All subsidiaries of


Data privacy information

This data privacy information informs you about handling your personal data. To make the processing of your data comprehensible, we would like to provide you with the following information to give you an overview of these processing operations. In order to guarantee fair processing, this data protection declaration contains general information about our handling of your data as well as information about your rights according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). 

We will inform you in detail about

  1. General Data Processing
  2. Data processing on our website
  3. Further data processing

The party responsible for data processing is ROWA KOREA Co., Ltd. (hereinafter 'we' or 'us').

I. General Data Processing

1. Purpose of processing personal information

'' or 'ROWA Korea Co., Ltd.' furthermore known as ROWA Korea processes personal information for the following purposes and does not use it for any purpose other than.

When using customer inquiries, personal information is processed for the purpose of providing content, checking inquiries, contacting for fact-finding, notification, and notification of processing results.

2. Processing and retention period of personal information

ROWA Korea processes and retains personal information within the period of retention and use of personal information agreed upon when collecting personal information from the data subject or the period of retention and use of personal information pursuant to laws and regulations.

The specific processing and retention period of personal information is as follows.

Website customer center: One year from the date of notification of results until user-written posts are deleted.

However, in the following cases, until the end of the relevant reason or period.

  • In the case where an investigation, research, etc. is in progress for violation of related laws and regulations, the relevant investigation and research are completed.
  • Storage of communication fact confirmation data pursuant to Article 41 of the Communications Secret Protection Act (computer communication, Internet log record data, access destination tracking data: 3 months)
  • Keeping identification information under Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communication Network Utilization and Information Protection: Six months after the posting of information on the bulletin board is completed.

3. Provision of personal information to a third party

ROWA Korea processes the personal information of the data subject only within the scope specified in Article 1 (Personal Information Processing Purpose), and provides personal information to third parties only if it falls under Article 17 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the law.

4. Personal information processing consignment

For the smooth processing of personal information, "ROWA Korea" entrusts the processing of personal information as follows.

A. Consignment of website and system management: ROWA GROUP Holding GmbH, Germany, 

In accordance with Article 25 of the Personal Information Protection Act, when signing a consignment contract, "ROWA Korea" stipulates responsibilities such as prohibition of processing personal information other than the purpose of consignment, technical and managerial protection measures, re-consignment restrictions, management and supervision of trustees, and damages.

If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay.

5. The rights, obligations, and methods of exercising them of the data subject may exercise the following rights as a personal data subject.

The data subject may exercise the following rights related to the protection of personal information at any time regarding ROWA Korea.

  • Request for Personal Information Access
  • Request for correction if there is an error, etc
  • Request for deletion
  • Request to stop processing

The exercise of the rights under paragraph 1 may be made to the company in writing, by telephone, by e-mail, by copy (FAX), etc., and the company will take action without delay.

If the data subject requests correction or deletion of an error in personal information, the company will not use or provide the personal information until the correction or deletion is completed.

The exercise of rights under paragraph 1 may be made through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Regulations of the Personal Information Protection Act.

The data subject shall not infringe on the personal information and privacy of the data subject or others that the company is processing in violation of related laws such as the Personal Information Protection Act.

6. Items of personal information to be processed

'ROWA Korea' is processing the following personal information items.

  • [Customer Inquiry]
    • Required items: first name, last name, email address, company address, company name, contact information, fax, country name
  • [Other]
    • In the process of using the Internet service, the following personal information items can be automatically generated and collected: (IP address, service usage record, visit record, etc.)

7. the destruction of personal information

I. Disposal procedures

The information entered by the user is transferred to a separate DB after achieving the purpose (separate documents in the case of paper) and stored for a certain period of time in accordance with the internal policy and other related laws and then immediately destroyed. At this time, the personal information transferred to the DB will not be used for any other purpose unless it is by law. ROWA Korea selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the company's personal information protection officer.

II: Breakdown period

The user's personal information shall be destroyed within five days from the end of the retention period, within five days from the end of the retention period, and within five days from the date when it is deemed unnecessary to process the personal information, such as achieving the purpose of processing the personal information, abolishing the service, or terminating the business.

III. How to destroy

ROWA Korea destroys personal information recorded and stored in electronic files by using a method that prevents records from being reproduced, and destroys personal information recorded and stored in paper documents by crushing or incineration with a shredder.

8. Measures to ensure the safety of personal information

("ROWA Korea") takes the following technical, administrative and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.

I. Minimize and train personal information handling staff

We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.

II. Conduct regular self-audit

In order to secure stability related to personal information handling, self-audit is conducted regularly (once a quarter).

III. Establishment and implementation of an internal management plan

An internal management plan is established and implemented for the safe processing of personal information.

IV. Encryption of personal information

The password of the user's personal information is encrypted, stored and managed, and only you can know it, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.

V. Technical Measures Against Hacking

ROWA Korea installs security programs, regularly updates and inspects personal information to prevent leakage and damage caused by hacking or computer viruses, installs systems in areas where access is controlled from the outside, and monitors and blocks technically and physically.

VI. Restrictions on Access to Personal Information

We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and control unauthorized access from outside using an intrusion prevention system.

VII. Storage and forgery prevention of connection records

Records accessed to the personal information processing system are stored and managed for at least six months, and security functions are used to prevent forgery, theft, or loss of access records.

VIII. Using locks for document security

Documents containing personal information and auxiliary storage media are stored in a safe place with locks.

IX. Control of Access to Unauthorized Persons

There is a separate physical storage place that stores personal information, and access control procedures are established and operated.

X. Create a personal information protection officer

ROWA Korea is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages by data subjects related to the processing of personal information.

Personal Information Protection Officer

  • Name: Webmaster
  • Position: Employee
  • Contact : 041-335-4203, Fax) 041-335-4204

※ You will be connected to the privacy department.

The data subject may contact the person in charge of personal information protection and the department in charge for any personal information protection inquiries, complaints, damage relief, etc. that occurred while using the service (or business) of "ROWA Korea." We will respond and process the information subject's inquiries without delay.

XI. Matters concerning the installation/operation and rejection of automatic personal information collection devices

A. What is a cookie?

  • To provide personalized and customized services, the company uses a "cookie" that stores the user's information and fetches it from time to time.
  • Cookies are tiny text files sent by the server that runs the website to the user's browser and are stored on the user's computer's hard disk. When the user visits the website afterwards, the website server reads the contents of the cookies stored on the user's hard disk and is used to maintain the user's preferences and provide customized services.
  • Cookies do not automatically or actively collect information that identifies individuals, and users can refuse to save or delete these cookies at any time.

B. Purpose of the company's use of cookies

  • The company stores users' preferred settings through cookies to support a faster web environment for users, and uses them to improve services for convenience.
  • Through cookies, the company analyzes the frequency of access to the service, the time of visit, and the number of visits to identify users' tastes and areas of interest and use them to provide the service.

C. Installation/operation and rejection of cookies

  • Users have the option of installing cookies. As a result, users can allow all cookies by setting options in a web browser, go through a check each time they are saved, or refuse to save all cookies.
  • However, if you refuse to save cookies, it may be difficult to use the service that requires login.
  • How to specify whether cookies are allowed to be installed (for Internet Explorer) is as follows.
    • Select Internet Options from the Tools menu.
    • Click the Privacy tab.
    • You can set [Personal Information Processing Level].

9. Change and notification of personal information processing policy

This personal information processing policy will be applied from 2024.06.11 of the enforcement date, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, it will be notified through a notice seven days before the enforcement of the changes.

II. Data processing on our website

When using our website, we collect and use information that you provide by yourself. We also automatically collect certain information about your use of the Site during your visit on the Site. In data protection law, the IP address is also considered as a personal date. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data.

1. Processing Server-Log-Files
When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to ensure our legitimate interests and is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing provides the technical administration and security of the website. The stored data will be deleted after 14 days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 Sec. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

2. Contact form and requests
Our website contains a contact form through which you can use to send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address bar of the browser). All data fields marked as mandatory fields are required to process your request. Non-provision of this information means that we cannot process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact-e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or execution of a contract with us, Art. 6 Sec. 1 Letter b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting the persons requesting information. The legal basis for data processing is then Art. 6 Sec. 1 Letter f) GDPR.

3. Cookies
We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our web server. If the use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective and secure. We used so-called "session cookies", which are deleted when the browser session is closed. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information can be obtained from the Federal Office for Information Security at

III. Further data processing

1. Contractual relationship
In order to establish or execute the contractual relationship with our customers, it is regularly necessary to process the contact data of the relevant contact persons provided to us. The processing serves our legitimate interest in a fluent course of business. The legal basis for this processing is Art. 6 Sec. 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 Sec. 1 letter f) GDPR and serves our interest in further developing our offer and informing you specifically about offers from ROWA Lack GmbH. Further data processing can take place if you have consented (Art. 6 Sec. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 Sec. 1 letter c) GDPR).

2. Applications
When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you an employment, we will retain the data you provide for up to three months for the purpose of potentially answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is § 26 Sec. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 Sec. 3 GDPR. Such a revocation does not affect the legality of the processing, which has taken place until the revocation on the basis of the consent.

3. Offline Orders
If you order a product via our order form or by telephone, we process personal data exclusively for contract processing or to be able to provide you with the ordered product. Within the ordering process, we only process the data that you have provided yourself. In order to be able to deliver the ordered products to you, we transmit the data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 Sec. 1 letter b) GDPR. All data fields marked as mandatory fields are required for processing your order. Non-provision of this information means that we cannot process your order. The provision of further data is voluntary.

4. LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For more information about the processing of personal data by LinkedIn, please see

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personally identifiable information about you through page insights. We only have access to the summarized page insights. It is also not possible for us to draw conclusions about individual members using the information from the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. Such processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 para. 1 letter f of the General Data Protection Regulation. We have entered into a joint controller agreement with LinkedIn, which sets forth the allocation of data protection obligations between us and LinkedIn. The agreement is available at: According to this agreement, the following applies:

  • We and LinkedIn have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn about this online via the following link ( or reach LinkedIn via the contact information in the Privacy Policy. You can contact the data protection officer at LinkedIn Ireland via the following link: You may also contact us via the contact details we have provided regarding the exercise of your rights in connection with the processing of personal data in the context of the page insights. In such a case, we will forward your request to LinkedIn.
  • We and LinkedIn have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see or any other supervisory authority.

Please note that according to LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the U.S. or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

Lieber Leser!

Sie verwenden einen alten Browser. Damit Ihnen nichts entgeht und Sie alle Inhalte sehen können, aktualisieren Sie bitte Ihren Browser. Ein Auswahl finden Sie hier: