The following data protection declaration is intended to explain to you in an understandable, transparent and clear manner how your personal data is processed by ROTHENBERGER AG (hereinafter "ROTHENBERGER", "we", or "us").

Person responsible

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is.

ROTHENBERGER AG Spessartstrasse 2-4 65779 Kelkheim

in most cases with one or more of its subsidiaries.

Data protection officer

If you have any questions about this privacy statement or other data protection issues, please contact our data protection officer:

Rudolf Fiedler Data Protection Officer DDP Data Protection GmbH Zum Gottschalkhof 2 60594 Frankfurt am Main.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person ("data subject").

What data is processed on our website?

Collection of general information when visiting our website.

When you visit our website, a so-called log data record (so-called server log files) is collected, stored and processed temporarily and anonymously on our web server. This consists of:

§ the page from which the page was requested (so-called referrer URL),

§ the name and URL of the requested page,

§ the date and time of the request,

§ the description of the type, language and version of the web browser used,

§ the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established,

§ the amount of data transferred,

§ the operating system,

§ the message whether a call was successful (access status/ttp status code),

§ the GMT time zone difference.

The processing of the log data serves the following purposes:

§ to ensure that the website connection is established without any problems,

§ Ensuring a smooth use of our website,

§ evaluating system security and stability, and

§ to optimize our website.

The legal basis for the processing of this log data is Art. 6 para. 1 p. 1 lit. f DSGVO. The above-mentioned purposes also represent our legitimate interest in data processing.

We do not use your data to draw conclusions about your person. Information of this kind will be statistically evaluated anonymously by us, if necessary, in order to optimize our website and the technology behind it.

Registration on our website

For registration on our website, we require general "personal data", which is transmitted to us via an input mask. These consist of:

§ First and last name,

§ date of birth,

§ Address,

§ e-mail address and

§ Time of transmission.

This data is processed for the purpose of creating a customer profile and based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

Contact form

When using our contact form, the "contact form data" transmitted thereby are collected, stored and processed: These include in particular:

§ First and last name,

§ address,

§ Customer group,

§ Telephone number,

§ e-mail address and

§ Time of transmission.

Contact form data is processed for the purpose of processing customer inquiries. The legal basis of the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO, whereby the purpose of the contact form data processing corresponds to our legitimate interest in the data processing. If you contact us to request a quote, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO and the contact form data processing is carried out to implement pre-contractual measures.

Newsletter

If you register for our newsletter, the following "newsletter data" will be collected, stored and processed by us:

§ the page from which the page was requested (so-called referrer URL),

§ the date and time of the call,

§ the description of the type of web browser used,

§ the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established,

§ the e-mail address,

§ the date and time of registration, confirmation e-mail and confirmation.

We would like to point out that we evaluate your user behavior when sending the newsletter. For the evaluation, the emails sent contain so-called web bearcons or tracking pixels, which are single-pixel image files stored on our website. For the evaluation, we link the web bearcons with your e-mail address to an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded.

The newsletter data is processed for the purpose of delivering the subscribed newsletter by e-mail. Within the scope of the registration, you consent to the processing of your personal data pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. For the registration to the newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to enable us to verify your registration and, if necessary, to clarify any possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact option given below.

Application form

If you apply via our application form on our website, we collect, store and process your "applicant data". These are in particular:

§ First and last names,

§ address,

§ e-mail address,

§ Telephone number,

§ mobile phone number and

§ Attachments that accompany the application (e.g., resume, cover letter, references).

The data processing is carried out on the legal basis of Art. 6 para. 1 p. 1 lit. a DSGVO as well as Art. 88 para. 1 DSGVO in conjunction with. § 26 BDSG. The purpose of the data processing is the internal processing of applications. If you are under 16 years of age, we require the consent of your legal guardian.

If your application cannot be considered for a specific job posting, it is possible that we will include your application in the applicant pool and consider it for subsequent open positions The legal basis for this is also Art. 6 para. 1 p. 1 lit. a DSGVO as well as Art. 88 para. 1 DSGVO in conjunction with. § 26 BDSG.

You can request information about the scope, origin and recipients of the stored data and its correction free of charge at any time. After the end of your application process, your applicant data will be deleted by us immediately, unless you have given us your express consent to include you in our applicant pool. Should your applicant data be included in our applicant pool, we will store your data for a period of two (2) years and will then delete it without request after the expiry of this period. Earlier deletion is possible at any time upon your request. For more information on data protection, please visit https://karriere.rothenberger.com/jsp/bms/forms/privacy/PrivacyFormDyn.jsp?syssnbrlk=.

How long do we store your data?

All data that you provide to us will be deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized, so that an assignment of the calling user is no longer possible.

How do we ensure data security?

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption on our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact our data protection officer for this purpose.

Who do we share your data with?

The protection of your data is important to us. For this reason, we do not sell, exchange or rent your data. For certain technical processes of data processing, we use the support of external service providers who act for us as processors according to Art. 28 DSGVO. They are bound to strict confidentiality and process data only on our behalf and according to our instructions.

Insofar as personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.

Processors used

The following organizations, companies or persons have been commissioned by the operator of this website to process data:

• YUM GmbH, Stephanstraße 1, 60313 Frankfurt am Main, Germany.

• InfoTip Service GmbH, Technology Quarter, Konrad-Zuse-Str. 16, 44801 Bochum, Germany

• Synergy Consultants CRM + Prozesse GmbH, Am Hohenstein 3-5, 65779 Kelkheim, Germany

• entergon GmbH & Co. KG, Wilhelmstraße 14a, 61381 Friedrichsdorf, Germany

• The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

• Y1 Digital AG, Tullastr. 58, 76131 Karlsruhe, Germany.

• Heroes GmbH, Welfenstr. 22, 81541 Munich.

• Connex Marketing GmbH, Dr. Schauer Strasse 26, 4600 Wels, Austria.

• nexMart GmbH & Co. KG, Gropiusplatz 10, 70563 Stuttgart, Germany.

• Auth0 Inc, 10800 NE 8th Street, Suite 700, Bellevue, Washington 98004, USA.

• Cloudinary Ltd, 20 Aharon Bart St Building C, Petach Tikva 49541448, Israel.

• Storyblok GmbH, Peter-Behrens-Platz 2, Linz 4020, Austria.

• Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France.

• 123FormBuilder, Flavia Palace, Vladimirescu n° 10 Ground Floor, 300195 Timisoara, Romania.

• scireum GmbH, Eisenbahnstr. 24, 73630 Remshalden.

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Except in the cases explained in this privacy policy, we will only disclose personal data to third parties without your express consent if we are required to do so by law or by an official or court order, Art. 6 para. 1 p. 1 lit. c DSGVO.

Which cookies do we use?

On our website we use so-called "cookies". Cookies are small text files that are stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our website. Cookies cannot execute programs or transfer viruses to your end device and therefore cannot cause any damage. With the help of cookies, we can make our offer more user-friendly, more effective and safer for you.

A distinction is made between "session cookies" and "permanent cookies". "Session cookies" are deleted automatically after the end of your browser session. In contrast, "permanent cookies" remain permanently on your terminal device until you delete them. "Permanent cookies" help us to recognize you when you return to our website.

With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when you close the program.

However, we would like to point out that the deactivation of cookies can have the consequence that you can only use our website to a limited extent

Technically necessary cookies

The technical structure of our website requires that we use cookies. Without these cookies, our website cannot be displayed (completely correctly) or the support functions cannot be enabled. These are basically "session cookies", which are deleted after the end of your website visit, but at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. The aforementioned purpose of the data processing also represents our legitimate interest in the data processing.

Technically not necessary cookies

We only use technically unnecessary cookies with your consent. You can select these cookies via the so-called cookie consent tool during your first visit to our website. The functions are only activated in the event of your consent and may serve in particular to enable us to analyze and improve visits to our website, to make it easier for you to use it via different browsers or terminal devices, to recognize you when you visit it again or to serve advertising (possibly also to orient advertising to interests, to measure the effectiveness of ads or to show interest-oriented advertising). The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The revocation of your consent is possible at any time without affecting the permissibility of the data processing until the revocation.

To find out which providers use cookies, please see the information below on the display, tracking, remarketing and web analysis technologies used.

Profiling

To what extent we analyze the behavior of website visitors with pseudonymized user profiles, please refer to the information below on the display, tracking, remarketing and web analysis technologies used.

Use of Google Analytics

Where you have consented, we use the functions of the Google Analytics web analysis service on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies for its services. The personal data collected by the cookies (in particular the IP address) is anonymized and then usually transferred to a Google server in the USA. The data is stored there for 14 months. Deletion takes place automatically once a month after the expiry of this period.

The purpose of using Google Analytics is to analyze the behavior of our users on our website and to make appropriate adjustments. The legal basis for the data processing is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

For more information on terms of use and data protection, please see Privacy Policy - Privacy Policy & Terms of Use - Google.

In addition, you can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You are, of course, free to revoke the use of cookies at any time pursuant to Art. 7 (3) DSGVO. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by setting your browser accordingly. Google provides a deactivation add-on for the most common browsers for this purpose. You can find this under the following link: Browser Add On to deactivate Google Analytics. However, we would like to point out that in this case you may not be able to use all functions of our website.

Use of Google Maps

On our website, we use the map service of Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps offers us the possibility to implement interactive maps on our website. These serve to display our location. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google LLC server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents an overriding legitimate interest on our part within the meaning of Art. 6 (1) p. 1 lit. f DSGVO.

More information on the handling of user data can be found in Google's privacy policy: Privacy Policy - Privacy Policy & Terms of Use - Google.

Embedded YouTube videos

On our website, we use embedded videos from the video platform YouTube, which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA ("YouTube"). YouTube is a platform that enables the playback of audio and video files.

When you call up a corresponding page on our website, the embedded YouTube player establishes a connection to YouTube so that the video or audio file can be transferred and played. In the process, data is also transferred to YouTube as the responsible party. We are not responsible for the processing of this data by YouTube.

For more information about the scope and purpose of the data collected, the further processing and use of the data by YouTube, your rights and the privacy options you can choose, please refer to YouTube's privacy policy. YouTube refers to Google's privacy policy for data protection. You can find this under the following link: Privacy Policy - Privacy Policy & Terms of Use - Google.

Social media plugins

We use so-called social media plugins of various social networks on our website. When using the plugins, your internet browser establishes a direct connection to the servers of the respective social network. This provides the respective provider with the information that your internet browser has accessed the corresponding page of our online offer, even if you do not have a user account with the provider or are not currently logged in to it. Log files (including the IP address) are transmitted by your Internet browser directly to a server of the respective provider and may be stored there. The provider or its server may be located outside the EU or the EEA (e.g. in the USA).

The plugins represent independent extensions of the social network providers. We therefore have no influence on the scope of the data collected and stored by the providers of the social networks via the plugins.

For the purpose and scope of the collection, further processing and use of the data by the social network, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of the respective social network.

Instagram: Meta Data Policy - How Meta Collects and Uses User Data - Privacy Center (instagram.com).

Facebook: Meta data policy - How meta user data is collected and used | Privacy Center (facebook.com).

Twitter: Privacy Policy of Twitter.

YouTube: Privacy Policy - Privacy Policy & Terms of Use - Google.

LinkedIn: LinkedIn Privacy Policy.

Xing: Privacy Policy at XING.

If you do not want the providers of the social networks to receive and possibly store or further use data about this online offer, you should not use the respective plugins.

Facebook Pixel

We use the Facebook pixel on our website. For this purpose, we have implemented a code on our website. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you came to our website through Facebook Ads.

For example, when you view a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Then Facebook deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you yourself are a Facebook user and are logged in, the visit to our website is automatically assigned to your Facebook user account. We want to show our services or products only to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. Thus, Facebook users (if they have allowed personalized advertising) get to see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

Google Tag Manager

For our website we use the Google Tag Manager of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through the Google Tag Manager, we can centrally incorporate and manage code sections from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what the Google Tag Manager does, why we use it and in what form data is processed.

What is the Google Tag Manager?

The Google Tag Manager is an organizational tool that allows us to include and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record (track) your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google-internal products such as Google Ads or Google Analytics, but tags from other companies can also be included and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

As they say, organization is half the battle! And of course, this also applies to the maintenance of our website. In order to make our website as good as possible for you and all the people who are interested in our products and services, we need various tracking tools such as Google Analytics. The collected data from these tools show us what you are most interested in, where we can improve our services and which people we should still show our offers to. And for this tracking to work, we need to embed appropriate JavaScript codes into our website. In principle, we could include each code section of each tracking tool separately in our source code. However, this requires quite a lot of time and it's easy to lose track. That's why we use the Google Tag Manager. We can easily incorporate the necessary scripts and manage them from one place. Moreover, Google Tag Manager offers an easy-to-use interface and you don't need any programming skills. This is how we manage to keep order in our tag jungle.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set any cookies or store any data. It acts as a mere "manager" of the implemented tags. The data is collected by the individual tags of the various web analytics tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

However, the situation is quite different with the embedded tags of the various web analytics tools, such as Google Analytics. Depending on the analysis tool, various data about your web behavior is usually collected, stored and processed with the help of cookies. For this, please read our privacy texts on the individual analysis and tracking tools that we use on our website.

In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this is only about the use and usage of our Tag Manager and not your data stored via the code sections. We allow Google and others to receive selected data in anonymized form. We thus consent to the anonymous sharing of our website data. Which summarized and anonymous data is forwarded exactly, we could not find out - despite long research. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares our own results with those of our competitors. Processes can be optimized on the basis of the information collected.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

What are your rights?

You have the following rights with respect to your personal data vis-à-vis ROTHENBERGER:

• Information about your data stored by us and its processing (Art. 15 DSGVO),
• Correction of incorrect personal data (Art. 16 DSGVO),
• Deletion of your data stored by us (Art. 17 DSGVO),
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
• objection to the processing of your data by us (Art. 21 DSGVO),
• Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO), and
• Revocation of consent to data processing given once (even before the DSGVO applies) (Art. 7 (3) DSGVO).

You can assert all of the data subject rights described above against ROTHENBERGER if you direct your specific request to the following contact details:

Rudolf Fiedler Data Protection Officer DDP Data Protection GmbH Zum Gottschalkhof 2 60594 Frankfurt am Main.

Right of appeal to a data protection supervisory authority

You may lodge a complaint with a data protection supervisory authority at any time if you are of the opinion that we are in breach of the General Data Protection Regulation when processing your personal data. For this purpose, you can usually contact the supervisory authority of your usual place of residence, your place of work or our company.

A list of supervisory authorities (for the non-public sector) with address can be found at: BfDI - Addresses and Links - Anschriften und Links (bund.de).

Which individual case-related right of objection do you have?

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(1)(f) DSGVO; this also applies to profiling based on this provision within the meaning of Article 4(4) DSGVO.

If you object, we will no longer process your personal data unless:

§ we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or

§ the processing serves the assertion, exercise or defense of legal claims.

The objection can be made form-free and should preferably be directed to our data protection officer:

Rudolf Fiedler Data Protection Officer DDP Data Protection GmbH Zum Gottschalkhof 2 60594 Frankfurt am Main.

Change of our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.

This data protection declaration has the status: July 2022.