Privacy Policy

Introduction

We would like to use the information below to provide you “data subject” with an overview of our processing of your personal data and your rights under data protection law.

Data controller

The data controller, as defined by the GDPR, is:

ROOQ GmbH
Im Erdbeerfeld 20
52078 Aachen
Deutschland

team@rooq.de
Tel +49 (0) 241 / 41 25 2001
Fax +49 (0) 241 / 41 25 2099

Data controller’s representative: Ralf Rüttgers

Data protection officer

You can reach the data protection officer as follows:

Five Consulting
Dipl.-Ing. Klaus Pampuch
pampuch@five.consulting
www.five.consulting

You may contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

Technology

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the website operator. You can recognize an encrypted connection by your browser’s address bar reading “https://” instead of “http://” and the lock symbol in the browser bar.
We use this technology to protect your transmitted data.

Data collection when visiting the website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (in what is known as “server log files”). Our website collects a range of general data and information each time you access a website or an automated system. This general data and information is stored in the servers log files. It may be collected

  1. the browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system accesses our website (called a referrer),
  4. the sub-pages accessed via an accessing system on our website,
  5. the date and time the website is accessed,
  6. an internet protocol address (IP address) and
  7. the accessing system’s internet service provider.

No conclusions are drawn about you when using this general data and information. Instead, this information is needed to

  1. properly deliver our website content,
  2. to optimize the content of the website as well as to advertise it,
  3. to ensure the continued functioning of our information technology systems and our websites technology as well as to
  4. provide the information necessary for law enforcement authorities to prosecute in the event of a cyber-attack.

This collected data and information is therefore statistically analyzed and further analyzed by us with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data being processed by us. The data from the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1(f) GDPR. Our legitimate interest is based on the purposes listed above for the collection of data.

Encrypted payment transactions

If, after concluding a paid contract, you need to provide us with your payment details (e.g. account number for direct debit authorization), this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by your browsers address bar reading “https://” instead of “http://” and the lock symbol in the browser bar.

We use this technology to protect your transmitted data.

Cookies

General information about cookies

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

Information generated from the specific device used is stored in cookies. This does not mean, however, that we will gain immediate knowledge of your identity.

The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.

We also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific period of time. If you return to our website to use our services, cookies allow us to automatically recognize that you have visited our website previously and remember the inputs and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and analyze it for the purpose of optimizing our services. These cookies allow us to automatically recognize that you have already visited our website when you visit our website again. These cookies are automatically erased after a defined period of time.

Contents of our website

Registering as a user

You have the option to register on our website by providing personal data.

The input screen used to register in each case determines what personal data is shared with us. The personal data you enter will be collected and stored exclusively for internal use by us and for our own purposes. We may arrange for data to be shared with one or more data processors, such as a parcel service, which will also use your personal data solely for internal purposes attributable to us.

When you register on our website, the IP address assigned by your Internet Service Provider (ISP) and the date and time of registration are also stored. This is done only for the purpose of preventing our services from being misused. If necessary, this data may be used to clarify the situation surrounding any crimes committed. In this respect, the storage of this data is necessary for our security. This data will not be disclosed to third parties unless there is a legal obligation to do so or the data is used for criminal prosecution.

Your registration, including the voluntary entry of personal data, also allows us to offer you content or services which, due to their nature, may only be offered to registered users. Registered persons are free to modify the personal data they provided during the registration process at any time or have it completely erased from our database.

We will provide you with information at any time on request as to what personal data is stored about you. We will also rectify or erase delete personal data at your request, unless legal retention obligations to the contrary are in place. Data subjects may contact the data protection officer named in this Privacy Notice and all other employees for this purpose.

Your data is processed in the interests of simple, convenient use of our website. This constitutes a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR.

Data processing when opening a customer account and for contract execution

Pursuant to Article 6 Paragraph 1(b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected is shown in each input form. You may erase your customer account at any time by sending a message to the data controllers address as stated above. We store and use the data you provide to execute contracts. After complete execution of the contract or erasure of your customer account, your data will be blocked, taking into account tax and commercial retention periods, and erased once these periods have expired unless you have expressly consented to the further use of your data or we are legally permitted to further use your data, about which we will inform you below.

Data processing for order processing

The personal data we collect is disclosed to the transport company hired to deliver goods under the scope of contract execution, provided this is necessary for the delivery of the goods. We disclose your payment details to the bank commissioned as part of payment processing, provided this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for this transfer of data is Article 6 Paragraph 1(b) GDPR.

Conclusion of contracts with the online shop, retailers and dispatch of goods

We only send personal data to third parties where necessary as part of contract execution, for example to the companies entrusted with the delivery of the goods or the bank entrusted with processing payment. No data is otherwise sent unless you have expressly agreed to this. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6 Paragraph 1(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Newsletters

Newsletter for regular customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per article 7, paragraph 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with article 6, paragraph 1 lit. f GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.

Marketing newsletter

You can subscribe to our newsletter via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.

We use our newsletter to regularly communicate our offers to our customers and business partners. You can, therefore, only receive our company’s newsletter if

  1. you have a valid email address and
  2. have registered for the newsletter.

For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorized the newsletter.

When you register for the newsletter we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.

The personal data collected during registration are used solely for sending our newsletter. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.

The legal basis for data processing for the purposes of sending a newsletter is article 6, paragraph 1 lit. a GDPR.

Payment provider

PayPal

We have integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no traditional account number involved. PayPal makes it possible to induce online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22?24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select “PayPal” as your payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you are consenting to the personal data required to process your payment being sent.

The personal data transmitted to PayPal usually includes your first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary to process payment. Personal data related to the respective order is also necessary to process the purchase agreement.

The transmission of data is intended for payment processing and fraud prevention purposes. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. Under certain circumstances, the personal data exchanged between PayPal and us is transmitted by PayPal to credit agencies. The purpose of this transmission is to verify your identity and creditworthiness.

PayPal may also disclose the personal data to affiliated companies and service providers or subcontractors, provided this is necessary to fulfil contractual obligations or the data will be processed on behalf of PayPal.

You have the option of revoking your consent to PayPal handling your personal data at any time. Revoking your consent does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal is used in the interest of proper, easy payment processing. This constitutes a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR.

PayPal’s current privacy policy can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Sofort

We have integrated Sofortüberweisung components on this website. Sofortüberweisung is a payment service that facilitates the cashless payment for products and services online. Sofortüberweisung represents a technical procedure through which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately once the order has been placed.

Sofortüberweisung is operated by SOFORT GmbH, Fussbergstrasse 1, 82131 Gauting, Germany, Part of the Klarna Bank AB, (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

If you select “Sofortüberweisung” as your payment option during the ordering process in our online shop, your data will be automatically transmitted to Sofortüberweisung. By selecting this payment option, you are consenting to the personal data required to process your payment being sent.

If your payment is processed via Sofortüberweisung, you will be sending your PIN and TAN to Sofort GmbH. Sofortüberweisung carries out a bank transfer to us after performing a technical check of the account balance and retrieving further data to check the account coverage. We are automatically notified of the execution of this financial transaction.

The personal data exchanged with Sofortüberweisung includes your first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary to process payment. The transmission of data is intended for payment processing and fraud prevention purposes. We will also transmit personal data to Sofortüberweisung if there is a legitimate interest in such data being sent. Under certain circumstances, the personal data exchanged between Sofortüberweisung and us is transmitted by Sofortüberweisung to credit agencies. The purpose of this transmission is to verify your identity and creditworthiness.

Sofortüberweisung may also disclose the personal data to affiliated companies and service providers or subcontractors, provided this is necessary to fulfil contractual obligations or the data will be processed on behalf of Sofortüberweisung.

The data subject has the option of revoking their consent to Sofortüberweisung handling their personal data at any time. Revoking your consent does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

Sofortüberweisung is used in the interest of proper, easy payment processing. This constitutes a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR.

Sofortüberweisung’s current privacy policy can be found at https://www.klarna.com/de/datenschutz/ (German only).

Amazon Payments

Our website accepts payments via Amazon Pay. The provider of this service is primarily Amazon Payments Europe s.c.a., secondarily Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all located in 5 Rue Plaetis, 2338 Luxemburg (hereafter “Amazon Pay”).

If you select payment via Amazon Pay, the payment data you provide will be supplied to Amazon Pay based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Link: https://pay.amazon.com/de/help/201751600.

Your rights as a data subject

Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you will be processed.

Right to information (Article 15 GDPR)

You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us, in accordance with the statutory provisions.

Right to rectification (Article 16 GDPR)

You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Erasure (Article 17 GDPR)

You have the right to demand that we erase the personal data relating to you be deleted without delay, provided that one of the reasons provided by law applies and if processing or further storage is not required.

Restriction to processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

Data transferability (Article 20 GDPR)

You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 Paragraph 1(a) GDPR or Article 9 Paragraph 2(a) GDPR or on a contract pursuant to Article 6 Paragraph 1(b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.

Furthermore, when exercising your right to data transferability pursuant to Article 20 Paragraph 1 GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.

Objection (Article 21 GDPR)

You have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing on the basis of the weighing of legitimate interests) GDPR.

This also applies to profiling based on these provisions pursuant to Article 4 Number 4 GDPR.

Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.

In addition, you have the right to object to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1 GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.

You are free to exercise your right to lodge an objection in relation to the use of information society services, Directive 2002/58/EC notwithstanding, by means of automated procedures using technical specifications.

Revocation of consent regarding data protection

You have the right to revoke any consent to the processing of personal data at any time with future effect.

Lodging a complaint with a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

Data privacy for applicants

We are pleased that you are interested in us and that you have applied or are applying for a position in our company. In the following we would like to provide you with information on the processing of your personal data in connection with your application.

Who is responsible for data processing?

Responsible in terms of the data protection law is

ROOQ GmbH
Im Erdbeerfeld 20

52078 Aachen

You will find further information about our company, details of the persons authorized to represent us and also further contact possibilities in our imprint on our website: https://rooq.de/legal-information/

Which of your data are processed by us? And for what purposes?

We process the data you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

On what legal basis is this based?

The legal basis for processing your personal data in this application procedure is primarily § 26 BDSG. According to this law, the processing of data required in connection with the decision to establish an employment relationship is permissible.

Should the data be necessary for legal prosecution after the application procedure has been completed, data processing can be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests in accordance with Art. 6 Para. 1 letter f) DSGVO. Our interest then consists in the assertion or defence of claims.

How long is the data stored?

Data of applicants will be deleted after 6 months in case of a cancellation.

In case you have agreed to a further storage of your personal data, we will transfer your data to our pool of applicants. There the data will be deleted after two years.

If you have been awarded a job during the application process, the data will be transferred from the applicant data system to our personnel information system.

To which recipients will the data be forwarded?

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing contract with this provider, which ensures that data processing is carried out in a permissible manner.

Your applicant data will be screened by the personnel department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. The further procedure is then coordinated. Within the company, only those persons who need access to your data for the proper processing of our application procedure have access to your data.

Where is the data processed?

The data is processed exclusively in data centers in the Federal Republic of Germany.

Your rights as an affected person?

You have the right to be informed about the personal data we process about you.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide evidence that proves that you are the person you claim to be.

Furthermore, you have the right to correct or delete your personal data or to restrict its processing, insofar as you are legally entitled to do so.

Furthermore, you have the right to object to the processing within the scope of the legal requirements. The same applies to a right to data transferability.

Data protection officer

We have appointed an external data protection officer. You can reach him under the following contact options:

Five Consulting
Dipl.-Ing. Klaus Pampuch
Unterbörsch 40c
51515 Kurts

e-mail: pampuch@five.consulting

Right of appeal

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.