Privacy Policy

An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

rooom AG
represented by the CEO
Hans Elstner
Löbstedter Str. 47a
07749 Jena
Phone: +49 3641 5549440
Fax: +49 3641 5549450
Mail: info@rooom.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

Data protection officer

We have appointed a data protection officer for our company:

Landgraf Datenschutz GmbH
Markt 22
07743 Jena
dsb@landgraf-datenschutz.de

Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

 

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Data transferred when signing up for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Social media

Share content via plugins (Facebook, Twitter, LinkedIn)

The articles of the rooom help center can be shared on other social networks like Facebook, Twitter, or LinkedIn. This page uses the services of Zendesk, Inc. to offer this feature. This feature establishes direct contact between the networks and users only after users click on one of these buttons. This feature does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Linkedin or Twitter will display an information window in which the user can edit the text before it is sent. Our users can share the content of this page on social networks without their providers creating profiles of users' surfing behavior.

 

Analytics and advertising

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb. The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads.

 

Plugins und Tools

Vimeo

We use Vimeo on our website. The service is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, United States of America. Vimeo is used to display videos on our website.

In this context, the following data is collected and  processed:

  • IP address

  • Browser type

  • Device Information

  • Browser Information

  • Cookie Information

  • Browser language

  • Referrer URL

  • Visited pages

  • Operating system

  • Search query

  • Information from third party sources

  • Information that users provide on this website

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR.. If you do not want the aforementioned data to be collected and processed by Vimeo, you can refuse your consent or withdraw it at any time with effect for the future.

The personal data will be stored for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Vimeo. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

 

Zendesk

On this website we are using the Customer Relationship Management (CRM)  “Zendesk”. Operator of this service is the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. Zendesk is used to integrate contact forms and forward your requests to us. The use of Zendesk is optional. If you do not agree to Zendesk collecting your information, we offer alternative ways to contact you to submit service requests by phone or mail. To use Zendesk, you must provide at least one correct e-mail address. The service can also be used pseudonymously. Your data will not be passed on to any additional third parties. More information about the data processing of Zendesk can be found here

In addition, Zendesk sets cookies. These cookies are cookies that are technically necessary to ensure the technical functionality of the website and to protect the website from bot-driven attacks. 

Regarding the contact forms the following data can be collected and processed:

  • E-mail addresses

  • Names

  • Addresses

  • Phone number

Regarding the cookies the following data can be collected and processed:

  • IP Adresses

If the data collected via contact forms is used to provide contractual services to data subjects, the legal basis for processing is Art. 6 (1)(b) GDPR . Furthermore, Art. 6 (1)(a) GDPR serves as legal basis, provided that you have consented to the data processing.

The data processing that takes place via the cookies is based on art. 6 (1)(f) GDPR — a legitimate interest. Our legitimate interest is that we must ensure the functionality and security of our website.

The personal data will be stored for as long as they are required to fulfil the purpose of processing. The data will be deleted as soon as they are no longer required for the purpose.

Hubspot

On this website we use HubSpot for different purposes. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover different aspects of our Customer Relationship Management (CRM). This includes, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages and contact forms. 

As part of our contact management, the contact data collected by Zendesk is also processed in Hubspot. In this way, contact requests to the Help Center can be assigned to specific companies or customers. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our Customer Relationship Management (CRM). 

More information about the Privacy Policy can be found here. More information about Hubspots  regarding the EU-Data Protection Regulations can be found here.

As part of the optimization of our contact management activities, Hubspot may collect and process the following data:

  • E-mail addresses
  • Names
  • Addresses
  • Phone number

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Hubspot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis.

Up-to-dateness and change of this data privacy policy

This privacy policy is valid as of January 2023.

As a result of the further development of our website and offers thereof or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed on the website at any time.

Cookie List