Data protection

Purposes and legal bases of data processing
Your personal data is processed in full compliance with the requirements of the EU-GDPR and all other applicable regulations pertaining to data protection. Especially Art. 6 EU-GDPR is the legal basis for the handling of data.

We are using your data for initiating business relations, for fulfilling contractual and legal obligations, for executing contractual relationships, for offering products and services and for deepening our customer relations. The latter can also include studies for marketing purposes and direct advertising. Your consent automatically includes our obligation for handling your data in line with data protection regulations. In this connection we inform you about the purpose of using your data and your right to object. If your consent also includes the use of particular categories of your personal data, we will specifically point this out upon your consent.

The use of particular categories of personal data as described in Art. 9, para. 1 EU-GDPR only takes place if and when this is required for legal reasons and if there is no reason to assume that the protection of your data outweighs their use.

Passing of data to third parties
We will only pass your data to third parties in compliance with legal regulations or with your express consent. Otherwise no transfer to third parties takes place, unless we are obligated to do so because of binding legal requirements (providing of data to external authorities like, for example, supervisory offices or for criminal investigations).

Data recipients / recipient categories
Within our company we ensure that only those people who require your personal data for the fulfillment of contractual or legal obligations receive them. Frequently, service providers support our employees in their work. We have concluded the required data protection contracts with all our service providers. For the administration of our website one external service provider has temporary access to personal data from the respective contact forms.

Transfer of data to countries outside the EU / intent to transfer data to such countries
Data transmission in third countries (outside the European Union or the European Economic Zone) takes place only if it is required for the execution of contractual obligation and for handling of queries, if it is legally prescribed or if you have granted us your consent for it. We transmit your personal data to a service provider or to Group companies outside the European Economic Zone: USA, Switzerland, Russia, Serbia, Brazil, China, India. Beyond that, we have worldwide representatives to whom personal data is also transmitted where appropriate. The compliance with data protection regulations is ensured through our corporate privacy rules and EU standard contractual clauses.

Duration of data storage
We keep your data as long as they are required for a specific purpose. Please keep in mind that numerous data storage regulations stipulate the storage of data beyond their specific purpose. This applies mainly to data storage periods prescribed by commercial and tax laws (for example, the German commercial code, tax regulations, etc.). After they have fulfilled their purpose and no other data storage requirements exist anymore, the data is routinely deleted.

Please take into consideration that we can keep data, for which we have received your consent or, for legal disputes for which we use the data as evidence within the scope of legal statutes of limitation, which can have a duration of 30 yeas; the normal statute of limitation expires after three years.

Safe transmission of data
To protect the data handled by our company against accidental or deliberate manipulation, loss or access by non-authorized persons, we are utilizing the required technical and organizational protective tools. The level of protection is continuously reviewed with data safety experts and adapted to the latest data safety standards.

The data traffic to and from our website is encoded. The transmission protocol for our Internet presentation is HTTPS utilizing the most current encoding systems (TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 256-Bit-key, TLS 1.2). In addition, in case of job applications we offer our users the possibility for encoding contents. These data can only be de-coded by us. Of course, there is always the possibility of alternative communication channels (for example, by mail).

Obligations for Provision of Data
Diverse personal data is necessary to establish, execute and terminate contractual obligation and to fulfil the contractual and legal duties associated with it. The same applies for the use of our website and the various functions that it provides. We have summarised its details for you in the above mentioned point. In certain cases, data must also be collected or provided owing to legal provisions. Please note that processing of your query or the execution of the underlying contractual obligation without provision of this data is not feasible.

Categories, sources and origin of the data
The underlying context determines which data we are using: For example, you may place an online purchase order, send us an enquiry through the contact form, send us an application or file a claim. Please note that we may pass certain information requiring special processing separately to the responsible department/persons, for example, uploading of job applications or contact forms.

When you visit our website, we collect and process the following data:

• Name of the Internet service provider
• Information about the website, from which you visit us
• Your web browser and operating system and language settings
• The IP address assigned by your Internet service provider
• Requested files, transferred data volume, downloads/file export
• Information about the pages/sections in our website you visit with date and time
• For safety reasons (especially to protect against attempted attacks against our web server) is data is stored in line with Art. 6, para. 1 lit. F EU-GDPR. Anonymization by shortening the IP address takes place after 30 days at the latest so that no connection to the user is established.
  
  

As part of a contact request, we collect and process the following data:

• Personal information
  • Title, first name, last name, phone number, e-mail address
• Company information
  • Name of the company
  • Industry
  • Department
  • Address
• Information about wishes and interests

As part of supplier self-disclosure, we collect and process the following data:

• Personal information
  • Title, first name, last name, phone number, e-mail addres

• Company-related data
  

The collected supplier self-disclosure data has end-to-end S/MIME encryption and can only be opened by us.
 

As part of newsletter registration, we collect and process the following data:

• Personal information
  • Title, first name, last name, phone number, e-mail address

As part of Rösler Academy seminar registration, we collect and process the following data:

• Personal information
  • Title, first name, last name, phone number, e-mail address

• Company information
  • Company / invoice address

• Participant data
  • Title, first name, last name, e-mail address

Contact form / contact by e-mail (Art. 6 para. 1 lit. a, b EU-GDPR)
There is a contact form on our website that can be used for electronic contact. If you contact us with this form we are using the data you provided in the form to reply to your questions and requests. In doing so, the principle of data economy and data avoidance is observed, as you only have to provide the data that we absolutely need to contact you. These are your title, first name, last name, e-mail address and telephone number (for queries) of the further company information (company, address, sector and department) as well as the message field itself. For technical and legal reasons your IP address will also be registered. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions on a more individual basis). When you contact us by e-mail, we will use the personal data listed in your e-mail only for processing your enquiry. If you do not use our contact forms, no additional data will be collected.

Newsletter (Art. 6, para. 1 lit. a EU-GDPR)
It is possible to subscribe to a free newsletter on our website. The e-mail address provided during newsletter registration and your name will be used for sending the partially personalized newsletter. In doing so, the principle of data minimization and data avoidance is observed; first name, last name, company name and e-mail address are marked as mandatory fields. For reasons of technical necessity as well as for legal protection, your IP address is also processed when ordering the newsletter. We use the “double opt-in” procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We do this by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at this e-mail address by clicking on a link contained in this e-mail. Of course, you can unsubscribe at any time using the unsubscribe option provided in the newsletter, thus revoking your consent. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly via our website. We provide information about new products and offers at regular intervals in our newsletter and also use newsletter web bugs and link-tracking to monitor its success. The web bug measures the opening of the respective newsletter and the link-tracking counts the clicks on the respective links in the newsletter. Thanks to the anonymising, neither method permits conclusions to be drawn with regard to an individual person. The web bug and tracking data processing is implemented with Google Analytics. In addition, we also carry out success evaluations and customer satisfaction surveys after projects have been completed and at regular intervals. This data is collected on the basis of your consent (Art. 6 I lit. a GDPR). You can revoke this consent informally at any time at marketingroslercom. The linking to user IDs will be automatically deleted after a period of 23 months.

Supplier self-disclosure (Art. 6 para. 1 lit. b EU-GDPR)
If you wish to submit a supplier self-disclosure on our website for the purpose of contract initiation, we will request the data from you that we need for the evaluation. In doing so, the principle of data economy and data avoidance is observed, as you only have to provide the data that we absolutely need for the evaluation. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions on a more individual basis).

The collected supplier self-disclosure data has end-to-end S/MIME encryption and can only be opened by us.

Seminar registration (Art. 6 para. 1 lit. b EU-GDPR)
Our internet presence offers you the possibility to take advantage of our seminar offers in an online registration procedure. On the basis of an online registration initiated by you, we process your personal data, which you make available to us electronically for the purposes of registration. We will treat all personal data strictly confidentially and exclusively for the purposes of online registration in accordance with the applicable statutory data protection provisions. The online registration for one of our seminar programs requires the mandatory entry of certain personal data marked with mandatory fields in our online registration form (e.g. first and last name, postal address and e-mail address). You have the option of voluntarily providing further contact information in addition to the information in the mandatory fields which will make it easier for us to contact you (e.g. your telephone number). In order to process your registration as specifically as possible and to take your registration requests into account, it is possible to voluntarily provide further information.

The data and files transmitted by you will be processed and used exclusively for the purpose of processing your online registration. The data and files transmitted by you will be separated from other data. Only the persons responsible for the registration procedure have access to your registration data and, in the case of a later training course, the persons responsible for the training course. Your registration by e-mail will be transmitted in encrypted form. We will not pass on your registration data to third parties unless you have expressly given your prior consent to the transfer or there is a legal obligation for the transfer.

The collected seminar registration data has end-to-end S/MIME encryption and can only be opened by us.

Advertising purposes for existing customers (Art. 6 para. 1 lit. f EU-GDPR)
Rösler Oberflächentechnik GmbH is keen to cultivate the relationship with you as our valued customer and to send you information and offers about our products / services in the form of newsletters. For this reason we are using your data to send you the respective information and offers by e-mail. If you do not want to receive such e-mails you can object to the use of your personal data for these direct advertising activities at any time; this applies also for a profiling in connection with direct advertising. Once you object, we will no longer use your data for this purpose. Your objection is free-of-charge and can be done entirely at your discretion, preferably by e-mail addressed to: marketingroslercom or by mail to Vorstadt 1, 96190 Untermerzbach.

Portal for job applicants (Art. 6 para. 1 lit. a, b EU-GDPR)
We are pleased to learn about your interest in working for Rösler Oberflächentechnik GmbH. We appreciate the confidentiality of your personal data and are using them only for the purpose of an effective and correct processing of your job application and for contacting you when processing your application. Your data will not be passed on to third parties without your approval.
In the application form you are asked for personal data. In this connection we follow the principle of keeping the data volume at a minimum by only requesting information required to thoroughly examine your application, for example your CV (curriculum vitae), or those data we must collect by law. These mandatory fields are marked with *(asterisk). For technical and legal reasons your IP address will also be registered.
Without these data we, unfortunately, will not be able to process your application. In this case our application processing system will not allow uploading of the application forms. Of course, you have the possibility to voluntarily add data in your application form.
To provide the best possible protection for the safety and confidentiality of your data, we are utilizing special safety software. The transmission of your application documents to us is always encoded.

We store your data solely for the purpose described above, until the application process is completed and respective deadlines have expired – latest six months after a decision has been communicated. However, you may want us to keep your application forms for a longer period so that we can match your profile with other vacant positions in our company.
For this we need your approval, which you can provide by clicking on the respective checkbox when uploading your application. In this case we store your data for twelve months. Of course, you can always withdraw your consent with immediate effect by phone +49 9533 924 456, by e-mail to bewerbungroslercom or by mail to Personal, Hausen 1, 96231 Bad Staffelstein.

Automated decisions in single cases
We do not utilize fully automated processes to make and implement a decision.

Cookies (Art. 6 para. 1 lit. f EU-GDPR / Art. 6 para. 1 lit a EU-GDPR with consent/ Art. 6 para. 1 p. 1 lit. c GDPR)
Our web pages use so-called cookies in various places. They serve the purpose to make our presentation more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer, and which your browser stores locally on your hard drive. Due to our legitimate interest (Art. 6 para. 1 p. 1 lit. f EU-GDPR), we use technically necessary cookies, which are required to operate the website and to ensure its functionality. Depending on the purpose, these are stored permanently – even after the session is ended – (“persistent cookies,” e.g. opt-out) or are deleted when the browser is closed (“session cookies” – these are only valid for one browser session).

In addition, we also set other cookies with your consent. With the help of these cookies we can analyze, how users are navigating our website. This allows us to adapt our website content to the requirements of our website visitors. Moreover, the cookies allow us to measure the effectiveness of a specific advertisement and to arrange its placement in line with the interests of our users to a given subject. The legal basis for this is your consent (Art. 6 para. 1 p. 1 lit. a EU-GDPR).

You can revoke your consent at any time by activating the fingerprint icon at the bottom left and thereby changing your cookie settings.

We use the Usercentrics Consent Management Platform to obtain and manage your consent. It is operated by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. The Usercentrics Consent Management Platform collects device information, browser information, an anonymized IP address, opt-in and opt-out data, date and time of visit, request URLs, website page path and geographical location via a JavaScript. This JavaScript allows Usercentrics GmbH to inform users about certain tags and web technologies on our website and to obtain, manage and document their consent. The legal basis for processing the data is Art. 6 para. 1 p. 1 lit. c GDPR, since we are required by law to provide evidence of consent (in accordance with Art. 7 para. 1 EU-GDPR). The purpose is to know the preferences of the users and to implement them accordingly, as well as to document them in a legally secure manner. The data is deleted as soon as it is no longer required for logging and there are no legal retention obligations to the contrary. Consent data (consent and revocation of consent) is stored for three years. The data is then deleted immediately or passed on to the responsible party in the form of a data export upon request. The user can permanently prevent the execution of JavaScript at any time by making the appropriate settings in his browser, which would also prevent Usercentrics from executing the JavaScript. For more information on data protection at Usercentrics, please visit https://usercentrics.com/privacy-policy/

This also applies to the other cookies: Most web browsers accept cookies automatically. Of course, you can also deactivate, restrict or delete cookies on your end device manually via the settings of your browser or with the help of software.

Please ensure: By deactivating the cookies you may not be able to use all functions offered in our website.

User profiles / or use of not purely functional cookies web tracking procedures (legal basis: Art. 6 para. 1 lit. fa EU-GDPR)
1. Google Analytics
Our website uses the tracking tool Google Analytics from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This allows us to record and systematically evaluate interactions with our website by you as a user. The following data about you is stored:

• IP address
• Usage data
• Click path
• App updates
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Flash version
• Location information
• Widget interactions
• Date and time of the visit

The legal basis for the processing of your personal data is your consent according to Art. 6 para. 1 p. 1 lit. a EU-GDPR. You can revoke your consent at any time by activating the fingerprint icon at the bottom left and thus changing your cookie settings.
The purpose of the processing of your personal data by the Google Analytics service is to analyze the interaction of our website visitors with our website. Evaluating the data obtained here allows us to optimize our offer and increase user-friendliness.
We delete or anonymize the data collected by Google Analytics as soon as it is no longer required for our purposes. This is the case after 14 months.

This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes and that you may not be entitled to any legal remedy. However, we take the possible measures necessary under data protection law in accordance with Art. 44 et seq. EU-GDPR to establish the level of data protection in the third country.

2.Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service allows managing website tags with one single interface platform. The Tag Manager tool itself (which implements the tags) is a cookie-less domain. This means: No cookies are used and no personal data is collected The Google Tag Manager initiates other tags, which in turn may collect data. However, the Google Tag Manager does not access these data. If a deactivation was initiated on the domain or cookie level, it will be effective for all tracking tags that are implemented with the Google Tag Manager.

For more information, please visit http://www.google.com/tagmanager/use-policy.html

As part of these services, the data collected may be transferred to another country outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes and that you may not be entitled to any legal remedy. However, we take the possible measures necessary under data protection law in accordance with Art. 44 et seq. EU-GDPR to establish the level of data protection in the third country.

Webinars / video conferencing (Art. 6 para. 1 p. 1 lit. b, f European Union General Data Protection Regulation (EU-GDPR), § 26 Federal Data Protection Act (BDSG))
Rösler Oberflächentechnik GmbH uses video conferencing services to conduct webinars on various topics offered. For this purpose, Rösler Oberflächentechnik GmbH uses the video conferencing tool Zoom. Zoom is a service of Zoom Video Communications, Inc. which is based in the USA. Zoom is used either via your web browser or alternatively via the Zoom app installed on your end device.
We wish to point out that further data processing, for example in connection with calling up the Zoom website and/or installing the Zoom app, is not part of our responsibility.

When using Zoom, your user data stored at Zoom (e.g. name, email address, profile picture, language, etc.) is processed. Additionally, connection data (e.g. IP address) and metadata (e.g. meeting ID, phone numbers, dates, etc.) is collected. Finally, image and sound data from you is processed. For this purpose, Zoom gains access to the camera and microphone of your end device for the duration of the transmission, if you allow this. The image and sound transmission can be suspended by you at any time. In addition, it is possible to make text entries (chat) and to transfer files together with their contents (in the case of file exchange).

The processing of the data is carried out for the implementation of webinars and serves the implementation of pre-contractual measures or the fulfilment of the contract, Art. 6 para. 1 p. 1 lit. b EU-GDPR. Insofar as the video conferences take place within the company between employees on the basis of § 26 (1) BDSG. Furthermore, the data processing is carried out on the basis of our legitimate interest in effective communication design according to Art. 6 para. 1 p. 1 lit. f EU-GDPR.

The data will only be stored for as long as is absolutely necessary to achieve the purpose and for as long as there are no statutory retention obligations that prevent deletion. Please note that the data may have to be stored for verification purposes based on legal retention obligations. In this case, the data will be deleted at the latest after expiry of the respective retention period.

Zoom processes and stores your data in the USA and is obliged by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. Data may also be processed or stored in third countries on the basis of your consent (Art. 49 para. 1 p. 1 lit. a EU-GDPR), in which case you will be informed separately.

For more information on data processing by Zoom, see: https://rosler-academy.zoom.us/terms and https://rosler-academy.zoom.us/privacy

Privacy policy / information on data protection in social media
Rösler Oberflächentechnik GmbH maintains presences on “social media,” presently on Facebook, YouTube, Xing, LinkedIn, kununu and vimeo. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are observed.

The following provides you with the most important information on data protection law in relation to our presences.

Name and address of the person responsible for the company
In addition to Rösler Oberflächentechnik GmbH, the person responsible for the company presences within the meaning of the EU General Data Protection Regulation (EU-GDPR) and other data protection regulations is

• Facebook
  (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
• LinkedIn
  (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
• Xing
  (New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland)
• Youtube
  (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
• Kununu
  (kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Wien)
• Vimeo
  (Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA)

However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

We would further like to point out that, in doing so, your data may be processed outside the area of the European Union.

Purpose and legal basis
We ourselves maintain the fan pages so that we can communicate with visitors to these pages and inform them about our offers in this way.

In addition, we collect data for statistical purposes to be able to further develop and optimize the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed by the social networks and made available to us. We have no influence on the generation and presentation of this data.

In addition, the providers of the social media process your personal data for market research and advertising purposes. It is thus possible, for example, that usage profiles are created based on your usage patterns and the resulting interests. Among other things, this allows advertisements corresponding to your interests to be placed within and outside the platforms. Cookies are usually stored on your computer for this purpose. Data that is not collected directly on your end devices may also be stored in your usage profiles independently of this. Storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

We do not collect or process any personal data beyond this.

The processing of your personal data by Rösler Oberflächentechnik GmbH is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f. EU-GDPR.

If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 EU-GDPR.

Information on copyright and art copyright
If you want to publish pictures, texts, plans, videos, music, etc. on our website, you should know that you may possibly thus assign all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights holder yourself.

Online offers and children
Persons under the age of 16 years are not allowed to transmit data to us or make a consent declaration without the specific approval of their parents. We want to encourage all parents and guardians to share in the online activities of their children.

Links to other providers

The contents of these linked websites were reviewed with regard to violation of any laws at the time the link was established. At this moment no violation of any laws could be recognized. Without a clear indication of any recognizable legal breach, a continuous review of the website contents would, however, be unreasonable. If a legal breach becomes known to us, we will immediately remove such links from our website.