Privacy policy

This Privacy Policy provides information on how Roither Maschinenbau GmbH (hereinafter referred to as “we”, “us” or “our”) collects, processes and uses personal data relating to you as a business customer, prospective customer, applicant or user of our website.

Its purpose is to give you a transparent overview of our data processing activities and to inform you of your rights under the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Protecting your personal data is of particular importance to us.

2. Controller

Roither Maschinenbau GmbH

Industriegebiet 11

A-4863 Seewalchen

Austria

Tel.: +43 7662 8218

Email: [email protected]

3. Categories of Personal Data

We process the following categories of personal data that we receive from you in the course of our business relationship or pre-contractual communications:

Identification data: Name, company name, contact person, job title (where applicable)

Contact data: Business address, other addresses, telephone and fax numbers, email addresses

Financial data: Bank account details, credit card information, VAT identification number

Contract data: Order details, service data, invoice data, information relating to the business relationship, customer service requests

Communication data: Content of correspondence (emails, telephone calls, written communication)

Website usage data: IP address, date and time of access, pages visited, browser type, referrer URL (see Section 5)

Applicant data: CVs, certificates, qualifications (in the context of applications)

4. Legal Basis and Purposes of Processing

We process your personal data only where permitted by applicable law and on the following legal bases:

a) Performance of a Contract / Pre-Contractual Measures (Art. 6(1)(b) GDPR)

Processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. This includes:

Handling inquiries and preparing offers

Processing orders and managing contracts

Delivering goods and providing services

Invoicing and payment processing

Customer support and technical assistance

Managing customer relationships

Without this data, we are unable to enter into or perform a contract with you.

b) Compliance with Legal Obligations (Art. 6(1)(c) GDPR)

We process personal data where necessary to comply with legal obligations, including:

Statutory retention requirements under tax and commercial law (e.g. UGB, BAO)

Reporting and disclosure obligations to public authorities

Compliance with product liability and documentation obligations

c) Legitimate Interests (Art. 6(1)(f) GDPR)

Where necessary, we process your data to pursue our legitimate interests or those of third parties, provided that your interests or fundamental rights and freedoms do not override such interests. This includes:

Ensuring the functionality and security of our website

Direct marketing of our own similar products and services to existing customers (subject to your right to object; see Section 8)

Quality assurance and improvement of our products and services

Establishment, exercise or defence of legal claims

Ensuring IT security and system operations

Prevention and investigation of criminal offences

d) Consent (Art. 6(1)(a) GDPR)

Where you have given your explicit consent to the processing of your personal data for specific purposes (e.g. newsletters or marketing cookies), such processing is based on your consent.

You may withdraw your consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out prior to such withdrawal.

5. Cookies and Similar Technologies

a) General Information

Cookies are small text files stored on your device via your web browser. They are used to enhance user experience and enable certain website functionalities.

We only use non-essential cookies (e.g. functional, statistical or marketing cookies) with your prior consent. You can configure your browser settings to control the use of cookies. Further details can be found in your browser’s help section.

b) Consent Management (Usercentrics)

We use a consent management platform provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

This tool enables you to manage and control which cookies are set on your device. You may withdraw or modify your consent at any time via the “Privacy Settings” available on our website.

c) Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”).

IP anonymisation is enabled on our website. Your IP address is truncated within the European Union or the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.

The IP address transmitted by your browser will not be combined with other data held by Google.

Processing is based on your consent (Art. 6(1)(a) GDPR) and subject to a data processing agreement pursuant to Art. 28 GDPR, as well as appropriate technical and organisational safeguards.

Google may transfer personal data to servers in the United States. In such cases, EU Standard Contractual Clauses are used to ensure an adequate level of data protection. However, please note that the United States does not currently provide a level of data protection equivalent to that of the EU. There is a risk that public authorities may access your data without you having effective legal remedies.

6. Recipients of Personal Data

Your personal data will only be disclosed where necessary, legally required, or where you have given consent.

Internal recipients: Only authorised employees and departments with a need to access such data

Processors: Carefully selected service providers (e.g. IT providers, accountants, auditors, logistics providers, marketing agencies) acting under data processing agreements pursuant to Art. 28 GDPR

Other third parties: Banks, public authorities, courts, legal advisors, and debt collection agencies where required

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law.

Contract data: Retained for the duration of the business relationship and in accordance with statutory retention periods (e.g. 7 years under UGB/BAO; up to 10 years for product liability)

Consent-based data: Retained until consent is withdrawn

Applicant data: Deleted after 6 months unless consent for longer retention is provided

Data will be deleted or anonymised after expiry of the applicable retention periods unless further storage is legally required or justified.

8. Your Rights

You have the following rights under the GDPR:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact us using the details set out above. We may request proof of identity where necessary.

9. Right to Lodge a Complaint

If you believe that your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority.

In Austria, the competent authority is:

Austrian Data Protection Authority

Barichgasse 40–42

A-1030 Vienna

Phone: +43 1 52 152-0

Email: [email protected]

Website: www.dsb.gv.at

10. Automated Decision-Making

We do not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

11. Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time to reflect changes in legal requirements or our processing activities. The version published on our website at the time of your visit shall apply.

Version 04-2026, Translation of the original German version.