Data Privacy

Name and contact data of the person responsible for data processing

This data protection information applies for data processing by:

ROAD Deutschland GmbH,
Managing Director: Matthias Richter
Steinäcker 2
75015 Bretten-Gölshausen
Germany

The responsible party can be reached at the above address, as well as at:

Phone +49 (0) 7252 535 69-0
Fax +49 (0) 7252 535 69-99
Mail: info@road-online.de

Data Protection Officer

The data protection officer of the controller is:

Björn Simmes
Franz-Schubert Street 26
79331 Teningen
E-mail: datenschutz@road-online.de
Telephone: +49 (0) 7641 9334401

Any data subject may contact our data protection officer directly at any time with questions or suggestions regarding data protection.

 

Definition

Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the General Data Protection Regulation (DSGVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners.

To ensure this, we would like to explain the terms used in advance. The terms used, such as "personal data" or their "processing" are defined in Article 4 of the General Data Protection Regulation (DSGVO).

We use the following terms, among others, in this data protection declaration:

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling

Profiling is any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller, or the specific criteria for its designation, may be provided for under Union or Member State law.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

Third party

A third party is a natural or legal person, public authority, agency or other body (other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or the processor) who is authorised to process the personal data.

Consent

Consent is any freely given specific and informed indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

 

General information on data processing

Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website, as well as our contents and services. The collection and use of our users' personal data regularly only takes place with the user's consent. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.

The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

 

Provision of the website and creation of log files

Description and scope of data processing

Each time a website is accessed, our system automatically collects data and information from the computer system of the accessing computer and stores it in a log file (log file). The data is stored in order to ensure the functionality of the website / server, for example to detect and rectify faults. There is a legitimate interest in this according to Art. 6 Para. 1 lit. f DSGVO. The storage period is a maximum of 7 days. This data is not merged with other data sources.

The following data is collected:

•         The IP address of the requesting device
•         Date and time of access
•         The type of access
•         The address of the resource (URL) accessed
•         Status code for the result of the query
•         Volume of data transferred as a result of this request
•         General information about the browser type and version used
•         General identifier of the user's operating system
•         Website address (URL) from which the user's system accessed our website (referrer)

The location of our data centre is: Frankfurt am Main.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

 
Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In addition, the log data with anonymised IP address are stored for three months.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no possibility to object.

 

Collection and storage of personal data as well as type and purpose of their use

In the event of questions of any kind, requests for a callback or questions about a product, we offer you the opportunity to contact us using a form provided on the website (contact form). The following information is required as a minimum in order to be able to process the request:

 Contact form:

•         Specification of a valid e-mail address as well as first name and surname.
•         Question about which product
•         Free text field/message to ROAD
•         Consent to data protection
•         Consent to be contacted by ROAD

Application form:

•         Indication of the job position
•         a valid e-mail address
•         telephone number and
•         first and last name
•         as well as the application documents that will be uploaded

Further details are provided voluntarily and are only used for the personal correct form of address when we answer your question or request as well as for the timely planning of a call-back request. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact forms as well as the other data will be automatically deleted after the enquiry or request made by you has been dealt with.

Purpose of data processing

The processing of the personal data from the input mask is solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and the data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process is deleted after a period of seven days at the latest.

Possibility of objection and removal

The user has the option of revoking his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The revocation of consent and the objection to storage must be sent in writing to the data protection officer.
All personal data stored in the course of contacting us will be deleted in this case.
Transfer of data

As a matter of principle, your personal data will not be passed on to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties in exceptional cases if:

 

•     you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
•     the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
•     in the event that there is a legal obligation for disclosure in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, as well as
•     this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO.

 

 Cookies / web analysis service - use of Matomo

This website uses the open source web analytics service Matomo. Matomo is used on this website without the integration of cookies and the collected IP addresses are shortened to one byte before storage and thus anonymised.

The following data is collected by Matomo:

•     IP address of the user in anonymized form (consists of one byte).
•     Date and time of the page view
•     Duration of the visit
•     Title and URL of the accessed pages
•     URL of the page that was called up before the current page (referrer URL)
•     Display resolution used
•     Used terminal device
•     Loading time of the page
•     Country location of the user
•     Links to called, external domains (outlink)
•     Downloaded files
•     Main language of the browser used
•     User agent of the browser used
•     Browser type, version and engine

 

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. Accordingly, the website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.

Purpose of data processing

The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

Duration of storage

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is after 12 months.

Possibility of objection and removal

We offer our users the option of opting out of the analysis process on our website. Please note that in this case a cookie is set on your system which signals to our system not to save the user's data. If the user deletes the corresponding cookie from his/her own system in the meantime, he/she must set the opt-out cookie again.

You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

XING

Description and scope of data processing

Based on our legitimate interests, we use components of the XING service, which is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany ("XING").

XING is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on XING. Companies can, for example, create company profiles or publish job offers on XING.

Each time one of the individual pages of this website operated by the data controller is called up and on which a XING component (XING plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective XING component to download a representation of the corresponding XING component from XING. Further information on the XING plug-ins can be found at https://dev.xing.com/plugins. As part of this technical procedure, XING receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to XING at the same time, XING recognises which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the XING component and assigned by XING to the respective XING account of the data subject. If the data subject activates one of the XING buttons integrated on our website, for example the "Share" button, XING assigns this information to the personal XING user account of the data subject and stores this personal data.

XING always receives information via the XING component that the data subject has visited our website if the data subject is simultaneously logged in to XING at the time of calling up our website; this takes place regardless of whether the data subject clicks on the XING component or not. If the data subject does not want this information to be transmitted to XING, he or she can prevent the transmission by logging out of his or her XING account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Art. 6 (1) lit. f DSGVO.

We use our Xing profile for the purpose of initiating and maintaining communication with customers and interested parties.

Purpose of data processing

The data processing is carried out in the interest of the analysis, optimisation and economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by XING can be found in the XING privacy policy at https://www.xing.com/privacy. Data protection information for the share button can be found at https://www.xing.com/app/share?op=data_protection.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Possibility of objection and removal

If a user is also a user of XING services and does not want XING to collect data about him/her via this online offering and link it to his/her user data stored on XING, he/she must log out of XING and delete his/her cookies before using our online offering.

XING offers the option to object to web analysis at https://nats.xing.com/optout.html?popup=1&locale=de_DE. Further opt-out options from XING can be found at https://www.xing.com/privacy.

 

LinkedIn

Description and scope of data processing

Based on our legitimate interests, we use components of the LinkedIn service, which is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA ("LinkedIn").

LinkedIn is an internet-based social network that enables users to connect with existing business contacts and to make new business contacts.

With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn.

Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Within the scope of this technical procedure, LinkedIn receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website the data subject is visiting with each call-up of our website by the data subject and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is simultaneously logged into LinkedIn at the time of calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

Legal basis for data processing

The legal basis for the processing of users' personal data is Art. 6 (1) lit. f DSGVO.

We use our LinkedIn profile for the purpose of initiating and maintaining communication with customers and interested parties.

Purpose of data processing

The data processing is carried out in the interest of the analysis, optimisation and economic operation of the online offer.

The purpose and scope of the data collection and the further processing and use of the data by LinkedIn can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Possibility of objection and removal

If a user is also a user of LinkedIn's services and does not want LinkedIn to collect data about him/her via this online offer and link it to his/her user data stored at LinkedIn, he/she must log out of LinkedIn and delete his/her cookies before using our online offer.

LinkedIn offers the possibility to unsubscribe from email messages, SMS messages and targeted ads as well as to manage ad settings at https://www.linkedin.com/psettings/guest-controls.

LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy.

For data protection issues outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

 

Rights of those impacted

You have the right:

•     In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
•     in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
•     in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
•     in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
•     pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
•     revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
•     complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office in Baden-Württemberg for this purpose.

 

Applications

The following data is collected on the application form and forwarded to ROAD:

•     Job title
•     First name and surname
•     E-mail address
•     Telephone number
•     Application documents
•     Consent to data protection
•     Consent to be contacted by ROAD
•     Right of objection

This data will then be processed by ROAD as part of the application process and will be stored until the end of this process and then deleted.

If your personal data is processed for employment purposes on the basis of legitimate interests in accordance with Section 2 § 26 of the DSGVO, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR, provided that there are grounds for doing so which arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, it is sufficient to contact Björn Simmes (e-mail), datenschutz@road-online.de  contact details.

 
Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

 
Up-to-dateness and amendment of this data protection declaration

This data protection declaration is currently valid and has the status May 2022.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our above-mentioned Internet pages.