The protection of your personal data is important to Röhlig. We always treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
This statement discloses how Röhlig uses personal data on the Internet, what information about users of Röhlig Web sites is collected, and how that information is used, disclosed or otherwise processed.
This declaration also applies to the websites of affiliated companies of the Röhlig Group that refer to this declaration. It does not apply to the websites of the Röhlig Group's cooperation partners mentioned on this website.
I. Name and address of the person responsible
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
Röhlig Logistics GmbH & Co. KG. ("Röhlig")
Am Weser-Terminal 8
Tel: +49 (0) 421 3031-0
II. Address of the Data Protection Officer
Our data protection officer can be reached at the following contact details:
Röhlig Logistics GmbH & Co. KG
- Data Protection Officer -
Am Weser-Terminal 8
III. General information on data processing
1. The scope of the processing of personal data
2. With whom do we share your personal information?
Within our group, all affiliated companies are obliged to sign up to our internal group data protection agreement, which ensures the level of data protection of the GDPR applicable in the European Union for all parties involved. As part of this agreement, each party appoints a data controller and informs the group management of their name and contact details. The group parent company Röhlig Logistics GmbH & Co. KG assumes the task of a central complaints office. In all cases, please contact the data protection officer of Röhlig Logistics GmbH & Co. KG mentioned in section I. If you have contacted another affiliated company of the Röhlig Group in order to exercise your rights as a data subject, in particular for information or correction and deletion of your personal data, the respective company is obliged to forward this request to the group parent company without delay and to provide all necessary information from its sphere of activity without delay.
We disclose your personal information to these parties and other third parties only as necessary to provide services you have requested or authorized, to protect your and our rights, property, or safety, or as required by applicable law, court order, or other governmental regulation, or when such disclosure is otherwise necessary to assist in a legal or criminal investigation or proceeding.
Please note that Röhlig Group companies, as well as government agencies, customers and suppliers to whom we may disclose your personal data, may be located outside your home country, possibly including in countries whose data protection laws may differ from those in the country where you are located. In such cases, we will ensure that appropriate measures are taken to protect your personal data by putting in place appropriate legal mechanisms, such as our internal Group data protection agreement and, in the case of commissioned data processing by third parties, the use of EU standard contractual clauses. A copy of the EU Standard Contractual Clauses can be found at:http://data.europa.eu/eli/dec_impl/2021/914/oj.
3. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
4. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
5. Access to your personal data by third parties
The collection, processing and use of personal data is carried out by ourselves and - insofar as we have not expressly excluded this - also by other companies of the Röhlig Group (group companies) or external service providers commissioned by us and contractually and legally obligated to data protection. In the latter two cases, we will ensure that group companies and external service providers comply with the relevant legal data protection regulations and the obligations arising from this data protection declaration. In this regard, we are guided by the legal requirements of the EU General Data Protection Regulation, unless stricter legal requirements are applicable and must be observed with priority.
Furthermore, no third party has access to your personal data. We will not sell or otherwise exploit this data. We will only transmit data to competent bodies in response to official or legal requirements and in the event of statutory transmission obligations. This also applies in the case of a court order for transmission. In the event of an official, legal or judicial obligation to transfer data, we will examine in each individual case whether the transfer is in accordance with the principles of the EU General Data Protection Regulation and / or the applicable national law and, if necessary, take legal action.
We have taken technical and organizational measures to protect your personal data against loss, alteration, theft or access by unauthorized third parties. Our IT systems are designed in such a way that Röhlig Logistics GmbH & Co. KG complies with the requirements of Art. 32 et seq. of the EU General Data Protection Regulation.
7. Deletion and blocking
We will delete your personal data if the business purpose associated with the data has ceased to exist or the relevant statutory data protection rules require this. In the case of consent, we will delete your data after revocation or discontinuation of the purpose of consent.
At your request, we will block personal data in whole or in part, provided that this does not violate an overriding legal interest of Röhlig Logistics GmbH & Co KG in the processing. For this purpose, please inform us to what extent and for how long the blocking should take place. As far as technically possible, you can exclude the processing and use of your data for certain areas in this way.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the type of browser and the version used
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time of access
- Websites accessed by the user's system via our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in the data processing according to Art. 6 (1) (f) GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
a) Description and scope of data processing
In addition to the previously mentioned data, cookies are used when you use and visit our website. Cookies are small text files that are placed on your terminal device by your browser to store certain information. When a user accesses a website, a cookie may be stored on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The following data can be transmitted in this way:
Entered search terms
Use of website functions
The user data collected in this way is pseudonymised by technical precautions. Therefore, an assignment of the data to the call the user is no longer possible. The data is not stored together with other personal data of the users.
We distinguish the following cookies when using our website:
These cookies are necessary to operate the site and temporarily store session data so that the page is displayed correctly. They contain functions without which users cannot use our pages as intended.
We use a solution from Usercentrics GmbH to analyse and evaluate the use of our website. The aim is to design our website so that it is optimally adapted to your needs. We would like to improve both the user-friendliness and the quality of our web offer and present the products and information that are of interest to you in a customer-friendly manner. In addition, the Usercentrics GmbH solution is used to find and eliminate errors, to prevent misuse of the website, to prevent outages. Furthermore, we carry out sporadic improvement measures of pages, such as AB testing or by offering certain hints to our website functions, cookies are also set here in order to be able to anonymously identify returning users. Occasionally, we carry out additional measurements which record the click behaviour or mouse movements of individual users on a random and anonymous basis.
However, this is done anonymously, as the data collected in this way is anonymised by technical precautions. An allocation of the data to the calling user is then no longer possible. The legal basis for the use of these technical means is Art. 6 (1) (f) GDPR. This is also our legitimate interest in the processing of personal data according to Art. 6 (1) (f) GDPR.
Furthermore, you can object to the use of performance cookies at any time by adjusting your cookie settings accordingly.
We use marketing cookies to monitor the success of our marketing campaigns. Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertisements for the user. We use the following marketing cookies:
• Conversion Linker
• DoubleClick Ad
• Google AdServices
• Google Remarketing
• Google Analytics
• Google Analytics 4
• Google Syndikation
• LinkedIn Insight Tags
• LinkedIn Plugins
We use other third-party cookies, for example, to link our site to social networks such as LinkedIn and allow visitors to our site to share directly through LinkedIn.
b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has given his consent in this regard.
(c) The purpose of the data processing
The user data collected through technically necessary cookies are not used to create user profiles.
The use of the analysis cookies (performance cookies, marketing cookies and third-party cookies) is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. They may also be used for the purpose of profiling your interests and displaying relevant advertising on other websites.
d) Duration of storage, possibility of objection and elimination
VI. Contact form and e-mail contact
1. Description and scope of data processing
On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
- First Name
- Last Name
- E-Mail/ Subject
For the processing of data, reference is made to this data protection declaration in the context of the sending process.
If contact is offered via an e-mail address provided, the user's personal data transmitted with the e-mail will be stored in this case.
The data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
3. Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The processing of your data for purposes other than those mentioned (e.g., for advertising purposes) will only take place with your express consent.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as the user revokes his consent or the data is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5. Possibility of objection and elimination
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VII. Data processing for applications and in the procedure
We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail or via a web form on the website.
2. The purpose of the data processing
The processing of personal data in the context of application procedures serves the purpose of targeted application for one or more vacancies in the as well as the implementation of the application procedure.
3. Legal basis for data processing
The legal basis for the storage of your profile for the purpose of applying for a specific position and for the transmission of your profile to the respective advertising group company is Art. 6 (1) (a) GDPR.
4. Duration of the storage of your data
If an employment contract is concluded, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents are automatically deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Our website may contain hyperlinks, i.e., electronic cross-references, to third-party websites. Since we are not responsible for the contents and the legal conformity with data protection law of the websites of third parties, we ask you to observe the respective data protection declaration on the websites of third parties.
We use the following plugins on our website:
1. Social media
There are links to (external) social media ("social plugins") on our website. The functions assigned to the links, in particular the transmission of information and user data, are not already activated by visiting our website, but only by clicking on the links. After clicking on these links, the plugins of the corresponding media are activated, and your browser establishes a direct connection with their servers.
If you click on links while visiting our website, your user data may be transmitted to the corresponding network and processed by the network. If you click on the links while visiting our website and are logged in to the social network via your personal user account (account) at the same time, the information that you have visited our website may be forwarded to the social network and stored there in connection with your account. To prevent an assignment to your account with the corresponding network, you must log out of your account before clicking on the link.
For the purpose and scope of data collection by the social media and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the relevant network. The respective social network is solely responsible for the data processing that starts when you click on the link.
With regard to the details, we would like to refer you to the information on the social media currently used by us.
Social plugins ("plugins") of the social media ("networks") Xing and LinkedIn as well as YouTube are used on our website.
These services are offered by the companies Xing AG, LinkedIn Inc. and YouTube Inc. ("providers"). The social plugins are cookies in the sense of the text files shown under 5.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behaviour evaluated.
The use of the XING plugin is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.
By integrating the plugins and activating them, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) may be transmitted by your browser directly to a server of the respective provider and processed there. The providers Facebook, LinkedIn and Instagram process personal data, according to the providers, of users from EU/EEA countries within the EU. Data of users residing in a country outside the EU/EEA may be processed in the USA or another third country. Should the data within these providers be transmitted from servers within the EU/EEA to servers outside the EU/EEA, Röhlig Logistics GmbH & Co KG has no legal or technical influence on this.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this respect and setting options for protecting your privacy can be found in the data protection information of the providers.
If you do not want Xing, LinkedIn or YouTube to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before visiting our website.
LinkedIn Insight Tag
The LinkedIn Insight tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views. This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personally identifiable information with us, only providing aggregate reports on website audience and ad performance. LinkedIn also provides retargeting for website visitors, so we can use this data to display targeted ads outside of our website without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
a) Purpose of data processing
The LinkedIn Insight tag is used for the purpose of providing detailed campaign reporting and to gain information about our website visitors for our advertising and marketing interests. As a client of LinkedIn Marketing Solutions, we use the LinkedIn Insight tag to track conversions, retarget our website visitors and gain additional information about LinkedIn members viewing our advertisements.
Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's privacy notices. LinkedIn provides this information at https://www.linkedin.com/legal/privacy-policy.
b) Legal basis for data processing
The legal basis for the processing of personal data is Article 6 (1) (f) GDPR, i.e., a legitimate interest on our part. Our legitimate interest here lies in the above-mentioned purposes.
c) Duration of storage
The data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days.
However, as a user you can also decide yourself at any time about the execution of the Java Script code required for the tool via your browser settings. By changing the settings in your internet browser, you can deactivate or restrict the execution of Java-Script and thus also prevent its storage. Note: If the execution of Java-Script is deactivated, it is possible that not all functions of the website can be fully used.
d) Option to object and remove / Opt-Out
If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored at LinkedIn, you must log out of LinkedIn before visiting our website.
You can prevent the execution of the Java Script code required for the tool by adjusting your browser software accordingly.
You can also stop further tracking by LinkedIn by using an opt-out provided by ourselves. At the bottom of this page, you can edit your cookie setting.
LinkedIn is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA. An overview of the LinkedIn plugins and their appearance can be found here: https://www.linkedin.com/legal/cookie-policy
2. Google Tag manager
We use Google Tag Manager on our website. This is a web analytics service operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data.
Google Tag Manager is a tool that allows website tags to be managed through one interface. It is a cookie-less domain that does not collect any personal data. It triggers other tags that may collect data, but it does not access that data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
3. Google Analytics
We use Google Analytics to analyse website usage. The data obtained from this is in turn used to optimise our website and advertising measures.
Google Analytics is a web analytics service provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data.
During your visit to the website, the following data is recorded, among other things:
- Pages accessed
- The achievement of "website goals" (e.g., contact requests)
- Your behaviour on the pages (e.g., clicks, scrolling behaviour, dwell time)
- Your approximate location (country and city)
- Your IP address (in shortened form, so that no clear assignment is possible)
- Technical information such as browser, Internet provider, terminal device and screen resolution
- Source of origin of your visit (i.e., via which website or advertising medium you came to us)
This data is transferred to a Google server in the USA.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID, with which you can be recognized on future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles.
If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analyticsor by rejecting cookies via our cookie settings dialog.
4. Google remarketing
We also use the remarketing function of Google. This service is also operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data. This allows us to serve you personalised advertising on suitable advertising spaces on other websites based on what interests you have shown on our website. This possibility is limited to a maximum of 18 months.
3. Google DoubleClick
In addition, we use DoubleClick.
- that and how they use Google DoubleClick,
- how third parties - e.g., Google - can play out advertisements,
- how they use DoubleClick cookies toserve ads based on past visits; and
Röhlig booking portal "Get A Quote" / "My Röhlig
1. Description and scope of data processing
On our booking portal, we offer users of our website the possibility of creating a customer account and using it to initiate, conclude, process and manage fee-based contracts for logistics services with the companies of the Röhlig Group. For this purpose, your consent is obtained, and reference is made to this data protection declaration. The data is entered by the user in an input mask, transmitted to us and stored. The data is passed on in accordance with the conditions described under III. 4. of this data protection declaration. Access by third parties is possible in accordance with the specifications outlined under III. 6 of this data protection declaration.
The following contact data is collected during registration: E-mail address, first and last name, company name, company address, telephone number, fax number. Within the scope of the use of the booking portal, the data of the contract initiation, i.e., the selection of the forwarding services (e.g., goods, place of loading/delivery, delivery time), are stored and processed. These are entered by the user himself. If a contract is then concluded for the provision of transport and logistics services, Section III 4. of this data protection declaration applies.
Automatic decision-making including profiling does not take place in this context.
You can contact us via the provided chat tool. If you do so, data will be collected, stored and processed in order to answer your input. Please note that when contacting us in this way, you voluntarily provide the data you enter, e.g., your name, E-Mail address and message.
This data is stored by our service provider,https://onereach.ai/, on AWS servers in Germany. All data and communication via the chat tool is encrypted. A processing contract has been concluded with the provider.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. If the registration serves the fulfilment of a contract, of which the user is a contracting party, or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
3. Purpose of the data processing
Registration is required for viewing and using the booking portal. Data entered by users is primarily stored and processed for the technical administration of the booking portal and processing of contacts and customer enquiries. In addition, the processing takes place for the creation of statistics, for needs-based advertising and for purposes of quality assurance, process optimization and planning security.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The customer account on the booking portal can be terminated by the user concerned at any time. Until then, the relevant data will be stored without time limit so that the user can access it at any time (e.g., the order history).
5. Possibility of objection and elimination
As a user, you have the option to cancel the registration and thus delete the customer account at any time. A view and/or use of the booking portal is then no longer possible.
You can view and change the data stored about you at any time using your e-mail address and your self-selected password.
Data relating to specific orders will be blocked if the customer account is deleted after the order has been processed (expiry of the warranty period) and deleted after the statutory retention periods have expired.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights listed below vis-à-vis the controller.
1. Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If there is such processing, you can request information from the controller about the following:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for the determination of the storage duration;
- the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You may request the controller to delete the personal data concerning you without delay, and the controller is obliged to delete such data without delay, if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- Personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1), it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
The right to erasure does not exist insofar as the processing is necessary:
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
- for the assertion, exercise or defence of legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:
- the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
- the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1) (e) or (f) GDPR.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for the conclusion or performance of a contract between you and the controller,
- is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
- with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, including at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
X. Notification of data protection incidents
Data protection incidents can be reported at any time at firstname.lastname@example.org.
A data protection incident means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed by Röhlig or a third party contracted by Röhlig.
XI. Further data processing
As a matter of principle, we collect and process personal data only insofar as this is necessary for the provision of our services and our activities. After the contractual obligations have been fulfilled, we process this data only after consent has been given. An exception applies in those cases in which it is not possible to obtain consent in advance for actual reasons or the processing of the data is permitted by legal regulations.
In the case of consent, Art. 6 (1) lit. a GDPR serves as the legal basis. In the case of processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR shall form the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR is the legal basis for the processing.
The personal data will be stored until you request us to delete it, revoke your consent to store it or the purpose for processing the data no longer applies (e.g., after a contract has been completely fulfilled). Mandatory legal provisions and retention periods remain unaffected.
Persons under the age of 18 should not transmit any personal data to us without the consent of their legal guardians. According to Art. 8 GDPR, children up to 16 years of age may only declare such consents with the consent of their legal guardians. Personal data of minors will not be collected and processed by us unless we are required to do so by law. If we become aware that data has been transmitted to us outside of such a legal obligation without the consent of the parents or other legal guardians, we will delete this data immediately.
Röhlig reserves the right to amend this data protection declaration at any time and with effect for the future. It is therefore recommended that you read this data protection declaration again at regular intervals.