Privacy Notice

The protection of your privacy in personal data processing is an important priority for robatherm (“we”, “our”, “us”), which we would like to take into consideration all of our business processes. We process your personal data exclusively in compliance with data protection regulations. In addition to general information (Part 1), this Privacy Notice also includes information concerning the processing of personal data in connection with the use of our website (Part 2), information concerning the processing of your personal data if you are our customer, an interested party (Part 3) or our supplier (Part 4), and information concerning the processing of your personal data as an applicant at our company (Part 5).

Part 1 – General information

1. Controller in terms of GDPR

robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone: +49 8222 999-0
Telefax: +49 8222 999-222
E-Mail: info@robatherm.com

2. Data protection officer contact information

To the
Data Protection Officer
c/o robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone +49 8222 999-0
E-Mail: info@robatherm.com

You are entitled
• pursuant to Art. 15 GDPR to access information concerning your personal data processed by us;
• pursuant to Art. 16 GDPR to immediately request completion or the rectification of incorrect of your personal data stored by us;
• pursuant to Art. 17 GDPR to request erasure of your personal data stored by us;
• pursuant to Art. 18 GDPR to request restricted processing of your personal data;
• pursuant to Art. 20 GDPR to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller;
• pursuant to Art. 21 to object to the processing of your personal data;
• pursuant to Art. 7 Abs. 3 GDPR at any time to withdraw consent granted to us, with the consequence that our processing based on such consent will be prohibited for the future without affecting the lawfullness of any processing that occurred prior to your withdrawal of your consent;
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority.

In the event that you have questions that are not answered in this privacy statement or if you would like to have more in-depth information for any matter in this regard, please contact us at any time through the contact information listed above.

4. No automated case-by-case decisions or profiling measures

We do not use purely automated processing operations to reach a decision.

5. Security

robatherm implements technical and organizational security measures to protect your personal data against accidental or unlawful deletion, modification, or loss, and against unauthorized forwarding or unauthorized access.

6. Status and modification of this privacy statement

This Privacy Notice was last updated in April 2018. It may become necessary to modify this privacy statement due to the continuous development of our website or modified statutory or official requirements. The respective current Privacy Notice is available under https://www.robatherm.com/en/privacy-notice.

Part 2 – Information for website users

7. Communication- or usage-oriented data

When accessing our website through telecommunication services, communication-oriented information (data (e.g. Internet protocol address, referrer, URL, browser) or usage-oriented data (e.g. information concerning start and duration of use and the telecommunication services used by you) are automatically generated by technical means. These generally do not allow us to determine the identity of the website user.
Such data is collected and used to ensure a seamless connectivity of the website and convenient use of our website. This information is furthermore used to evaluate system security and stability and for other administrative purposes. Such data is processed within the scope of our legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR).
Such data will be erased if they are no longer required for the stated purposes.

8. Transfer of data to third parties and third countries

Our websites and the services offered thereon are supported by technical service providers on our behalf (e.g. hosting). Personal data collected through this website is generally not transmitted unless specified otherwise below. This also applies to a transfer to third countries or international organizations.

9. Use of cookies

This website utilizes cookies. Cookies are text files which a website places on your hard drive. Cookies do not harm your computer and do not contain any viruses.
Information concerning the specific terminal device used by you is stored in a cookie. However, this does not allow us to gain direct knowledge of your identity.
We use cookies to make your use of our offer more convenient for you. We use so-called session cookies to recognize whether you have already visited individual pages of our website. They are deleted automatically after you leave our website.
We also use temporary cookies to optimize user-friendliness. They are stored on your terminal device for a specific duration. If you visit our website again, we can automatically recognize that you have previously visited us as well as your previous entries and settings, so that you do not have to enter these again.
We furthermore use cookies to collect statistical data concerning the use of our website and to optimize our offer. With each new visit, these cookies allow us to automatically recognize that you have already visited our site. These cookies are automatically deleted after a specific defined period.
Data processed through cookies is necessary for the stated purposes to safeguard our legitimate interests and third-party interests pursuant to Art. 6 (1) Clause 1 lit. f GDPR.
You can deactivate the use of cookies at any time through your browser settings. Please use your Internet browser’s help functions to find out how to change these settings. A complete deactivation of cookies may, however, result in your inability to use all functions of our website.
We inform you of the further use of cookies below.

10. Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics uses cookies that allow an analysis of your use of the website. The information generated by the cookies regarding your use of this website is generally transmitted to and stored at a Google server in the USA. If IP anonymization is activated on this website, then your IP address within member states of the European Union or other contracting parties to the Agreement on the European Economic Area is first abbreviated by Google. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases. IP anonymization is activated.
Google uses this information on behalf of the operator of this website to evaluate your use of the website, to create reports concerning website activities, and to provide other services in connection with website use and Internet use vis-à-vis the website operator. The IP address transmitted from your browser within the scope of Google Analytics is not combined with other data held by Google. You can prevent the placement of cookies through a corresponding setting of your browser software; however, this may result in your inability to fully use all functions of our website.
You can also prevent collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following tools.google.com/dlpage/gaoptout.

Alternatively to the browser plug-in, you can click on this link to prevent data collection through Google Analytics on this website in the future. This places an opt-out cookie on your terminal device. If you delete your cookies, you must once again click on the link.

More detailed information concerning data protection at Google Analytics is available at http://www.google.com/intl/de/analytics/privacyoverview.html.

Part 3 – Online Profiles in Social Media

We maintain online profiles in social media so we can communicate with customers and people interested in our products and inform them about our products, services, and job opportunities with us. In the following, we want to inform you about how we process your personal data when you visit our online profiles in social media.

11. Information on all platforms

We maintain online profiles on social media of the following platform operators and at the addresses below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Our profile: https://www.facebook.com/robatherm
• Data privacy statement of the platform: https://www.facebook.com/about/privacy/
• Information on joint processing pursuant to Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum
• Further information on Facebook Insights: https://www.facebook.com/business/pages/manage#page_insights

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Our profile: https://www.instagram.com/robatherm
• Data privacy statement of the platform: http://instagram.com/about/legal/privacy/

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
• Our profile: https://www.xing.com/companies/robatherm
• Data privacy statement of the platform: https://privacy.xing.com/de/datenschutzerklaerung

Linkedin (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• Our profile: https://www.linkedin.com/company/robatherm
• Data privacy statement of the platform: https://www.linkedin.com/legal/privacy-policy
• Cookie-Policy: https://www.linkedin.com/legal/cookie-policy

Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
• Our profile: https://www.youtube.com/robathermtv
• Data privacy statement of the platform: https://policies.google.com/privacy

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)
• Our profile: https://twitter.com/robatherm/
• Data privacy statement of the platform: https://twitter.com/de/privacy

Within the scope of the use of our profiles on social media, personal data are collected by different data controllers for various purposes. As soon as you visit one of our profiles, the platform operators collect and process personal data for the purpose of enabling the use of their services and possibly other purposes (see below, “Processing by platform operators”). It can also happen that you contact us about this and we collect and process personal data in the course of the contact or we process personal data that is available to us (e.g. a post) due to legal obligations (see below, “Processing by robatherm”).

Processing by robatherm

With regard to our profiles on social media, personal data are generally processed – unless described otherwise below – on the legal basis of Art. 6 (1) sent. 1 lit. f) GDPR because of our legitimate interests in public relations, communication and product improvement, unless stated otherwise herein below.
We can read posts and similar interactions on our online profiles and also see your public profile (depending on which data you have released for display). We may use this information under certain circumstances to improve our products and information, in particular on the platforms.
If you contact us via our online profiles on social media, we will process the data that you make available to us in the course of establishing contact to answer your request. Under certain circumstances, we may then answer your request via the respective platform. In this context, we would like to point out that the communication via the platform is potentially insecure and that you can contact us at any time using different channels, and you will then also receive a reply via different channels. The legal basis for this is regularly Art. 6 (1) sent. 1 lit. b) GDPR (initiation of a contract and/or performance of a contract with regard to the answering of a request).
In individual cases, it can furthermore be required that we process data posted to our online profiles on social media or transmitted to us due to legal obligations (e.g. for the purpose of transferring them to authorities or courts) or for the purpose of product monitoring and product safety (e.g. when faults of our products are reported via this channel). The legal basis for this is Art. 6 (1) sent. 1 lit. c) GDPR.
In addition, the platforms provide us in individual cases with aggregated, anonymized statistics on usage, which we use to analyze usage behavior and improve our information offer. The platform operators may have prepared these statistics, if applicable, also on the basis of personal user data. Please find more information on the relevant services and analysis options in the data privacy statements of the respective platform operators linked to above (see the separate information below regarding data processing on Facebook).
With regard to the processing activities mentioned above, you have certain rights as data subject in accordance with Art. 12 seqq. GDPR. Irrespective of whether we shall be regarded as the data controller within the meaning of the GDPR for all of the above-mentioned processing activities in the individual case, you can, of course, also assert your rights as data subject against us. Part 1 / Number 3 applies accordingly to this extend. Please use the contact details specified in Part 1 for corresponding requests. In case we do not have sufficient influence on the respective data processing in individual cases, we reserve the right to refer individual questions to the respective platform operator to the extent permitted by law.
Please refer to the respective linked data privacy statements for further information on the possible assertion of rights of data subjects against the platform operator.

Processing by the platform operator

When accessing our profiles, personal data are processed to the extent that this is required for calling up the pages and creating user statistics by the platform operator (regarding Facebook, see the particularities in the supplementing information below). We have no influence on the processing of personal data by the platform operators. We also do not know all purposes of the processing or the storage periods nor the extent of the data collection by the platform operator. According to experience, the platforms process the data for the purposes of advertising, market research and demand-oriented design of the platforms. You can find more details in the data privacy statements of the individual platform operators linked above. As far as we have the possibility to do so, we will work towards a handling of personal data by the respective platform operators in line with the principles of data protection and data minimization. However, our possible influence is limited.

Further information

If you publish data on our social media profiles (e.g. text comments, videos, photos and other posts) or interact otherwise on them (e.g. by clicking the “like” button), these data will be processed and published by the respective platform operator. To the extent that it is possible and appears necessary to us, it can happen that, in individual cases, we or the platform operator will delete inappropriate contents published by you in accordance with the common procedures and policies of the respective platform.
In principle, we do not transmit data to third countries that we receive in the course of the procedure described above under “Data processing by Robatherm”. If this should be done as an exception, we shall observe the applicable statutory provisions of Art. 44 seqq. GDPR (e.g. by concluding EU standard contractual clauses). Please refer to the data privacy statements of the respective platform operators linked above as to whether your data is transmitted to third countries by the platform operators.
Unless described otherwise in this section, the remaining information in Part 1 applies accordingly.

12. Supplementary information regarding Facebook

In order to generate usage statistics on Facebook (Facebook Insights) various data provided by you, including personal data, is processed by Facebook Ireland and us as joint controllers within the meaning of Art. 26 GDPR. The legal basis for the processing of personal data in this context is Art. 6 (1) sent. 1, lit. f) GDPR (legitimate interests) or, if a consent has been obtained, Art. 6 (1) sent. 1 lit. a) and Art. 7 GDPR (consent). The legitimate interest in this is also in informing you effectively, being able to communicate with you, and improving the information offer, in particular our profile on Facebook.
You can find the relevant information on the corresponding agreement according to Art. 26 GDPR between Facebook Ireland and us, and information on whom you can contact to assert your rights as a data subject at https://www.facebook.com/legal/terms/page_controller_addendum.
Regardless of the information in the referenced agreement, it is at your discretion to assert your rights as data subject against us and Facebook.
Facebook might transmit personal data to Facebook Inc. with registered office in the USA. Such a transmission takes place pursuant to the principles of the Privacy Shield (in this regard, see https://www.privacyshield.gov/welcome and https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A...).

13. Supplementary information regarding Xing and Linkedin

If you contact us via Xing or Linkedin regarding posted jobs or otherwise for the purpose of applying for a job at our company, the legal basis for the processing of the respective data is Art. 88 GDPR in conjunction with Sec. 26 (1) sent. 1 BDSG [German Federal Data Protection Act] (initiation of an employment relationship).
If you would like to apply for jobs we advertise via Xing and Linkedin and click on “apply”, you will be redirected to the website of one of our service providers. You can find more information on the processing by these providers in Part 6 – Information for job applicants – in this Data Privacy Statement.
How and for what purpose we process personal data in the context of processing job applications is also described in Part 6 – Information for job applicants.

Part 4 – Information for our customers and potential (product) buyers

The information in the following subsections relates exclusively to the processing of data from customers and interested parties, possibly also outside of our website. Unless specified otherwise below, the general information from the remaining parts (in particular Part 1) apply.

14. Type of processed data

If you, as a customer or interested party, establish business contact with us or maintain a business relationship with us, then we process the following types of personal data:
• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information),
• contract data,
• creditworthiness data (in this regard we are working with the credit insurer Euler Hermes Deutschland Niederlassung der Euler Hermes SA (Friedensallee 254, 22763 Hamburg), i.e. for each customer or each project, we query the commercial credit amount for the customer from Euler Hermes Deutschland),
• tax-relevant information (e.g. VAT ID no.),
• support information (e.g. customer development, product or contractual interests),
• statistical data,
• billing and service data,
• banking information.

15. Purpose of processing

Data is processed for the purpose of creating offers and processing orders and delivering goods. Data is also processed for invoicing and payment. Data is processed for the performance of the contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) Clause 1 lit. b GDPR).
Data is also processed for the purpose of a credit check. Our interest in this consists of reviewing the solvency of a customer in order to safeguard against payment defaults. This processing safeguards our legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR), whereby overriding interests of the data subject do not exist.
For the rest, data is processed for the purpose of after sales service, i.e. in order to support you in your use of our products even after a purchase. In this regard, data is processed for the performance of the contract to which you are a party (Art. 6 (1) Clause 1 lit. b GDPR) or insofar as such pertains to direct marketing measures based on our legitimate interest (Art. 6 (1) Clause 1 lit. f GDPR), and subject to consent possibly to be obtained in the individual case (Art. 6 (1) Clause 1 lit. a GDPR).
If you have, in the course of an inquiry and/or the sale of one of our products, provided us with your e-mail address, we use the e-mail address to send you information about similar products and services.
You can object to this processing at any time and free of charge.
The legal basis for the processing of this personal data is - notwithstanding separate consent (Art. 6 (1) Clause 1 lit. a GDPR) - our legitimate interest (Art. 6 (1) Clause 1 lit. f GDPR) in such direct marketing.

16. Necessity of providing your personal data

The provision of the data listed in Section 11 is not required by law. However, we cannot conclude a contract with you as a customer unless you provide this data, because this data is necessary to conclude a contract.

17. Duration of data retention

We are processing and retaining your data only for as long as necessary to provide our services. Data retention may, among other things, continue for as long as claims can be asserted against us from the provided services and/or for as long as we may require the relevant data for the purpose of a legal defense. We are also frequently obligated by law to retain the data for a longer period, generally between 6 to 10 years.

18. Transfer of data to third parties

For the purposes of the credits check listed in Section 11 and 12, our credit insurer will receive customer data (company name and address) as well as information concerning the value of goods to be insured so that the insurer can create of an offer for us.
For the rest, we are commissioning external service partners for services (e.g. rectification of defects, startup operation) at our customers. For this purpose, the service partners will receive customer data (e.g. name of the customer, contact information, address). This is for the performance of the contract to which you are a party (Art. 6 (1) Clause 1 lit. b GDPR), whereby we conclude all necessary contracts with our partners.

Part 5 – Information for our suppliers

The information in the following subsections relate exclusively to the processing of supplier data. Unless specified otherwise below, the general information from the remaining parts (in particular Part 1) apply.

19. Type of processed data

We process the following types of data of suppliers:
• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information),
• contract data,
• tax-relevant information (e.g. VAT ID no.),
• supplier evaluation,
• statistical data,
• billing and service data,
• banking information

20. Purpose of processing

Processing is for the purpose of creating inquiries, reviewing offers, and ordering. The data is also processed for invoicing and payment. Our interest in this regard is that we are able to order products from you. This processing safeguards are legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR).
For the rest, processing is for the purpose of invoice auditing. Our interest in this regard is that we do not pay any erroneous invoice amounts. This processing is necessary for performance of the contract (Art. 6 (1) Clause 1 lit. b GDPR).
Your data is also processed for the purpose of payment. This is necessary for the performance of the contract to which you are a party (Art. 6 (1) Clause 1 lit. b GDPR).

21. Necessity of providing your data

The provision of the data listed in Section 19 is not required by law. However, we cannot conclude a contract with you as a supplier unless you provide this data, because this data is necessary to conclude a contract.

22. Duration of data retention

We are processing and retaining your data only for as long as necessary for the provision of our services. Data retention may, among other things, continue for as long as claims can be asserted against us based on the provided services and/or for as long as we may require the relevant data for the purpose of a legal defense. We are also frequently obligated by law to retain the data for a longer period, generally between 6 to 10 years.

Part 6 – Information for job applicants

The information in the following subsections relate exclusively to the processing of data processed within the scope of a job application. Unless specified otherwise below, the general information from the remaining parts (in particular Part 1) apply.

23. Collection and use of personal data in the job application process – also when service providers are used

Your data is collected only to fill positions within robatherm. We keep your data confidential and do not pass it on to third parties.
If you apply for a job via the websites of other providers (currently yourfirm.de, operated by yourfirm GmbH, to which it may be referred in our social media profiles), your data will be gathered by the respective provider and transferred to us for the purpose of processing your job application, whereby your data will not be stored by the service providers. Furthermore, the click rates of the respective job ad will be gathered and transferred to us. In addition, the service provider will send you a confirmation when the application has been successfully sent to us and a copy of the transmitted data if requested by you. You can find the data privacy statement of the currently engaged service provider yourfirm GmbH at https://www.yourfirm.de/datenschutz/.
We also cooperate with service providers that publish our job ads and merely set a link to our website to which you can then transmit your application data. In that case, no application data will be processed by the service providers and merely the click rates of the respective ad will be documented. These service providers currently include stellenanzeigen.de GmbH & Co. KG (data privacy statement available at https://www.stellenanzeigen.de/ueber-uns/datenschutzerklaerung/) and Presse- Druck- und Verlags-GmbH (data privacy statement available at https://www.augsburger-allgemeine.de/unternehmen/Datenschutzerklaerung-u...).
We use the click rates to analyze how worthwhile corresponding job ads are so we can improve the design of the job ads in the future. This, however, involves merely aggregated data that we cannot attribute to any specific person.
When calling up the websites of the respective service providers, the personal data are processed by the service provider to the extent that this is necessary for retrieving the pages. We have no influence on the processing of personal data by the respective service providers. Neither do we know all purposes of the processing nor the storage periods nor the extent of the data collection by the service providers. According to experience, the platforms process the data for the purposes of advertising, market research and demand-oriented design of the platforms. You can find more details in the data privacy statements of the individual platforms linked above. As far as we have the possibility to do so, we will work towards a handling of personal data by the respective service providers in line with the principles of data protection and data minimization. However, our possible influence is limited.
Regarding the possible assertion of rights of data subjects against the respective service providers, please find more information in the respectively linked data privacy statements or the data privacy information that is accessible on the website of the respective service provider.
Irrespective of whether we shall be regarded as data controller within the meaning of the GDPR regarding the aforementioned processing activities in the individual case, you can, of course, also assert any rights as data subject arising from the respective processing activities (also such in the area of responsibility of our service provider) against us. Part 1 / Number 3 applies accordingly to this extend. Please use the contact details specified in Part 1 for corresponding requests. In case we do not have sufficient influence on the respective data processing, we reserve the right to refer individual questions to the respective platform operator to the extent permitted by law.

24. Kind of processed data

We process the following personal data within the scope of the job application process:
• your master data (e.g. first name, last name, affixes, date of birth),
• work permit/residence permit, if necessary,
• contact information (e.g. personal address, (cell) phone number, email address),
• photo, if applicable
• skill information (e.g. special skills and proficiencies),
• if relevant for the advertised position: fitness for duty.

Your personal data is generally collected directly from you within the scope of the application process, in particular from the job application documents, the job interview, and the staff questionnaire.
We may also receive data from third parties, (e.g. employment agencies).
We also process your personal data that we permissibly gain from publicly accessible sources (e.g. professional networks).

25. Purposes of the processing

Data processing chiefly serves to establish an employment relationship. The predominant legal basis for this is Art. 88 (1) GDPR in conjunction with Section 26 (1) German Federal Data Protection Act (new) (Bundesdatenschutzgesetz (neu), BDSG).
Your data is processed exclusively to fill the specific position for which you have applied.
The processing of health data may also be necessary for the assessment of your working capacity pursuant to Art. 9 (2) lit.h GDPR in conjunction with Section 22 (1) lit.b BDSG.
If, in the event of a rejection, you wish to be included in our pool of applicants or if your application is to be taken into consideration for other vacancies in the company/group, we require a declaration of consent from you for this purpose.
If contact is initiated via corresponding service providers, the legal basis for their involvement, besides Art. 88 (1) GDPR in conjunction with Sec. 26 (1) BDSG, is also Art. 6 (1) lit. f) GDPR if applicable (legitimate interests). Our legitimate interests are being able to organize our application processes and HR marketing efficiently. With regard to the processing of the transmitted anonymized click rates, our legitimate interest is being able to analyze the efficiency of cooperating with the service providers and improve the design of the job ads in the future.

26. Duration of data retention

If you are hired, we transfer your application records to your personnel file. After the end of your employment, the personal data that we are legally obligated to retain will continue to be stored. This generally is the based on statutory retention obligations and obligations to provide proof, which, among other things, are stipulated in the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO). According to these, retention periods are up to 10 years. Personal data may also be retained for the duration during which claims can be asserted against us (statutory limitation period from 3 or to up to 30 years).
In the event of a rejection, your application documents will be deleted no later than 6 months after the completion of the application process, unless you have granted us consent for a longer retention period (applicant pool).

27. Persons receiving your data

Within our company, only the persons and functions (e.g. departments) that are involved in the decision concerning your hire will receive your personal data.

28. No transfer to third countries

We do not transfer your applicant data to third countries.

29. Necessity of providing your data

To consider your application, we require from you the personal data necessary for the decision or to establish the employment relationship. A statutory obligation to provide data does not exist.

30. Information concerning encryption of applicant data and other information

Your online application data will be encrypted and transferred with state-of-the-art technology. If you transmit an unsolicited online application to robatherm or apply for a current vacancy, your application data will be stored in our software-based applicant management system.
From processing technology aspects, your written application will be handled like an online application. Your original documents will be returned to you at the latest upon conclusion of the staffing process.

Part 7 – Privacy notice for Mollier h,x app

The protection of your privacy in personal data processing is an important priority for robatherm (“we”, “our”, “us”), which we would like to take into consideration in all of our business processes. We process your personal data exclusively in compliance with data protection regulations.

31. Controller in terms of GDPR

robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone: +49 8222 999-0
Telefax: +49 8222 999-222
Email: info@robatherm.com

32. Data protection officer contact information

To the
Data Protection Officer
c/o robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone +49 8222 999-0
Email: info@robatherm.com

33. Right to information, rectification, erasure, restriction of processing, data transferability, objection, withdrawal, complaint

You are entitled
• pursuant to Art. 15 GDPR to request information concerning your personal data processed by us;
• pursuant to Art. 16 GDPR to immediately request completion or the rectification of your incorrect personal data stored by us;
• pursuant to Art. 17 GDPR to request erasure of your personal data stored by us;
• pursuant to Art. 18 GDPR to request restricted processing of your personal data;
• pursuant to Art. 20 GDPR to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller;
• pursuant to Art. 21 to object to the processing of your personal data;
• pursuant to Art. 7 (3) GDPR at any time to withdraw consent granted to us, with the consequence that our processing based on such consent will be prohibited for the future without affecting the legality of any processing that occurred prior to your withdrawal of your consent;
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority.

In the event that you have questions that are not answered in this privacy statement or if you would like to have more in-depth information for any matter in this regard, please contact us at any time through the contact information listed above.

34. No automated case-by-case decisions or profiling measures

We do not use purely automated processing operations to reach a decision.

35. Security

We implement technical and organizational security measures to protect your personal data against accidental or unlawful erasure, modification, or loss, and against unauthorized forwarding or unauthorized access.

36. Collection of personal data when downloading the app

When downloading the app, the required information is transmitted to the App Store, in particular the user name, email address, and customer number for your account, the time of download, payment information, and individual device ID number. We have no influence over this collection of data and we are not responsible for it. We process the data only insofar as such is necessary for downloading the mobile app to your mobile end device.

37. Collection of personal data when using the app

When using the app, we collect the following personal data to enable the comfortable use of functions. We collect the following data if you would like to use the app, as they are necessary for us from a technical aspect to offer you the functions of our mobile app and to ensure stability and security:

• IP address,
• Date and time of inquiry,
• Time zone difference to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status / HTTP status code,
• The respective transmitted data volume,
• Website from which the inquiry originates,
• Browser,
• Operating system and its interface,
• Language and version of the browser software.

This serves to safeguard our legitimate interests, the legal basis for this is Art. 6 (1) Clause 1 lit. f GDPR. Our interest in this regard is the ability to offer a comfortable use of functions to users.

Data will be erased if the data is no longer required for the stated purposes.

38. Collection of personal data in case of registration

If you register, the following data will be processed (mandatory information):
• First name,
• Last name,
• Password,
• Email.

Insofar as such is voluntarily provided by you, the following data is also processed (optional information):
• Company,
• Address,
• Postal code,
• Town.

This data is collected to prevent abuse because it allows individual users to be excluded from further use. Name and first name are also requested to enhance the user experience. This is covered by our legitimate interests, Art. 6 (1) Clause 1 lit. f GDPR. Company and address are voluntary information and can be used by the user for customization. Processing is also based on our legitimate interests and also serves to enhance the user experience. This is necessary to safeguard our legitimate interests. The legal basis for this collection is Art. 6 (1) Clause 1 lit. f GDPR.

Data will be erased if it is no longer required for the stated purposes. Data retention may, among other things, continue for as long as claims can be asserted against us based on the provided services and/or for as long as we may require the relevant data for the purpose of a legal defense.

The collection of this data is not required by law or contractually, nor is it obligatory, however, mandatory information is necessary for registration. Non-provision of data will result in your inability to register. As a consequence, the full functionality of the app will not be available to you. A data exchange across multiple devices will then, for example, not be possible.

39. Processing of personal data if contact is established with us

If you establish contact with us by email or through a contact form, your email address, and - if provided by you - your name and your telephone number will be stored by us to answer your questions. This is necessary for the performance of the contract to which you are a party or in order to take steps prior to entering into a contract (Art. 6 (1) Clause 1 lit. b GDPR) or to safeguard our legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR). Our legitimate interest in this is a satisfactory processing of your inquiry.

We will erase the data collected in this regard after retention is no longer necessary.

40. Transmission of data to third parties

We are transmitting data for the purpose of data backup to our service provider tarienna GmbH and deposit a backup copy in a bank deposit box. Our interest in this is to prevent loss of data. Our legitimate interest is the legal basis for this transmission (Art. 6 (1) Clause 1 lit. f GDPR).

41. No transmission to third countries or an international organization

No data will be transmitted to countries outside of the European Union or to an international organization.

42. Google Analytics

This app uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics allows us an analysis of your use of the app. For this purpose, information about your use of this app will be generated. The information is transmitted to and stored at a Google server in the USA. If IP anonymization is activated in the app, your IP address is first abbreviated by Google within member states of the European Union or other contracting parties to the Agreement on the European Economic Area. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases. IP anonymization is activated.

Google uses this information on behalf of the operator of this app to evaluate your use of the app, to create reports concerning activities, and to provide other services in connection with app use and Internet use vis-à-vis the app operator. The IP address transmitted from your browser within the scope of Google Analytics is not combined with other data held by Google.

Alternatively to the browser plug-in, you can click on this link to prevent data collection through Google Analytics on this website in the future. This places an opt-out cookie on your terminal device. If you delete your cookies, you must once again click on the link.

More detailed information concerning data protection at Google Analytics is available at https://support.google.com/analytics/answer/6004245?hl=en.

43. Currentness and modification of this privacy notice

This privacy notice is valid as of April 2018. It may be necessary to modify this privacy statement due to continued development of our website or modified statutory or official requirements. The respective updated privacy notice is available at https://www.robatherm.com/en/privacy-notice.

Part 8 – Privacy notice for TrueData app

The protection of your privacy in personal data processing is an important priority for robatherm (“we”, “our”, “us”), which we would like to take into consideration in all of our business processes. We process your personal data exclusively in compliance with data protection regulations.

44. Controller in terms of GDPR

robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone: +49 8222 999-0
Telefax: +49 8222 999-222
Email: info@robatherm.com

45. Data protection officer contact information

To the
Data Protection Officer
c/o robatherm GmbH + Co. KG
Industriestrasse 26
89331 Burgau, Germany
Telephone +49 8222 999-0
Email: info@robatherm.com

46. Right to information, rectification, erasure, restriction of processing, data transferability, objection, withdrawal, complaint

You are entitled
• pursuant to Art. 15 GDPR to request information concerning your personal data processed by us;
• pursuant to Art. 16 GDPR to immediately request completion or the rectification of your incorrect personal data stored by us;
• pursuant to Art. 17 GDPR to request erasure of your personal data stored by us;
• pursuant to Art. 18 GDPR to request restricted processing of your personal data;
• pursuant to Art. 20 GDPR to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller;
• pursuant to Art. 21 to object to the processing of your personal data;
• pursuant to Art. 7 (3) GDPR at any time to withdraw consent granted to us, with the consequence that our processing based on such consent will be prohibited for the future without affecting the legality of any processing that occurred prior to your withdrawal of your consent;
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority.

In the event that you have questions that are not answered in this privacy statement or if you would like to have more in-depth information for any matter in this regard, please contact us at any time through the contact information listed above.

47. No automated case-by-case decisions or profiling measures

We do not use purely automated processing operations to reach a decision.

48. Security

We implement technical and organizational security measures to protect your personal data against accidental or unlawful erasure, modification, or loss, and against unauthorized forwarding or unauthorized access.

49. Collection of personal data when downloading the app

When downloading the app, the required information is transmitted to the App Store, in particular the user name, email address, and customer number for your account, the time of download, payment information, and individual device ID number. We have no influence over this collection of data and we are not responsible for it. We process the data only insofar as such is necessary for downloading the mobile app to your mobile end device.

50. Collection of personal data when using the app

When using the app, we collect the following personal data to enable the comfortable use of functions. We collect the following data if you would like to use the app, as they are necessary for us from a technical aspect to offer you the functions of our mobile app and to ensure stability and security:

• IP address,
• Date and time of inquiry,
• Time zone difference to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status / HTTP status code,
• The respective transmitted data volume,
• Website from which the inquiry originates,
• Browser,
• Operating system and its interface,
• Language and version of the browser software.

This serves to safeguard our legitimate interests, the legal basis for this is Art. 6 (1) Clause 1 lit. f GDPR. Our interest in this regard is the ability to offer a comfortable use of functions to users.

Data will be erased if the data is no longer required for the stated purposes.

51. Collection of personal data in case of registration

If you register, the following data will be processed (mandatory information):
• First name,
• Last name,
• Password,
• Email.

This data is collected to prevent abuse because it allows individual users to be excluded from further use. Name and first name are also requested to enhance the user experience. This is covered by our legitimate interests, Art. 6 (1) Clause 1 lit. f GDPR. Company and address are voluntary information and can be used by the user for customization. Processing is also based on our legitimate interests and also serves to enhance the user experience. This is necessary to safeguard our legitimate interests. The legal basis for this collection is Art. 6 (1) Clause 1 lit. f GDPR.

Data will be erased if it is no longer required for the stated purposes. Data retention may, among other things, continue for as long as claims can be asserted against us based on the provided services and/or for as long as we may require the relevant data for the purpose of a legal defense.

The collection of this data is not required by law or contractually, nor is it obligatory, however, mandatory information is necessary for registration. Non-provision of data will result in your inability to register. As a consequence, the full functionality of the app will not be available to you. A data exchange across multiple devices will then, for example, not be possible.

52. Processing of personal data if contact is established with us

If you establish contact with us by email or through a contact form, your email address, and - if provided by you - your name and your telephone number will be stored by us to answer your questions. This is necessary for the performance of the contract to which you are a party or in order to take steps prior to entering into a contract (Art. 6 (1) Clause 1 lit. b GDPR) or to safeguard our legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR). Our legitimate interest in this is a satisfactory processing of your inquiry.

We will erase the data collected in this regard after retention is no longer necessary.

53. Transmission of data to third parties

We are transmitting data for the purpose of data backup to our service provider tarienna GmbH and deposit a backup copy in a bank deposit box. Our interest in this is to prevent loss of data. Our legitimate interest is the legal basis for this transmission (Art. 6 (1) Clause 1 lit. f GDPR).

54. No transmission to third countries or an international organization

No data will be transmitted to countries outside of the European Union or to an international organization.

55. Use of cookies

The app uses cookies. Cookies are small text files that are stored on the drive of your mobile end device and that are allocated to the mobile app used by you. We can receive certain information through cookies. Cookies cannot execute any programs or transfer viruses to your mobile end device. They serve to make mobile apps more user-friendly and more effective overall.

This mobile app uses the following types of cookies:
• Transient cookies: These are erased automatically if you close our mobile app. It includes specifically session cookies. Session cookies store a so-called session ID, which can be used to allocate various inquiries to your mobile app. This allows a recognition of your mobile end device when you next use our mobile app. Session cookies are erased if you log out or close the app.
• Persistent cookies: These are automatically erased after a prespecified period that may differ depending on the cookie.

You can configure the settings of your mobile operating system and of the app as you wish and, e.g., refuse acceptance of third party cookies or all cookies. However, in such a case you may not be able to use all functions of our mobile app.

56. Currentness and modification of this privacy notice

This privacy notice is valid as of April 2018. It may be necessary to modify this privacy statement due to continued development of our website or modified statutory or official requirements. The respective updated privacy notice is available at https://www.robatherm.com/en/privacy-notice.