Skip to Content

Privacy Policy

1. Controller2. General Information on Data Processing3. Access Data and Hosting4. Cookies and Tracking5. Order Processing and Payment6. Contact7. Credit Check 8. Rights of Data Subjects9.  Data Transfers to Third Countries 10. Storage Period 11. External Services12. Security 13. Changes

1. Controller

The controller responsible for data processing on this website is:

rosslight GmbH

Friedrich-Barnewitz-Straße 8

18119 Rostock, Germany

Phone: +49 157 33276396

Email: malte.rosskamp@rosslight.de

Authorized representative: Malte Rosskamp

 

2. General Information on Data Processing

We process personal data (e.g., name, address, email, payment data) exclusively in accordance with the General Data Protection Regulation (GDPR) and the German Telecommunications Telemedia Data Protection Act (TTDSG).

Data is processed only: 

  • to perform a contract (Art. 6(1)(b) GDPR), 
  • on the basis of consent (Art. 6(1)(a) GDPR), 
  • to comply with legal obligations (Art. 6(1)(c) GDPR), 
  • or based on legitimate interests (Art. 6(1)(f) GDPR).

3. Access Data and Hosting

When you visit our website, certain data is automatically stored by the web server, including:

  • IP address,
  • date and time of access,
  • requested file/page,
  • browser type and version,
  • operating system.

This data is stored for security reasons (e.g., to investigate misuse) and deleted after 14 days at the latest.

4. Cookies and Tracking

We use cookies and similar technologies to make our website user-friendly and secure.

  • Essential cookies: required for website functionality.
  • Analytics/marketing cookies: only used with your consent (Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG).

Additional info:

  • Session cookies are deleted after the browser session ends.
  • Persistent cookies remain until deleted by the user.
  • Disabling cookies may limit website functionality.

You can change or withdraw your cookie preferences at any time via the cookie banner.

5. Order Processing and Payment

To process orders, we collect and process your order, payment, and address data.

Depending on the payment method selected, data is shared with payment service providers, such as:

  • Stripe Payments Europe Ltd., Dublin, Ireland
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
  • Amazon Payments Europe S.C.A., Luxembourg

These providers act as independent controllers. The legal basis for processing is Art. 6(1)(b) GDPR.


5.2 Newsletter and Odoo

We use Odoo software (Odoo S.A., Belgium) as a data processor on our behalf in accordance with Art. 28 GDPR for sending newsletters and related services.

  • Legal basis: your consent (Art. 6(1)(a) GDPR)
  • Confirmation: Double opt-in is used to verify your subscription.
  • Opt-out: You may unsubscribe at any time using the link included in every email.

Odoo implements appropriate technical and organizational measures to protect your personal data.

6. Contact

When you contact us (e.g., via email, form, or phone), we process the information you provide to handle your request (Art. 6(1)(b) GDPR).  

7. Credit Check

If you choose certain payment methods (e.g., purchase on account), we reserve the right to conduct a credit check. For this purpose, your data may be shared with credit agencies, provided you have given consent (Art. 6(1)(a) GDPR).  

8. Rights of Data Subjects

You have the following rights under the GDPR:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with the competent data protection authority.

9.  Data Transfers to Third Countries

If data is transferred to the USA or other third countries, this is done only:

  • on the basis of an adequacy decision (e.g., EU-US Data Privacy Framework), or
  • using EU Standard Contractual Clauses.

10. Storage Period

We store personal data only as long as necessary for contract performance or as required by law.

11. External Services

SSL/TLS encryption: All data transmitted through this website is protected by TLS encryption.

Google Fonts: If used, web fonts are retrieved from Google servers (USA). Data transmitted includes IP address and visited page. Legal basis: Art. 6(1)(f) GDPR.

 

12. Security

We implement technical and organizational measures (e.g., TLS encryption, access restrictions) to protect your data from loss, misuse, or unauthorized access.

13. Changes

We reserve the right to update this privacy policy as necessary.