Skip to main content

Privacy Policy

We are pleased to welcome you to our website and delighted that you are interested in Roto and our products and services. To ensure that you feel safe and comfortable visiting our website, we take the protection of your personal data and the confidential handling of this data extremely seriously.

In this privacy policy, we therefore provide you with information on when we store which data, and the purpose for which we use this data – naturally, in accordance with the applicable data protection regulations.

If you have any questions about how your personal data is handled, please contact us using the contact details shown below.

It may be necessary to make changes to our privacy policy on account of technical developments, changes to our services, the legal situation or for other reasons. We therefore reserve the right to amend this privacy policy at any time and ask that you regularly check it for the latest information.

Roto FTT legal notices

1. Contact details of the controller acc. to GDPR

Roto Frank Fenster- und Türtechnologie GmbH
Wilhelm-Frank-Platz 1
70771 Leinfelden-Echterdingen

represented by the Company Management:
Marcus Sander (Chairman)

2. Contact details of the data protection officer

Please direct any enquiries to the above address, addressed to the "Data protection officer" or to

3. Purposes and legal bases for collecting and processing personal data

When you use this website, your personal data is processed on the basis of various legal bases.

(1) Website in general

When you visit our website, our web server automatically collects information of a general nature. This includes the type of web browser, the operating system used, the domain name of the Internet service provider, the IP address, the website from which you accessed our website, the pages that you visit on our website, and the date and duration of the visit.

Some of this information is recorded in cookies that are stored on your client. This is sometimes necessary in order to display the pages directly and to allow you to use the login area. The legal basis for the processing of required personal data, such as your IP address, is our legitimate interest in accordance with Article 6(1f) GDPR. Our interest lies in being able to display the content of this website to you. The purpose of the processing is to be able to display this website to you and ensure that the website is displayed correctly without any errors.

(2) Cookiebot

This also includes giving you a choice as to which cookies are set and which information we collect concerning you. We use the services provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cookiebot) for this purpose.

We take into account your preferences and process data for marketing, analysis and personalisation purposes only if you give your consent by clicking on "Allow all cookies". Your consent applies to the domain You can withdraw your consent with effect for the future at any time. Further information on the cookies and setting options can be viewed by clicking on "Show details". Please provide your consent ID and the date when contacting us regarding your consent.

Further information on the handling of transmitted data is provided in the Cookiebot privacy policy.

You can also prevent Cookiebot from processing your data by disabling JavaScript in your browser or installing a script blocker, such as, in your browser. However, if you disable JavaScript then we will no longer be able to log your preferences.

Where you provide consent, we process your personal data based on this consent and in accordance with Article 6(1a) GDPR.

(3) Cookies

(4) Contact form

You have the option to contact us via our e-mail address or the contact form. We will, of course, use the personal data transmitted to us in this way solely for the purpose for which you provided the data to us.

If we ask you to enter data in our contact form that is not required to make contact, we will always mark these fields as optional. These details help us to find out more about your enquiry and improve how it is processed. This information is provided expressly on a voluntary basis and with your consent in accordance with Article 6(1a) GDPR. If the information relates to communication options (for example, e-mail address, telephone number), you also consent to us contacting you via this means of communication to respond to your enquiry.

You may, of course, withdraw this consent with effect for the future at any time. Please contact our data protection officer to do so.

(5) Customer registration/supplier portal

You have the option to register with us and create an account as a customer (window/door manufacturer, coating retailer) or as a supplier. We collect and store the following data from you for registration (* mandatory fields):

* Title, * First name, * Last name, * E-mail (username), * Password, Company, Complete address, Country, Language, Telephone, Fax, Website.

For registration as a customer, we use the double opt-in procedure: After clicking on "Create account," you will be sent an e-mail with an activation link to the e-mail address you have provided. Registration is not complete until you have clicked on this activation link.

Once you have successfully registered, you will receive personal, password-protected access, and can view and manage the data you have provided. Registration is voluntary, but may be required to use our services. The legal basis is therefore your consent in accordance with Article 6(1a) GDPR.

If you place orders and we collect personal data from you in relation to these orders, the legal basis is the contract in accordance with Article 6(1b) GDPR.

(7) Applications

You can apply to Roto online via our application portal. Your online application is sent directly to the HR department via an encrypted connection and is, of course, handled confidentially. We will use your information exclusively for the purpose of processing your application and will not forward your details to third parties outside the Roto Group.

Further information on the data processing carried out during the application process is provided in the privacy policy for our application portal. If you have applied for a specific position and this vacancy has already been filled or we think that you are equally or even better suited to another role, we would like to be able to forward your application within the company. Please tell us if you agree to your application being forwarded in this way. We will erase your personal data no later than six months following the completion of the application process, unless you have expressly given your consent for us to store your data for longer. In this case, the legal basis would be your consent in accordance with Article 6(1a) GDPR; also Section 26(1) GDPR.

Please note that we exclusively provide the application portal for applications. If you wish to submit your application via e-mail though, it is important to note that e-mail attachments are not encrypted.

(8) etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany ( to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.

Further information on data protection with etracker can be found here.

(8) Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your website use. For this purpose the information generated by the cookies about the use of this website is stored on our server. The IP address is anonymised before being saved.

Matomo cookies remain on your end device until you delete them.

The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 Paragraph 1 letter f DSGVO. The website operator has a justified interest in the anonymised analysis of user behaviour in order to optimise both his web offer and his advertising. If the relevant consent has been requested (e.g. consent to the storage of cookies), processing will be carried out exclusively on the basis of Art. 6 para. 1 letter a DSGVO; consent may be revoked at any time.

The information generated by the cookies on the use of this website will not be passed on to third parties. You can prevent the storage of cookies by making the appropriate setting in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

If you do not agree with the storage and use of your data, you can deactivate the storage and use. In this case, an opt-out cookie is stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The Opt-Out must be reactivated when you visit this website again.

Your visit to this website is currently recorded by Matomo web analysis. Click on the following link for Opt-Out:

(9) Google Maps plug-in

This site uses the map service Google Maps. Google Maps is a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, can be transmitted to the provider's servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a site that includes Google Maps, your browser connects directly to Google's servers, and the map content is sent to and embedded by your browser. The provider of this site has no influence on this data transfer. According to current knowledge, this includes the following data:

  • the date and time of the visit to the website in question.
  • Internet address or URL of the web page accessed,
  • IP address, (start) address entered during route planning

The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the places we have indicated on the website. If you do not want Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps cannot be used.

You can find more information on how we handle user data in Google's privacy policy.

(10) YouTube

We use a social plugin from YouTube, Google on our website (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The plugin allows you to view, share and comment on content. Personal data is also transmitted to the provider via the plugin. We do not have any influence over the scope of the data that is collected using the plugin.

To prevent data from being transferred against your wishes, the plugins are disabled on this website by default. The plugin is not enabled until you click on the relevant icon; data can then be transmitted to the provider. For this purpose, when the plugin is enabled, a connection is established between your browser and the YouTube server. If the plugin is enabled, information such as your IP address, the fact that you have visited our site and other browser-related information is transmitted as soon as you access our site.

Further information on the data that is collected through the integration of social plugins and the purpose for which the data is used can be found in the Google Privacy Policy.

The purpose is being able to provide additional information to you. If you have provided your consent to us, this forms the legal basis in accordance with Article 6(1a) GDPR.

4. Data transfer to other companies within the Roto Group

As a general rule, your data is not transmitted to third parties outside of the Roto Group unless we are legally obligated to do so or the data transfer is required to perform the contract or you have expressly given your prior consent to the transfer of your data. External service providers and partner companies will receive your data only to the extent required to process your enquiry. However, in these cases, the data transmitted is limited to the minimum extent required. If our service providers come into contact with your personal data, we will ensure that they comply with the applicable data protection regulations as we do. Please also note the relevant privacy policies of the providers. The relevant service provider is responsible for the content of third-party services, although we check the services for compliance with the statutory requirements within the bounds of what is reasonable.

5. Data transfer to external service providers (processors)

Your data will be passed on to service partners to the extent that they are acting on our behalf and supporting Roto in the provision of its services. Any processing of your personal data by commissioned service providers is carried out within the scope of commissioned data processing in accordance with Article 28 GDPR. Service providers receive access only to the personal information that is required to carry out the relevant activity. These service providers are prohibited from passing on your personal information or using your personal information for other purposes, in particular for their own advertising purposes. Insofar as external service providers come into contact with your personal data, we have taken legal, technical and organisational measures and perform regular checks to ensure that these service providers also comply with the applicable data protection regulations.

6. Data erasure and storage period

The personal data of data subjects is erased or blocked as soon the purpose of storage no longer applies. The data may continue to be stored beyond this period if stipulated by European or national legislators in regulations or legislation under Union law or other regulations to which the controller is subject. The data will likewise then be blocked or erased once a storage period prescribed by the specified regulations expires, unless the data needs to be retained further for the purposes of concluding or executing a contract.

For information regarding the storage period for cookies, please refer to the information on Cookiebot.

7. Your rights

If personal data concerning you is processed, you are a data subject as defined in the GDPR and you have the following rights with respect to the controller:

(1) Right of access in accordance with Article 15 GDPR

You can request confirmation from us on whether we are processing personal data that concerns you. If we have processed data relating to you, you are entitled to other rights of access as specified in Article 15 GDPR.

(2) Right to rectification

If the data that we have collected relating to you is incorrect or incomplete, you can request that we promptly rectify it in accordance with Article 16 GDPR.

(3) Right to restriction of processing

In accordance with the requirements of Article 18 GDPR, you can, under certain circumstances, also request that the processing of your personal data is restricted.

Once processing has been restricted, your data must only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify you before lifting the restriction.

(4) Right to erasure

You have the right to ask us to erase the personal data concerning you without undue delay where one of the grounds defined in Article 17(1) GDPR applies, unless there is an exemption to the erasure obligation in accordance with Article 17(3) GDPR.

(5) Right to notification

If you have asserted against us the right to rectification, erasure or restriction of processing, we are obligated in accordance with Article 19 GDPR to notify all recipients of your personal data of this rectification or erasure of the data or restriction of processing unless this proves to be impossible or involves a disproportionate effort. You also have the right to be notified of these recipients. You have the right to be informed of these recipients by the controller.

(6) Right to data portability

Furthermore, in accordance with Article 20 GDPR, you have the right to receive the personal data concerning you in a machine-readable format and to transmit the data to another controller without hindrance, provided that the requirements defined in Article 20(1a) GDPR are met, or to have your personal data transmitted directly by us to another controller, where this is technically feasible and does not impair the rights and freedoms of others. This right does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

(7) Right to object

You have the right to submit to Roto Frank Fenster- und Türtechnologie GmbH an objection to the processing of personal data concerning you at any time in accordance with Article 6(1f) GDPR.

We will then cease processing your personal data unless there are compelling legitimate reasons for doing so which outweigh your interests, rights and freedoms, or unless the processing is used to establish, exercise or defend legal claims.

(8) Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time by notifying Roto Frank Fenster- und Türtechnologie GmbH accordingly. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

(9) Right to lodge a complaint with a supervisory authority

If you consider that the processing of the personal data concerning you infringes the GDPR, you have the right – without prejudice to any other administrative or legal remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement at any time.
The responsible supervisory authority for us is:

Landesbeauftragter für den Datenschutz und Informationsfreiheit Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart
Phone: +49 711 61 55 41 0
Fax: +49 711 61 55 41 15