Data Security

Data Security

Data Protection Statement

Rotodecor takes data protection extremely seriously. Your satisfaction is our utmost priority, and an important part of our commitment to you is our responsibility to protect your privacy. In principle you can use our website without providing any personal data.

We do make every effort to provide an optimal experience to our website visitors. For quality assurance purposes, or because you want to contact us (e.g. via e-mail), there are some situations that may arise in which personal data is collected. We collect, process, and use your personal data only in compliance with the principles described below and in accordance with applicable data protection laws.

This data protection statement aims to answer any questions you may have about the protection of your personal data.

Responsible in the sense of the data protection laws, in particular the EU data protection basic regulation (DSGVO), is:
Information acc. § 5 TMG:


Rotodecor GmbH

In Erfkamp 2

32791 Lage



Phone: +49 5232 97983 0

Fax: +49 5232 97983 110

E-Mail: info(at)



Legal representatives:

Thomas Schmid, Managing Director

Registered in the commercial register of the district court Lemgo under HRB 7868

Sales tax identification number: DE223541170


In case of questions or concerns you may contact us directly

Any data subject can contact our Data Protection Officer directly at any time to discuss their questions and concerns regarding data protection.

The Data Protection Officer at Rotodecor GmbH is:

Herr Richard Alt

BS Group Services GmbH
Maximilianstr. 4e
82319 Starnberg
+49 8151 6504 60

Scope of personal data processing

We process the personal data of individuals visiting our website only where absolutely required for the provision of a functional website or of our content and services. We only process the personal data of our users with their consent, except where obtaining consent in advance is not possible or where data is permitted to be processed by law.

Legal basis for processing personal data

If we obtain the consent of the data subject to process personal data, then Article 6 par. 1 (a) of the EU General Data Protection Regulation (GDPR) applies as the legal basis.

If processing personal data is required in order to fulfill a contract, whereby the data subject is a party to the contract, Article 6 par. 1 (b) GDPR applies as the legal basis. This is also the legal basis for processing required in order to perform pre-contractual tasks.

If processing of personal data is required in order for our company to fulfill a legal obligation, Article 6 par. 1 (c) GDPR applies as the legal basis.

If interests which are essential for the life of the data subject or that of another natural person make the processing of personal data necessary, Article 6 par. 1 (d) GDPR applies as the legal basis.

If processing personal data is necessary in order to protect a legitimate interest of our company or a third party and this interest outweighs the interests, fundamental rights, and freedoms of the data subject, Article 6 par. 1 (f) GDPR applies as the legal basis.

Data deletion and storage duration

Personal data is deleted or restricted from processing as soon as the purpose of its storage no longer applies. It may also be stored if necessary under European or national law, in Union regulations, laws, or other legal stipulations to which the controller is subject. The data is restricted from processing or deleted when a retention period prescribed by the aforementioned regulations expires, unless storing the data is required in order to conclude or fulfill a contract.

What kind of personal data is processed?

Access data

We collect data every time our website is accessed (in what’s known as “server log files”). Access data includes the date and time of access, the data quantity transferred, a message about successful access, the browser type and version, the operating system of the website visitor, and the referrer URL (the page you were visiting which directed you to our website). The IP addresses of the user or other data that can be used to identify a user are not affected here. This data is not stored together with other personal data of the user.

The legal basis for temporarily storing the data is Article 6 par. 1 (f) GDPR.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this case. Our legitimate interest in data processing for these purposes is based on Article 6 par. 1 (f) GDPR.

The server log files are deleted after 14 days.

Collecting the data in order to provide the website and storing the data in log files is compulsory in order to operate the website. The user does not have the option to object in this case.


We use “session cookies” when users log in to secured areas (with username and password) of the website, in order for the page visitor to be identified for the duration of their visit. The session cookies contain some of the log-in data in encrypted form. We do not use other types of cookies.

The legal basis for processing personal data using cookies is Article 6 par. 1 (f) GDPR.

Session cookies are used for the purpose of making use of the website easier. Some functions of our website cannot be offered without using cookies. Our legitimate interest in processing personal data for these purposes is based on Article 6 par. 1 (f) GDPR.

Cookies are stored on the user’s computer and transferred from the computer to us. For this reason, you as the user have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings for your web browser. Cookies which have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are disabled for our website, some of the functions of the website may no longer be available as a result. When the session ends the session cookies automatically expire.

E-mail contact

You can get in touch with us using the e-mail addresses provided on our website. The user’s personal data which is transferred with the e-mail is stored in this case. This data is not passed on to third parties. The data is only used to process the conversation.

The legal basis for processing the data transferred in the course of sending an e-mail is Article 6 par. 1 (f) GDPR. If the purpose of making contact via e-mail is to conclude a contract, the additional legal basis for processing is Article 6 par. 1 (b) GDPR.

The personal data from the e-mail is only used to process the conversation. The other personal data processed during sending is used to prevent misuse and ensure the security of our IT systems.

The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of personal data sent via e-mail, it is deleted when the conversation with the user ends. The conversation ends when the matter being discussed can be determined to be concluded.

The user has the option of withdrawing their consent to process their personal data at any time. If the user contacts us by e-mail, they can also object to the storage of their personal data at any time. In this case the conversation cannot be continued.


We are happy that you are interested in Rotodecor and are applying or have applied to work with us. The following provides information on how your personal data is processed in connection with your application.

The legal basis for processing your personal data during the application process is primarily section 26 of the German Federal Data Protection Act (BDSG) dated May 25, 2018. According to this law, data which is required in connection with making a recruitment decision can legally be processed. If the data is required after the application process for any legal proceedings, the data can be processed based on the requirements of Article 6 GDPR, especially for the purposes of protecting legitimate interests in accordance with Article 6 par. 1 (f) GDPR. Our interest in this case would be to make or defend a legal claim.

We process the data that you have sent to us in connection with your application in order to determine your suitability for the role (or other open roles in our company) and go through the application process. Your application data is reviewed by our Human Resources department upon receipt. Suitable applications are then forwarded internally to the relevant department managers for the open role in question. The next course of action is then decided. Within the company, only the people who need your data in order to process your application are able to access your data.

Applicant data is deleted after six months if the application is rejected. We will keep your data in our pool of applicants if you agree to the storage of your personal data. In this case the data will be deleted after a period of two years. If you are sent an offer in response to your application, the data will be transferred from the applicant data system to our personnel information system.

Google Analytics

We use Google Analytics, a web analysis service offered by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on the website visitor’s computer to allow an analysis of your use of the website. The information concerning the visitor’s use of this website that is generated by the cookies is generally transmitted to a server operated by Google in the USA and stored there.

If IP anonymization is activated on this website, Google will truncate the site visitor’s IP address within member states of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and stored there. IP anonymization is activated on this website. Google uses this information on behalf of the website operator to evaluate the visitor’s use of the website, compile website activity reports, and provide further services associated with the use of both the website in particular and the Internet in general to the website operator.

The IP address transmitted from your browser as part of Google Analytics is not compiled with other Google data. The site visitor can adjust their browser settings to prevent cookies from being stored; if this is done, however, please be aware that you then may not be able to use the full scope of functions offered by this website.

The site visitor can also prevent the collection of data generated by the cookies and related to their use of the application (including their IP address) and the processing of this data by Google by downloading and installing the browser plug-in provided at the following link:

You can prevent data collection by Google Analytics by clicking on the following link. An opt-out cookie is set, which prevents the future collection of your data when visiting this website:
 click here to set the opt-out cookie

Further information on the terms of use and data protection can be found at or Please note that on this website, Google Analytics has been extended with the code “anonymizeIp” in order to ensure that IP addresses are collected anonymously (a practice known as “IP masking”).