RÖDER MASCHINENBAU GMBH

Privacy Declaration

We are delighted about your interest in our company. Privacy is a top priority for the management of RÖDER MASCHINENBAU GMBH. The webpages of RÖDER MASCHINENBAU GMBH can principally be used without disclosing personal data. However, the processing of personal data may be required if a data subject wishes to take advantage of special services provided by our company over our website.  If the processing of personal data is required and the law does not provide a basis for such processing, we will generally obtain the data subject’s consent.

Personal data, for example the name, mailing address, email address, or telephone number of the data subject is at all times processed in compliance with the General Data Protection Regulation and in compliance with the country-specific privacy regulations valid for RÖDER MASCHINENBAU GMBH.  Our company has published this privacy declaration to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. This privacy declaration also advises data subjects about their rights.

For the purpose of processing by controllers, RÖDER MASCHINENBAU GMBH has implemented a number of technical and organizational measures to ensure seamless protection of the personal data processed by this website.  Nevertheless, online-based data transmission will principally have security gaps, and absolute protection can therefore not be guaranteed. For this reason, any data subject also has the option to transmit personal data by alternative channels, for example over the phone.

1. Glossary

Liability for Contents

The privacy declaration of RÖDER MASCHINENBAU GMBH is based on the terminology used by European lawmakers in guidelines and directives, as adopted in the General Data Protection Regulation (GDPR).  Our privacy declaration is intended to be easily read and understood, not only by the public, but also by our customers and business partners. In order to ensure this, we firstly intend to explain the employed terminology.

Without limitation, this privacy declaration uses the following terminology:

Personal data is any information linked to an identified or identifiable natural person (hereinafter “data subject”). A natural person is identifiable when they can be directly or indirectly identified, in particular by mapping to an identifier, such as a name, a code, to location data, to an online identifier, or to one or several unique properties that are an expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of said natural person.

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

C) Processing

Processing is defined as any transaction executed with or without automated methods, or any such sequence of transactions associated with personal data, such as collecting, recording, organizing, filing, storing, editing or changing, reading, requesting, using, disclosing by transmitting, disseminating, or any other form of provisioning, reconciling, or linking, restricting, deleting, or destroying.

D) Restricted processing

Restricted processing is the act of labeling stored personal data with the objective of restricting future processing.

e) Profling

Profiling is any type of automated processing of personal data intended to use said personal data for the purpose of evaluating certain personal aspects linked to a natural person with the objective of analyzing or predicting aspects related to job performance, financial status, health, personal preferences, interests, reliability, conduct, physical location, or changes of location of said natural person.

F) Pseudonymization

Pseydonymization is defined as any processing of personal data in a manner by which the personal data can no longer be mapped to a unique data subject without relying on additional information, provided said additional information is stored separately and subject to technical and organizational measures to ensure that the personal data cannot be mapped to an identified or identifiable natural person.

G) Controller

The controller is defined as the natural or legal person, authority, facility, or other entity that either alone or together with others makes decisions on the purpose and means of processing personal data. If the purpose and means of such processing are imposed by European Union law or the laws of member states, the controller, or the specific criteria for appointing the controller, can be stipulated by European Union law or the laws of the member states.

h) Contract processor

The contract processor is a natural or legal person, authority, facility, or other entity that processes personal data on behalf of the controller.

i) Recipient

The recipient is a natural or legal person, authority, facility, or other entity to whom personal data is disclosed, regardless of whether or not it is a third-party. However, authorities who may receive personal data within the context of a specific investigative order according to European union law or the laws of the member states are not regarded as recipients.

j) Third-party

A third party is any natural or legal person, authority, facility, or other entity other than the data subject, the controller, the contract processor, and the individuals who process personal data under the immediate supervision of the controller or the contract processor.

k) Consent

Consent is defined as any informed and deliberate declaration of will voluntarily made by the data subject in the form of a declaration or other unambiguously confirmed action by which the data subject pronounces that they agree to the processing of personal data related to them.

2. Name and mailing address of the controller

The controller as defined by the General Data Protection Regulation, other data protection laws valid in the member states of the European Union, and other regulations characterized as data protection language is:


RÖDER MASCHINENBAU GMBH Beim Rot 25
73340 Amstetten- Hofstett-Emerbuch
Germany
Tel.: 0733692190
E-Mail: info@roeder-maschinenbau.de
Website: www.roeder-maschinenbau.de

3. Cookies

The webpages of RÖDER MASCHINENBAU GMBH use cookies. Cookies are text files stored by a web browser on a computer system.

A plurality of webpages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier. It consists of a character sequence by which webpages and servers can be mapped to the specific web browser that stored the cookie. This gives the downloaded websites and servers the ability to differentiate the unique browser of the data subject from other web browsers that contain cookies. A unique web browser can be recognized and identified using the unique cookie ID.

By using cookies, RÖDER MASCHINENBAU GMBH can provide users of this website user-friendly services that would not be possible without setting the cookie.

Using a cookie, the information and services on our website can be optimized in the interest of the user. As already mentioned, cookies give us the ability to recognize the users of our website. The purpose of this recognition is to simplify use of our website for users. For example, the user of a website who uses cookies is not required to reenter their access data every time they visit the website because this step is taken care of by the website and the cookie stored on the user’s computer system.

A further example is the cookie of a shopping cart in the webstore. The webstore uses a cookie to memorize the articles a customer placed into the virtual shopping cart.

The data subject can at any time prevent setting cookies by our website with a corresponding setting of the web browser in use, and can therefore permanently opt out from having cookies set. Additionally, already set cookies can at any time be deleted by a web browser or other software. This is possible in all widely used web browsers. If the data subject disables the setting of cookies in their web browser, the full functionality of our website may not be available for use.

4. Recording of general data and information

Every time the website is downloaded by a data subject or an automated system, the website of RÖDER MASCHINENBAU GMBH records various general data and information.

This general data and information is stored in server log files. The recorded data includes (1) the browser types and versions in use, (2) the operating system used by the downloading system, (3) the website from which a downloading system reaches our website (so-called referrers), (4) the webpages downloaded from our website by an accessing system, (5) the date and time the website was accessed, (6) an Internet protocol address (IP address), (7) the online service provider of the accessing system, and (8) other similar data and information used as defenses in the event our IT systems are attacked.

When using this general data and information, RÖDER MASCHINENBAU GMBH makes no inferences about the data subject.

This information is instead used to (1) correctly deliver the contents of our website, (2) optimize the contents and marketing of our website, (3) ensure the consistent functionality of our IT systems and the technologies used by our website, and (4) to provide to criminal investigators the information necessary to conduct criminal investigations in the event of a cyber-attack. RÖDER MASCHINENBAU GMBH therefore firstly analyzes such anonymously collected data and information statistically, and secondly with the objective of increasing privacy and data security in our company, in order to ultimately optimize the security level for the personal data we process.

The anonymous data of the server log files are stored separately from all personal data entered by a data subject.

5. Ability to make contact over the website

Legal regulations require the website of RÖDER MASCHINENBAU GMBH to contain features that facilitate making fast electronic contact to our company and immediately establish communication with us, which also includes a general email address. If a data subject contacts the controller by email or by using a contact form, the personal data transmitted by the data subject is stored automatically.

Any personal data voluntarily transmitted by a data subject to the controller is stored for processing or to contact the data subject. This personal data is not forwarded to third parties.

6. Routine deletion and blocking of personal data

The controller only processes and stores personal data of the data subject for a timeframe required to achieve the purpose of storing said personal data, or if this is imposed on the controller as mandated by EU lawmakers in guidelines and directives or by other lawmakers in acts or regulations.

If the purpose of storing personal data no longer applies or a storage timeframe mandated by EU lawmakers in guidelines and directives or by other lawmakers expires, the personal data is routinely blocked or deleted in accordance with legal regulations.

7. Rights of the data subject

a) Right to confirmation

Any data subject whose personal data is processed has the right granted by EU lawmakers in guidelines and directives to obtain free information from the controller about the personal data stored about them, including a copy of said data. EU lawmakers also adopted guidelines and directives giving data subjects the right to information about the following:

a) Right to information

Any data subject whose personal data is processed has the right granted by EU lawmakers in guidelines and directives to obtain free information from the controller about the personal data stored about them, including a copy of said data. EU lawmakers also adopted guidelines and directives giving data subjects the right to information about the following:

  • the processing purposes

  • the categories of personal data being processed

  • the recipients or categories of recipients to whom the personal data was, or will be, disclosed, in particular concerning recipients in non-EU countries or concerning international organizations

  • if possible, the planned duration for which personal data will be stored, or, if this is not possible, the criteria for determining this duration

  • das Bestehen eines Rechts auf Berichtigung oder Löschung der sie betreffenden personenbezogenen Daten oder auf Einschränkung der Verarbeitung durch den Verantwortlichen oder eines Widerspruchsrechts gegen diese Verarbeitung
  • the right to have the personal data related to them corrected or deleted, or to restrict the processing by the controller or the right to object to such processing

  • the right to lodge an appeal with a supervisory authority

  • when the personal data are not collected from the data subject: Any available information about the origin of the data

  • d

    when the personal data are not collected from the data subject: Any available information about the origin of the data

    the existence of an automated decision-making process, including profiling according to Article 22 (1) and (4) GDPR, and – at least in these cases – verifiable information about the involved algorithm and the scope and the intended effects of such processing for the data subject The data subject further has a right to information about whether personal data was transmitted to a non-EU country or to another international organization. If this is the case, the data subject otherwise has the right to information about suitable guarantees in connection with the transmission.

If a data subject intends to exercise this right to information, the data subject can for this purpose contact an employee of the controller at any time.

c) Right to correction

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in guidelines and directives to demand the immediate correction of incorrect personal data related to them. Subject to the processing purposes, the data subject further has the right to demand that incomplete personal data be completed, including by way of a supplemental declaration.

If a data subject intends to exercise this right to correction, the data subject can for this purpose contact an employee of the controller at any time.

d) Right to deletion (right to be forgotten)

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in policies and directives to demand from the controller that the personal data related to them is deleted immediately, provided one of the following reasons applies and to the extent processing is not required:

  • The personal data was collected for such purposes or processed by other means for which it is no longer required.

  • The data subject withdraws their consent on which the processing was based according to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR, and there is no other legal basis for the processing.

  • The data subject objects to the processing according to Art. 21 (1) GDPR, and there are no overriding justified reasons for the processing, or the data subject objects to the processing according to Art. 21 (2) GDPR.

  • The personal data was processed unlawfully.

  • The deletion of personal data is required to comply with a legal obligation according to EU law or according to the laws of the member states governing the controller.

  • The personal data was collected in connection with services offered by the information company according to Art. 8 (1) GDPR.

If any of the aforementioned reasons apply and a data subject wishes to have the personal data stored by RÖDER MASCHINENBAU GMBH deleted, the data subject can for this purpose at any time contact an employee of the controller. The employee of RÖDER MASCHINENBAU GMBH will ensure that the deletion demand is immediately observed.

If personal data was made public by RÖDER MASCHINENBAU GMBH and our company is required to delete the personal data as the controller according to Art. 17 (1) GDPR, RÖDER MASCHINENBAU GMBH is required – taking into account available technologies and the implementation costs of appropriate measures, including of a technical nature – to inform other controllers who process the published personal data that the data subject demanded the deletion of all links to said personal data or of copies or duplicates of said personal data from said other controllers, provided the processing is not required. The employee of RÖDER MASCHINENBAU GMBH will initiate the appropriate actions required in the specific case.

e) Right to restricted processing

Any data subject affected by the processing of personal data has the right granted by European lawmakers in policies and directives to demand from the controller the restricted processing, provided any of the following conditions apply:

  • The data subject is disputing the accuracy of the personal data, in particular for a duration that gives the controller the ability to verify the accuracy of the personal data.

  • The processing is unlawful, the data subject rejects the deletion of personal data, and instead demands restricted use of the personal data.

  • The controller no longer requires the personal data for the processing purposes, but the data subject needs the personal data to assert, exercise, or defend legal claims.

  • The data subject objected to the processing according to Art. 21 (1) GDPR, and it has not yet been established whether the justified reasons of the controller override those in relation to the data subject.

If any of the aforementioned conditions apply and a data subject wishes to demand the restriction of personal data stored by RÖDER MASCHINENBAU GMBH, the data subject can for this purpose at any time contact an employee of the controller. The employee of RÖDER MASCHINENBAU GMBH will arrange the restricted processing.

f) Right to data portability

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in policies and directives to obtain the personal data related to them and provided to a controller by the data subject in a structured, commonly available and machine readable format. The data subject also has the right to transmit such data to another controller without interference by the controller to whom the personal data was provided, provided the processing is based on the consent according to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR or on an order according to Art. 6 (1) letter b GDPR, and the processing is based on automated methods, to the extent the processing is not required to perform a task in the public interest or to exercise public powers transferred to the controller.

When exercising their right for data portability according to Art. 20 (1) GDPR, the data subject also has the right to demand that personal data is transferred directly from one controller to another controller, where technically feasible, and to the extent rights and liberties of other individuals are not infringed.

The data subject can at any time contact the employee of RÖDER MASCHINENBAU GMBH to assert the right to data portability.

g) Right to object

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in policies and directives to object at any time against the processing of personal data related to them based on reasons related to their special situation, where such processing is based on Art. 6 (1) letters e or f GDPR. This also applies to profiling based on these regulations.

If an objection is lodged, RÖDER MASCHINENBAU GMBH will discontinue processing the personal data, unless we can demonstrate mandatory protected reasons for the processing that override the interests, rights, and liberties of the data subject, or the processing is necessary to assert, exercise or defend legal claims.

If RÖDER MASCHINENBAU GMBH processes personal data for direct marketing purposes, the data subject has the right at any time to object against the processing of personal data for the purpose of such marketing. This also applies to profiling to the extent it is linked to such direct marketing. If the data subject lodges an objection against RÖDER MASCHINENBAU GMBH for processing for the purposes of direct marketing, RÖDER MASCHINENBAU GMBH will discontinue processing the personal data for these purposes.

For reasons related to their specific situation, the data subject also has the right to object to the processing of personal data related to them, where such processing occurs at RÖDER MASCHINENBAU GMBH for scientific or historical research purposes or for statistical purposes according to Art. 89 (1) GDPR, unless such processing is required to comply with a task in the public interest.

The data subject can directly contact any employee at RÖDER MASCHINENBAU GMBH or another employee to exercise the right to object. In connection with using services of the information company and notwithstanding Directive 2002/58/E, the data subject further has the right to exercise their right to object by means of automated methods that make use of technical specifications.

h) Automated individual decision-making, including profiling

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in policies and directives to not be subjected to decisions based exclusively on automated processing – including profiling – were such decisions have legal effect against the data subject or significantly infringe on their rights in similar ways, provided the decision (1) is not required for concluding or fulfilling a contract between the data subject and the controller, or (2) is permitted based on legal regulations of the European Union or its member states that govern the controller, and said regulations contain appropriate measures to protect the rights and liberties and the justified interests of the data subject, or (3) are made with the express consent of the data subject.

If the decision (1) is required for concluding or fulfilling a contract between the data subject and the controller, or (2) the decision is made with the express consent of the data subject, RÖDER MASCHINENBAU GMBH must implement appropriate measures to protect the rights and liberties and the justified interest of the data subject, which at a minimum include the right to demand the intervention by an individual on the part of the controller such that the data subject can demonstrate their own legal position and to contest the decision.

The data subject can at any time contact an employee of the controller if the data subject intends to assert their right in relation to automated decisions.

i) Right to recall consent granted under data protection laws

Any data subject affected by the processing of personal data has the right granted by EU lawmakers in guidelines and directives to recall a consent to process personal data.

The data subject can for this purpose at any time contact an employee of the controller if the data subject intends to assert their right to recall a consent.

8. Data protection regulations for installing and using Google Analytics (with anonymization function)

The controller integrated the component Google Analytics (with anonymization function) into this website. Google Analytics is a web analysis service. Web analysis is defined as recording, collecting, and analyzing data about the behavior of visitors of webpages. Without limitation, a web analysis service comprises data about what webpage referred a data subject to a website (so-called referrers), what webpages of the website where downloaded, and how often and for what duration a webpage was viewed.

A web analysis is predominantly used to optimize a webpage and for cost-benefit analysis of online marketing.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the “_gat._anonymizeIp” plug-in for web analysis by Google Analytics. Google uses this plug-in to truncate and anonymize the IP address of the Internet connection of the data subject when our websites are downloaded from a member state of the European Union or from another contract state of the Convention on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor traffic to our website. Without limitation, Google uses the collected data and information for the purpose of analyzing the use of our website, to compile – for our use – online reports showing the activities on our website, and to render other services in connection with the use of our website.

Google Analytics stores a cookie on the IT system of the data subject. Cookies were already defined and explained above. Storing the cookie gives a Google the ability to analyze the use of our website. 

Whenever a webpage of this website that is operated by the controller and on which a Google Analytics component was integrated is downloaded, the respective Google Analytics component will cause the web browser on the IT system of the data subject to automatically transmit data to Google for online analysis purposes. Within the context of this technical method, Google gains knowledge about personal data, such as the IP address of the data subject, which Google uses without limitation to retrace the origin of the visitors and clicks and to generate commission billing statements based thereon.

The cookies are used to store personal data, for example the download time, the location from which a download originated, and the frequency of visits to our website by the particular person. Every time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject are transmitted to Google in the United States of America.  Google stores this personal data in the United States of America. Google may under certain circumstances forward the personal data collected using the technical method to third parties.

As already discussed above, the data subject can at any time prevent setting cookies by our website with a corresponding setting of the web browser in use, and can therefore permanently opt out from having cookies set.

Such a setting of the web browser in use would also prevent Google from storing a cookie on the IT system of the data subject. Additionally, a cookie already set by Google Analytics can at any time be deleted by a web browser or other software.

The data subject also has the option to opt out (1) from the data generated by Google Analytics, from (2) use of data related to this website, and (3) from processing this data by Google and to prevent such processing. For this purpose the data subject must download and install a browser plug-in under the link: https://tools.google.com/dlpage/gaoptout. This browser plug-in tells Google Analytics via JavaScript that no data and information concerning the visits of websites is to be transmitted to Google Analytics. 

Google classifies the installation of the browser plug-in as an opt-out. If the IT system of the data subject is deleted, formatted, or reinstalled at a later point in time, the data subject must reinstall the browser plug-in to disable Google Analytics. If the browser plug-in is the uninstalled or disabled by the data subject or by another person within its scope of control, the opportunity exists to reinstall or reenable the browser plug-in.

More information and Google’s currently valid privacy policies can be downloaded at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in detail under the following link: https://www.google.com/intl/de_de/analytics/.

9. Legal basis for processing

Our company relies on Art. 6 I letter a GDPR as the legal basis for processing activities for which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfill a contract to which the data subject is a contract party, as is for example the case for processing activity needed to deliver goods or to render miscellaneous services or considerations, such processing is based on Art. 6 I letter b GDPR. The same applies for any processing activity required to perform pre-contractual measures, for example for inquiries about our products or services.

The processing of personal data may be required in rare cases to protect vital interests of the data subject or another natural person. This would for example be the case when a visitor at our facility were to be injured, and his name, his age, his health insurance data, or other vital information would need to be forwarded to a doctor, a hospital, or other third parties. 

The processing would then be based on Art. 6 I letter d GDPR. Lastly, the processing activity could be based on Art. 6 I letter f GDPR. Processing activity based on these statutes and that are not covered by any of the aforementioned statutes when the processing is necessary to protect a justified interests of our company, provided the interests, constitutional rights, and constitutional liberties of the data subject do not override. We are authorized to exercise such processing activity because it was specifically mentioned by European lawmakers. In this respect, the latter was of the opinion that a justified interest could be assumed when the affected person is a customer of the controller (Reasoning 47 sentence 2 GDPR).

10. Justified interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I letter f GDPR, our justified interest is the performance of our business activity to the benefit and well-being of our employees and shareholders.

11. Duration for which personal data is stored

The criterion for the storage duration of personal data is the statutory archiving term. After the term expires, the relevant data is routinely deleted, provided it is no longer required to fulfill or originate contracts.

12. Statutory contractual stipulations to provide personal data; requirement for contract conclusion; contractual imposition on the affected person to provide personal data; potential consequences for failure to provide personal data

You are advised that the provision of personal data is in certain cases mandated by law (such as tax regulations) or can be based on contractual stipulations (such an details about the contract partner). Certain contract conclusions may require that a data subject must provide personal data to us, which we are then required to process.

The data subject is for example obligated to provide personal data to us when our company enters into a contractual relationship with the data subject. A failure to provide personal data would have the consequence that the contract cannot be concluded with the data subject.

Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will then in each specific case advise the data subject whether the personal data is provided based on statutory or contractual language

or is required to conclude the contract, whether the data subject is obligated to provide the personal data, and what consequences are associated with a failure to provide the personal data.

13. Use of automated decision-making

As a responsible corporate citizen, we do not make use of automated decision-making processes or profiling.

This privacy declaration was generated by the privacy declaration generator of DGD (Deutsche Gesellschaft für Datenschutz GmbH), in its capacity as an external privacy official, Berlin, in cooperation with the privacy (GDPR) attorneys of WILDE BEUGER SOLMECKE | Attorneys at Law.