Data protection and information security are part of our corporate policy. Rodenstock takes the protection of your personal data very seriously and is committed to ensuring that it is processed in confidence in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. In the following, we would therefore like to inform you which of your personal data we collect when you visit our website and for what purposes it is used. The terms used are not gender-specific.
1. Responsible body and data protection officer
Responsible for the processing of personal data on the website is:
D - 80687 Munich
If you have any questions regarding the processing of your personal data, as well as your rights regarding data protection, please contact:
- Data Protection Officer -
D - 80687 Munich
2. The nature and purposes of and the legal basis for data processing
We process personal data that we collect about you in the course of using our website or our business relationship, e.g. your contacting us.
a) Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:
• IP address of the requesting device
• Date and time of the request - address of the website accessed and the requesting website
• Details of the browser and operating system used
• Online identifiers (e.g. device identifiers, session IDs)
The data processing of this access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above in order to compile statistical information on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and to generally maintain our website administratively. The legal basis is Art. 6 para. 1 lit. b GDPR.
The information stored in the log files does not allow any direct inference to your person - in particular, we only store the IP addresses in shortened, anonymized form. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
Log file information is stored for a maximum of 7 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
b) Contacting us / contact forms
You have various options for contacting us. These include the contact form and contacting us by e-mail. In this context, we process data exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b GDPR. We process the personal data received from you for contacting us only until we have conclusively answered your enquiry. Beyond that, we only store personal data for the assertion of or defense against legal claims or as long as there are legal obligations to store it.
c) Online appointment request to our partner opticians
You have the option of submitting online appointment requests to our partner opticians via our website. We collect the following data when you make an appointment: First and last name, e-mail address, telephone number, desired date and time period. In addition, you can send a message and the product names that you have placed on your watch list to the partner optician. The purpose of the data collection is the appointment request and setting of an appointment (pre-contractual measure) with the partner optician. All data collected in this process will not be stored and processed by Rodenstock, but by the partner optician requested. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
d) Application procedure
You can apply to us for open positions via our application management system. We process personal data relating to you for the purpose of your application for a current or future employment relationship, insofar as this is necessary for the decision on the establishment of a current or future employment relationship with us.
The legal basis for this is Art. 6 Para. 1 lit. b GDPR, § 26 Para. 1 Federal Data Protection Act. Furthermore, we may process personal data relating to you insofar as this is necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a duty to provide evidence in legal proceedings. Insofar as an employment relationship between you and us is established, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 6 Para. 1 lit. b GDPR, Section 26 Para. 1 Federal Data Protection Act, among other things if this is necessary for the implementation or termination of the employment relationship. In this case, you would then receive separate notes and information on data protection.
We process data related to your application. This may be general personal data (such as name, address and contact details), details of your professional qualifications and school education or details of further professional training or other details that you provide to us in connection with your application. In addition, we may process job-related information that you have made publicly available, such as a profile on professional social media networks.
e) Integrated third-party services
Insofar as we integrate services of other providers (third parties) in the context of the use of our website in order to offer you certain content or functions (e.g. the playing of videos) and we process personal data in the process, this is done on the basis of Article 6 (1) lit. b and f GDPR. Such data processing is then necessary in order to implement the functions you have selected or to safeguard our legitimate interest in an optimal functional scope of the website. Insofar as cookies may be used within the scope of these third-party services, the explanations under point II lit. f apply. Please also refer to the data protection declaration of the respective provider with regard to the third-party services.
Services of other providers that we integrate or to which we refer are provided by the respective third parties. As a matter of principle, we have no influence on the content and function of the third-party services and are not responsible for the processing of your personal data by their providers, unless the third-party services are designed entirely on our behalf and then integrated by us under our own responsibility. Insofar as the integration of a third-party service leads to us establishing joint processes with its provider, we will stipulate with this provider in an agreement on joint responsibility pursuant to Art. 26 of the GDPR how the respective tasks and responsibilities for the processing of personal data are structured and who fulfils which data protection obligations.
Unless otherwise stated, profiles on social media are only included in our online offer as a link to the corresponding third-party services. After clicking on the integrated text/image link, you will be redirected to the offer of the respective social media provider. After the redirection, personal data may be collected directly by the third-party provider. If you log into your user account of the respective social media provider during this process, the provider may be able to assign the collected information of the specific visit to your personal user account. If you would like to prevent the collected information from being directly assigned to your user account, you must log out before clicking on the integrated text/image link.
f) Cookies and comparable technologies
3. Disclosure of personal data to third parties and processors
As a matter of principle, we do not pass on any personal data to third parties without your consent. If, in the course of processing, we nevertheless disclose your data to third parties, transmit it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal grounds. We transmit data to payment service providers, for example, if this is necessary for the performance of the contract. If we are obliged to do so by law or by court order, we must transfer your data to bodies entitled to receive information.
We use service providers to process your data in certain cases. If data is passed on within the scope of such commissioned processing, this is done on the basis of Art. 28 GDPR.
4. Data transfer to third countries
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed. If we process data in a third country (i.e. outside the European Union or outside the European Economic Area) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, the transfer only takes place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, an adequate level of data protection for your data has been guaranteed by contractual agreements with the data recipient (copy available on request) or we have been given your consent to do so or we are legally obliged to do so under applicable law.
5. Data storage
As a matter of principle, we only store personal data for as long as they are necessary for the purposes described in the section "Type and purposes as well as legal basis of data processing", this is necessary for the provision of our services to you or we have a legitimate interest in the continued storage. In addition, we are subject to various storage and documentation obligations. Please note that retention periods vary from country to country and are determined in accordance with local legal and professional retention periods. Under certain circumstances, your data must also be retained for longer, e.g. if this is ordered by the authorities or a court.
6. Your rights
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right of objection: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right of revocation for consents: You have the right to revoke any consent you have given at any time.
Right to information: You have the right to receive information about the data we have stored about you.
Right of correction and deletion: You can demand that we correct incorrect data and - insofar as the legal requirements are met - delete your data.
Restriction of processing: You can request us - provided the legal requirements are met - to restrict the processing of your data.
Data portability: If you have provided us with data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the data you have provided in a structured, common and machine-readable format or that we transfer it to another responsible party.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular a supervisory authority in the Member State where you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, in accordance with Article 77 of the GDPR, if you consider that the processing of personal data concerning you infringes the GDPR.
7. Data security
We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, use or alteration and against unauthorized disclosure or access. These are adapted to the current state of the art in each case. To secure the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.
Version: May 2022
You will shortly receive an email confirming the data that has been sent to the optician. The optician will contact you directly to set-up your appointment.BACK TO HOME
Please try again.