• Home
  • Data protection

Data privacy policy

1. Overview

In this section of the Privacy Policy, you will find information on the scope of application, the data controller, its data protection officer and data security.

1.1 Scope of validity

Data processing by ZTR Rossmanek GmbH can essentially be divided into two categories:

  • For the purpose of contract processing, all data required for the execution of a contract with ZTR-Rossmanek GmbH will be processed. If external service providers are also involved in the processing of the contract, e.g. logistics companies or payment service providers, your data will be passed on to them to the extent necessary in each case.
  • When calling up the website / application of ZTR-Rossmanek GmbH, various information is exchanged between your end device and our server. This may also be personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.

This privacy policy applies to the following offers:

  • our online offer available at www.ztr.de
  • whenever otherwise referred to in any of our offerings (e.g. websites, subdomains, mobile applications, web services or third-party integrations), regardless of the way you access or use it.

All of these offerings are also collectively referred to as the "Services."

1.2 Responsible person

The data controller - i.e. the person who decides on the purposes and means of the processing of personal data - in connection with the Services is

ZTR Rossmanek GmbH
Am Pickhammer 9-17
58802 Balve
Germany
Phone: +49 (0) 23 75 / 92 99 0
E-Mail:

1.3 Data protection officer

According to Art. 37 DSGVO - designation of a data protection officer - the responsible party and the processor of ZTR-Rossmanek GmbH do not have to designate a data protection officer. In case of questions regarding data protection, you can contact the responsible party (1.2 Responsible party). In data protection matters, the company is advised by the following person:

dunds.com GmbH
Kevin Paul
Horlecke 96
58706 Menden
Germany

1.4 Data security

Within the framework of Art. 32 of the GDPR, technical and organizational measures have been defined, taking into account the risk of impairment of personal rights and freedoms. This ensures an appropriate level of protection. In addition, encrypted data transmission using the https communication protocol takes place via our website.

All information that you transmit to us is stored on servers within the European Union. Please bear in mind that the transmission of information and data on the Internet can always be subject to security vulnerabilities, which is why we cannot guarantee full protection of the data transferred to our website via the Internet. We protect against the loss, destruction, access, modification or processing of your data by unauthorized parties through the above-mentioned technical and organizational measures. The main focus is that your personal data is transferred in encrypted form. The protection of your personal data has top priority for our company. This principle applies to our Internet offering as well as to our conventional services. We would therefore like to take this opportunity to inform you about how we implement the data protection provisions in our Internet offering. Further information on the risks of Internet use and ways to protect yourself can be found on the Internet at www.datenschutz.de.

2. The data processing in detail

In this section of the Privacy Policy, we inform you in detail about the processing of personal data within the scope of our Services. For better clarity, we structure this information according to certain functionalities of our services. During the normal use of the Services, different functionalities and thus also different processing operations may come into play one after the other or at the same time. Personal data means any information relating to an identified or identifiable natural person (data subject), i.e. any information with which you can be personally identified. If you would like more detailed information on the subject of data protection, you can find this in this data protection declaration.

2.1 General information on the data agreements

Unless otherwise specified, the following applies to all processing operations described below:

  1. No obligation to provide
    There is neither a contractual nor a legal obligation to provide the personal data. You are not obliged to provide data.
  2. Consequences of non-provision
    In the case of required data (data that is marked as mandatory when entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
  3. Consent
    In various cases, you have the option of also giving us your consent to further processing (where applicable, for part of the data) in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.
  4. Transfer of personal data to third countries
    If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.
    The admissibility requirements are regulated by Art. 44 - 49 GDPR.
  5. Hosting with external service providers
    Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.
  6. Hosting with external service providers
    Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.
  7. Storage period
    We do not store your data longer than we need them for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this may be, for example, the following:
    • The fulfillment of retention obligations under commercial and tax law
    • Obtaining evidence for legal disputes within the scope of the statutory limitation provisions
    Likewise, it is possible for us to further store your data with us if you have expressly given your consent for this.
  8. Data categories
    • Account data: Login / user ID and password
    • Personal master data: Title, salutation/gender, first name, last name, date of birth
    • Address data: street, house number, if necessary address additions, postal code, city, country
    • Contact data: Telephone number(s), fax number(s), e-mail address(es)
    • Registration data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you when registering.
    • Order Data: Products ordered, prices, payment and delivery information.
    • Payment data: Account data, credit card data, data on other payment services such as Paypal
    • Access data: Date and time of the visit to our service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
    • Application data: Curriculum vitae, references, proofs, work samples, certificates, pictures.
    • Data according to Art. 9 DSGVO: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation.

2.2 Calling up the website / application

This section describes how we process your personal data when you access our services. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.

  1. Processing information
    Data category Purpose Legal basis Legitimate interest, if applicable Storage time
    Access information Establishing connections, displaying the contents of the service, detecting attacks on our site based on unusual activity, diagnosing errors. Art. 6 Para. 1 f) GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems 7 days
  2. Recipients of personal data
    Recipient category Data affected Legal basis of the transmission Legitimate interest, if applicable
    External content providers that provide content (e.g., images, videos, embedded posts from social networks, banner ads, fonts, update information) necessary to display the Service Access information Order processing (Art. 28 GDPR) Proper functioning of services, (accelerated) display of content
    IT security service provider Access information Order processing (Art. 28 GDPR) Prevention of attacks by exploiting security gaps / vulnerabilities

2.3 Order via our online store

Here we describe how we process your personal data when you use our online stores. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.

  1. Processing information
    Data category Purpose Legal basis Legitimate interest, if applicable Storage time
    Access information Establishing connections, displaying the contents of the service, detecting attacks on our site based on unusual activity, diagnosing errors. Art. 6 Para. 1 f) GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems 7 days
    Account data, personal master data, address data, contact data, registration data, order data Account data is processed for the following purposes:
    - Identification as a customer
    - to process and handle orders
    - for correspondence
    - invoicing
    - handling of liability claims
    - technical administration of the online store
    - administration of customer data    		 Art. 6 Para. 1 b) GDPR Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems, building customer relationships, selling products Storage of data for the expiration of the legal obligation to retain data. Exceptions:
    - Consent to storage beyond this period.
    - Longer storage due to commercial and tax law retention and documentation obligations (Art. 6 para. 1 f) DSGVO).
  2. Recipients of personal data
    Recipient category Data affected Legal basis of the transmission Legitimate interest, if applicable
    Contact person who will process the
    Online store order have received    		 All types mentioned under a) Order processing
    (Art. 28 GDPR)    		  

2.4 Application

In an ongoing application process, we process your personal data in the following ways:

  1. Processing information
    Data category Purpose Legal basis Legitimate interest, if applicable Storage time
    Address data, contact data Identification, contacting, communication for contract initiation Art. 6 Para. 1 b) GDPR   6 months
    Personal master data Identification, contact, age verification Art. 6 Para. 1 b) GDPR   6 months
    Application data Applicant selection Art. 6 Para. 1 b) GDPR   6 months
  2. Recipients of Personal Data
    Recipient category Data affected Legal basis of the transmission Legitimate interest, if applicable
    Clerk for application procedures All data mentioned under a) Order processing (Art. 28 GDPR)  

2.5 Customer support

How we process your personal data when you contact our customer service can be found here:

  1. Processing information
    Data category Purpose Legal basis Legitimate interest, if applicable Storage time
    Personal master data, contact data, contents of inquiries/complaints Handling customer inquiries and user complaints Article 6 paragraph 1 b), f) Customer loyalty, improvement of our service Processing the request
  2. Recipients of personal data
    Recipient category Data affected Legal basis of the transmission Legitimate interest, if applicable
    Contact persons contacted by phone or email All types mentioned under a) Order processing (Art. 28 GDPR)  

3. Data subject rights

3.1 Right of objection

If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data relating to you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

You also have the right to object at any time with future effect to the processing of personal data relating to you which is carried out pursuant to Article 6 (1) (e) or (f) DSGVO on grounds relating to your particular situation; this also applies to profiling based on these provisions.

3.2 Right of information

You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as further information according to Art. 15 DSGVO.

3.3 Right of correction

You have the right to demand that we correct any inaccurate personal data relating to you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

3.4 Right to erasure ("right to be forgotten")

You have the right to request that we delete personal data concerning you without undue delay, provided that one of the grounds set out in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the GDPR.

3.5 Right to restriction of processing

You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18 (1) a) to d) DSGVO is met.

3.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance by us or to obtain that a direct transfer is made by us, if this is technically possible. This shall always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held only in paper form.

3.7 Right of revocation in case of consent

Insofar as the processing is based on your consent, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.8 Right of appeal

You have a right of appeal to a supervisory authority.

4. Glossar

  • Processor:
    A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
  • Browser:
    Computer program for displaying web pages (e.g. Chrome, Firefox, Safari).
  • Cookies:
    The term "cookie" actually comes from the English vocabulary and its original meaning can be translated into German as "cookie". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the user's behavior. If the browser is called up and the corresponding web page is visited repeatedly, the cookie is used and, with the help of the stored data, provides the web server with information about the user's surfing behavior.
    Cookies in this context are not cookies, but information that a website stores locally on the computer of the site visitor in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under "Options" or "Settings"). This allows the storage of cookies to be disabled, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
  • Third Countries:
    Country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).
  • Personal Data:
    Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Pixel:
    Pixels are also called tracking pixels, web beacons, or web bugs. They are small, invisible graphics in HTML e-mails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see if and when an e-mail was opened or a web page was visited. Mostly this function is realized by calling a small program (Javascript). In this way, certain types of information on your computer system can be detected and passed on, such as the content of cookies, the time and date of the page view, and a description of the page on which the tracking pixel is located.
  • Profiling:
    Any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
  • Services:
    Our offerings to which this Privacy Policy applies (see Scope).
  • Tracking:
    The collection of data and its analysis regarding the behavior of visitors to our Services.
  • Tracking Technologies:
    Tracking can occur both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies and similar tracking technologies.
  • Processing:
    Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.