Privacy Statement for www.rollon.com

We welcome you to our website and thank you for your interest in our company. We take the protection of your personal date very serious and process your data only in accordance with applicable law on personal data protection, in particular the EU-General Data Protection Regulation (“GDPR”) and specific local laws, if any. This data privacy policy provides you with all the information about how Rollon processes your personal data when visiting our website and about your rights as a data subject.

A few words in regards to some terminology used:

“Personal data” is information that allows to identify a natural personal. This e.g. includes – amongst others– name, date of birth, address, phone number, email address or your IP address.

“Anonymous data” is data that has no reference to a user.

All terminology used has the same meaning as in the GDPR, if not another is stated.

Your rights as data subject

We want to inform you about your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR and include the rights of:

• Access (Art. 15 GDPR)
• Erasure / the right to be forgotten (Art. 17 GDPR)
• Rectification (Art. 16 GDPR)
• Data portability (Art. 20 GDPR)
• Restriction of data processing (Art. 18 GDPR)
• Objection against a data processing (Art. 21 GDPR).

To exercise these rights, please (preferably) contact privacy@rollon.com. The same applies if you have any questions on how we process your data. You also have the right to lodge a complaint with a data protection supervisory authority.

Right to object

Please note the following in regards to your right to object:

When we process your personal data for the purpose of direct marketing (further information may be obtained from our privacy statement for customers/suppliers ), you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.

If you object to the processing for direct marketing, we will no longer process your personal data for such purposes, but leaves any previous corresponding activity unaffected. The objection is free of charge and can be made informally by contacting us, preferably through: privacy@rollon.com.

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease processing your personal data unless we can provide compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Article 6 GDPR.

We use your data basing on Art. 6 I 1 b, c GDPR to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing, Art. 6 I 1 f GDPR.

Your consent, Art. 6 I 1 a GDPR, also may constitute a legal basis for data processing. We will inform you of the purposes of data processing and the right to withdraw your consent, whenever we ask for your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you during consent process.

Processing of special categories of personal data within the meaning of Article 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data Transfers / Disclosure to third parties

We will only transfer your data to third parties within the scope of given statutory provisions or based on your consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities). Wherever personal data is transferred or disclosed to a third party and such is required, we make sure that and adequate instrument of data protection is in place (e.g. a data protection agreement as per Art. 28 III GDPR, EU Standard Data Protection Clauses, Binding Corporate Rules, Art. 46 II b, c GDPR)). We may transfer your data to further companies of the TIMKEN-group of which we are a part, if such is required for organizational/ administrative purposes (Art. 6 I 1 f GDPR) or if you have consented accordingly (Art. 6 I 1 a GDPR).

Data recipients / Categories of recipients

Within our organisation, we ensure that only individuals who are required to process personal data to fulfil their contractual and legal obligations are authorised to handle personal data. In certain cases, external service providers may support our corporate departments upon executing their tasks. (e.g. IT-service-providers). Any such service provider is contracted in accordance with data protection requirements.

Transfers of personal data to third countries

A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer. Wherever such transfer takes place, adequate instruments are made use of, such as e.g. EU Standard Data Protection Clauses or binding corporate rules, Art. 46 II b, c GDPR. Your data may be transferred to the US.

Period of data storage

The personal data processed when you use our website or it´s services are processed in accordance with the principles of data minimization and storage limitation, which means that your data is deleted as soon as we are no longer lawfully processing it for a defined purpose (which can be influenced by a declaration of consent you may have given) or are required to keep it for legal reasons. As far as our use of our website leads to any interaction with you that is not limited to the sole browsing of the content, we kindly ask you to please consult our Privacy Statement for Customers/Supplier or in case of Job Applications our Privacy Statement for Job Applicants for the respective details.

Concerning the storage period of data in regard of cookies we may use on our website, please consult the respective information you can obtain from our Cookie Policy.

Obligation to provide data

A range of personal data is required to initiate, execute and terminate a contractual relationship or may be required for legal obligations. The same applies to the use of our website and the various functions we provide.

Please note that providing certain personal data may be required in order to profit from certain options or services available through our website. If you should not or not completely provide the data required in the respective context, you may not or not fully be able to use our website or single functions or services.

Data categories, sources and origin of data

The data we process is obtained from you as the data subject and is defined by the relevant context: If you just browse our website, we may process the following data:

• Your Internet Service Provider
• Information on the website from which you access our site (Referrer-URL)
• Your devices´ browser and operating system (Type and version)
• Your IP-address
• Data requested, amount of data transferred
• The content you are browsing on our website

For reasons of technical security (especially to defend our systems against attack-attempts) we store that data as long as required to fulfill the aforementioned purpose. The legal basis for this processing is our interest in the proper technical and safe operation of our website, Art. 6 I 1 f GDPR. After that point of time, we may further process your data in an anonymized form which does prevent us from re-establishing any link to you as a user.

Processing personal data in case of contact requests

If you contact us by email, we shall process the data you provide in this course solely for the purposes you indicate with your request. Personal data we may process in this regard, may contain:

• Your name, surname and title
• E-Mail-Address and/ or further contact data
• Any further data which you voluntarily provide

The legal basis of processing is determined by the purpose for which you contact us. Therefore, we may process your data in a (pre-/post-) contractual context (Art. 6 I 1 b GDPR), or any other context for which you wish your data to be processed (Art. 6 I 1 a GDPR). Depending on the nature and target of your request, we may transfer your contact data to the Rollon Entity, Distributor or Sales Partner entity, who is competent for my request and/ or place of residence. Legal basis is your consent, Art. 6 I 1 a GDPR. Such Partner will not use the data for any further purpose if I do not separately consent hereto.

Online Job Applications

You may apply for vacant positions in our company through our career portal. For information on how we may process your personal data in the course of an application process, please consult the sources of privacy information named on our career portal.

Cookies

Our website uses “cookies” at various locations, which serve to make our website safe, secure and technically working (based on our legitimate Interest, Art. 6 I 1 f GDPR), as well as we may use cookies to make out content more user-friendly and effective (based on your consent, Art. 6 I 1 a GDPR).

For detailed information about the cookies we may use and how your personal data is processed in this regard, please consult our Cookie Policy.

Registration for different purposes

Users can provide personal data to enable them to register on our digital assets for different purposes such as: CAD-downloads, contents downloads, webinars, newsletter subscription, technical tolls access, etc. Due to our company policy we are not granting a completely open access to this sources, where at the same time we observe the principle of data minimization as we may request different personal data on mandatory basis (each of them marked with an *) at different steps of the user’s journey such as:

• E-mail-address
• Company
• Country
• Name, Surname
• Branch
• Postal address

On a voluntary basis, you may provide data such as:

• Function
• Landline
• Fax number

The personal data is processed basing on your consent, Art. 6 I 1 a of GDPR. If you complete the registration process and subscribe to our newsletter, we may process your data to send you our newsletter. To prevent abusive registration, we will always send a blank e-mail to the e-mail-address provided by which we ask you to confirm your interest in the subscription.

CAD-models, product catalogues and further services offered using platforms offered by our Partners

We are cooperating with TraceParts SAS, Par Eco Normandies, 76430 Saint Romain, France and CADENAS ITALIANA S.r.l (C.F. 02818740363) Via Bassa Dei Sassi ½, 40138 Bologna, both companies providing services such as providing CAD models of Rollon´s products, catalogues of Rollon´s products and the access to Rollon-products via a web-platform. If you are a registered client, we offer you a single-sign-on-service which allows you to conveniently access the sources provided by our partners TraceParts and CADENAS. That option is technically provided by the use of HubSpot which transfers your basic data (the data you entered upon creating your customer account with us) to the one partner whose platform you are accessing.

This is required to answer the requests you may place with these platforms and at the same time to verify your client-relationship with us as a client relationship is a precondition to profit from our content which´s provision we have outsourced to our partners. Moreover, that data is used to inform you in case specifications of items you requested are changing – it allows us to keep your data up to date and to contact you in respective cases. The information on the content you accessed, therefore, is present both at ours and at our respective partner´s. We therefore are transferred your data in the same manner as our we transfer your data to our service provider in case you are not yet registered with us but are a member to our partner´s community and access content we provide there. Legal basis for this processing of personal data is the consent you are declaring in our favor, Art. 6 I 1 a EU-GDPR, which affects both the transfer of your data to our partner CADENAS and the transfer of your data from CADENAS to Rollon. As far as your data is processed to initiate or execute a contract, the legal basis is Art. 6 I 1 b EU-GDPR. Should we use your personal data for advertising purposes, it is also your consent, Art. 6 I 1 a EU-GDPR, which is the legal basis for the respective processing. With each of the partners, we have entered into an adequate data protection agreement. For further information on how CADENAS is handling your personal data in its own sphere, please also consult https://www.cadenas.de/en/company/data-privacy.

The same is basically valid for the platform provided by TraceParts, where a difference is present concerning the fact that you are declaring your consent for the transfer of your data to TraceParts, Art. 6 I 1 a EU-GDPR, in our favor and provide a separate declaration of consent towards and in favor of TraceParts by creating a user account on their websites and in accordance with their privacy policy which may be consulted by visiting https://info.traceparts.com/legal/general-gtu/.

Marketing purposes

Rollon is keen to nurture the customer relationship with you and to send you information and offers about our product / services. We therefore process your data to send you the relevant information and offers via email. Legal basis is our legitimate interest (Art. 6 I 1 f GDPR). If you provide your consent, we may also share your data with our parent- and/ or affiliate companies (The Timken-/ Groeneveld-Beka- and Rollon Entities you may find here ), who may use that data for promoting their own goods and services, Art. 6 I 1 a GDPR.

You may object to the use of your personal data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is associated with direct marketing. If you object, we will cease processing your personal information for this purpose.

You can withdraw your consent at any time free of charge and informally without stating the reasons for such and should be addressed preferably to privacy@rollon.com.

Fully automated decisions

We do not use fully automated decision processes.

Links to third-party-content

Our website, clearly visible, contains links to third parties´ web-content. Where such links are placed, we may not influence the respective content. Therefore, me may not accept any liability for such content. The provider, solely, is responsible for all such content.

However, we carefully checked any page linked for possible violations of law, before linking them. Obvious violations of law, however, were not to be identified by this time. As an ongoing monitoring of linked content for violations of law is not required under applicable law, if not a violation of law is explicitly reported, our activities hereon shall be limited to immediately reacting by notice-and-take-down, whenever we become of aware or should be informed about any such violation.

Controller and data protection officer

Rollon S.p.A., 20871 Vimercate (MB),
Via Trieste no. 26, Tax Code 05999150963
Tel. +39 039 62591
E-mail: infocom@rollon.com

Contact to the Data Protection Officer: privacy@rollon.com