1. Purpose of processing personal information

'rowa-korea.com' or 'ROWA Korea Co., Ltd.' furthermore known as ROWA Korea processes personal information for the following purposes and does not use it for any purpose other than.

When using customer inquiries, personal information is processed for the purpose of providing content, checking inquiries, contacting for fact-finding, notification, and notification of processing results.

2. Processing and retention period of personal information

ROWA Korea processes and retains personal information within the period of retention and use of personal information agreed upon when collecting personal information from the data subject or the period of retention and use of personal information pursuant to laws and regulations.

The specific processing and retention period of personal information is as follows.

Website customer center: One year from the date of notification of results until user-written posts are deleted.

However, in the following cases, until the end of the relevant reason or period.

• In the case where an investigation, research, etc. is in progress for violation of related laws and regulations, the relevant investigation and research are completed.
• Storage of communication fact confirmation data pursuant to Article 41 of the Communications Secret Protection Act (computer communication, Internet log record data, access destination tracking data: 3 months)
• Keeping identification information under Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communication Network Utilization and Information Protection: Six months after the posting of information on the bulletin board is completed.

3. Provision of personal information to a third party

ROWA Korea processes the personal information of the data subject only within the scope specified in Article 1 (Personal Information Processing Purpose), and provides personal information to third parties only if it falls under Article 17 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the law.

4. Personal information processing consignment

For the smooth processing of personal information, "ROWA Korea" entrusts the processing of personal information as follows.

A. Consignment of website and system management: ROWA GROUP Holding GmbH, Germany, www.rowa-group.com 

In accordance with Article 25 of the Personal Information Protection Act, when signing a consignment contract, "ROWA Korea" stipulates responsibilities such as prohibition of processing personal information other than the purpose of consignment, technical and managerial protection measures, re-consignment restrictions, management and supervision of trustees, and damages.

If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay.

5. The rights, obligations, and methods of exercising them of the data subject may exercise the following rights as a personal data subject.

The data subject may exercise the following rights related to the protection of personal information at any time regarding ROWA Korea.

• Request for Personal Information Access
• Request for correction if there is an error, etc
• Request for deletion
• Request to stop processing

The exercise of the rights under paragraph 1 may be made to the company in writing, by telephone, by e-mail, by copy (FAX), etc., and the company will take action without delay.

If the data subject requests correction or deletion of an error in personal information, the company will not use or provide the personal information until the correction or deletion is completed.

The exercise of rights under paragraph 1 may be made through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Regulations of the Personal Information Protection Act.

The data subject shall not infringe on the personal information and privacy of the data subject or others that the company is processing in violation of related laws such as the Personal Information Protection Act.

6. Items of personal information to be processed

'ROWA Korea' is processing the following personal information items.

• [Customer Inquiry]
  • Required items: first name, last name, email address, company address, company name, contact information, fax, country name
• [Other]
  • In the process of using the Internet service, the following personal information items can be automatically generated and collected: (IP address, service usage record, visit record, etc.)

7. the destruction of personal information

I. Disposal procedures

The information entered by the user is transferred to a separate DB after achieving the purpose (separate documents in the case of paper) and stored for a certain period of time in accordance with the internal policy and other related laws and then immediately destroyed. At this time, the personal information transferred to the DB will not be used for any other purpose unless it is by law. ROWA Korea selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the company's personal information protection officer.

II: Breakdown period

The user's personal information shall be destroyed within five days from the end of the retention period, within five days from the end of the retention period, and within five days from the date when it is deemed unnecessary to process the personal information, such as achieving the purpose of processing the personal information, abolishing the service, or terminating the business.

III. How to destroy

ROWA Korea destroys personal information recorded and stored in electronic files by using a method that prevents records from being reproduced, and destroys personal information recorded and stored in paper documents by crushing or incineration with a shredder.

8. Measures to ensure the safety of personal information

("ROWA Korea") takes the following technical, administrative and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.

I. Minimize and train personal information handling staff

We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.

II. Conduct regular self-audit

In order to secure stability related to personal information handling, self-audit is conducted regularly (once a quarter).

III. Establishment and implementation of an internal management plan

An internal management plan is established and implemented for the safe processing of personal information.

IV. Encryption of personal information

The password of the user's personal information is encrypted, stored and managed, and only you can know it, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.

V. Technical Measures Against Hacking

ROWA Korea installs security programs, regularly updates and inspects personal information to prevent leakage and damage caused by hacking or computer viruses, installs systems in areas where access is controlled from the outside, and monitors and blocks technically and physically.

VI. Restrictions on Access to Personal Information

We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and control unauthorized access from outside using an intrusion prevention system.

VII. Storage and forgery prevention of connection records

Records accessed to the personal information processing system are stored and managed for at least six months, and security functions are used to prevent forgery, theft, or loss of access records.

VIII. Using locks for document security

Documents containing personal information and auxiliary storage media are stored in a safe place with locks.

IX. Control of Access to Unauthorized Persons

There is a separate physical storage place that stores personal information, and access control procedures are established and operated.

X. Create a personal information protection officer

ROWA Korea is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages by data subjects related to the processing of personal information.

Personal Information Protection Officer

• Name: Webmaster
• Position: Employee
• Contact : 041-335-4203, rowako@rowa-korea.com Fax) 041-335-4204

※ You will be connected to the privacy department.

The data subject may contact the person in charge of personal information protection and the department in charge for any personal information protection inquiries, complaints, damage relief, etc. that occurred while using the service (or business) of "ROWA Korea." We will respond and process the information subject's inquiries without delay.

XI. Matters concerning the installation/operation and rejection of automatic personal information collection devices

A. What is a cookie?

• To provide personalized and customized services, the company uses a "cookie" that stores the user's information and fetches it from time to time.
• Cookies are tiny text files sent by the server that runs the website to the user's browser and are stored on the user's computer's hard disk. When the user visits the website afterwards, the website server reads the contents of the cookies stored on the user's hard disk and is used to maintain the user's preferences and provide customized services.
• Cookies do not automatically or actively collect information that identifies individuals, and users can refuse to save or delete these cookies at any time.

B. Purpose of the company's use of cookies

• The company stores users' preferred settings through cookies to support a faster web environment for users, and uses them to improve services for convenience.
• Through cookies, the company analyzes the frequency of access to the service, the time of visit, and the number of visits to identify users' tastes and areas of interest and use them to provide the service.

C. Installation/operation and rejection of cookies

• Users have the option of installing cookies. As a result, users can allow all cookies by setting options in a web browser, go through a check each time they are saved, or refuse to save all cookies.
• However, if you refuse to save cookies, it may be difficult to use the service that requires login.
• How to specify whether cookies are allowed to be installed (for Internet Explorer) is as follows.
  • Select Internet Options from the Tools menu.
  • Click the Privacy tab.
  • You can set [Personal Information Processing Level].

9. Change and notification of personal information processing policy

This personal information processing policy will be applied from 2024.06.11 of the enforcement date, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, it will be notified through a notice seven days before the enforcement of the changes.

1. Contact
If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to

ROWA Lack GmbH
Siemensstraße 1-5
25421 Pinneberg
Phone: +49-4101 706-05
Email: info(at)rowa-lack.de

2. Legal basis
The data protection term "personal data" refers to all information relating to an identified or identifiable natural person.

We process personal data in compliance with the data protection regulations, primarily the GDPR and the BDSG. Our data processing solely occurs on a legal permission. We will process personal data solely with your consent (Art. 6 Sec. 1 letter a) GDPR), to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (Art. 6 Sec. 1 letter b) GDPR), for compliance with a legal obligation (Art. 6 Sec. 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 Sec. 1 letter f) GDPR).

3. Period of storage
In the absence of alternative provision ensuing from the following statements, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. Such statutory retention requirements may result from regulations under commercial or tax law.

4. Recipients of data
We may use Service Providers for individual processes. This includes, for example, hosting, maintenance and support of IT-systems, marketing actions or destruction of files and data carriers. These Service Providers process the data only according to strict instructions and are contractually bound to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities. 

5. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 12 to 22 GDPR for the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on the legal basis of Art. 6 Sec. 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and § 34 Sec. 2 BDSG.

6. Your rights
As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

• Pursuant to Art. 15 GDPR and § 34 BDSG, you have the right to request information confirming whether or not and, if so, to what extent we are processing personal data concerning you. 
• Pursuant to Art. 16 GDPR, you have the right correct your data.
• Pursuant to Art. 17 GDPR and § 35 BDSG, you have the right to delete personal data.
• Pursuant to Art. 18 GDPR, you have the right to require that we restrict the processing of your personal data.
• Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller.
• Where you have granted us separate consent to process your data, you can withdraw such consent at any time pursuant to Art. 7 Sec. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
• If you consider that the processing of personal data relating to you infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.

7. Right to object
Pursuant to Art. 21 Sec. 1 GDPR, you have the right to object to processing operations based on the legal basis of Art. 6 Sec. 1 letter e) or letter f) GDPR on grounds arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 Sec. 2 and Sec. 3 GDPR.

8. Data protection officer
You can contact our data protection officer using the following address:
datenschutz(at)rowa-group.com

When using our website, we collect and use information that you provide by yourself. We also automatically collect certain information about your use of the Site during your visit on the Site. In data protection law, the IP address is also considered as a personal date. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data.

1. Processing Server-Log-Files
When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to ensure our legitimate interests and is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing provides the technical administration and security of the website. The stored data will be deleted after 14 days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 Sec. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

2. Contact form and requests
Our website contains a contact form through which you can use to send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address bar of the browser). All data fields marked as mandatory fields are required to process your request. Non-provision of this information means that we cannot process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact-e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or execution of a contract with us, Art. 6 Sec. 1 Letter b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting the persons requesting information. The legal basis for data processing is then Art. 6 Sec. 1 Letter f) GDPR.

3. Cookies
We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our web server. If the use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective and secure. We used so-called "session cookies", which are deleted when the browser session is closed. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information can be obtained from the Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

1. Contractual relationship
In order to establish or execute the contractual relationship with our customers, it is regularly necessary to process the contact data of the relevant contact persons provided to us. The processing serves our legitimate interest in a fluent course of business. The legal basis for this processing is Art. 6 Sec. 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 Sec. 1 letter f) GDPR and serves our interest in further developing our offer and informing you specifically about offers from ROWA Lack GmbH. Further data processing can take place if you have consented (Art. 6 Sec. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 Sec. 1 letter c) GDPR).

2. Applications
When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you an employment, we will retain the data you provide for up to three months for the purpose of potentially answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is § 26 Sec. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 Sec. 3 GDPR. Such a revocation does not affect the legality of the processing, which has taken place until the revocation on the basis of the consent.

3. Offline Orders
If you order a product via our order form or by telephone, we process personal data exclusively for contract processing or to be able to provide you with the ordered product. Within the ordering process, we only process the data that you have provided yourself. In order to be able to deliver the ordered products to you, we transmit the data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 Sec. 1 letter b) GDPR. All data fields marked as mandatory fields are required for processing your order. Non-provision of this information means that we cannot process your order. The provision of further data is voluntary.

4. LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For more information about the processing of personal data by LinkedIn, please see https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personally identifiable information about you through page insights. We only have access to the summarized page insights. It is also not possible for us to draw conclusions about individual members using the information from the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. Such processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 para. 1 letter f of the General Data Protection Regulation. We have entered into a joint controller agreement with LinkedIn, which sets forth the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, the following applies:

• We and LinkedIn have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn about this online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact information in the Privacy Policy. You can contact the data protection officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us via the contact details we have provided regarding the exercise of your rights in connection with the processing of personal data in the context of the page insights. In such a case, we will forward your request to LinkedIn.

• We and LinkedIn have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

Please note that according to LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the U.S. or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.