Privacy

Privacy Policy

1. Privacy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to identify you personally. For detailed information on data protection, please refer to our Privacy Policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the ‘Information on the controller’ section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website via our IT systems. This consists primarily of technical data (e.g. web browser, operating system or time of page view). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data provided is also used to process contractual offers, orders or other enquiries.

What rights do you have regarding your data?

You have the right at any time to obtain information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time regarding this matter or any further questions on the subject of data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics programmes.

Detailed information on these analytics programmes can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact enquiries, meta and communication data, contractual data, contact details, names, website visits and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly and efficiently through a professional provider (Art. 6(1)(f) GDPR) . Where relevant consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfil their service obligations and will follow our instructions regarding this data.

We use the following hosting provider(s):

iWelt GmbH + Co. KG | Mainparkring 4 | 97246 Eibelstadt | Germany

Data processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory notices

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e. e.g. when communicating by email) may have security vulnerabilities. It is not possible to provide complete protection of data against access by third parties.

Information on the data controller

The data controller responsible for data processing on this website is: R O M M E L S B A C H E R ElektroHausgeräte GmbH

Rudolf-Schmidt-Straße 18 | 91550 Dinkelsbühl | Germany

Telephone: +49(9851)5758-0
Email: info@rommelsbacher.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Retention period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased, provided we have no other legally permissible grounds for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place once these grounds no longer apply.

General information on the legal bases for data processing on this website

Where you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data are processed in accordance with Article 9(1) of the GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) of the TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR. Information on the relevant legal bases in each individual case is provided in the following sections of this privacy policy.

Data Protection Officer

We have appointed a Data Protection Officer. Datenschutzdoktor GmbH
Gervinusstraße 31 | 90491 Nuremberg | Germany

Telephone: +49 911 13349912
Email: datenschutz@rommelsbacher.de

Recipients of personal data

As part of our business activities, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(e) OR (f) OF THE GDPR, YOU HAVE YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED, CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT,

WE WILL NO LONGER PROCESS YOUR PERSONAL DATA IN QUESTION, UNLESS WE CAN demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (objection OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

Access, rectification and erasure

Within the framework of the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to rectify or erase this data. You may contact us at any time regarding this matter or any further questions concerning personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored by us, we generally require time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.

If we no longer require your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it has been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the purpose of asserting, defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from
“http://” to “https://” and by the padlock symbol in your browser bar.

When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

Objection to promotional emails

We hereby object to the use of contact details published in accordance with the legal notice requirement for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example via spam emails.

4. Data collection on this website

Cookies

Our website uses so-called ‘cookies’. Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide specific functions requested by you (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring website traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of its services. Where consent has been sought for the storage of cookies and comparable recognition technologies, processing takes place exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG) ; consent may be withdrawn at any time.

You can configure your browser to be informed when cookies are set and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version Operating system used Referrer URL
Hostname of the accessing computer Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data contained therein (name, enquiry), will be stored and processed by us for the purpose of handling your request. We will not pass on this data without your consent.

The processing of this data is based on Article 6(1)(b) b GDPR, provided your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) where this has been requested; consent may be withdrawn at any time.

The data you send to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsApp

We use, amongst other things, the instant messaging service WhatsApp to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (e.g. sender, recipient and time) . We would also like to point out that, according to its own statement, WhatsApp shares its users’ personal data with its US-based parent company, Meta.

Further details on data processing can be found in WhatsApp’s Privacy Policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating with customers, prospective customers and other business and contractual partners (Art. 6(1)(f) GDPR). Where consent has been requested, data processing takes place exclusively on the basis of that consent; this consent may be withdrawn at any time with future effect.

The content of communications exchanged between you and us on WhatsApp will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed) . Mandatory legal provisions – in particular retention periods – remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/7735.

We use the “WhatsApp Business” version of WhatsApp.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses.

Details can be found here:

https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have configured our WhatsApp accounts so that there is no automatic data synchronisation with the address book on the smartphones in use.

We have entered into a data processing agreement (DPA) with the aforementioned provider.

Brevo Chat

We use Brevo Chat (hereinafter: “Brevo Chat”) to process user enquiries via chat. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

When using Brevo Chat, cookies and other recognition technologies (e.g. IDs) are used. This enables us to recognise you on your next visit and assign your previous chat history to you.

Messages sent to us are retained until you request their deletion or the purpose for data storage no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

The use of Brevo Chat is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in processing your enquiries as quickly, reliably and efficiently as possible. Where consent has been sought, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Further information is available in Brevo’s privacy policy: https://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Comment function on this website

For the comment function on this site, in addition to your comment, details of the time the comment was posted, your email address and, if you are not posting anonymously, the username you have chosen are stored.

Storage of IP addresses

Our comment function stores the IP addresses of users who post comments. As we do not review comments on this website before they are published, we require this data to be able to take action against the author in the event of legal violations such as insults or propaganda.

Retention period for comments

The comments and associated data are stored and remain on this website until the content to which the comment relates has been completely deleted or the comments must be deleted for legal reasons (e.g. offensive comments).

Legal basis

Comments are stored on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time. To do so, simply send us an informal email. The lawfulness of any data processing operations already carried out remains unaffected by the withdrawal.

5. Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It serves solely to manage and deliver the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been obtained, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s origin. This data is aggregated into a user ID and assigned to the website visitor’s respective device.

Furthermore, with Google Analytics we can, amongst other things, record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

Google Analytics IP anonymisation is enabled. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website , to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, amongst other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data may be used for personalised advertising via Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on our users’ behaviour.

Data processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-commerce Tracking

This website uses the ‘E-commerce Tracking’ feature of Google Analytics. With the help of E-commerce Tracking, the website operator can analyse the purchasing behaviour of website visitors to improve their online marketing campaigns. This involves collecting information such as

orders placed, average order values, delivery costs and the time taken from viewing to purchasing a product. This data may be aggregated by Google under a transaction ID assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6(1) 1(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the “EU-US Data Privacy Framework” (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework. gov/participant/5780.

Google AdSense (non-personalised)

This website uses Google AdSense, a service for displaying advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in “non-personalised” mode. Unlike in personalised mode, the advertisements are therefore not based on your previous user behaviour and no user profile is created for you. Instead, so-called “contextual information” is used when selecting the advertisements. The selected advertisements are then based, for example, on your location, the content of the website you are visiting, or your current search terms. You can find out more about the differences between personalised and non-personalised targeting with Google AdSense at:

https://support.google.com/adsense/answer/9007336.

Please note that even when using Google AdSense in non-personalised mode, cookies or similar recognition technologies (e.g. device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.

Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in:

https://adssettings.google.com/authenticated.

Further information on Google’s advertising technologies can be found here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/ .

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing enables us to assign individuals who interact with our online offering to specific target groups, so that we can subsequently display interest-based advertising to them within the Google advertising network (remarketing or retargeting) .

Furthermore, the advertising target groups created using Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages, which have been tailored to you based on your previous usage and browsing behaviour on one device (e.g. mobile phone), can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can opt out of personalised advertising via the following link:

https://adssettings.google.com/anonymous?hl=de.

Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Further information and the privacy policy can be found in Google’s privacy policy at:

https://policies.google.com/technologies/ads?hl=de.

Target group creation using customer matching

For target group creation, we use, among other things, customer matching from Google Ads Remarketing. In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, relevant advertising messages will be displayed to them within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether the user has carried out specific actions. For example, we can analyse which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to generate conversion statistics. We are informed of the total number of users who have clicked on our adverts and the actions they have taken. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Further information on Google Conversion Tracking can be found in Google’s privacy policy:

https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

6. Newsletter

Newsletter data

If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use newsletter service providers, described below, to manage the newsletter.

Brevo

This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used, amongst other things, to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on the servers of Sendinblue GmbH in Germany.

Data analysis by Brevo

With the help of Brevo, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, amongst other things, which links have been clicked particularly often.

Furthermore, we can identify whether certain predefined actions were carried out after opening or clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Brevo also enables us to categorise newsletter recipients into different groups (‘clustering’). Newsletter recipients can be categorised, for example, by age, gender or place of residence. This allows us to better tailor the newsletters to the respective target groups.

If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For detailed information on Brevo’s functions, please refer to the following link: https://www.brevo.com/de/newsletter-software/.

Legal basis

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

Retention period

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list once you have unsubscribed. Data stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist, if necessary, provided this is required to prevent future mailings. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). There is no time limit on storage in the blacklist. You may object to this storage provided that your interests override our legitimate interest.

For further details, please refer to Brevo’s privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

Data Processing

7. Plugins and Tools

YouTube with enhanced privacy settings

This website embeds videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites where YouTube is embedded, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalise your browsing experience on YouTube. Adverts displayed in enhanced privacy mode are also not personalised. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data in a similar way to cookies and can be used for recognition purposes. Details on enhanced privacy mode can be found here:

https://support.google.com/youtube/answer/171780.

Where applicable, further data processing operations may be triggered after a YouTube video is activated, over which we have no influence.

The use of YouTube is in the interest of presenting our online offers. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Fonts (local hosting)

This site uses so-called Google Fonts, provided by Google, to ensure a consistent font display. The Google Fonts are installed locally. No connection to Google’s servers is established in the process.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Font Awesome (local hosting)

This site uses Font Awesome to ensure consistent font display. Font Awesome is installed locally. No connection is established with servers operated by Fonticons, Inc.

Further information on Font Awesome can be found in the privacy policy for Font Awesome at: https://fontawesome.com/privacy.

Zendesk

We use the Zendesk CRM system to process user enquiries. The provider is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA.

We use Zendesk to process your enquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

You can submit enquiries by providing only your email address and without giving your name.

Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding internal company rules that legitimise the internal transfer of data to third countries outside the EU and the EEA.

Details can be found here:

https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.

If you do not agree to us processing your enquiry via Zendesk, you may alternatively contact us by email, telephone or fax.

Further information is available in Zendesk’s privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

Data processing

8. Online marketing and affiliate programmes

Affiliate programmes on this website

We participate in affiliate programmes. In affiliate programmes, advertisements from a company are placed on websites or other media belonging to other companies within the affiliate network. If you click on one of these affiliate advertisements, you will be redirected to the advertised offer. Should you subsequently carry out a specific transaction (conversion), the affiliate and, where applicable, the owner of the medium on which the advertisement was placed receive remuneration for this. To calculate this remuneration, it is necessary for the affiliate network operator to be able to track which advertisement led you to the respective offer and prompted you to carry out the predefined transaction. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.

The storage and analysis of the data is carried out on the basis of Article 6(1)(f) of the GDPR. Participants in the affiliate programme have a legitimate interest in the correct calculation of the affiliate

remuneration. Where consent has been obtained, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

We participate in the following affiliate programmes:

Amazon Associates Programme

The provider is Amazon Europe Core S.à.r.l. For details, please refer to Amazon’s privacy policy at:

https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Use of Commerce Connector

We use the software-based service “Commerce Connector Buy Now online” (formerly Commerce Connector Online) from Commerce Connector GmbH on our website. We use this to show you on our website which online retailers sell a particular product. The list of online retailers selling the product you selected on the initial page is provided by our software-based service Commerce Connector Buy Now online.

Collection of personal data

When you click the “Go to Shop” button or the shop logo of the relevant online retailer, you will be redirected to the website of that online retailer and directly to the product you are interested in. In addition, the data mentioned under 4. b) (Use of Cookies) of this policy. Cookies are used here for so-called ‘sales tracking’, which enables Commerce Connector GmbH to receive information about your purchase from the online retailer. According to Commerce Connector GmbH’s own statements, it can use the cookies set to recognise that you have arrived at the online retailer’s site from our website . Furthermore, Commerce Connector GmbH receives information about your purchase from the online retailer when the order confirmation page is displayed to you. According to its own statements, however, it does not receive any information that could be used to identify you (except for the unique cookie number). Commerce Connector GmbH uses the purchase information obtained to compile anonymised sales statistics regarding our products that you have purchased online via the link to our software-based service, Commerce Connector Buy Now. The cookie stores only technical identifiers and no data that could be used to directly or even indirectly identify the user. Commerce Connector GmbH then makes this information available to us.

Option to withdraw consent

If you wish to disable Commerce Connector’s sales tracking in your current browser, you may withdraw your consent under 4. b) cc) (Specific cookies used) of this statement. We will then set a cookie in your browser to ensure that you are excluded from Commerce Connector sales tracking in future. Please repeat the process if you clear your browser cache, as this will also deactivate the opt-out for Commerce Connector sales tracking.

Further information

Further information on the purpose and scope of data collection and its processing by Commerce Connector GmbH can be found in the privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: https://www.commerce-connector.com/web/de/privacy-policy/.

9. e-commerce and payment providers

Processing of customer and contract data

We collect, process and use personal customer and contract data for the establishment, content and modification of our contractual relationships. We collect, process and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it.

The legal basis for this is Art. 6(1)(b) GDPR.

The customer data collected will be deleted upon completion of the order or termination of the business relationship and expiry of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon conclusion of a contract for online shops, retailers and goods dispatch

When you order goods from us, we pass on your personal data to the transport company entrusted with the delivery and to the payment service provider responsible for payment processing. Only data required by the respective service provider to fulfil its task will be disclosed. The legal basis for this is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you have given your consent in accordance with Article 6(1)(a) a GDPR, we will pass on your email address to the transport company responsible for delivery so that it can inform you by email about the dispatch status of your order; you may withdraw your consent at any time.

Data transfer upon conclusion of a contract for services and digital content

We only transfer personal data to third parties where this is necessary for the performance of the contract, for example to the bank responsible for payment processing.

No further transfer of data takes place, or only if you have expressly consented to such transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment services

We integrate third-party payment services into our website. When you make a purchase from us, your payment details (e.g. name, payment amount, bank account details, credit card number) are processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the relevant providers. The use of payment service providers is based on Article 6(1)(b) of the GDPR (performance of a contract) and in the interest of ensuring a payment process that is as smooth, convenient and secure as possible (Article 6(1)(f) GDPR). Where your consent is sought for specific actions, Article 6(1)(a) GDPR forms the legal basis for data processing; consent may be withdrawn at any time with future effect.

We use the following payment services / payment service providers on this website:

Data transfer to payment service providers, credit checks and scoring

PayPal (including PayPal PLUS)

For payment processing, we have integrated the services of the online payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). The technical infrastructure of this service enables us to offer various payment methods (e.g. payment by credit card, direct debit, PayPal), even if the buyer does not have a PayPal account. Payments can therefore be made with or without a PayPal account, e.g. by credit card or direct debit.

If you select a payment method processed via PayPal (credit card, direct debit, PayPal) during the ordering process, the data required for payment processing (e.g. name, address, email, IP address, payment details, and other data required for payment processing) will be transmitted to PayPal – even in the case of credit card payments made without a PayPal account. Data processing serves the purposes of payment processing, fraud prevention and, where applicable, credit checks in accordance with Article 6(1)(b) of the GDPR (performance of a contract) and, where applicable, Article 6(1)(f) of the GDPR (legitimate interest in secure payment processing).

PayPal may pass on the data to credit reference agencies (e.g. Schufa, CRIF Bürgel) as well as to affiliated companies and service providers, insofar as this is necessary for the performance of the contract or order processing. In doing so, PayPal acts as an independent controller within the meaning of the GDPR.

Further information on data processing can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

By selecting a PayPal payment method, you consent to the necessary data transfer. You may withdraw your consent from PayPal at any time; however, this does not affect the data processing required for payment processing.

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Please refer to PayPal’s privacy policy for further details: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Payment methods without data transfer to PayPal

With the “prepayment” payment method, payment processing does not take place via the PayPal platform, but directly with our company. In this case, no personal data is transferred to PayPal.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. The transfer of data to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a safe third country under data protection law. This means that the United Kingdom has a level of data protection equivalent to that in the European Union.

VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu- zustandigkeitsfragen-fur-den-ewr.html.

For further information, please refer to VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

10. Audio and video conferences

Data processing

We use online conferencing tools, amongst other means, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the relevant conferencing tool.

The conference tools collect all data that you provide or use to access the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants and other

“contextual information” relating to the communication process (metadata).

Furthermore, the tool provider processes all technical data required to facilitate the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the tool providers’ servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared whilst using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the respective tools, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Where consent has been requested, the use of the relevant tools is based on this consent; consent may be withdrawn at any time with effect for the future.

Retention period

The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request us to delete it, withdraw your consent to storage, or the purpose for data storage ceases to apply. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the storage period of your data stored by the operators of the conference tools for their own purposes. For further details, please contact the operators of the conference tools.

Conference tools used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams privacy policy:

https://privacy.microsoft.com/de-de/privacystatement.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/6474.

Data Processing

We have concluded a data processing agreement (DPO) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

11. Our own services

Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g. by email, post or via the online application form). Below, we provide information on the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.

Scope and purpose of data collection

When you submit an application to us, we process your associated personal data (e.g. contact and communication details, application documents, notes taken during interviews, etc.), to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) under German law (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation) and – provided you have given your consent – Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time. Your personal data will be shared within our company exclusively with those persons involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the Federal Data Protection Act (BDSG) and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.

Data retention period

If we are unable to offer you a position, you decline a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application).

The data will then be deleted and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for continued retention no longer applies.

Longer retention may also take place if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Product registration

You can register some of the Rommelsbacher products or appliances you have purchased on our website to benefit from additional services. For example, if you register correctly via our online registration form, we will send you free gifts or grant you an extended warranty. To register a product, you must either be an existing registered user or register via the form. A further requirement for product registration is the upload of the proof of purchase, to ensure that no additional service has already been provided for this purchase. We provide an upload function for this purpose. We will delete the data collected once storage is no longer necessary, or restrict its processing if statutory retention obligations apply.

Collection of personal data

As part of the registration process, we collect the following personal data from you:

• Name
• Address (street, postcode, town, country)
• Photograph showing the proof of purchase
• Place of purchase
• Date of purchase
• Email address

Purposes

The collection of the above-mentioned personal data is carried out for the purpose of fulfilling a contract (in particular a gift contract) and takes place at your request.

Legal basis

The legal basis for the collection of your personal data is Article 6(1)(b) of the GDPR.

12. Validity and amendments to this privacy policy

This privacy policy is currently valid. Due to the further development of our website and the services offered on it, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. You can access the current version of the privacy policy at any time on the website at https://www.rommelsbacher.de/de/datenschutz.html.

Date: June 2025