This data privacy information informs you about handling your personal data. To make the processing of your data comprehensible, we would like to provide you with the following information to give you an overview of these processing operations. In order to guarantee fair processing, this data protection declaration contains general information about our handling of your data as well as information about your rights according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
We will inform you in detail about
The party responsible for data processing is ROWA Lack GmbH (hereinafter 'we' or 'us').
If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to
ROWA Lack GmbH
Telefon: +49-4101 706-05
2. Legal basis
The data protection term "personal data" refers to all information relating to an identified or identifiable natural person.
We process personal data in compliance with the data protection regulations, primarily the GDPR and the BDSG. Our data processing solely occurs on a legal permission. We will process personal data solely with your consent (Art. 6 Sec. 1 letter a) GDPR), to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (Art. 6 Sec. 1 letter b) GDPR), for compliance with a legal obligation (Art. 6 Sec. 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 Sec. 1 letter f) GDPR).
3. Period of storage
In the absence of alternative provision ensuing from the following statements, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. Such statutory retention requirements may result from regulations under commercial or tax law.
4. Recipients of data
We may use Service Providers for individual processes. This includes, for example, hosting, maintenance and support of IT-systems, marketing actions or destruction of files and data carriers. These Service Providers process the data only according to strict instructions and are contractually bound to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities.
5. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 12 to 22 GDPR for the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on the legal basis of Art. 6 Sec. 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and § 34 Sec. 2 BDSG.
6. Your rights
As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:
7. Right to object
Pursuant to Art. 21 Sec. 1 GDPR, you have the right to object to processing operations based on the legal basis of Art. 6 Sec. 1 letter e) or letter f) GDPR on grounds arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 Sec. 2 and Sec. 3 GDPR.
8. Data protection officer
You can contact our data protection officer using the following address:
When using our website, we collect and use information that you provide by yourself. We also automatically collect certain information about your use of the Site during your visit on the Site. In data protection law, the IP address is also considered as a personal date. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing Server-Log-Files
When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to ensure our legitimate interests and is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing provides the technical administration and security of the website. The stored data will be deleted after 14 days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 Sec. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.
2. Contact form and requests
Our website contains a contact form through which you can use to send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address bar of the browser). All data fields marked as mandatory fields are required to process your request. Non-provision of this information means that we cannot process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact-e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or execution of a contract with us, Art. 6 Sec. 1 Letter b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting the persons requesting information. The legal basis for data processing is then Art. 6 Sec. 1 Letter f) GDPR.
1. Contractual relationship
In order to establish or execute the contractual relationship with our customers, it is regularly necessary to process the contact data of the relevant contact persons provided to us. The processing serves our legitimate interest in a fluent course of business. The legal basis for this processing is Art. 6 Sec. 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 Sec. 1 letter f) GDPR and serves our interest in further developing our offer and informing you specifically about offers from ROWA Lack GmbH. Further data processing can take place if you have consented (Art. 6 Sec. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 Sec. 1 letter c) GDPR).
When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you an employment, we will retain the data you provide for up to three months for the purpose of potentially answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is § 26 Sec. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 Sec. 3 GDPR. Such a revocation does not affect the legality of the processing, which has taken place until the revocation on the basis of the consent.
3. Offline Orders
If you order a product via our order form or by telephone, we process personal data exclusively for contract processing or to be able to provide you with the ordered product. Within the ordering process, we only process the data that you have provided yourself. In order to be able to deliver the ordered products to you, we transmit the data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 Sec. 1 letter b) GDPR. All data fields marked as mandatory fields are required for processing your order. Non-provision of this information means that we cannot process your order. The provision of further data is voluntary.
4. LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For more information about the processing of personal data by LinkedIn, please see https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personally identifiable information about you through page insights. We only have access to the summarized page insights. It is also not possible for us to draw conclusions about individual members using the information from the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. Such processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 para. 1 letter f of the General Data Protection Regulation. We have entered into a joint controller agreement with LinkedIn, which sets forth the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, the following applies:
We and LinkedIn have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.