you select and use payment
via Klarna, the data required for payment processing is transmitted to Klarna
in order to fulfil the contract with you using the selected payment method.
This processing is carried out on the basis of Article 6(1)(b) of the GDPR.
In doing
so, cookies may be stored that enable your browser to be recognised. The
resulting data processing is carried out on the basis of Article 6(1)(f) of the
GDPR, based on our overriding legitimate interest in offering a
customer-oriented range of payment methods. You have the right to object at any
time to the processing of your personal data on grounds relating to your
particular situation. “Pay Later” (invoice), “Pay Now” (payment by direct
debit, credit card, Sofortüberweisung), “Financing” (hire purchase)
For certain
payment methods such as “Pay Later” (invoice), “Pay Now” (payment by direct
debit, credit card, instant bank transfer), “Financing” (hire purchase), Klarna
reserves the right to obtain a credit check, where necessary, based on
mathematical and statistical methods using credit reference agencies.
To this
end, Klarna transmits the personal data required for a credit check, such as
first name and surname, address, gender, email address, IP address and data
relating to the order to a credit reference agency for the purpose of identity
and credit checks, and uses the information received regarding the statistical
probability of payment default to make a balanced decision on the
establishment, execution or termination of the contractual relationship. The
credit report may contain probability scores calculated using scientifically
recognised mathematical and statistical methods, which incorporate, amongst
other things, address data. Your legitimate interests are taken into account in
accordance with the statutory provisions. The data processing serves the
purpose of conducting a credit check for the initiation of a contract. The
processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on
our overriding legitimate interest in protection against payment default where
Klarna provides advance payment. You have the right to object at any time, on
grounds relating to your particular situation, to the processing of your
personal data based on Article 6(1)(f) of the GDPR by notifying Klarna. The
provision of the data is necessary for the conclusion of the contract using
your preferred payment method. Failure to provide the data will result in the
contract not being concluded using your chosen payment method.
Further
information, in particular regarding which credit reference agencies Klarna
passes on your personal data to, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.
General information about Klarna is available at: https://www.klarna.com/de/.
Your personal data will be processed by Klarna in accordance with applicable
data protection regulations and as set out in Klarna’s privacy policy at
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
Use of the
payment service provider Mollie
We use the
payment service provider Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam,
Netherlands; “Mollie”) for payment processing on our website. The purpose of
data processing is to offer you various payment methods through payment
processing via the payment service provider Mollie. If you have chosen one of
the payment options offered by the payment service provider Mollie, the data
required for payment processing will be transmitted to Mollie. This includes
your payment details (e.g. bank account number or credit card number), your IP
address, your internet browser and device type, and in some cases your first
and last name, your address details and information about the product or
service you have purchased from us. This data processing is carried out on the
basis of Article 6(1)(b) of the GDPR. Further information on data processing
when using the payment service provider Mollie can be found in the relevant
privacy policy at https://www.mollie.com/de/legal/privacy
Cookies
Our website
uses cookies. Cookies are small text files that are stored in or by the web
browser on a user’s computer system. When a user visits a website, a cookie may
be stored on the user’s operating system. This cookie contains a unique string
of characters that enables the browser to be identified unambiguously when the
website is visited again.
Cookies are
stored on your computer. You therefore have full control over the use of
cookies. By selecting the appropriate technical settings in your web browser,
you can be notified before cookies are set and decide individually whether to
accept them, as well as prevent the storage of cookies and the transmission of
the data they contain. Cookies that have already been stored can be deleted at
any time. However, please note that you may then not be able to make full use
of all the functions of this website. You can find out how to manage (including
disabling) cookies in the most popular browsers via the links below:
Chrome:
https://support.google.com/accounts/answer/61416?hl=de
Microsoft
Edge:
https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari:
https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically
necessary cookies
Unless
otherwise stated in the privacy policy below, we only use these technically
necessary cookies for the purpose of making our website more user-friendly,
effective and secure. Furthermore, cookies enable our systems to recognise your
browser even after you have changed pages and to offer you services. Some
functions of our website cannot be provided without the use of cookies. For
these, it is necessary for the browser to be recognised even after a page
change. The use of cookies or similar technologies is based on Section 25(2) of
the TDDDG. The processing of your personal data is based on Article 6(1)(f) of
the GDPR, in accordance with our overriding legitimate interest in ensuring the
optimal functionality of the website and a user-friendly and effective design
of our service.
You have
the right to object at any time to the processing of your personal data on
grounds relating to your particular situation.
Use of the
Complianz GDPR Cookie Consent plugin
We use the
Complianz GDPR Cookie Consent plugin from iubenda s.r.l (Via San Raffaele 1,
20121 Milan, Italy; “iubenda”) on our website.
The plugin
enables you to give consent to data processing via the website, in particular
the setting of cookies, and to exercise your right to withdraw consent already
given. The purpose of data processing is to obtain and document the necessary
consents to data processing and thereby comply with legal obligations. Cookies
may be used for this purpose. In doing so, the following information, amongst
other things, may be collected and transmitted to iubenda: uniquely
identifiable ID, consent status. This data will not be disclosed to any other
third parties. Data processing is carried out to fulfil a legal obligation
pursuant to Article 6(1)(c) of the GDPR.
Further
information on data protection can be found at:
https://complianz.io/de/legal-deutsch/datenschutzerklaerung-von-complianz-shopify/
Analysis
Use of
Shopify statistics
We use the
statistics and analysis functions of Shopify International Ltd. (Victoria
Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland;
“Shopify”) on our website within the framework of data processing on our
behalf. Shopify is an affiliate of Shopify Inc. (151 O’Connor Street, Ground
Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data
processing serves the purpose of analysing this website and its visitors. To
this end, data is stored for marketing and optimisation purposes and made
available in reports, analyses and statistics. In doing so, the following
device information, amongst other things, is collected and processed:
information about the web browser, the IP address, the time zone and some of
the cookies installed on your device. . When you browse the website,
information is also collected regarding the web pages or products you visit,
the referrer URL (the website from which you accessed our site), and how you
interact with the website. Technologies such as cookies, web beacons, tags and
pixels (electronic files used to track how you navigate the website) are used
for this purpose.
Your data
may be transferred to and processed in third countries outside the EU, in
particular to Canada and the USA. An adequacy decision by the European
Commission exists for Canada. For the USA, an adequacy decision by the European
Commission is in place, namely the Trans-Atlantic Data Privacy Framework
(TADPF). Shopify is not certified under the TADPF. This data transfer takes
place on the basis of contractual obligations comparable to those of the EU
Commission’s Standard Contractual Clauses.
The use of
cookies or similar technologies takes place with your consent on the basis of
Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The
processing of your personal data takes place with your consent on the basis of
Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without
this affecting the lawfulness of the processing carried out on the basis of
your consent prior to its withdrawal. You can find further information on data
protection at Shopify at https://www.shopify.com/de/legal/datenschutz,
information on the data processing agreement at
https://www.shopify.com/de/legal/dpa, and information on the cookies used at
https://www.shopify.com/de/legal/cookies.
Plug-ins
and other features
Use of
Facebook’s single sign-on function
We use the
single sign-on function (formerly Facebook Connect) provided by Meta Platforms
Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
“Facebook”) on our website.
Meta
Platforms Ireland and we are joint controllers for the collection of your data
and the transfer of this data to Facebook when the service is integrated. The
basis for this is an agreement between us and Meta Platforms Ireland on the
joint processing of personal data, in which the respective responsibilities are
set out. The agreement is available at
https://www.facebook.com/legal/controller_addendum. Accordingly, we are
specifically responsible for fulfilling the information obligations under Articles
13 and 14 of the GDPR, for complying with the security requirements of Article
32 of the GDPR with regard to the correct technical implementation and
configuration of the service, and for complying with the obligations under
Articles. Articles 33 and 34 of the GDPR, insofar as a personal data breach
affects our obligations under the joint processing agreement. Meta Platforms
Ireland is responsible for enabling data subjects’ rights in accordance with
Articles 15–20 of the GDPR, for complying with the security requirements of
Article 32 of the GDPR with regard to the security of the service, and for
fulfilling the obligations under Articles 33 and 34 of the GDPR, insofar as a
breach of personal data protection affects Meta Platforms Ireland’s obligations
under the joint processing agreement.
This
feature enables website visitors to log in to the website using their existing
Facebook account. The data processing serves the purposes of verification
during registration, personalisation, and interest-based advertising.
To offer
this feature on the website, a connection is established with the Facebook
server. Cookies are used for this purpose. In doing so, the following
information, amongst other things, may be collected and transmitted to
Facebook: IP address, browser information, referrer URL (the website via which
you accessed our website), location data. This applies regardless of whether
you are registered with or logged into the social network. Data is also
transmitted for users who are not registered or logged in. If you are
simultaneously connected to one or more of your social network accounts, you. Data
is also transferred in the case of users who are not registered or logged in.
If you are logged into one or more of your social media accounts at the same
time, the information collected may also be linked to your relevant profiles.
You can prevent this linking by logging out of your social media accounts
before visiting our website and before clicking the buttons. Your data may be
transferred to the USA. An adequacy decision by the European Commission is in
place for the USA, namely the Trans-Atlantic Data Privacy Framework (TADPF).
Meta has obtained TADPF certification and is therefore committed to complying
with European data protection principles.
When using
the single sign-on function, the website visitor’s Facebook profile is linked
to a customer account for this website. In doing so, we receive the user’s
personal data from Facebook, as specified during the login process. This may
include, among other things, the following information: name, address, public
profile information (e.g. name, profile picture, age, gender), email address,
friends lists, ‘Likes’. The use of cookies or similar technologies is subject
to your consent in accordance with Section 25(1), first sentence, of the TDDDG
in conjunction with Article 6(1)(a) of the GDPR. The processing of your
personal data is subject to your consent in accordance with Article 6(1)(a) of
the GDPR. You may withdraw your consent at any time without this affecting the
lawfulness of the processing carried out on the basis of your consent prior to
withdrawal.
Further
information on the collection and use of data by Facebook, your rights in this
regard and options for protecting your privacy can be found in Facebook’s
privacy policy at https://www.facebook.com/about/privacy/.
Use of
Google Maps
We use the
Google Maps embedding feature provided by Google Ireland Limited (Gordon House,
Barrow Street, Dublin 4, Ireland, “Google”) on our website.
This
feature enables the visual display of geographical information and interactive
maps. When pages containing Google Maps are accessed, Google also collects,
processes and uses data relating to website visitors.
Your data
may also be transferred to the USA in the process. An adequacy decision by the
European Commission exists for the USA, namely the Trans-Atlantic Data Privacy
Framework (TADPF). Google has certified itself under the TADPF and is therefore
committed to complying with European data protection principles.
The use of
cookies or similar technologies takes place with your consent on the basis of
Section 25(1) sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of
the GDPR. The processing of your personal data takes place with your consent on
the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any
time without this affecting the lawfulness of the processing carried out on the
basis of your consent prior to its withdrawal. Further information on the
collection and use of data by Google can be found in Google’s privacy policy at
https://www.google.com/privacypolicy.html. There, in the Privacy Centre, you
can also change your settings so that you can manage and protect the data
processed by Google.
Data
subject rights and retention period
Retention
period
Once the
contract has been fully processed, the data will initially be stored for the
duration of the warranty period, and thereafter in accordance with statutory
retention periods, in particular those under tax and commercial law, before
being deleted upon expiry of these periods, provided you have not consented to
further processing and use.
Rights of
the data subject
Provided
the legal requirements are met, you are entitled to the following rights under
Articles 15 to 20 of the GDPR: the right of access, the right to rectification,
the right to erasure, the right to restriction of processing, and the right to
data portability.
Furthermore,
pursuant to Article 21(1) of the GDPR, you have the right to object to
processing based on Article 6(1)(f) of the GDPR, as well as to processing for
the purposes of direct marketing.
Right to
lodge a complaint with the supervisory authority
Pursuant to
Article 77 of the GDPR, you have the right to lodge a complaint with the
supervisory authority if you consider that the processing of your personal data
is unlawful.
Right to
object
Where the
processing of personal data described here is based on our legitimate interests
pursuant to Article 6(1)(f) of the GDPR, you have the right to object to such
processing at any time, with effect for the future, on grounds relating to your
particular situation.
Once an
objection has been lodged, the processing of the data in question will cease,
unless we can demonstrate compelling legitimate grounds for the processing
which override your interests, rights and freedoms, or where the processing
serves to establish, exercise or defend legal claims.
Last
updated: 22 October 2024