Privacy Policy | Rohleder in Konradsreuth

1) Introduction and contact details of the data controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Rohleder GmbH, Hofer Straße 25, 95176 Konradsreuth, Germany, Tel.: 0929259100, Email: info@rohleder.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be contacted as follows: "Holger Wölfel, St.-Rupertus-Str. 12, 95490 Mistelgau, +49 9206 999 97 99, hallo@sicherdenken.de"

2) Data collection when visiting our website

2.1 When you use our website for information purposes only – i.e. if you do not register or otherwise provide us with information – we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/link from which you accessed the page
Browser used
Operating system used
IP address used (where applicable: in anonymised form)

Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock symbol in your browser address bar.

3) Hosting & Content Delivery Network

For the hosting of our website and the display of page content, we use a provider who delivers their services themselves or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

4) Cookies

To make visiting our website an enjoyable experience and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called ‘session cookies’), whilst others remain on your device for longer and enable the saving of page settings (so-called ‘persistent cookies’). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

Where individual cookies used by us also process personal data, such processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of a contract, in accordance with Article 6(1)(a) of the GDPR in the event that consent has been given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.

You can configure your browser so that you are informed when cookies are set and can decide individually whether to accept them, or you can exclude the acceptance of cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact

Personal data is collected when you contact us (e.g. via the contact form or by email). The data collected when using a contact form is specified in the relevant contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for establishing contact and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once your enquiry has been fully processed. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no statutory retention obligations to the contrary.

6) Use of customer data for direct marketing

6.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will send you regular updates on our offers. The only mandatory information required to receive the newsletter is your email address. Providing further details is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter once you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR. When you subscribe to the newsletter, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of your subscription, so that we can trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used exclusively for the purpose of sending you promotional communications via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning of this notice. Once you have unsubscribed, your email address will be deleted immediately from our newsletter mailing list, unless you have expressly consented to the further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

6.2 MailChimp

Our email newsletters are sent via this provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when subscribing to the newsletter to this provider in accordance with Article 6(1)(f) of the GDPR, so that they can handle the dispatch of the newsletter on our behalf.

Subject to your express consent in accordance with Article 6(1)(a) of the GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter content. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but is not combined with other data sets.

You may withdraw your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

7) Web analytics services

7.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated in this process is not merged with other data held by Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You may withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/ , https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com

/technologies/partner-sites Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” feature and can use this to generate statistics that provide insights into the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This enables target groups to be identified for marketing activities. However, the data collected cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Article 6(1)(a) of the GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the ‘Personalised ads’ feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com
/My-Ad-Center-Help/answer/12155764?hl=de Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, the “UserIDs” feature may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Article 6(1)(a) of the GDPR, have set up an account on this website and log in to this account on various devices, your activities, including conversions, may be analysed across devices.

7.2 Google Tag Manager

This website uses ‘Google Tag Manager’, a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: ‘Google’).

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling and applying conditions to them via a unified user interface. Google Tag Manager itself does not store any information on users’ devices or read such information. Nor does the service carry out any independent data analysis. However, when a page is accessed, Google Tag Manager transmits your IP address to Google, where it may be stored. Transmission to servers of Google LLC in the USA is also possible.

This processing will only take place if you have given us your express consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site. You may withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

8) Website features

8.1 YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers at the latest when the video is played, in order to load the content. In doing so, certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behaviour, compile playback statistics and prevent misuse.

If you are logged into a user account with the provider whilst visiting the site, your data will be directly associated with your account when you click on a video. If you do not wish for this association with your account, you must log out before clicking the play button.

All the aforementioned processing activities, in particular the setting of cookies to read information from the device used, take place only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw the consent you have given at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website.

8.2 Microsoft Teams

We use this provider to conduct online meetings, video conferences and/or webinars: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

The provider processes various types of data, with the scope of the data processed depending on what information you provide before or during your participation in an online meeting, video conference or webinar. Your data is processed as a communication participant and stored on the provider’s servers. This may include, in particular, your login details (name, email address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)).

In addition, participants’ video and audio contributions as well as text input in chats may be processed. Article 6(1)(b) of the
GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract with you (this also applies to processing operations necessary for the implementation of pre-contractual measures). Where you have given us your consent to process your data, processing takes place on the basis of Article 6(1)(a) of the GDPR. You may withdraw any consent you have given at any time with effect for the future.
Furthermore, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in the effective conduct of the online meeting, webinar or video conference.

We have concluded a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

8.3 Applications for job vacancies via email

On our website, we advertise current vacancies in a separate section, and interested parties can apply via email to the contact address provided.

Applicants must provide all personal data necessary for a proper assessment, including general information such as name, address and contact details, as well as evidence of qualifications and, where applicable, health-related information. Details regarding the application can be found in the job advertisement.

Once the application has been received by email, the data will be stored and processed solely for the purpose of processing the application. Should we have any queries, we will contact the applicant via either their email address or telephone number. Processing is carried out on the basis of Article 6(1)(b) of the GDPR (or Section 26(1) of the BDSG), under which the application process is deemed to constitute the initiation of an employment contract.

Where, as part of the application process, special categories of personal data within the meaning of Article 9(1) of the GDPR (e.g. health data such as information regarding severe disability status), processing is carried out in accordance with Article 9(2)(b) of the GDPR, so that we may exercise the rights arising from labour law and the law on social security and social protection and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive healthcare or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, the data they have provided, as well as all electronic correspondence including the application email, will be deleted no later than six months after notification. This period is determined by our legitimate interest in answering any follow-up questions regarding the application and, where necessary, in fulfilling our obligations to provide evidence under the regulations on the equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Article 6(1)(b) of the GDPR (in the case of processing in Germany in conjunction with Section 26(1) of the BDSG) for the purpose of implementing the employment relationship.

8.4 Online applications via a form

On our website, we advertise currently vacant positions in a separate section, for which interested parties can apply via a corresponding form.

Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address and contact details, as well as evidence of performance and, where applicable, health-related information. Details regarding the application can be found in the job advertisement.

When the form is submitted, the applicant’s data is transmitted to us in encrypted form using state-of-the-art technology, stored by us and processed exclusively for the purpose of handling the application. Processing is carried out on the basis of Article 6(1)(b) of the GDPR (or Section 26(1) of the BDSG), under which the application process is regarded as the initiation of an employment contract.

Where, as part of the application process, special categories of personal data within the meaning of Article 9(1) of the GDPR (e.g. health data such as information regarding severe disability status), the processing is carried out in accordance with Article 9(2)(b) GDPR so that we may exercise the rights arising from labour law and the law on social security and social protection and fulfil our obligations in this regard.

If the applicant is not selected or withdraws their application prematurely, the data submitted via the form and all electronic correspondence, including the application email, will be deleted no later than six months after notification. This period is determined by our legitimate interest in answering any follow-up questions regarding the application and, where necessary, in fulfilling our obligations to provide evidence under the regulations on the equal treatment of applicants.

9) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users when they visit the site in the form of an interactive user interface, on which consent for specific cookies and/or cookie-based applications can be granted by ticking the relevant boxes. When using the tool, all cookies/services requiring consent are only loaded if the respective user grants the relevant consent by ticking the boxes. This ensures that such cookies are only set on the user’s device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

However, if, in individual cases, the storage, assigning or logging cookie settings does result in the processing of personal data (such as the IP address), this is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

A further legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are subject to the legal obligation to make the use of technically non-essential cookies subject to the user’s consent.

Where necessary, we have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further information on the operator and the settings options for the cookie consent tool can be found directly in the relevant user interface on our website.

10) Rights of the data subject

10.1 Under applicable data protection law, you have the following data subject rights (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data, whereby reference is made to the cited legal basis for the respective conditions for exercising these rights:

Right of access pursuant to Article 15 of the GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Article 17 of the GDPR;
Right to restriction of processing pursuant to Article 18 of the GDPR;
Right to be informed pursuant to Article 19 of the GDPR;
Right to data portability pursuant to Article 20 of the GDPR;
Right to withdraw consent pursuant to Article 7(3) of the GDPR;
Right to lodge a complaint pursuant to Article 77 of the GDPR.

10.2 RIGHT TO OBJECT

IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. WE RESERVE THE RIGHT TO CONTINUE PROCESSING, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, fundamental rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

11) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.

Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data is routinely deleted upon expiry of the retention periods, provided they are no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Where personal data is processed for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Date: 15 April 2026, 12:37:05