Privacy policy

The protection of your privacy when using our website is particularly important to us. In the following, we therefore inform you about the collection of anonymous and personal data.

1. Provider / responsible person in terms of data protection

This website is a service of the company:

represented by the managing director Mr. Apostolos Papaefthymiou, registered in the Registry Agency Blagoevgrad Office under the registration number 206959327

2. Data protection officer

3. Competent supervisory authority

Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., BG - Sofia 1592, Phone: +359 2/91-53-519, Email: kzld@cpdp.bg, Homepage: https://www.cpdp.bg

4. Basic principles

Your personal data (e.g. title, name, address, e-mail address, telephone number, bank details, credit card number) will be stored and processed by us in compliance with the relevant statutory data protection regulations, in particular the Data Protection Regulation - DSGVO, the Federal Data Protection Act (BDSG) and other data-related laws - e.g. the Telecommunications Telemedia Data Protection Act (TTDSG).

According to the DSGVO and other regulations, data processing and use is only permitted if the DSGVO or another legal regulation expressly permits it or if the data subject consents (prohibition with reservation of permission). According to these legal bases, data processing and use is only permitted in particular if,

a) the data subject has given his consent to the processing of personal data concerning him for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract at the data subject's request;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Accordingly, we use and process your personal data only within the permissible scope of contract processing or if you have given informed consent.

As a matter of principle, we do not pass on your personal data, including your address and e-mail address, to third parties. Exceptions to this are our service partners who require the transmission of data for the processing of the contractual relationship or if we have expressly indicated this. In these cases, however, the scope of the transmitted data is always limited to the minimum required.

5. Anonymous data collection

In principle, you can visit our website without telling us who you are. We only learn

- the name of your internet service provider

- the website from which you visit us (referrer URL)

- the pages of our website that you visit

- the date and time of your visit and the amount of data transferred

- message about successful retrieval

- browser type and version of the requesting computer/end device

- the operating system of the requesting computer/end device

- the IP addresses of the requesting computer/end device

This information is only evaluated for statistical purposes. As an individual user, you will remain anonymous, and a combination with your personal data will of course not take place unless you have expressly consented to this or one of the cases listed below applies.

6. Collection of personal data when visiting our website and using our services in general.

Personal data is only collected by us if you provide it voluntarily and of your own accord. This may be the case, for example, when placing an order, entering a competition or creating a customer account, where it is necessary to provide personal data. In such cases, we generally only collect the data that we are legally authorized to collect and that is absolutely necessary for the fulfillment of the services requested by you (for example, in the case of ordering processes, this would generally be your name, address, telephone number and e-mail address; when registering for the newsletter, for example, only your e-mail address). If we collect personal data from you (for example, via a contact or order form), then you must always provide only the required data. The mandatory data fields are marked with an asterisk. All additional data provided by you is purely voluntary and does not have to be disclosed by you. If you nevertheless provide this data, then by disclosing it you give us your consent that we may also store and process this data of yours for the purpose stated in each case; in some cases we also request your express consent for purposes under data protection law that require express consent, which you can of course give voluntarily, is not tied to any further requirements and can be revoked at any time for the future.

For the highest possible security of your data, these are transmitted via TLS encryption in encrypted form. This is to prevent misuse of the data by third parties. Your data will only be stored and processed by us on servers within the European Union. A transmission to third countries does not take place, unless we are entitled and/or obliged to do so by law or you have expressly consented to this beforehand. However, these cases are then also clearly marked in each case.

7. Data processing for the performance of the contract

7.1 Purpose of processing

Within the scope of, for example, our ordering process, you provide us with your personal data. The mandatory data marked with an "asterisk" in this context is personal data that is required for the conclusion of a contract with us. Of course, you are not obliged to provide your personal data. However, without your communication of the required data (in the case of an order, for example, your address), we can not provide the service requested by you (eg delivery of ordered goods). In the case of some payment procedures, we require the necessary payment data in order to pass them on to a payment service provider commissioned by us. The processing of your data entered in the ordering process is therefore always for the purpose of fulfilling the contract.

7.2 Legal basis

The legal basis for this processing is Art. 6 para. 1 b) DSGVO.

7.3 Recipient categories

Payment service providers (e.g. PayPal), shipping service providers (e.g. DHL), if applicable merchandise management system, if applicable suppliers (dropshipping).

A transfer of your personal data to third parties for purposes other than those listed below does not take place. In particular, no transfer to third parties, e.g. for advertising purposes, will take place without your express consent.

We will only share your personal data with third parties if:

• you have given your express consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO;
• this is necessary pursuant to Art. 6 para. 1 p. 1 lit. b) DSGVO for the processing of contractual relationships with you, e.g. to credit institutions for the processing of contractually agreed payments or, in the event of non-performance of contractually agreed payments, to lawyers and legal services companies (e.g. debt collection companies) for the purposes of legal enforcement;
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 (1) p. 1 lit. c) DSGVO; or
• the disclosure according to Art. 6 para. 1 p. 1 lit. f) DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

7.4 Storage period

We store the data required to process the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods.

We retain the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. § 257 HGB, § 147 AO).

We delete e-mail addresses that we receive solely for the purpose of sending newsletters as soon as you unsubscribe from the newsletter.

8. Customer account

You have the possibility to create a customer account with us. This gives you the opportunity, for example, to perform a quick check-out at the next order or to view your orders. Of course, you are not obliged to create a customer account with us and can also order goods without a customer account. Accordingly, the legal basis for the opening of the customer account is Art. 6 para. 1 lit a) DSGVO. If you wish to have a created customer account deleted, simply send us a corresponding message to: info@rog-one.com

For the creation of a customer account, the provision of personal data is required. Here, the mandatory information is marked with an asterisk. As mandatory information, we collect only the e-mail address and a password of your choice. Of course, you are not obliged to provide further personal data. Without this information (for example, your address), we can not send you your ordered items. We need your address in order to forward the shipment to a shipping service provider commissioned by us, who will deliver the ordered items to you. The legal basis for this processing is Art. 6 para. 1 lit. b) DSGVO.

9. PayPal / Check-Out with PayPal

On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments as well. PayPal also assumes trustee functions and offers buyer protection services. PayPal still has the status of a bank, at least in some countries, and is therefore subject to different or extended legislation.

If you select "PayPal" as a payment option during the ordering process in our online store, data is automatically transmitted to PayPal. This is data that is necessary for the fulfillment of the contract, but especially for the processing of the payment via PayPal. By selecting this payment option, you consent to the transmission of personal data to PayPal required for payment processing. Thus, the legal basis is your consent in accordance with Art. 6 para. 1 lit. a) DSGVO. The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, phone number, cell phone number or other data necessary for payment processing. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order, e.g. the billing address. If you check out with PayPal in the shopping cart, PayPal will provide us with personal data that you have stored in your PayPal account. We need this personal data so that we can send you your items. This is usually the following information: Last name/ first name, address, phone number, email address. However, the exact scope depends on your account configuration at PayPal.

The transmission of data is for the purpose of payment processing and fraud prevention. The personal data transferred to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf. You have the option to revoke your consent to the handling of your personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing. The legal basis for this processing is Art. 6 para. 1 lit. a) and b) DSGVO. For more information on the processing of your personal data by PayPal and on the subject of data protection, please refer to the applicable data protection notices of PayPal, which can be found under the following link: https://www.paypal.com/de/
webapps/mpp/ua/privacy-full

10. Use of cookies

We use cookies to make visiting our website attractive and to enable the use of certain functions. Cookies are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session or when you log out (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent cookies). These permanent cookies are stored for different periods of time. When you visit our website for the first time, we will show you a pop-up (a so-called cookie manager) with an explanation of the cookies we use. Once you click "Accept", you give us your consent to use all the cookies, plugins and services described in this cookie manager and in the associated privacy notices. You can disable the use of cookies via your browser at any time. Please note that our website may not function properly if you do so. Should you wish to adjust your already saved selection of cookies and thus revoke any consent given in the past for the future, you can manually manage the settings for the use of cookies in your browser and also delete them. If you delete all cookies, you will be asked to adjust your cookie settings again the next time you visit our website. Detailed instructions on how to adjust cookie settings for the most popular browsers can be found at the following links:

Mozilla Firefox:
https://support.mozilla.org/de/kb/
cookies-und-website-daten-in-firefox-loschen?redirectlocale=de&redirectslug=
Cookies+l%C3%B6schen

Microsoft Edge:
https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

Google Chrome:
https://support.google.com/chrome/
answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Apple Safari:
https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera:
https://help.opera.com/de/latest/web-preferences/

11. Shopify

To operate our online store, we use the Shopify platform, a service developed and operated by Shopify Inc. 1266 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 (hereinafter referred to as "Shopify"). Shopify provides an e-commerce platform through which we offer our goods for sale. Shopify stores your data on a secure server. If you are a resident of the EU, the European Economic Area (EEA) or Switzerland, your data is processed and stored in Ireland by Shopify International Ltd. However, Shopify points out that, as part of a smooth service, data may also be transferred to other regions, including the USA and Canada. Shopify strictly adheres to the agreement between the EU and the USA or the Switzerland - USA agreement on data collection and use. In addition, Canada is a country that has an adequate level of data protection in accordance with Art. 45 DSGVO (data transfer on the basis of an adequacy decision).

When you call up our homepage, Shopify sets cookies. These are small text files that are stored on your internet browser or by the internet browser on your computer system. If you as a user call up a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The cookies are set to make our website user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: Name, language and region. In addition, the cookies enable an analysis of the surfing behavior. In this way, the following data can be transmitted: search terms entered, frequency of page views and the use of website functions.

The data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the called user is no longer possible. The data is not stored together with other personal data of the users.

Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser on your next visit (persistent cookies). Cookies are stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Cookies that have already been stored can be deleted at any time. This can be done automatically. If cookies are not accepted, the functionality of our website may be limited.

If you select a direct payment portal to complete your purchase, Shopify stores your credit card data. Your personal data is encrypted during the ordering process and transmitted over the Internet using PCI-DSS (Payment Card Industry Data Security Standard). Your purchase transaction data is stored only as long as necessary to complete the transaction. After that, your purchase transaction data will be deleted. The legal basis is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO in an efficient and secure processing of all purchases in our store and a visually appealing presentation of our offers. More information can be found in the Shopify privacy policy at the following link: https://www.shopify.de/legal/
datenschutz

12. Shopify Analytics

We use the Shopify Analytics tool on our website to analyze the surfing behavior of our users. The provider is Shopify International Ltd, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as "Shopify"). The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. When visiting this website, you will be asked to specify your privacy settings. Here you have the option to agree or decline the use of Shopify Analytics. Accordingly, the legal basis is your consent according to Art. 6 para. 1 lit. a) DSGVO. If individual pages of our website are accessed, the following data is collected and stored anonymously via Shopify Analytics:

- Two bytes of the IP address of the calling system of the user

- The website called up

- The website from which the user accessed the accessed website (referrer)

- The subpages that are accessed from the accessed website

- The time spent on the website

- The frequency with which the website is accessed

The data is not passed on to third parties. The data will be deleted as soon as it is no longer required for our recording purposes, but at the latest after 3 years. For more information, please see Shopify's privacy policy at the following link: https://www.shopify.com/legal/privacy

13. Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (hereinafter "Cloudflare") to increase the security and delivery speed of the content of our website. In doing so, Cloudflare uses cookies and processes user data. Cloudflare offers a so-called Content Delivery Network and various security services. A Content Delivery Network (also called "CDN" is a network of globally distributed and interconnected servers. This allows websites to load faster. When you visit our website, a load balancing system ensures that the largest portions of our website are delivered by the server that can display that content to you the fastest. The distance of data transfer to your browser is significantly shortened by a CDN (and so is the loading time of the website).

In addition, Cloudflare also offers various security services, such as DDoS protection or web application firewall. This also includes a so-called reverse proxy and the Content Delivery Network. Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website in local data centers and blocking spam software, Cloudflare allows us to reduce our bandwidth usage by approximately 60%. Additionally, the average website load time is reduced by approximately half. According to Cloudflare, the "I'm under Attack Mode" setting can mitigate further attacks by displaying a JavaScript computational task to solve before a visitor can access the website. Thus, by using Cloudflare, our website becomes much more powerful and less vulnerable to spam or attacks. Thus, the legal basis for this processing is our legitimate interest under Art. 6 (1) (f) DSGVO in optimizing our website and increasing the security of our website.

Please note that Cloudflare may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you potentially having any legal recourse. You may also not even receive any information about this. According to Cloudflare, your data may be transferred to the countries listed below. This may be for various purposes, such as storage or processing:

• USA

In general, Cloudflare stores the processed user data for less than 24 hours, but not more than 7 days. However, if an IP address triggers a security alert at Cloudflare, there may be exceptions to the storage period listed above in this case. According to Cloudflare, the storage of data is anonymized and without personal data. You can completely prevent the entire collection and processing of your data by Cloudflare by disabling the execution of script code in your browser or by installing a so-called script blocker in your browser. According to Cloudflare, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Cloudflare can be found on the following Cloudflare website: https://www.cloudflare.com/de-de/privacypolicy/?tid=33166919444

14. Consent manager GDPR legal cookie

We use the cookie consent management tool "GDPR Legal Cookie" for Shopify for our website. Service provider is the German company beeclever GmbH, Universitätsstraße 3, 56070 Koblenz, Germany. With this manager, we can document consents given by you (e.g. in the use of certain services and functions on our website) in a legally secure manner. This is also our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO.

You can learn more about the data processed through the use of GDPR Legal Cookie in the privacy policy at https://gdpr-legal-cookie.com/pages/datenschutzerklarung 

15. Google Tag Manager

We use the "Google Tag Manager" on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The Google Tag Manager is a tag management system. It allows the User to update measurement codes and related code fragments, collectively referred to as "Tags", on the User's website or mobile app. The Google Tag Manager tool that implements the tags is a cookie-less domain and does not itself collect any personal data. The Google Tag Manager provides for the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with the Google Tag Manager. When visiting this website, you will be asked to set your privacy preferences. Here you have the option to agree to the use of the Google Tag Manager service or to reject it. Accordingly, the legal basis for this processing is Art. 6 para. 1 lit. a) DSGVO. The following data is processed when using the Tag Manager:

Aggregated tag triggering data.

If you are logged into your Google account, you enable Google to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Google account. In addition, the use of the Google Tag Manager results in a transfer of this data to the following recipients:

• Google Ireland Limited
• Alphabet Inc.
• Google LLC

Google may additionally transfer the collected data to another country. Please note that Google may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. You may also not even receive any information about this. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, such as storage or processing:

• United States of America
• Singapore
• Chile
• Taiwan

If you want to prevent data transfer, you can reject the Google Tag Manager functions. Regardless of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating embedded content, as this allows you to avoid an assignment to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de

16. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). Google Analytics uses so-called "cookies", which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. When visiting this website, you will be asked to specify your privacy settings. Here you have the option of agreeing to the use of the Google Analytics service or rejecting it. Accordingly, the legal basis for this processing is Art. 6 para. 1 lit. a) DSGVO. As soon as you agree to the use of Google Analytics on our website, a connection to Google's servers is established. In the process, the Google server is informed of the following information:

• App updates
• Click path
• Date and time of visit
• Device information
• Downloads
• Flash-Version
• Location information
• IP address
• JavaScript support
• Pages visited
• Purchase activity
• Referrer URL
• Usage data
• Widget interactions
• Browser information

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, the use of Google Analytics results in a transfer of this data to the following recipients:

• Google Ireland Limited
• Alphabet Inc.
• Google LLC

Google may additionally transfer the collected data to another country. Please note that Google may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. You may also not even receive any information about this. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, such as storage or processing:

• United States of America
• Singapore
• Chile
• Taiwan

Furthermore, Google stores various cookies on your terminal device. With the help of these cookies, Google can obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies remain on your terminal device for up to 2 years. Below is an overview of the cookies that may be associated with the use of Google Analytics:

Name: _ga
This is used to distinguish users.
Typ: cookie
Storage period: 2 years

Name: _gid
This is used to distinguish users.
Type: cookie
Storage time: 1 day

Name: _gat
This is used to throttle the request rate.
Type: cookie
Storage time: 1 minute

Name: _dc_gtm_xxx
This is used to distinguish users.
Type: cookie
Storage time: 1 minute

Name: _gat_gtag_xxx
This is used to distinguish users.
Type: cookie
Storage time: 1 minute

Name: _gac_xx
This contains information about which ad was clicked.
Type: cookie
Storage time: 2 months, 29 days

Name: IDE
This ID allows Google to recognize the user across different websites and domains and display personalized ads.
Type: cookie
Storage period: 1 year

If applicable, the use of Google Analytics may trigger further data processing operations over which we have no control. If you wish to prevent data being passed on, you can refuse the Google Analytics functions. Regardless of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating embedded content, as this allows you to avoid an assignment to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: https://www.google.de/intl/de/
policies/privacy

17. Google reCAPTCHA

We use "Google reCAPTCHA" on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). We use Google reCAPTCHA to check whether the input in our forms is made by a human or improperly by automated, machine processing. This is also our legitimate interest for the use of Google reCAPTCHA. The legal basis is therefore Art. 6 para. 1 lit. f) DSGVO. Google reCAPTCHA is a free captcha service that protects websites from spam software and abuse by non-human visitors. Most often, this service is used when you fill out forms on the Internet. A captcha service is a kind of automatic test designed to ensure that an action on the Internet is performed by a human and not a bot. Classic captchas work with small tasks that are easy for humans to solve, but present significant difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here, you only need to check the "I am not a robot" text box, or with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is included in the source code and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate even before the captcha is entered how likely you are to be a human. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. According to Google, the IP address is not merged with other Google data unless you are logged in with your Google account while using reCAPTCHA. The following list provides an overview of which personal data may be processed by Google when using reCAPTCHA:

• Referrer URL (the address of the page from which the visitor comes)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (e.g. Windows, Mac OS X or Linux)
• Cookies
• Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
• Date and language settings (which language or date you have preset on your PC is saved)
• All JavaScript objects
• Screen resolution (shows how many pixels the image display consists of)

Google may additionally transfer the collected data to another country. Please note that Google may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. You may also not even receive any information about this. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, such as storage or processing:

• United States of America

Furthermore, reCAPTCHA stores various cookies on your terminal device. With the help of these cookies, Google can obtain information about visitors to this website. These Below is an overview of the cookies that may be associated with the use of Google reCAPTCHA:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpg
Xoy1K-pAZtAkMbHI-331669209164-8
Purpose: This cookie is set by the DoubleClick company (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics about website usage and measures conversions. For example, a conversion occurs when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month

Name: ANID
Value: U7j1v3dZa3316692091640xgZFmiq
WppRWKOr
Purpose: We could not find out much info about this cookie. Google's privacy policy mentions the cookie in the context of "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under domain google.com.
Expiration date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use different services provided by Google. CONSENT is also used for security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: NID
Value: 0WmuWqy331669209164zILzqV_
nmt3sDXwPeM5Q
Purpose: NID is used by Google to customize ads to your Google searches. With the help of the cookie, Google "remembers" your most typed search queries or your previous interaction with ads. This way, you always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Expiration date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc
331669209164-4
Purpose: Once you tick the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.
Expiration date: after 10 minutes

If necessary, the use of Google reCAPTCHA may trigger further data processing operations over which we have no control. Regardless of this, we recommend that you regularly log out of your user account after using a social network, in particular before activating integrated content, as this will help you to avoid an assignment to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: https://www.google.de/intl/de/
policies/privacy

18. Google Ads

We use "Google Ads" (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. When visiting this website, you will be asked to specify your privacy settings. Here you have the option to agree or decline the use of the Google Ads service. Accordingly, the legal basis for this processing is Art. 6 para. 1 lit. a) DSGVO. As soon as you agree to the use of Google Ads on our website, a connection to Google's servers is established. In the process, the Google server is informed of the following information:

• Viewed ads
• Cookie ID
• Date and time of visit
• Device information
• Geographic location
• IP address
• Search terms
• Advertisements displayed
• Customer ID
• Impressions
• Online identifiers
• Browser information

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, the use of Google Ads results in the transfer of this data to the following recipients:

• Alphabet Inc.
• Google LLC
• Google Ireland Limited

Google may additionally transfer the collected data to another country. Please note that Google may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. You may also not even receive any information about this. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, such as storage or processing:

• Chile
• Singapore
• United States of America
• Taiwan

Furthermore, Google stores various cookies on your terminal device. With the help of these cookies, Google can obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies remain on your device for up to one year. These are the cookies listed below:

Name: test_cookie
Description: This is set as a test to verify that the browser allows cookies to be set. Does not contain any identifiers.
Type: cookie
Storage time: 15 minutes
Domain: doubleclick.net

Name: IDE
Description: Contains a randomly generated user ID. Using this ID, Google can recognize the user across domains on different websites and display personalized ads.
Type: cookie
Storage period: 1 year
Domain: doubleclick.net

If applicable, the use of Google Ads may trigger further data processing operations over which we have no control. If you want to prevent data transfer, you can refuse the functions of Google Ads. Regardless of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating embedded content, as this allows you to avoid an assignment to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: http://www.google.de/intl/de/
policies/privacy

19. Facebook Pixel

To recognize your user behavior, we use the "visitor action pixel" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook") within our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This is used to monitor and analyze the effectiveness of our Facebook ads for statistical and market research purposes. When visiting this website, you will be asked to set your privacy preferences. Here you have the option to agree or decline the use of the Facebook Pixel. Accordingly, the legal basis for this processing is Art. 6 para. 1 lit. a) DSGVO. As soon as you agree to the use of the Facebook Pixel on our website, a connection to Facebook's servers is established. Below you will find all (personal) data collected during or through the use of the service:

• Viewed advertisements
• Viewed content
• Device information
• Geographic location
• http header
• Interactions with advertisements, services and products
• IP address
• Clicked items
• Marketing information
• Non-confidential custom data
• Pages visited
• Pixel ID
• Referrer URL
• Marketing campaign success
• Usage data
• User behavior
• Facebook cookie information
• Facebook user ID
• Usage/click behavior
• Browser information

Although we can only recognize this data in anonymized form, this data is also stored and processed by Facebook. What exactly Facebook does with this data is not known to us, but it can be assumed that Facebook can and will link this data to your Facebook account. Thus, Facebook can use this information for the purpose of advertising, market research and demand-oriented design of the Facebook pages. For this purpose, Facebook and its partners create usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. To do this, Facebook uses various means to store information on a user's device, as listed below:

Name: _fbp
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: act
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: c_user
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: datr
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: fr
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: m_pixel_ration
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: pl
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: presence
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: sb
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: spin
Description: Cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: wd
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Name: xs
Description: cookie from Facebook for website analytics, ad targeting and ad measurement.
Type: cookie
Storage period: 1 year
Domain: facebook.com

Facebook may transfer the collected data to another country. Please note that Facebook may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for monitoring and surveillance purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:

• Singapore
• United Kingdom
• United States of America

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy, which can be found at the following link: https://de-de.facebook.com/privacy/explanation. You can find further information on the subject of cookies on Facebook here: https://de-de.facebook.com/privacy/explanation.

20. Klaviyo

We use "Klaviyo" on our website, a service for our email marketing. The service provider is the American company Klaviyo, 125 Summer St, Boston, MA 02110, USA. If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. We use the so-called double opt-in procedure to ensure that the newsletter is sent with your consent. In the course of this, the potential recipient allows himself to be included in a distribution list. Subsequently, the user is given the opportunity to confirm the registration in a legally secure manner by means of a confirmation e-mail. Only if the confirmation is received, the address will be actively added to the distribution list. Please note that Klaviyo also processes your personal data in the USA, among other countries. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of the data processing. The legal basis for this processing is your consent pursuant to Art. 6 (1) a) DSGVO. We will use your personal data provided in the registration process to send you our newsletter until you revoke your consent with effect for the future (point 20 of this privacy policy).

Klaviyo uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Klaviyo undertakes to comply with the European level of data protection when processing your personal data, even if the data is stored, processed and managed in the USA. You can learn more about the data processed through the use of Klaviyo in the Privacy Policy at https://www.klaviyo.com/legal/privacy-policy .

21. Revocation of your consent

If you have given us your consent under data protection law for certain data uses and/or services, you can of course revoke this consent at any time with effect for the future. For this purpose, a simple message to the address given below is sufficient:

Pure Fume EOOD
14 Hristo Smirnenski Street
2850 Petrich
Bulgaria
Phone: +359 87 7202117
Email: info@rog-one.com
Internet: www.rog-one.com

22. Your rights as a data subject

You have various rights as a data subject in relation to your personal data. We have taken appropriate measures as a controller here to provide you as a data subject with all information pursuant to Articles 13 and 14 of the GDPR and all notifications pursuant to Articles 15 to 22 and Article 34 of the GDPR that relate to the processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language; this applies in particular to information specifically aimed at children. The information shall be provided in writing or in another form, including electronically where appropriate. If requested by you, the information may also be provided orally, provided that your identity as a data subject has been proven in another form.

Among other things, you are of course entitled at any time to request information in writing or electronically about the data stored about you and its origin, the recipient(s) to whom data is disclosed and the purpose for which it is stored. In addition, you have the right to demand that incorrect data be corrected and, if the legal requirements for this are met, that your data be deleted or blocked. For this purpose, a simple message to the following address is sufficient

Address:
Pure Fume EOOD
14 Hristo Smirnenski Street
2850 Petrich
Bulgaria
Phone: +359 87 7202117
Email: info@rog-one.com
Internet: www.rog-one.com

In detail, you have mentioned the following rights:

22.1 Right to confirmation and information

You may request confirmation from us as to whether personal data concerning you is being processed by us.

If we process data from you, you can request information from us about the following:

a) the purposes for which the personal data are processed;

b) the categories of personal data which are processed;

c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;

e) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by us or a right to object to such processing;

f) the existence of a right of appeal to a supervisory authority;

g) any available information about the origin of the data, if the personal data are not collected from the data subject;

h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, you have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

22.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis us if the processed personal data concerning you are inaccurate or incomplete. We must, of course, carry out the rectification without delay.

22.3 Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

a) if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data;

b) if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

c) if we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or

d) if you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds to which we are entitled outweigh your grounds.

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed by us or by authorized third parties with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

22.4 Right to deletion

a.) Obligation to delete

You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay, provided that one of the following reasons applies:

I. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

II. you revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.

III. you object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.

IV. The personal data concerning you have been processed unlawfully.

V. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

VI. the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

b.) Information to third parties

If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, such personal data.

c.) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

I. for the exercise of the right to freedom of expression and information;

II. for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

III. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;

IV. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

V. for the assertion, exercise or defense of legal claims.

22.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against us to be informed about these recipients.

22.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance, provided that

a) the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and

b) the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from us to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

22.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

22.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

22.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a.) is necessary for the conclusion or performance of a contract between you and us,

b.) is permissible on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or

c.) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in a.) and c.), we take appropriate measures to protect the rights and freedoms as well as your legitimate interests.

22.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

23. Email advertising

If you have separately subscribed to the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than the transmission costs according to the prime rates of your access provider. You can unsubscribe at any time directly via the corresponding link in the newsletter or by sending an email to info@rog-one.com.

24. Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions - in particular retention periods - remain unaffected. You can revoke your consent given in this context at any time with effect for the future. Please address the revocation to the contact data provided below (item 25 of this privacy policy).

25. Further information

If you have further questions or suggestions on the subject of "data protection" with us or if you wish to receive information about your data or to correct or delete it, please write by e-mail or letter to:

Pure Fume EOOD
14 Hristo Smirnenski Street
2850 Petrich
Bulgaria
Phone: +359 87 7202117
Email: info@rog-one.com
Internet: www.rog-one.com

 

Petrich, November 2021