Data protection

Privacy Policy
Roofify ( Stöcker & Siepmann-Derks GbR )

In accordance with Articles 12 et seq. of the GDPR, the following information informs you about which personal data we process when you use our website and our online shop, for what purposes, on what legal basis, how long we store the data and what rights you have.

1. Responsible body (Art. 4 No. 7 GDPR)

Stöcker & Siepmann-Derks GbRRoofify
Old Post Office Street 2
53840 Troisdorf
Germany

Email: sales@roofify.de

You can find more information about our company here:
About Us

2. Terms & general principles

Personal data is any information relating to an identified or identifiable natural person (e.g., name, address, email, IP address).

We process personal data according to the following principles:

  • Purpose limitation (only for specified purposes)
  • Data minimization (as little as possible, as much as necessary)
  • Transparency (clear information)
  • Security (technical/organizational measures)

3. Provision of the website (server log files)

When you visit our website, our hosting/shop provider processes data for technical reasons in order to deliver the website and ensure security (e.g., protection against misuse/attacks). This typically includes:

  • IP address (usually shortened/shortened possible depending on system configuration)
  • Date and time of access
  • accessed page/file
  • Referrer URL (previously visited page)
  • Browser type/version and operating system
  • Device information (if applicable)

Purpose: Operation, stability, safety, and fault analysis

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure, stable operation)

Storage duration: usually only as long as required for security and error analysis; beyond that, possibly anonymized/aggregated.

4. Data processing for orders in the online shop

To process orders in our shop (view shop) , we process the following data in particular (depending on the input/order process):

  • First and Last Name
  • Billing and delivery address
  • E-mail address
  • Phone number (optional)
  • Order details (items, quantities, prices, times)
  • Payment details (depending on the chosen payment service; we usually do not receive complete card/account details ourselves, but rather status/transaction information)

Purpose: Contract conclusion, order processing, delivery, communication, warranty/returns, accounting

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract) and, where applicable, Art. 6 para. 1 lit. c GDPR (legal obligations)

Recipients / Categories of recipients

Data will only be shared to the extent necessary for processing, in particular with:

  • Shipping service provider (e.g. DHL, DPD) – for delivery (name/address, contact details if applicable)
  • Payment service providers (e.g., PayPal, Klarna, Stripe) – for payment processing
  • Shopify, the shop and hosting provider – shop operation, order management, infrastructure

You can find more information about shipping here:
Shipping & Delivery

Data transfer to third countries

When using Shopify (and potentially other service providers), processing outside the EU/EEA cannot be ruled out. Data transfers will then take place on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses (Art. 46 GDPR) and/or other permissible mechanisms.

Shopify Privacy Policy: https://www.shopify.com/legal/privacy

Storage duration

We store order and invoice data in accordance with statutory retention periods (e.g., commercial and tax law). After this period, the data is deleted unless there are further legal grounds for storage.

5. Contact via email

When you contact us by email, we process your information (e.g. name, email address, message content) in order to handle your request.

Purpose: Processing and responding to inquiries, documenting the process

Legal basis:

  • Article 6 paragraph 1 letter b GDPR (pre-contractual measures/contract), or
  • Article 6 paragraph 1 letter f GDPR (legitimate interest in efficient communication)

Alternative contact methods can be found here:
contact

Storage period: until your request has been fully processed; beyond that only if legal obligations or legitimate interests (e.g., traceability) require it.

6. Cookies & Tracking Technologies

You can also find information about cookies in our FAQ:
FAQ – Frequently Asked Questions

We use cookies and similar technologies. We distinguish between:

(a) Necessary cookies

These are necessary for the operation of the website (e.g. shopping cart, checkout, security features, language settings).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a functional website) or Art. 6 para. 1 lit. b GDPR (for the execution of the order process)

(b) Analytics and marketing cookies (only with consent)

These help us to measure reach, display advertising, or optimize the website.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent) – You can grant/change/revoke your consent via our cookie banner (consent management).

Services (if enabled):

  • Google Analytics 4
  • Meta Pixel
  • Google Ads

Opt-out / revocation: via the cookie banner (settings)

Additionally, you may need to adjust your browser settings (delete/block cookies).

Opt-out links (as provided in your original text)

The storage of information in your terminal equipment or access to it is based on Section 25 of the TTDSG (Telecommunications and Telemedia Data Protection Act).

Note: If you decline marketing cookies, this may reduce the personalization of advertising, but will not affect the basic usability of the website.

(c) Analysis of user behavior with ContentSquare (Session Replay & Heatmaps)

We use the web analytics service ContentSquare from ContentSquare SAS on our website.
5 boulevard de la Madeleine, 75001 Paris, France.

ContentSquare allows us to anonymously analyze user behavior on our website. This includes evaluating mouse movements, clicks, scrolling behavior, page views, and interactions with page elements. The analysis is performed using session replays and heatmaps , among other methods, to improve the usability, navigation, and performance of our website.

No personal data such as names, email addresses, payment details, or form field contents are recorded . Sensitive content (e.g., form entries, checkout and payment areas) is automatically masked or anonymized . The recorded sessions cannot be linked to individual users .
The usage data is evaluated exclusively in aggregated and anonymized form.
Individual users are not identified, nor is their data combined with other personal data.

Your data will be processed solely on the basis of your consent in accordance with Article 6(1)(a) GDPR. No recording will take place without your consent.

You can withdraw your consent at any time via the cookie settings.

Further information on data processing by ContentSquare can be found at:
https://contentsquare.com/privacy-center/

7. Social Media Links / Plugins

We use links or embedded content to:

  • Facebook
  • Instagram
  • Pinterest

Clicking on such content may transfer data to the respective platform. If you wish to minimize data transfer, log out of the respective networks beforehand and/or block the corresponding content/trackers in your browser.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent, insofar as tracking/integration requires consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest in external presentation/marketing in the case of pure linking)

8. YouTube videos

If we embed YouTube videos, they are loaded in enhanced privacy mode. However, data may still be transmitted to Google/YouTube when playing the videos (e.g., IP address, device information, page visited).

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie/content banner, if consent is required) or Art. 6 para. 1 lit. f GDPR in the case of technically necessary integration without tracking

Privacy notice: https://policies.google.com/privacy

9th Newsletter

By subscribing to our newsletter, you will receive information about news, offers and promotions.
Newsletter

In particular, we process:

  • E-mail address
  • Name (if provided)
  • Registration/confirmation times (for proof of consent)
  • Possibly technical shipping/interaction data (e.g., deliverability), if provided by the shipping service.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Unsubscribe/revocation: possible at any time via the unsubscribe link in every newsletter email .

Storage period: until you withdraw your consent; after that we will delete the newsletter data, unless there are legal obligations to provide proof.

10. Shopify inbox (chat) / customer communication

We use Shopify Inbox for live chat. Depending on usage, the following data may be processed:

  • Name (optional)
  • Email (optional)
  • Chat content
  • technical data (e.g. IP address, browser, timestamp)

Purpose: Customer service, processing inquiries, order support

Legal basis:

  • Article 6 paragraph 1 letter b GDPR (contractual/pre-contractual communication)
  • Article 6 paragraph 1 letter f GDPR (legitimate interest in efficient support)

Shopify Privacy Policy: https://www.shopify.com/legal/privacy

Storage period: as long as necessary for processing; beyond that, in accordance with legal obligations or to protect legitimate interests (e.g. traceability in disputes).

11. Data processing on behalf of a controller (Art. 28 GDPR)

Where we use service providers (e.g., Shopify, payment and shipping providers), this is done within the framework of legally permissible data processing agreements or independent responsibility (e.g., payment providers). We ensure that appropriate contracts/guarantees are in place.

12. Your rights under the GDPR

You can also find a compact overview of all rights here:
Rights of withdrawal and data protection

In particular, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)
  • Withdrawal of consent at any time (Art. 7 para. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact for data protection matters: sales@roofify.de

Notice regarding the right to object (Art. 21 GDPR):
If we process your data on the basis of Art. 6 para. 1 lit. f GDPR, you can object at any time for reasons arising from your particular situation.

13. Data security

We protect your data through appropriate technical and organizational measures, in particular:

  • SSL/TLS encryption during transmission
  • Access restrictions and authorization concepts
  • Server and system security measures
  • regular review and adjustment of protective measures

14. Changes to this Privacy Policy

We will update this privacy policy if legal requirements change or if technical/organizational changes to the website or our processes make this necessary.

As of January 1, 2026

Contact form