Collection of transparency texts

Transparency in data processing

The following transparency texts are intended to fulfill all disclosure or information obligations.
This common transparency text summarizes all information required by the "information" obligations of Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 26 GDPR and Article 30 GDPR.


Name and address of the responsible entity
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Phone: 0641/409323
Fax: 0641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

Legal contact persons: Ralf Buch, Christoph Gusenleitner
Data Protection Officer: eMGe-DaTa, Michaela Genderka, Data Protection Officer (TÜV), Blumenstr.13, 47918 Tönisvorst, +49 (0) 2151 9422060, datenschutz.rovema(at)emge-data.de

Status of the data: 07.06.2022 (on this day the last change was made).

1. What is the purpose of this processing?
Comprehensive administration of customers and interested parties (winning and keeping customers)

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (See Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Upholding of legitimate interests of the responsible party (Article 6 (1f) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (See Article 13 (1d) GDPR)
Right to win and keep customers

6. Who are the recipients authorized access (both internally and externally)?
Within the CRM: department/area head, IT Department, customer advisors, administrative staff, IT department; external document shredder; credit agency

7. When will the data be deleted?
Never (Construction plans, parts lists, order documents with machine data are stored - due to the long useful life of the corresponding machines, they should not be deleted, since replacement parts can still be ordered even after many years)

8. What categories of data are processed?

  • In customer management/CRM: industry, product data and packaging data, output data, primary and secondary packaging forms, contact data, contract data
  • In customer management/ERP: contact data, contract data

9. Which persons are affected?

  • Interested parties
  • Competitors
  • Reference customers to sales agents and own employees in the customer master
  • Customers (as part of CRM customer management)
  • Customers (as part of the ERP)

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (See Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (See Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (See Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
To make sure the company's legitimate interests are met and the generally necessary actions and programs within the company organization are carried out.

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?

  • Upholding of legitimate interests of the responsible party (Article 6 (1f) GDPR)
  • Permission or requirement of another legal regulation (Article 6 (1c) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (see Article 13 (1d) GDPR)
Generally required measures for organization operations in connection with the e-mail server and Office program Securing of data protection and (information) security within the framework of antivirus protection and Internet proxy

6. Are there legal or contractual requirements? What would result if you did not provide your data? (see Article 13 (2e) GDPR)
With regard to e-mail archiving, the requirements of the German Principles of Data Access and Auditability of Digital Records (GDPdU) cannot be fulfilled without the data

7. Who are the recipients authorized access (both internally and externally)?
IT Department with regard to e-mail archiving, antivirus protection, central control of user authorizations (active directory) and the Internet proxy; customer advisors, administrative staff and IT Department with regard to the e-mail server and Office program

8. When will the data be deleted?

  • Ten years for data under the GDPdU and 30 years for company research purposes (for e-mail archiving)
  • Immediately after the end of the employee's contract (for sending and receiving e-mail)
  • Immediately after collection (with regard to antivirus protection)
  • One year after collection (Internet proxy)
  • Immediately after the end of the contract (with regard to the Office program
  • One year after departure of the person involved)

9. What categories of data are processed?

  • E-mail data (date, recipient, text attachments) for e-mail archiving and the e-mail server
  • Log data (of technical type) in antivirus protection
  • Usage data (date and type of use) for the Internet proxy
  • Office data in the Office program
  • Authorization data in the central user authorization control system (active directory)

10. Which persons are affected?

  • E-mail users (as part of e-mail archiving and the e-mail server)
  • Computer users who are subject to the antivirus protection measures (as part of antivirus protection)
  • Employees (with regard to the Internet proxy and the Office program)
  • Employees who log in to computers and other resources (as part of the central user rights control (active directory))

11. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

12. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

13. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

14. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

15. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

16. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

17. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

18. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

19. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

20. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

21. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

22. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
Performance of the company's accounting (handling incoming and outgoing invoices, checking invoices, collections, assigning to accounts, preparation of monthly and annual accounting statements, pay invoices)

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Permission or requirement of another legal regulation (see Article 6 (1c) GDPR)

5. Are there legal or contractual requirements? What would result if you did not provide your data? (see Article 13 (2e) GDPR)
Without the data, the requirements of § 238 German Commercial Code (HGB - obligation to keep books) cannot be met.

6. Who are the recipients authorized access (both internally and externally)?
Tax office; tax advisor

7. When will the data be deleted?

  • Six years after recording (for business letters)
  • Ten years after year-end (in accordance with § 257 HGB (record retention periods))

8. What categories of data are processed?

  • Name, address, VAT identification number of credit customers and suppliers
  • Sales, incl. invoice numbers, payment purposes and other information in connection with financial transactions
  • Information on fixed assets
  • Accounting data
  • Bank and credit card data

9. Which persons are affected?

  • Affected groups of persons: debtors
  • Creditors
  • Possibly third parties
  • Employees
  • Customers
  • Suppliers

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
Exchange and transmission of information (e-mails, telephone, Internet, letters, data exchange) and the related management and logging

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Upholding of legitimate interests of the responsible party (see Article 6 (1f) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (see Article 13 (1d) GDPR)
Right/obligation to perform controlling and quality management

6. Who are the recipients authorized access (both internally and externally)?
Purchasing; accounting; IT Department; customer advisor; administrative staff

7. When will the data be deleted?

  • Ten years after recording (within documentation of individual connections)
  • Immediately after the end of the contract (Currently, e-mail accounts of former employees are deleted only in individual cases. But this year, a so-called on-boarding/off-boarding process will be implemented that ensures the employee's data will be deleted when he or she leaves the company.

8. What categories of data are processed?

  • E-mail (date, recipient, text, attachments)
  • Documentation of individual connections

9. Which persons are affected?

  • Employees
  • E-mail users
  • Customers
  • Suppliers

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
Customer survey on current topics as well as improvement of the relationship with our customers worldwide through targeted customer surveys on the topics of sales, service and spare parts.

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Upholding of legitimate interests of the responsible party (see Article 6 (1f) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (see Article 13 (1d) GDPR)
Right to win and keep customers

6. Who are the authorized recipients (both internal and external)?
Sales and Customer Service
External shredder
IT Service Provider

7. When will the data be deleted?
3 years after completion of the project

8. What categories of data are processed?
Name, Surname, E-mail address and Function

9. Which persons are affected?
Customers

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 DGPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
Customer survey on current topics as well as improvement of the relationship with our customers worldwide through targeted customer surveys on the topics of sales, service and spare parts.

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Upholding of legitimate interests of the responsible party (see Article 6 (1f) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (see Article 13 (1d) GDPR)
Right to win and keep customers

6. Who are the authorized recipients (both internal and external)?
Sales and Customer Service
External shredder
IT Service Provider
Marketing Provider
Provider for Surveys

7. When will the data be deleted?
3 years after completion of the project according to § 195 BGB (German civil code) to the general statute of limitations

8. What categories of data are processed?
Name, Surname, E-mail address and Function

9. Which persons are affected?
Customers

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

1. What is the purpose of this processing?
Management of suppliers (quality documentation, etc.)

2. Who is responsible for this processing?
ROVEMA GmbH
Address: Industriestrasse 1, 35463 Fernwald, Germany
Telephone: +49 641/409323
Fax: +49 641/409350
Internet: www.rovema.com
E-mail: info(at)rovema.de

3. Who is named the data protection officer? (see Article 37 GDPR)
eMGe-DaTa
Michaela Genderka
(Datenschutzbeauftragte)
Blumenstraße 13
47918 Tönisvorst
+49 (0) 2151 9422060
datenschutz.rovema(at)emge-data.de

4. What is the legal foundation? Why is this processing permitted?
Upholding of legitimate interests of the responsible party (see Article 6 (1f) GDPR)

5. Which “legitimate interests” is the responsible party specifically pursuing? (see Article 13 (1d) GDPR)
Right to pursue profit, labor and cost efficiency

6. Who are the recipients authorized access (both internally and externally)?
Quality management staff (for quality assurance), department/ area head, accounting, quality management staff (for supplier documentation); IT department; external document shredder

7. When will the data be deleted?

  • Three years (general statutory period in accordance with § 195 BGB (German Civil Code)) after collection (in the framework of quality management)
  • Twenty years after the last contact (in the framework of supplier documentation)

8. What categories of data are processed?

  • Quality data (in the framework of quality management)
  • Supplier data, sales, quantities, historical data on prices (in the framework of supplier documentation)
  • Contact data (name, telephone, e-mail, address, ...)
  • Contract data

9. Which persons are affected?
Suppliers

10. The right to "be informed" (see Article 15 GDPR)
You have a right to be informed about the data affecting you. Precisely this right should be ensured as well as possible by this document. If you have questions, we would be happy for you to contact us.

11. The right to "rectification" of incorrect data (see Article 16 GDPR)
You have the right to rectification of incorrect data. Please contact us for this.

12. The right to "erasure of your data" (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data are no longer necessary, (b) you might have withdrawn your consent, or there is no (longer) any other lawful basis to retain the information, (c) you have correctly objected to it, (d) the data were processed improperly, (e) erasure is required by law, (f) the data are from children and should be erased. Please note that, in accordance with Article 17 (2) of the GDPR, it might not be possible or allowed to erase the data.

13. The right to "restrict processing" (see Article 18 GDPR)
You have a right to "restrict" your data if (a) you contest the accuracy of the data, (b) processing is unlawful and you oppose erasure, (c) we no longer need the data, (d) but you still need us to keep it due to a legal claim.

14. The right to "object to processing" (see Article 21 GDPR)
You have the right to object to processing of your data if there are reasons pertaining to your SPECIAL SITUATION. We will then decide whether we have compelling legitimate grounds for processing the data.

15. The right to "withdraw consent" (see Article 7 (3) GDPR)
You have a right to withdraw consent (if this is relevant for the processing described here). Withdrawal of consent is applicable only for the future.

16. The right to "data portability" (see Article 20 GDPR)
You have a right to obtain your data if (a) the lawful basis for processing of your data is consent or a contract, (b) you have provided the data to us yourself, (c) the data are processed by automated means. If these requirements are met, you can also request us to transmit the data to a recipient of your choice.

17. The right to "lodge a complaint" (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority of your choice. The contact data of the responsible supervisory authority is: Der Hessische Datenschutzbeauftragte (Hesse Data Protection Commissioner), Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, www.datenschutz.hessen.de. We would prefer to have you contact us first before you report your concern to the supervisory authority; our very competent company data protection representative will address your concern much faster and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority.

18. Data collection by third parties
No data are collected by third parties. Accordingly, all data are requested/collected by ourselves.

19. Does profiling occur? Are personal aspects analyzed or predicted? Does automated individual decision-making take place? (see Article 4 (4) GDPR)
No, this does not take place.

20. Are there data transfers to recipients in third countries (that is, outside the EU)? (see Article 44 GDPR)
No, this does not take place.

21. Is there more than one controller in the sense of "joint accountability"? (see Article 26 GDPR)
No, there is only the ONE above-named controller.

  1. What is the purpose of this processing?
    Image and sound recordings of the remote support provide rapid diagnosis possibilities and problem-solving approaches. An expert can give concrete instructions for solving the problem remotely, which the customer can view on the display on site.
     
  2. Who is responsible for this processing?
    ROVEMA GmbH
    Address: Industriestrasse 1, 35463 Fernwald, Germany
    Telephone: +49 641/409323
    Fax: +49 641/409350
    Internet: www.rovema.com
    E-mail: info(at)rovema.de
     
  3. Who is appointed as company data protection officer? (see Article 37 GDPR)
    eMGe-DaTa
    Michaela Genderka
    (Datenschutzbeauftragte)
    Blumenstraße 13
    47918 Tönisvorst
    +49 (0) 2151 9422060
    datenschutz.rovema(at)emge-data.de
     
  4. What is the legal basis? Why is this processing permitted?
    Protection of the legitimate interests of the person responsible (see Article 6 (1f) GDPR)
     
  5. Specifically, what „legitimate interests“ does the responsible person pursue? (see Article 13 (1d) GDPR)
    Right to attract and retain customers
     
  6. Who are the authorized recipients (both internal and external)?
    Customer support staff; video conferencing service providers
     
  7. When will the data be deleted?
    The data is deleted immediately after the end of the session.
     
  8. Which categories of data are processed?
    Remote maintenance data (IP address, video and sound data)
     
  9. Which persons are affected?
    Employees
    Customers
     
  10. The right to „information“ (see Article 15 GDPR)
    You have the right to obtain information about the data concerning you. This document is intended to ensure that this is the case to a large extent. If you have any further questions or concerns, please feel free to contact us.
     
  11. The right to „rectify“ inaccurate data (see Article 16 GDPR)
    You have the right to have incorrect data corrected. Please contact us for this purpose.
     
  12. The right to „delete your data“ (see Article 17 GDPR)
    You have the right to have your data deleted if (a) the data is no longer necessary, (b) you have revoked your consent, or if there is no (longer) a legal basis, (c) you have rightly objected, (d) the data has been processed unlawfully, (e) deletion is required by law, (f) the data originates from children and is to be deleted. Please note that under Article 17 (2) of the DS-GVO it may not be possible/may not be allowed to delete the data.
     
  13. The right to „restrict processing“ (see Article 18 GDPR)
    You have the right to „block“ your data if (a) you dispute the accuracy of the data, (b) the processing is unlawful and you deny deletion, (c) the data is no longer needed by us, (d) you still need the data due to legal claims.
     
  14. The right to „object to the processing“ (see Article 21 GDPR)
    You have the right to object to the processing, provided that there are reasons for this from your SPECIAL SITUATION. We will weigh up whether we have compelling reasons for processing worthy of protection.
     
  15. The right to „withdraw consent“ (see Article 7 (3) GDPR)
    You have the right to withdraw consent (if relevant for the processing described here). The revocation is only valid for the future.
     
  16. The right to „data transferability“ (see Article 20 GDPR)
    You have the right to receive your data, provided that (a) the legal basis is based on a consent or a contract, (b) you have provided these data in person, (c) the data are processed automatically. If these conditions are met, you can also request that we pass on the data to a recipient of your choice.
     
  17. The right of „appeal“ (see Article 77 GDPR)
    You have the right to complain to a data protection supervisory authority. The contact details are: The Hessian Commissioner for Data Protection, Gustav-Stresemann-Ring 1, 65189 Wiesbaden GERMANY, Tel. 0049-611-14080, https://www.datenschutz.hessen.de.

    You are welcome to contact us first before contacting the supervisory authority; our very competent company data protection officer will deal with your request much more quickly and just as thoroughly. If we cannot help you further, you can still contact the supervisory authority afterwards.
     
  18. Data collection by third parties
    No, no data is collected by third parties. Therefore, all data are enquired/collected by ourselves.
     
  19. Does profiling take place? Are personal aspects analysed or predicted? Is there an automateddecision in individual cases? (see Article 4 (4) GDPR)
    No, this is not happening.
     
  20. Are there data transfers to recipients in third countries (i.e. outside the EU)? (see Article 44 GDPR)
    No, this is not happening.
     
  21. Are there more than one person responsible in the sense of a „joint responsibility“? (see Article 26 GDPR)
    No, there is only the ONE person in charge mentioned above.