Data protection

Status January 2025

1. Introduction

With the following information, we would like to provide you, as the “data subject,” an overview of the processing of your personal data by us and your rights under data protection laws. Use of our websites is generally possible without providing personal data. However, if you wish to use special services offered by our company through our website, the processing of personal data may be required. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the national data protection laws applicable to “ROSE Systemtechnik GmbH.” Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the greatest possible protection of the personal data processed through this website. However, internet-based data transmissions can always have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by phone or by mail.

You can also take simple and easily implementable measures to protect your data from unauthorized access by third parties. Therefore, we would like to provide you with some tips for securely handling your data:

  • Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords.
  • Only you should have access to the passwords.
  • Make sure you use your passwords only for one account (login, user, or customer account).
  • Do not use the same password for different websites, applications, or online services.
  • Especially when using publicly accessible or shared IT systems, you should always log out after accessing a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they are not easily guessable. Therefore, they should not contain common words from daily life, your own name, or names of relatives, but should include a mix of uppercase and lowercase letters, numbers, and special characters.

2. Data Controller

The data controller within the meaning of the GDPR is:

ROSE Systemtechnik GmbH
Erbeweg 13 – 15, 32457 Porta Westfalica, Germany

Phone: +49 571-50 41-0

Fax: +49 571-50 41-6

Email: rose@rose-pw.de

Representative of the data controller: Dr. Heinz Werner Rixen

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Phone: +49 5221 87292-08

Fax: +49 5221 87292-49

Email: datenschutz-rose-systemtechnik@audatis.de

You can contact our Data Protection Officer at any time for any questions or suggestions regarding data protection.

4. Definitions

This privacy policy is based on the terminology used by the European legislative bodies when enacting the General Data Protection Regulation (GDPR). Our privacy policy is designed to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.In this privacy policy, we use, among others, the following terms:

  1. Personal Data
    Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by assigning an identifier such as a name, identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  2. Data Subject
    A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
  3. Processing
    Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  4. Restriction of Processing
    Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
  5. Profiling
    Profiling is any form of automated processing of personal data that involves using the data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of the natural person.
  6. Pseudonymization
    Pseudonymization is the processing of personal data in a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
  7. Processor
    A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the data controller.
  8. Recipient
    A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether they are a third party. However, authorities that may receive personal data under a specific investigation under Union or member state law are not considered recipients.
  9. Third Party
    A third party is a natural or legal person, authority, agency, or other body, other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the data controller or processor, are authorized to process personal data.
  10. Consent
    Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, in the form of a statement or a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.

5. Legal Basis for Processing

Article 6(1)(a) of the GDPR (in conjunction with § 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations required for the execution of pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. For example, this would be the case if a visitor were injured at our premises, and their name, age, health insurance information, or other vital details needed to be shared with a doctor, hospital, or other third parties. In such a case, the processing would be based on Article 6(1)(d) of the GDPR.

Ultimately, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided the interests, fundamental rights, and freedoms of the data subject do not outweigh this interest. Such processing operations are specifically allowed because they are expressly mentioned by the European legislator. In this context, it is considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 of the GDPR).

Our services are primarily intended for adults. Individuals under the age of 16 may not submit personal data to us without the consent of their parents or legal guardians. We do not request, collect, or share personal data from children or adolescents with third parties.

6. Transmission of Data to Third Parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

  1. You have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR,
  2. the disclosure is permissible pursuant to Article 6(1)(f) of the GDPR for the protection of our legitimate interests and there is no reason to assume that you have a predominant legitimate interest in not disclosing your data,
  3. there is a legal obligation for the disclosure under Article 6(1)(c) of the GDPR, or
  4. it is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of a contract with you.

To protect your data and, where applicable, to facilitate data transmission to third countries (outside the EU/EEA), we have entered into data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision under Article 45 of the GDPR.

7. Technology

7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection when “http://” changes to “https://” in the browser address bar and when a lock symbol appears in your browser’s bar.

We use this technology to protect the data you transmit.

7.2 Data Collection When Visiting the Website
When you visit our website purely for informational purposes, i.e., when you do not register or otherwise transmit information to us or give consent for data processing, we only collect data that is technically necessary for providing the service. These are typically data transmitted by your browser to our server (“so-called server log files”). Our website collects a range of general data and information with each page view by you or an automated system. These general data and information are stored in the server log files. The following may be collected:

  1. Browser type and version used,
  2. Operating system used by the accessing system,
  3. The website from which the accessing system reaches our website (so-called referrer),
  4. The subpages accessed through the accessing system on our website,
  5. The date and time of access to the website,
  6. A shortened Internet protocol address (anonymized IP address), and
  7. The Internet service provider of the accessing system.

When using this general data and information, we do not draw conclusions about your identity. This information is needed to:

  1. Correctly deliver the content of our website,
  2. Optimize the content of our website and advertising,
  3. Ensure the long-term functionality of our IT systems and the technology of our website, and
  4. Provide law enforcement agencies with the necessary information in the event of a cyberattack.

These collected data and information are evaluated by us both statistically and with the aim of increasing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from any personal data provided by an affected person.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.

7.3 Encrypted Payment Transactions
If, after concluding a paid contract, you are required to transmit your payment data (e.g., providing your bank account number when granting a direct debit authorization), this data is required for processing the payment.

The payment transactions via common payment methods (Visa/MasterCard or direct debit) are conducted exclusively over an encrypted SSL or TLS connection. You can recognize an encrypted connection when the browser’s address bar changes from “http://” to “https://” and when a lock symbol appears in your browser’s bar.

We use this technology to protect the data you transmit.

7.4 Cloudflare (Content Delivery Network)
Our website uses features from CloudFlare. The provider is CloudFlare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA.

CloudFlare provides a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through the CloudFlare network. CloudFlare is thus able to analyze the traffic between the user and our websites to detect and fend off attacks on our services. Additionally, CloudFlare may store cookies on your computer for optimization and analysis.

You can configure your browser to be informed about the setting of cookies and to only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may restrict the functionality of this website.

We have entered into a data processing agreement with Cloudflare based on the GDPR or the EU Standard Contractual Clauses. Cloudflare collects statistical data about visits to this website. Access data includes: the name of the retrieved website, file, the date and time of the retrieval, data volume transmitted, the message about successful retrieval, browser type and version, user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Cloudflare uses the log data for statistical evaluations for the operation, security, and optimization of the offer.

If you have consented to the use of Cloudflare, the legal basis for processing personal data is Article 6(1)(a) GDPR. Additionally, we have a legitimate interest in using Cloudflare to optimize and secure our online offer. The corresponding legal basis for this is Article 6(1)(f) GDPR. The personal data will be stored as long as it is necessary for fulfilling the processing purpose. The data will be deleted once it is no longer needed for achieving the purpose.

This U.S. company is certified under the EU-U.S. Data Privacy Framework. Therefore, there is an adequacy decision according to Article 45 GDPR, allowing the transfer of personal data without additional guarantees or measures.

Further information on CloudFlare can be found at: https://www.cloudflare.com/privacypolicy/.

7.5 Hosting by Hetzner
We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereafter referred to as Hetzner).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on Hetzner’s servers.

The use of Hetzner is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable representation, availability, and security of our website.

We have entered into a data processing agreement (DPA) in accordance with Article 28 GDPR with Hetzner. This is a legally required contract that ensures Hetzner processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Further information on Hetzner’s data protection policies can be found at: https://www.hetzner.com/de/rechtliches/datenschutz

7.6 jsDelivr
Our website integrates components from jsDelivr, operated by the provider Prospect One, Królewska 65A/1, PL-30-081 Kraków, Poland.

We use the open-source service jsDelivr on our website to deliver content to users’ various devices as quickly and technically correctly as possible.

jsDelivr is a content delivery network (CDN) that distributes content on our website across multiple servers to ensure optimal global availability. A CDN typically uses servers that are geographically close to the respective website user. Therefore, it is assumed that users within the EU will be served content from servers within the EU. To deliver the content, jsDelivr collects user data such as IP addresses.

According to the provider, jsDelivr does not use cookies or similar tracking technologies but is necessary only for the technical reasons mentioned above.

Data processing is based on your consent according to Article 6(1)(a) GDPR.

You can view the privacy policy of jsDelivr at: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

8. Cookies

8.1 General Information on Cookies
Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that is derived from the context of the specific device used. However, this does not mean that we directly gain knowledge of your identity.

The use of cookies is intended to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited certain pages of our website. These cookies are automatically deleted when you leave our site.

Additionally, we use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific, predetermined period of time. When you revisit our site to use our services, we automatically recognize that you have previously visited and remember any entries or settings you made so that you don’t have to input them again.

Furthermore, we use cookies to statistically collect data about the use of our website and to evaluate our offerings for optimization purposes. These cookies allow us to recognize when you visit our website again, ensuring that we can track whether you have visited previously. The cookies set for this purpose are automatically deleted after a defined period. The specific duration of the cookies can be viewed in the settings of the consent tool in use.

9. Contents of Our Website

9.1 Data Processing During Account Creation and Contract Fulfillment
In accordance with Art. 6 Para. 1 lit. b) GDPR, personal data is collected and processed when you provide it to us for the purpose of entering into a contract or creating a customer account. The specific data collected is evident from the respective input forms. You can delete your customer account at any time, including by sending a message to the contact address provided above. We store and use the data you provide to fulfill the contract. After the contract is fully processed or your customer account is deleted, your data will be blocked, taking into account tax and commercial retention periods, and will be deleted after these periods expire, unless you have explicitly consented to further use of your data or a legally permitted further use of your data has been reserved, which we will inform you about below.

9.2 Data Processing for Order Fulfillment
The personal data we collect will be forwarded to the transport company responsible for delivery, to the extent necessary for the delivery of goods. Your payment data will be forwarded to the bank responsible for payment processing, if necessary. If payment service providers are involved, we will inform you of this explicitly below. The legal basis for the data transfer is Art. 6 Para. 1 lit. b) GDPR.

9.3 Contract Conclusion in Online Store, Merchants, and Shipping
We only transmit personal data to third parties when necessary for the contract execution, such as to companies responsible for the delivery of goods or banks responsible for payment processing. No further transmission of your data takes place, unless you have expressly consented to the transfer. We do not share your data with third parties for advertising purposes without your explicit consent.
The legal basis for the data processing is Art. 6 Para. 1 lit. b) GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures.

9.4 Contact / Contact Form
When contacting us (e.g., via a contact form or email), personal data is collected. The data collected when using a contact form is evident from the respective contact form. This data will be stored and used solely for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for the data processing is our legitimate interest in answering your inquiry in accordance with Art. 6 Para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR. Your data will be deleted once your inquiry has been fully processed, which occurs when it is clear from the circumstances that the matter in question has been resolved and there are no legal retention obligations preventing deletion.

9.5 Recruitment Management / Job Board
We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out electronically, especially when an applicant submits application documents electronically, such as via email or through a web form on the website. If we conclude an employment or service contract with an applicant, the submitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no contract is concluded, the application documents will be automatically deleted two months after the rejection decision is communicated, unless there are other legitimate interests on our part that prevent deletion. One such legitimate interest may be a proof obligation in proceedings under the General Equal Treatment Act (AGG).
The legal basis for processing your data is Art. 6 Para. 1 lit. b), 88 GDPR in conjunction with § 26 Para. 1 BDSG.

10. Our Activities in Social Networks

To communicate with you and inform you about our services, we are present on various social media platforms. When you visit one of our social media pages, we share joint responsibility with the provider of the respective platform for the processing operations triggered, in accordance with Art. 26 GDPR.

We are not the original providers of these pages but use them within the limits of the options provided by the respective platform operators. Therefore, we wish to inform you in advance that your data may be processed outside the European Union or the European Economic Area. As a result, using these platforms may involve data protection risks, as your rights (e.g., right to access, deletion, objection) may be more difficult to enforce, and processing on social networks often occurs for advertising or user behavior analysis purposes by the providers, which we cannot influence. If user profiles are created by the provider, cookies are often used, or the usage behavior is assigned to your personal profile on the social networks.

The described processing of personal data occurs in accordance with Art. 6 Para. 1 lit. f) GDPR, based on our legitimate interest and the legitimate interest of the respective provider, to communicate with you in a modern way and inform you about our services. If you must give consent to data processing as a user on the respective platforms, the legal basis for processing is Art. 6 Para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the data held by the providers, we recommend that you assert your rights (e.g., access, correction, deletion, etc.) directly with the respective provider. Further information regarding the processing of your data on the social networks is provided below for each of the platforms we use:

10.1 Facebook
Joint controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: Facebook Privacy Policy

10.2 Instagram
Joint controller for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: Instagram Privacy Policy

10.3 LinkedIn
Joint controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: LinkedIn Privacy Policy

10.4 X (Twitter)
Joint controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy: Twitter Privacy Policy
Access to your data: Twitter Data

10.5 XING (New Work SE)
Joint controller for data processing in Germany:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: XING Privacy Policy
Disclosure requests for XING members: XING Privacy Disclosure

10.6 YouTube
Joint controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: Google Privacy Policy

11. Web Analytics

11.1 Google Analytics Universal
We use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In this context, pseudonymized user profiles are created, and cookies (see “Cookies” section) are used. The information generated by the cookie regarding your use of this website, such as:

  1. Browser type/version
  2. Operating system used
  3. Referrer URL (the previously visited page)
  4. Hostname of the accessing computer (IP address)
  5. Time of server request

is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, generate reports on website activities, and provide additional services related to website and internet use for market research and design purposes. This information may also be shared with third parties if legally required or if third parties process this data on behalf of Google. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized, so they cannot be assigned to a specific person (IP masking).

You can prevent the installation of cookies by adjusting your browser settings; however, please note that in such a case, some features of the website may not be fully usable.

These processing activities occur only with your explicit consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

You can further prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, meaning that the transfer of personal data may take place without further guarantees or additional measures.

You can read the privacy policy for Google Analytics at: Google Analytics Privacy Policy.

11.2 HubSpot
We use HubSpot features on this website. The provider is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

HubSpot tracks visitors to our website using browser cookies. Each time you access our website, HubSpot checks whether a HubSpot tracking cookie is set. If no such cookie is set in your browser, and provided you give consent, a HubSpot cookie is placed, which records all pages on our website that you access later.

Important points regarding HubSpot’s handling of tracking cookies:

  • Your visit to our website is only tracked by HubSpot cookies if you have consented to the use of HubSpot cookies or all tracking cookies.
  • If you fill out and submit a form on our website (e.g., a contact form), and you have consented to the setting of HubSpot cookies, HubSpot associates your previous page visits (tracked by the cookie) with the form submission.
  • If you have already been in contact with us, your email address submitted via the form will be matched to information we have already stored.
  • If you delete all cookies or specifically HubSpot cookies, you will be considered a new visitor on our website, and a new cookie will be set. HubSpot, however, duplicates all form submissions made with the same email address, even if different browser cookies are associated with them.
  • Since cookies are set only once per browser, submissions by two people sharing the same computer will be linked to the same contact record. This deduplication by cookie ensures that submissions from different email addresses but from the same person are assigned to a single contact record.

These processing activities occur only with your explicit consent according to Art. 6 Para. 1 lit. a) GDPR. Your data will be stored until you withdraw your consent.

You can configure your browser to notify you when cookies are being set and allow cookies only in individual cases, exclude the acceptance of cookies for specific situations, or automatically delete cookies when closing the browser. Deactivating cookies may limit the functionality of this website.

The transfer of your personal data to the USA is based on Standard Contractual Clauses.

For more information about HubSpot, visit: HubSpot Privacy Policy.

11.3 LinkedIn Analytics
We use LinkedIn’s retargeting tool and conversion tracking on this website, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn).

For this purpose, the LinkedIn Insight Tag is integrated into our website, allowing LinkedIn to collect statistical data about your visit and use of our website. Based on this, LinkedIn provides us with aggregated statistics. The service also enables LinkedIn to display interest-specific and relevant offers after you have viewed certain services, information, and offers on our website. This information is stored in a cookie.

Typically, the following data is collected and processed:

  • IP address
  • Device information
  • Browser information
  • Referrer URL
  • Timestamp

These processing activities occur only with your explicit consent in accordance with Art. 6 Para. 1 lit. a) GDPR. Your data will be stored until you withdraw your consent.

Data may be transferred to the USA and Singapore during processing via LinkedIn. This US company is certified under the EU-US Data Privacy Framework, which provides an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data can occur without further guarantees or additional measures. The transfer is also secured through Standard Contractual Clauses, ensuring that the processing of personal data is at a level of security that complies with the GDPR. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, consent will be obtained from you in accordance with Art. 49 Para. 1 lit. a) GDPR.

For more information on LinkedIn’s privacy policy, visit: LinkedIn Privacy Policy.

11.4 Microsoft Clarity
We use Microsoft Clarity (“Clarity”), a web analysis service provided by Microsoft Corp., One Microsoft Way, Redmond, Washington, USA, on our website.

Pseudonymized user profiles are created, and cookies are set on your device.

Processed data includes, among others:

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer (IP address)
  • User behavior on the visited webpage,
  • Mouse movements and clicks

The information is used to evaluate the use of the website, generate reports on website activities, and provide services related to website and internet use for market research and designing our websites.

These processing activities occur only with your explicit consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. Therefore, an adequacy decision pursuant to Art. 45 GDPR exists, and the transfer of personal data may occur without further guarantees or additional measures.

For more information on Microsoft’s privacy policy, visit: Microsoft Privacy Statement.

11.5 WiredMinds
We have integrated components from WiredMinds on this website. WiredMinds components automatically recognize and qualify users who visit the website. This allows the website operator to generate leads, qualifying potential new customers.

The operator of WiredMinds is WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany.

We use a WiredMinds tracking pixel. A tracking pixel is a small graphic embedded in a website to enable log file recording and analysis, which is then statistically evaluated.

WiredMinds also sets a cookie on your IT system. By setting the cookie, we are enabled to analyze how our website is being used.

Using the data obtained, pseudonymized usage profiles are created. These profiles are used to analyze visitor behavior and improve our online offering. The data collected by the WiredMinds component will not be used to identify you without your separate, explicit consent. This data will not be merged with personal data or other data containing the same pseudonym.

Each time one of the individual pages of this website is accessed, the Internet browser on your IT system automatically causes the WiredMinds component to transmit data for online analysis. As part of this technical procedure, WiredMinds becomes aware of personal data such as the IP address, which helps trace the origin of the visitors and clicks.

Personal data such as access time, the location of access, and frequency of visits is stored. Each visit to our website results in this personal data, including the IP address of your internet connection, being transferred to the WiredMinds server. These personal data are stored by WiredMinds but not shared with third parties.

These processing activities occur only with your explicit consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

For further information and applicable privacy policies of WiredMinds, visit: WiredMinds Privacy.

12. Advertising

12.1 Google AdSense
We have integrated Google AdSense on this website. The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense relies on an algorithm that selects the advertisements displayed on third-party websites to match the content of each respective site. Google AdSense allows for interest-based targeting of internet users, which is implemented through the creation of individual user profiles.

The purpose of the Google AdSense component is to display advertisements on our website. Google AdSense sets a cookie on your IT system. By setting the cookie, Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is enabled to analyze the use of our website. Whenever one of the individual pages of this website, operated by us and where a Google AdSense component is integrated, is accessed, the internet browser on your IT system automatically transmits data to Alphabet Inc. for the purpose of online advertising and commission billing. In the course of this technical process, Alphabet Inc. becomes aware of personal data, such as your IP address, which Alphabet Inc. uses to track the origin of visitors and clicks and subsequently enable commission billing.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in webpages to allow log file recording and analysis, enabling statistical evaluations. Through the embedded tracking pixel, Alphabet Inc. can determine whether and when a webpage was opened by your IT system and which links you clicked. Tracking pixels are used, among other things, to evaluate the flow of visitors on a webpage.

Through Google AdSense, personal data and information, including the IP address, necessary for the collection and billing of displayed ads, are transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States. Alphabet Inc. may pass on this personal data collected through the technical process to third parties.

These processing operations only occur with the explicit consent as per Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data may take place without further guarantees or additional measures.

The privacy policy and further information on Google AdSense can be viewed at: https://www.google.de/intl/de/adsense/start/ and at https://www.google.com/policies/technologies/ads/

12.2 Google Ads with Conversion Tracking
We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads in Google’s search engine results as well as in the Google advertising network. Google Ads enables an advertiser to predefine certain keywords, by which an ad is displayed in the search engine results of Google only when a user retrieves a relevant search result. In the Google advertising network, ads are distributed across relevant websites using an automatic algorithm and taking the predefined keywords into account.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on third-party websites and in Google’s search engine results and displaying third-party advertising on our website.

If you arrive at our website via a Google ad, a so-called conversion cookie will be placed on your IT system by Google. A conversion cookie expires after thirty days and is not used to identify you. As long as the cookie has not expired, it tracks whether certain subpages, such as a shopping cart from an online shop system, have been accessed on our website. With the conversion cookie, both we and Google can track whether a user who has arrived at our website via an AdWords ad has generated a sale, i.e., made or canceled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These statistics are used by us to determine the total number of users who were referred to us through Ads ads, thus evaluating the success or failure of each Ads ad and optimizing our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could identify you.

The conversion cookie stores personal information, such as the websites you visit. Each time you visit our website, personal data, including the IP address of the internet connection you use, is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may pass on this personal data collected through the technical process to third parties.

These processing operations only occur with the explicit consent as per Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data may take place without further guarantees or additional measures.

The privacy policy and further information on Google AdSense can be viewed at: https://www.google.de/intl/de/policies/privacy/.

12.3 Google Ads with Enhanced Conversions
We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads is an internet advertising service that allows advertisers to place ads in Google’s search engine results as well as in the Google advertising network. The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on third-party websites and in Google’s search engine results and displaying third-party advertising on our website.

If you arrive at our website via a Google ad, a so-called conversion cookie will be placed on your IT system by Google. A conversion cookie expires after thirty days and is not used to identify you. As long as the cookie has not expired, it tracks whether certain subpages, such as a shopping cart from an online shop system, have been accessed on our website. With the conversion cookie, both we and Google can track whether a user who has arrived at our website via a Google Ads ad has generated a sale, i.e., made or canceled a purchase.

We use the enhanced conversions feature of Google Ads. For this, we transmit personal data collected by us, such as phone numbers or email addresses, to Google. These data are matched with event data from Google ads to capture more conversions.

Each time you visit our website, personal data, including the IP address of the internet connection you use, is transmitted to Google in the United States. Google may pass on this personal data collected through the technical process to third parties.

These processing operations only occur with the explicit consent as per Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data may take place without further guarantees or additional measures.

The privacy policy and further information on Google Ads can be viewed at: https://www.google.de/intl/de/policies/privacy/ or https://support.google.com/adspolicy/answer/9755941?hl=de&ref_topic=7012636&sjid=9061832235671554201-EU.

12.4 LinkedIn Ads
We have integrated LinkedIn Ads on this website. The operating company of the service is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

We use this service to advertise our company on the social network LinkedIn. To this end, LinkedIn sets a cookie in the browser of your device, which automatically enables interest-based advertising based on the pages you have visited.

These processing operations only occur with the explicit consent as per Art. 6 (1) lit. a) GDPR. Your data will be deleted as soon as they are no longer required for the purpose or if you revoke your consent.

In the context of processing via LinkedIn, data may be transferred to the USA and Singapore. This US company is certified under the EU-US Data Privacy Framework. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data may take place without further guarantees or additional measures. Furthermore, the security of the transfer is regularly ensured through standard contractual clauses, which guarantee that the processing of personal data meets a level of security that complies with the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, consent will be obtained from you as per Art. 49 (1) lit. a) GDPR.

For more information on LinkedIn’s privacy policy, visit: https://de.linkedin.com/legal/privacy-policy.

12.5 Microsoft Bing Ads
We have integrated Microsoft Bing Ads on this website. The operating company is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.

Bing Ads is an internet advertising service that allows advertisers to place ads in Bing’s search engine results as well as in the Bing advertising network. The purpose of Bing Ads is to promote our website by displaying interest-relevant advertising on third-party websites and in Bing’s search engine results and displaying third-party advertising on our website.

Through Microsoft Bing Ads conversion tracking, we and Microsoft can determine if users have performed specific actions. For example, we analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to generate conversion statistics. We receive the total number of users who clicked on our ads, as well as details of the actions taken. Personal identification data of users are not collected. Microsoft uses cookies or similar technologies for identification and recognition.

The following data may be processed, among others:

  • IP address (without permanent storage),
  • Browser details,
  • Visited URL,
  • Referrer URL (previously visited page),
  • Time of the server request,
  • User behavior.

These processing operations only occur with the explicit consent as per Art. 6 (1) lit. a) GDPR.

The data may be transferred to servers in the USA and stored there. Microsoft Corporation is certified under the EU-US Data Privacy Framework as a US company. Therefore, there is an adequacy decision pursuant to Art. 45 GDPR, so the transfer of personal data may take place without further guarantees or additional measures.

The privacy policy and further information on Microsoft Bing Ads can be viewed at: https://about.ads.microsoft.com/en-us/resources/policies/remarketing-in-paid-search-policies.

13. Partner and Affiliate Programs

13.1 DoubleClick
This website contains components from DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transmits data with each impression as well as with clicks or other activities to the DoubleClick server. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimize and display advertisements. The cookie is used, among other things, to serve user-relevant ads and display them, as well as to generate reports on advertising campaigns or improve them. Additionally, the cookie is used to avoid multiple displays of the same advertisement.

DoubleClick uses a cookie ID, which is necessary for the execution of the technical procedure. For example, the cookie ID is needed to display an advertisement in a browser. Through the cookie ID, DoubleClick can also track which advertisements have already been displayed in a browser to avoid duplicate ad appearances. Furthermore, DoubleClick can use the cookie ID to capture conversions.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already interacted.

With each visit to one of the individual pages of this website, which we operate and where a DoubleClick component is integrated, the browser on your IT system is automatically prompted by the respective DoubleClick component to transmit data for the purpose of online advertising and commission billing to Google. As part of this technical process, Google gains knowledge of data, which is also used to generate commission statements. Google can, among other things, track that you clicked on specific links on our website.

These processing activities occur exclusively upon granting explicit consent according to Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified as a U.S. company under the EU-US Data Privacy Framework. This is an adequacy decision according to Art. 45 GDPR, meaning that personal data may be transferred without additional guarantees or further measures.

You can view the privacy policies of DoubleClick by Google at: https://www.google.com/intl/de/policies/

14. Plugins and Other Services

14.1 Google Photos
We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for storing images embedded on our website.

Embedding refers to the integration of specific external content (text, video, or image data) provided by another website (Google Photos) and displayed on our own website (our web presence). To embed, a so-called embedding code is used. If we have integrated an embedding code, the external content from Google Photos will be displayed automatically as soon as one of our pages is visited.

Through the technical implementation of the embedding code, which enables the image display from Google Photos, your IP address will be transmitted to Google Photos. Additionally, Google Photos captures data such as our website, the browser type used, the browser language, the time and duration of access. Google Photos can also collect information about which of our subpages you visited and which links were clicked, as well as other interactions you performed while visiting our site. This data may be stored and analyzed by Google Photos.

These processing activities only occur with your explicit consent in accordance with Art. 6 (1) lit. a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

You can view the privacy policy of Google at: https://www.google.com/policies/privacy/.

14.2 Google Tag Manager
We use the Google Tag Manager service on this website. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows “website tags” (i.e., keywords embedded in HTML elements) to be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link, or personalized image you clicked and can identify which content of our website is of particular interest to you.

The tool also triggers other tags, which may collect data. Google Tag Manager does not access this data. If you deactivate it at the domain or cookie level, this will apply to all tracking tags implemented with Google Tag Manager.

These processing activities only occur with your explicit consent in accordance with Art. 6 (1) lit. a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

Further information about the Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

14.3 Google WebFonts
Our website uses so-called web fonts for a consistent display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing activities only occur with your explicit consent in accordance with Art. 6 (1) lit. a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

Further information about Google WebFonts and Google’s privacy policy can be found at: https://developers.google.com/fonts/faq; https://www.google.com/policies/privacy/.

14.4 HubSpot CRM System
We use the CRM software of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA (“HubSpot”).

HubSpot is a CRM solution for managing customer relationships and includes, among other things, the following features:

  • Deal management, lead management, and task management
  • Email tracking and notifications
  • Email templates and scheduling
  • Document sharing
  • Online booking system for appointments
  • Telephony solutions like automatic call recording and logging

All departments (including, for example, marketing, sales, customer service, and both online and offline retail) work collaboratively with the described software.

The provider of HubSpot will necessarily become aware of the above data as part of our data processing agreement (Art. 28 GDPR) with HubSpot. These may include names, addresses, email addresses, and phone numbers. Therefore, the processing of personal data also takes place in a third country (outside the EU and EEA).

If consent has been requested, processing will occur solely based on Art. 6 (1) lit. a) GDPR. The legal basis for using HubSpot in the context of contractual relationships is Art. 6 (1) lit. b) GDPR. In all other cases, the legal basis for processing your personal data is Art. 6 (1) lit. f) GDPR. Our interest here is in effectively coordinating internal and external communication and managing customer relationships.

To the extent that HubSpot processes personal data in connection with its own legitimate business activities, HubSpot is an independent data controller for such use and is responsible for complying with applicable laws and obligations of a data controller.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

You can view HubSpot’s privacy policy at: https://legal.hubspot.com/de/privacy-policy.

14.5 YouTube (Videos)
We have integrated components from YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on them for free. YouTube allows the publication of all kinds of videos, so complete films and TV shows, music videos, trailers, or user-created videos can be accessed via the portal. Each time one of the individual pages of our website, which we operate and where a YouTube component (YouTube video) is integrated, is visited, the browser on your IT system will automatically be prompted by the respective YouTube component to download the corresponding YouTube component from YouTube. Additionally, YouTube may load Google WebFonts, Google Video, and Google Photos services. More information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google will be informed about which specific page of our website you visit.

If you are logged into YouTube at the same time, YouTube will recognize which specific page of our website you visit when you access a page containing a YouTube video. This information is collected by YouTube and Google and associated with your YouTube account.

YouTube and Google will always receive information that you visited our website when you are logged into YouTube at the time of accessing our website, regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it by logging out of your YouTube account before visiting our website.

These processing activities only occur with your explicit consent in accordance with Art. 6 (1) lit. a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

You can view YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

14.6 YouTube Videos in Extended Privacy Mode (YouTube-NoCookies)

Some pages of our website contain links or connections to YouTube’s services. As a general rule, we are not responsible for the content of external websites. However, if you follow a link to YouTube, please note that YouTube will store user data (e.g., personal information, IP address) according to their own data usage policies and use it for business purposes.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We embed YouTube videos stored on YouTube directly on some pages of our website. In this embedding, parts of the browser window display content from the YouTube website. When you visit a page on our site where YouTube videos are embedded, a connection to YouTube’s servers is established, and the content is displayed on your browser.

The embedding of YouTube content is done only in “extended privacy mode.” This mode is provided by YouTube and ensures that YouTube does not store cookies on your device initially. However, when visiting the relevant pages, your IP address and possibly other data are transmitted, indicating which of our pages you have visited. This information cannot be linked to you unless you are logged in to YouTube or another Google service at the time of visiting the page. Once you start playing an embedded video by clicking on it, YouTube will store cookies on your device in the extended privacy mode, which do not contain personally identifiable data, unless you are currently logged into a Google service. These cookies can be prevented through corresponding browser settings and extensions.

The request for the video constitutes your consent to the placement of the corresponding cookie (Art. 6 (1) S. 1 lit. a) GDPR).

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR is in place, allowing the transfer of personal data without additional guarantees or measures.

You can view YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

15. Your rights as a data subject

15.1 Right to Confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.

15.2 Right of Access Art. 15 GDPR
You have the right to obtain, free of charge, information about the personal data stored about you, as well as a copy of this data, in accordance with the statutory provisions.

15.3 Right to Rectification Art. 16 GDPR
You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right, considering the purposes of processing, to request the completion of incomplete personal data.

15.4 Right to Erasure Art. 17 GDPR
You have the right to request that personal data concerning you be erased immediately, provided one of the legally specified grounds applies and the processing or storage is not required.

15.5 Right to Restriction of Processing Art. 18 GDPR
You have the right to request the restriction of processing by us if one of the legal conditions is met.

15.6 Right to Data Portability Art. 20 GDPR
You have the right to receive personal data concerning you that has been provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, the controller to whom the personal data was provided, provided the processing is based on consent under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract under Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability under Art. 20 (1) GDPR, you have the right to request that personal data be transmitted directly from one controller to another, where technically feasible, and provided this does not affect the rights and freedoms of other persons.

15.7 Right to Object Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is carried out based on Art. 6 (1) (e) (processing in the public interest) or (f) (processing based on balancing of interests) GDPR.

This also applies to profiling based on these provisions in the sense of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims.

In certain cases, we process personal data for direct marketing purposes. You may object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Additionally, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, irrespective of Directive 2002/58/EC, through automated procedures involving technical specifications.

15.8 Withdrawal of Consent for Data Processing
You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

15.9 Complaint to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

16. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose, or if required by the legal regulations to which our company is subject.

If the storage purpose no longer applies or a statutory retention period expires, the personal data will be routinely blocked or deleted in accordance with the legal requirements.

17. Duration of Storage of Personal Data

The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period expires, the corresponding data will be routinely deleted, provided it is no longer required for contract fulfillment or the initiation of a contract.

18. Currency and Changes to the Privacy Policy

This privacy policy is currently valid and has the status: January 2025.

Due to the further development of our websites and services or due to changed legal or regulatory requirements, it may be necessary to modify this privacy policy. The current privacy policy can be accessed and printed at any time on the website at “https://www.rose-systemtechnik.com/datenschutz/“.

This privacy policy was created with the support of the data protection software: audatis MANAGER.