Privacy Protection

Reset all settings for cookies and analytics tools

Introduction

Thank you for visiting our website. The Rommelag Group (hereafter referred to as “Rommelag”, “we,” or “us”) attaches great importance to the security of your data and compliance with data protection regulations. The following text is meant to inform you about how we process your personal data on our website.

Responsible entity and data protection officer

Responsible entity:

Rommelag
Kunststoff-Maschinen Vertriebsgesellschaft mbH
Mayenner Str. 18-20
71332 Waiblingen
Germany

Tel.: +49 07151 958 11 0
E-mail: mail.rd@rommelag.com

External data protection officer:

DDSK GmbH
Mr. Stefan Fischerkeller
Tel.: +49 07542 949 21 - 01
E-mail: datenschutz@rommelag.com

Definitions

The technical terms used in this data protection declaration are to be understood as they are legally defined in Article 4 of the GDPR.

Notes on data processing

Automated data processing (log files, etc.)

Our site can be visited without the user having to actively share any information. However, we automatically save the access data (server log files) for each visit to our website. This includes data such as the name of the user’s internet service provider, the operating system used, the website through which the user arrived on our site, the date and duration of the visit, and the names of any requested files. For security reasons, such as detecting attacks on our website, we additionally save the IP address of the device used for a period of 7 days. Such data is analyzed exclusively for performance purposes and provides no insights into the user as a person. This data will not be merged with other data sources.

We process and use this data for the following purposes: provision of the website, improvement of our webpages, prevention and detection of errors, prevention and detection of misuse of our website.

Legal basis:               Legitimate interest, pursuant to Article 6(1)(f) GDPR

Legitimate interests:            Ensuring the functional and secure operation of our website, and adapting our website to the needs of users.

 

Use of cookies (general, functionality, opt-out links, etc.)

In order ensure a pleasant user experience and to enable the use of certain functions, we deploy cookies. The use of cookies serves our legitimate interest of improving the user experience of our website and is based on Article 6(1)(f) of the GDPR. Cookies are a standard internet technology that make it possible to store and retrieve login and other usage information for all users of a website. Cookies are small text files that are stored on the user’s device. Among other things, they allow us to save user-specified settings so that our website can be displayed in a format tailored to a user’s device. Some of the cookies we use, known as session cookies, are deleted as soon as the browser session ends, i.e. once the browser tab is closed. Other cookies, known as persistent cookies, remain on the user's device and enable us or our partner companies to recognize returning users.

The browser can be set to notify the user about the use of cookies and ask for consent to deploy them in specific cases, or to exclude them altogether. Cookies can also be deleted after visiting a website in order to remove the data stored by the site on the user’s device. Deactivating or opting out of cookies can lead to some limitations in the functionality of our website.

Categories of affected persons:    Website visitors, users of online services

Opt-out:

Internet Explorer:

https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d  

Firefox:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=en

Safari

support.apple.com/en-us/HT201265

Legal basis:                          Consent and legitimate interest, pursuant to Article 6(1)(a,f) GDPR

The relevant legal basis is specifically named for each corresponding tool.

Legitimate interests:            Storage of opt-in preferences, presentation of the website, ensuring functionality of the website, ensuring a coherent user status across the entire website, recognizing returning visitors, creation of user-oriented online content, securing the chat function

 

Web analysis and optimization

We use a variety of tools and measurements to evaluate the volume and flow of users across our online presence. For these purposes, we collect data about the behavior, interests, and demographics (e.g. age, gender) of our visitors. This data helps us to evaluate information, such as the times when our website is most likely to be visited, which content and functions are visited most frequently, and which content encourages users to return to our pages. In addition, we can use the information collected to determine whether our website needs to be optimized or adapted.

The information collected for these purposes is stored either via cookies or similar processes, and is used to evaluate the reach of our website and guide its optimization. The data stored in cookies may include content viewed, web pages visited, settings, and the use of functions and systems. However, as a general rule, no personal user data is processed for the purposes described. For these cases, data is pseudonymized to obscure the actual identity of the user both to us and the provider of implemented tool. Pseudonymized data is often saved to user profiles.

If consent is not given for the use of non-essential cookies and analytics tools, we use the web analytics tool Google Analytics without deploying cookies. Without cookies, the provider cannot identify the user. Instead, returning users are recognized by means of a “digital fingerprint” that is generated anonymously, changes every 8 hours, and will not be saved.

“Digital fingerprinting” is a means of collecting data about user movements across our online presence; it uses a pseudonymized IP-address in combination with user-determined browser settings in order to preclude any possibility of determining the identity of a user. Google Analytics does not receive any information about how “digital fingerprints” are generated.

Categories of affected persons:    Website visitors, users of online services

Categories of data:              User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos)

Purposes of collection:       Website analysis, audience measurement, utilization and evaluation of website interactions, lead evaluation

Legal basis:              Consent, pursuant to Article 6(1)(a) GDPR

Legitimate interests:           Optimization and further development of the website, increasing profits, customer retention and acquisition

 

Google Analytics

Service deployed:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:            https://policies.google.com/privacy

Opt-out link:              https://tools.google.com/dlpage/gaoptout?hl=en   or https://myaccount.google.com/

Legal basis:              Consent and legitimate interest, pursuant to Article 6(1)(a,f) GDPR

If consent is not given for the use of non-essential cookies and analytics tools, we use the web analytics tool Google Analytics without deploying cookies. Without cookies, the provider cannot identify the user. Instead, returning users are recognized by means of a “digital fingerprint” that is generated anonymously, changes every 8 hours, and will not be saved.

“Digital fingerprinting” is a means of collecting data about user movements across our online presence; it uses a pseudonymized IP-address in combination with user-determined browser settings in order to preclude any possibility of determining the identity of a user. Google Analytics does not receive any information about how “digital fingerprints” are generated.

 

Online marketing

In order to continuously reach a wider audience through our online presence, we process personal data in the context of online marketing. In particular, we evaluate potential user interests and metrics concerning the effectiveness of our marketing activities.

For the purposes of measuring the effectiveness of our marketing activities and identifying the potential interests of visitors, we use cookies and other similar processes to store relevant information. The data stored in cookies may include content viewed, web pages visited, settings, and the use of functions and systems. However, as a general rule, no personal user data is processed for the purposes described. The data collected is pseudonymized to obscure the actual identity of the user both to us and the provider of implemented tool. This pseudonymized data is often saved to user profiles.

If user profiles are stored, this data can be retrieved when the user visits other websites that implement these same online marketing tools. The data can then be supplemented and re-saved to the server of the tool provider.

Through a process known as conversion tracking, we can evaluate the effectiveness of our online marketing efforts using the data summaries made available to us by the tool provider. As part of conversion tracking, we seek to understand whether a marketing effort led any visitors to make a purchasing decision on our website. Evaluation of this kind helps us to analyze the effectiveness of our online marketing efforts.

Categories of affected persons:    Website visitors, users of online services, interested parties, communication partners, business and contractual partners

Categories of data:              User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data (e.g. text information, photographs, videos)

Purposes of collection:       Marketing (including but not limited to interest- and behavior-based targeting), conversion tracking, target group formation, click tracking, strategy development and optimization of marketing campaigns

Legal basis:                          Consent and legitimate interest, pursuant to Article 6(1)(a,f) GDPR

Legitimate interests:            Optimization and further development of the website, increasing profits, customer retention and acquisition

 

Google Tag Manager

Service deployed:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:                          https://policies.google.com/privacy

Opt-out link:                            https://tools.google.com/dlpage/gaoptout?hl=en  or https://myaccount.google.com/

Legal basis:                Legitimate interest, pursuant to Article 6(1)(f) GDPR

Legitimate interests:               Coordination of various tools, management, usability and presentation

 

Google Ads and conversion tracking

Service deployed:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:                          https://policies.google.com/privacy

Opt-out link:                           https://tools.google.com/dlpage/gaoptout?hl=en   or https://myaccount.google.com/

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Google DoubleClick

Service deployed:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:                          https://policies.google.com/privacy

Opt-out link:                           https://tools.google.com/dlpage/gaoptout?hl=en  or https://myaccount.google.com/

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Personalized ads from Google AdSense

Service deployed:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:                          https://policies.google.com/privacy

Opt-out link:                            https://tools.google.com/dlpage/gaoptout?hl=en  or https://myaccount.google.com/

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

LinkedIn

Service deployed:
LinkedIn Corporation
1000 West Maude Avenue
Sunnyvale, CA 94085
USA

Data privacy:                          https://www.linkedin.com/legal/privacy-policy

Opt-out link:                            https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Social media presence

We maintain a presence on online social networks and career platforms in order to easily establish contact and exchange information with the users registered there.

In some cases, user data collected by social networks is used to conduct market research and carry out advertising campaigns. User profiles are created based on user behavior (e.g. indication of interests) and can be used in order to tailor advertising to the interests of target groups. For these purposes, cookies are regularly stored on user devices, sometimes regardless of whether they are registered with the social network.

Depending on where the social network is operated, user data may be processed outside the European Union or European Economic Area. This gives rise to a degree of risk for users, as it may be difficult to enforce their data privacy rights.

Categories of affected persons:    Registered and unregistered users of social networks

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of collection:       Expanding online audience, networking

Legal basis:                          Consent and legitimate interest, pursuant to Article 6(1)(a,f) GDPR

Legitimate interests:            Interaction and communication via social media, increasing profit, building knowledge of target groups

 

Facebook

Service deployed:
Facebook Ireland Limited
4 Grand Canal Square
Dublin 2
Ireland

Data privacy:                          https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-out link:                            https://www.facebook.com/policies/cookies/ 

 

LinkedIn

Deployed service:
LinkedIn Corporation
1000 West Maude AvenueSunnyvale, CA 94085
USA

Data privacy:                          https://www.linkedin.com/legal/privacy-policy

Opt-out link:                            https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

Kununu

Service deployed:
New Work SE
Dammtorstr. 30
20354 Hamburg
Germany

Data privacy:                          https://privacy.xing.com/en/privacy-policy               

 

Vimeo

Service deployed:
555 West 18th Street
New York, NY 10011
USA

Data privacy:                          https://vimeo.com/privacy

Opt-out link:                            https://vimeo.com/cookie_policy

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Xing

Service deployed:
New Work SE
Dammtorstraße 30
20354 Hamburg
Germany

Data privacy:                          https://privacy.xing.com/en/privacy-policy

 

YouTube

Service deployed
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Data privacy:                          https://policies.google.com/privacy

Opt-out link:                            https://tools.google.com/dlpage/gaoptout?hl=en or https://myaccount.google.com/

 

Online conferences, meetings, and webinars

We make use of technologies that enable us to hold online conferences, meetings, and webinars. For these purposes we have carefully selected products from third-party providers.

When such technologies are in active use, data from participants is processed and stored on servers from the third-party providers, insofar as this data is required for the communication process. Usage data and metadata may also be processed.

Categories of affected persons:    Participants in digital conferences, meetings, and webinars

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos), meta and communication data (e.g. device information, IP address)

Purposes of collection:       Processing inquiries, increasing efficiency, promoting cooperation across companies and locations

Legal basis:              Consent, pursuant to Article 6(1)(a) GDPR

 

Skype

Service deployed:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Data privacy:                          https://privacy.microsoft.com/en-us/privacystatement

Opt-out link:                            https://account.microsoft.com/privacy/ad-settings/

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Microsoft Teams

Service deployed:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Data privacy:                          https://privacy.microsoft.com/en-us/privacystatement

Opt-out link:                            https://account.microsoft.com/privacy/ad-settings/

Legal basis:                Consent, pursuant to Article 6(1)(a) GDPR

 

Payment service providers

In order to easily receive and carry out financial transactions, we use various banks, credit institutions, and third-party payment service providers.

In order to ensure a convenient and uncomplicated payment process for our online visitors, we accept payments through third-party online payment services. Payment service providers process all data required for the transaction. Use of a payment service provider does not grant us access to any data transmitted by the user when making the payment. Use of a payment service provider only grants us access to information regarding the confirmation or failure of payments.

Categories of affected persons:    Customers, sponsors

Categories of data:              Master data (e.g. name, address), transaction data (bank details, invoices, payment history), contract data (e.g. subject of contract, duration), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number)

Purposes of collection:       Simplification of order and payment processing, outsourcing, data minimization

Legal basis:              Legitimate interest, pursuant to Article 6(1)(f) GDPR

Legitimate interests: Simplification of work processes, resource-efficient fulfillment, market research, customer service

 

PayPal

Service deployed
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxemburg

Data privacy:                          https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_us

 

Newsletter and mass communication (possibly with tracking)

Our website provides users with the option to subscribe to our newsletter and other notifications via various channels (hereafter referred to as “newsletter”). In accordance with legal provisions, we only send our newsletter to recipients who have consented to receive it. We have selected a third-party service provider for the distribution of our newsletter.

To subscribe to our newsletter, users must provide an e-mail address. Where appropriate, we collect additional data such as names in order to address the reader personally within the text of the newsletter.

Our newsletter is only sent to users who complete a double opt-in process. If a visitor to our website decides to subscribe to our newsletter, they will receive an initial confirmation e-mail. This serves to prevent the intentional or accidental use of false e-mail addresses, as well as to ensure users are not subscribing by accident. Newsletter subscriptions can be terminated at any time. An unsubscribe link (opt-out link) is included at the end of each newsletter.

We are furthermore obliged to provide evidence that our subscribers actually intend to receive the newsletter. To fulfill this obligation, we collect and save the IP address as well as the time of subscribing and unsubscribing.

Categories of affected persons:    Newsletter subscribers

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. websites visited, access times)

Purposes of collection:       Marketing, customer retention, new customer acquisition

Legal basis:              Consent, pursuant to Article 6(1)(a) GDPR

 

Inxmail Professional

Service deployed:
Inxmail GmbH
Wentzingerstr. 17
79106 Freiburg
Germany

Data privacy:                          https://www.inxmail.com/data-conditions

 

Promotional communication

Data provided to us may be used for advertising purposes, particularly to promote news and information about our company and products across various channels. All promotional messaging complies with legal requirements and, where stipulated by law, is only distributed with consent.

Recipients are welcome to notify us of their wish to discontinue receiving our promotional messaging at any time. We will happily comply with the request.

Categories of affected persons:    Communication partners

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number)

Purposes of collection:       Direct marketing

Legal basis:                          Consent and legitimate interest, pursuant to Article 6(1)(a,f) GDPR

Legitimate interests:            Retention of existing customers and partners, acquisition of new contacts

 

Establishing contacts

Across our online presence, we offer visitors the option of contacting us directly or to request further information through other contact methods.

When contacted, we process the user’s data as is required for the preparation of an adequate response to their inquiry. The data processed may vary depending on the method of contact.

Categories of affected persons:    Inquiring parties

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of collection:       Processing inquiries

Legal basis:                          Consent and performance or entry of contract, pursuant to Article 6(1)(a,b) GDPR

 

Events

Our online presence includes opportunities for visitors to digitally register for events. Certain fields of information are marked as mandatory for registry, as this information must be collected to confirm entry and performance of contract. The provision of additional data is voluntary.

Categories of affected persons:    Participants, interested parties

Categories of data:              Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), transaction data (bank details, invoices, payment history), contract data (e.g. subject of contract, duration)

Purposes of collection:       Entry and performance of contract

Legal basis:                          Consent and performance or entry of contract, pursuant to Article 6(1)(a,b) GDPR

Data transfer

The personal data of our online visitors may be transmitted for internal purposes (e.g. for in-house administration, or to the HR department in compliance with legal or contractual obligations). The internal transfer or disclosure of data proceeds only to the extent necessary and always in compliance with relevant data protection regulations.

We are a global company headquartered in Germany. The data from our online visitors is stored in compliance with relevant data protection regulations in a centralized customer database in Germany. This data is processed internally throughout the company for administrative purposes. No processing outside the scope of administrative purposes takes place.

Legal basis:               Legitimate interest, pursuant to Article 6(1)(f) GDPR

 

Legitimate interests:  Intragroup exemption, centralized management and administration within the company to maximize synergy, cost savings, increasing effectiveness

In order to perform contracts or fulfill legal obligations, it may be necessary for us to transmit personal data. If certain pieces of necessary data are not made available to us, entry into a contract with the person in question may not be possible.

For the purposes mentioned above, we transmit data to countries outside the European Economic Area (known as third countries). Such transmission takes place only to fulfill our contractual and legal obligations or on the basis of consent previously given by the person in question.

In the event that data is transferred to a third country for processing, we ensure our intended manner of processing is legally permissible. For these cases, we have instituted standard data protection clauses, including separately regulated technical and organizational measures, that serve to protect the data of affected persons to the best extent possible.

 

Storage period

We generally store the data of online visitors as long as is necessary to provide service, or as long as is stipulated by European legal and regulatory authorities, or by any other authorities whose laws or regulations to which we are subject. In all other cases, we delete personal data following the completion of its intended purpose, with the exception of data that we must continue to store in order to fulfill legal obligations (e.g. due to retention periods under tax and commercial law, we are obliged to store documents such as contracts and invoices for certain durations).

 

Automated decision making

We do not use automated decision making or profiling in compliance with  Article 22 of the GDPR.

Legal basis

Relevant legal bases mainly draw from the GDPR. These are supplemented by the national laws of EU member states and may be applicable together with or in addition to the GDPR.

Consent:                               Article 6(1)(a) of the GDPR serves as the legal basis for data processing operations with a specified purpose for which we have obtained consent.

Performance of contract:    Article 6(1)(b) of the GDPR serves as the legal basis for data processing that is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation:                  Article 6(1)(c) of the GDPR serves as the legal basis for data processing that is necessary to fulfill a legal obligation.

Vital interests:                      Article 6(1)(d) of the GDPR serves as the legal basis in cases where data processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest:                     Article 6(1)(e) of the GDPR serves as the legal basis for data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:              Article 6(1)(f) of the GDPR serves as the legal basis for data processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

 

Rights of the persons affected

Right of access:                               According to Article 15 of the GDPR, data subjects have the right to request confirmation as to whether their personal data is being processed. Data subjects may request this information, any further information specified in Article 15(1) of the GDPR, and a copy of their data.

Right to rectification:                      According to Article 16 of the GDPR, data subjects have the right to request the correction or completion of their personal data processed by us.

Right to erasure:                              According to Article 17 of the GDPR, data subjects have the right to request the immediate erasure of their personal data. Alternatively, data subjects may contact us in accordance with Article 18 of the GDPR, citing their right to request restrictions on the processing of their personal data.

Right to data portability:                 According to Article 20 of the GDPR, data subjects have the right to receive the personal data they have made available to us and to transmit that data to another controller.

Right of appeal:                               In accordance with Article 77 GDPR, data subjects also have the right to lodge a complaint with a relevant supervisory authority.

Right to object:                                To the extent that personal data is processed on the basis of legitimate interests in accordance with Article 6(1)(f) of the GDPR, data subjects have the right, in accordance with Article 21 of the GDPR, to object to the processing of their personal data on grounds relating to their particular situation or to their objection to direct marketing. In the latter case, the general right of the data subject to object will be respected without mention of any grounds relating to their particular situation.

 

Revocation

Some data processing operations are only possible with the express consent of the data subjects. You have the option of revoking your consent at any time. An informal message or e-mail to datenschutz@rommelag.com is sufficient. A revocation does not affect the legality of any data processing carried out prior to the revocation.

 

External links

Our website includes links to the sites of other providers. We expressly advise that we have no influence over the contents of the external pages to which we link, nor over their providers’ compliance or non-compliance with data protection regulations.

 

Changes

We reserve the right to adapt this data protection notice at any time in the event of changes to our online presence and in compliance with applicable data protection regulations so that it meets legal requirements.

This privacy policy was created by DDSK GmbH