General Information
1.1 Scope
This privacy policy applies to data we collect about you when:
- Accessing or visiting the website
- Using the services listed under section 3
- Participating in competitions, surveys, or raffles
- Entering into, processing, and fulfilling contractual relationships
1.2 Controller
The website is provided by Kammerer GmbH in Remchingen (hereinafter referred to as "Kammerer"). The controller for the processing of data in connection with the applications listed under section 3 of this privacy policy is Kammerer GmbH, An der B10, 75196 Remchingen, Germany.
The controller for the processing of data in other applications is your respective Kammerer contractual partner.
1.3 Data Processing
Data is collected and processed by Kammerer and its affiliated companies and is used solely for the fulfillment of the respective business purpose.
1.4 Data Protection Officer
You can reach our data protection officer by email or at our postal address with the addition "the Data Protection Officer".
Processing of Personal Data
2.1 General Purposes of Processing
In principle, we collect, store, and process your personal data only to fulfill a contractual obligation towards you or if you have given us your consent. We also use your data to comply with legal regulations that apply to us, insofar as this is necessary to safeguard our own or the legitimate interests of others.
2.2 Data You Provide to Us
As a rule, you can use our website without directly providing us with personal information. For some services, such as our newsletter service, we ask for personal information — including your name or email address — to process the respective service quickly and in a user-friendly manner.
For entering into, processing, and fulfilling contractual relationships, the collection and processing of personal data is particularly necessary so that we can meet our contractual obligations.
2.3 Automatically Collected Data
2.3.1 Log Data
Automatically collected data includes server log data. We activate this logging only in exceptional cases to investigate support cases and to ensure stability and security (Art. 6(1)(f) GDPR). Each record consists of:
- Date and time of the request
- Client and server IP address, port, and protocol status
- Name of the requested file or page and length of the request
- Login information, if you log in with a user account
- Browser type and referrer (last page accessed by the client)
This data is evaluated exclusively anonymously for technical purposes. No statistical evaluations are carried out.
2.3.2 Cookies
Cookies are small files containing a string of characters in which certain information is stored, either openly or encrypted. They serve to identify the computer and — upon login — to communicate the login to the server. Each cookie has an expiration date. You can view, delete, or block the storage of existing cookies via your browser. However, some functions may not be available without cookies.
2.3.3 Reach measurement (self-operated, without tracking cookies)
Note: Google Analytics is no longer used on this website. Instead of third-party analytics, we operate our own, data-efficient reach measurement directly on our server. The measurement itself does not set cookies, does not use LocalStorage, and does not execute JavaScript in your browser. A single, purely functional cookie (rokamat_analytics_optout) is only used if you explicitly object (see below).
With each page view, our server records exclusively the following data:
- the requested URL (path without query string),
- the hostname of the referring page, if available (e.g.,
google.de); the full referrer URL is not stored, - the market/domain assignment (
rokamat.comorconstructiontoolsbyrokamat.com) and the language of the request (de,en, …), - the device class as well as the browser and operating system designation (derived from the
User-Agentheader), - the country in the form of an ISO code, only if an upstream reverse proxy provides a corresponding header (
cf-ipcountry,x-vercel-ip-country). In the current hosting setup (Hetzner + Caddy), this is not the case — the field then remains empty.
Neither the page title, nor UTM parameters, nor the IP address, nor the full User-Agent are stored.
To distinguish recurring visits within the same day, a daily changing, cryptographically generated day key is used to create a 16-digit pseudonymized visitor hash (HMAC-SHA-256, truncated to 16 hex characters) from the IP address, User-Agent, and day key. The raw IP address and full User-Agent are never persisted; they are used exclusively in volatile memory for calculating the hash.
The respective day key is automatically deleted no later than 72 hours after the end of the day (cleanup cron npm run analytics:cleanup, standard runtime once per day, retention of two calendar days plus cron grace period). Retroactive re-identification of a former visitor hash is thus no longer possible, even with database access.
The data remains on our servers; no transmission to third parties takes place (in particular not to Google, Meta, Microsoft, or comparable providers). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in data-efficient reach measurement without end-device storage). Detailed data is automatically deleted after 90 days; aggregated daily statistics are retained for up to 36 months.
Historical comparison values: From the operation of the predecessor website (until April 2026), we have aggregated daily statistics — exclusively path, date, and number of page views, without visitor IDs, IP, device, or location data. These values continue to be displayed in the admin dashboard for trend visualization and are also retained for a maximum of 36 months.
Technical implementation: Reach measurement is carried out exclusively server-side. No JavaScript is executed in your browser, no endpoint is called, and no access is made to your end-device storage (cookies, LocalStorage, SessionStorage, IndexedDB). The page view is recorded at the moment our server delivers the page to you and is based solely on the data that your browser sends anyway during a normal HTTP request. § 25 TTDSG is therefore not applicable.
Objection (Opt-Out): You can object to the measurement at any time without providing a reason. To do so, use the switch below this privacy policy — it sets the functional cookie rokamat_analytics_optout=1. Once this cookie is set, our server discards every pageview entry for your browser without processing it at all. The cookie has a lifespan of two years and can be removed at any time via the same switch or through your browser’s cookie settings.
Automatically Respected Browser Signals: Additionally, we recognize the HTTP headers Sec-GPC: 1 (Global Privacy Control, Art. 21 GDPR Opt-Out) and DNT: 1 (Do-Not-Track). If either of these signals is set, the pageview is also automatically discarded — even without an active opt-out cookie.
2.3.4 Social Media Plug-Ins
Our website uses plug-ins from the social networks Facebook, YouTube, and Instagram (providers: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and Google LLC). When you visit our website, your browser establishes a direct connection to the servers of these providers. We have no influence over the data collected or the data processing operations, nor are we fully aware of the scope of data collection, the purposes of processing, or the storage periods.
2.4 Data Received from Third Parties
In exceptional cases, we may receive data about you from third parties — particularly if your dealer registers a device you purchased with us for repair. In such cases, we will inform you promptly, and you have the option to object to further processing.
2.5 Cookies and Similar Technologies
This website exclusively uses technically necessary cookies and comparable storage mechanisms as defined in § 25 (2) No. 2 TDDDG. No consent is required for the use of these strictly necessary cookies; the legal basis for the associated data processing is Art. 6 (1) lit. f GDPR (legitimate interest in the stable and secure operation of the website).
No analytics, tracking, advertising, or profiling cookies are set. No third-party scripts are loaded when the page is accessed. Embedded content (e.g., Yumpu ePaper, YouTube videos) is only loaded after you explicitly click on it. The in-house reach measurement described in section 2.3.3 does not use cookies or persistent identifiers on your device.
Specifically used are:
| Name | Purpose | Storage Duration | Type |
|---|---|---|---|
rokamat_cookie_notice |
Stores the confirmation of the one-time cookie notice. | 12 months | Cookie |
NEXT_LOCALE |
Stores the language version you have selected. | Session or up to 12 months | Cookie |
rokamat_admin |
Session token for the protected administration area (employees only). | Session | Cookie |
epaper:yumpu:consent |
Remembers your consent to load the Yumpu ePaper so you do not have to confirm it again on every visit. | Until deleted in the browser | localStorage |
rokamat_analytics_optout |
Is only set if you explicitly object to the reach measurement described in section 2.3.3. Legal basis: § 25 (2) No. 2 TDDDG (absolutely necessary to implement your opt-out). | 24 months | Cookie |
You can delete cookies in your browser at any time or completely disable the setting of cookies. If the cookie rokamat_cookie_notice is removed, the notice will reappear on your next visit. The language storage (NEXT_LOCALE) is required for the multilingual operation of the site; without it, your language selection will not be remembered.
We use exclusively self-hosted files for fonts and symbols. No connection is made to Google Fonts, Google Analytics, Facebook, LinkedIn, or any comparable third-party provider when the page is loaded.
Individual Online Services
3.1 Contact Form
On our website, we offer you the option to get in touch with us via a contact form. For this, we require your last name, first name, as well as your email address and message. If you provide us with your phone number or address, we will also be happy to call you back. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR.
3.2 Newsletter
The legal basis under Art. 6 (1) sentence 1 lit. a) GDPR is your consent. We use your salutation and name to address you personally, as well as your email address and the topics you are interested in. You will receive a confirmation email — the subscription will only be activated after clicking the link contained in it.
When using the newsletter, user behavior is evaluated in anonymized form without establishing a reference to a specific person:
- emails sent and delivered
- opens (measured / invisible / total)
- clicks and opens by device
- clicks, opens, and delivery over time
- bounces (email undeliverable)
- unsubscriptions
- activity rate
The only mandatory information for the newsletter is your email address. You can revoke your consent at any time by clicking the link provided in every newsletter email.
Data Processing Agreement
We have entered into a data processing agreement with our email marketing service provider Klick-Tipp to ensure order data processing. This guarantees that your data is stored exclusively within the EU with a high level of protection. No storage on servers outside the EU takes place.
Your Rights
5.1 Right to Object
You have the right to object at any time, without giving reasons, to the processing of your personal data for direct marketing purposes.
Please send your objection in writing to Kammerer GmbH, An der B10, 75196 Remchingen, Germany, or by email to info@rokamat.com. You may revoke any consent you have given at any time.
If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation.
5.2 Further Rights
- Access to the data stored about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your stored data under certain conditions (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability in a structured, commonly used, and machine-readable format (Art. 20 GDPR)
- Complaint to the competent data protection supervisory authority
Protection of Your Data
We take technical and organizational measures to protect your data from unauthorized access, accidental alteration, unintentional loss, or unlawful destruction. Nevertheless, no electronic or physical transmission and storage is absolutely secure. Any transmission is therefore at your own risk.
Changes to the Privacy Policy
We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations.
Social Media
Through our social media pages (Facebook, Instagram, YouTube), we offer you extensive personal support and the opportunity to stay in contact with us. The legal basis is Art. 6(1)(b) or (f) GDPR. If you submit a request via one of these networks, we forward it to the responsible department. The data is used exclusively to respond to your request and is not passed on to third parties.
4.1 No Facebook Pixel, No Tracking Pixel on the Website
This website does not use conversion, tracking, or advertising pixels from Facebook, Meta, Google, or similar providers. Data processing when visiting our own presences within the mentioned social networks is subject exclusively to the privacy policies of these platforms.