Welcome to Catit - United States United States

Are you in the right place? Pick the store for you below:

Privacy Policy

 

*Last updated: June 6, 2025

1. Basic Information

Caring for pets since 1955, Rolf C. Hagen Inc. (doing business as Hagen Group), is a family company founded by Rolf C. Hagen which has grown to become the world’s largest privately-owned, multi-national pet products manufacturer and distributor. Driven by a common bond of love and compassion for animals, we are dedicated to creating practical and innovative products that enhance the health and welfare of pets worldwide.

We are delighted to have you visit our website, and we would like to thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our website. The following information also relates to the use of our websites on mobile devices, e.g. smartphones or tablets. Personal data includes all data which could be used to identify you personally, or which make you identifiable via a username or identification code, such as your IP address.

This Privacy Statement explains the legal basis and the purpose for this collection or processing of your data. We would like to inform you of your rights regarding the use of your personal data. If you have any questions regarding our use of your personal data, please contact us as the responsible entity — Controller under data protection law (for contact details see Clause 2).

For security reasons and to protect the transfer of personal data and other confidential information, these online services use SSL or TLS encryption. You can identify an encrypted connection by checking that the letters “https://” and a lock symbol appear in your browser address line.

2. Who we are (Controller for Data Privacy)

Hagen has appointed an individual responsible for Privacy and Data Privacy Matters. If you have any questions about your personal information, to make comments or to make a complaint, you may contact the person responsible for ensuring compliance with this Privacy Policy at data_priv@rchagen.com

Or write to:

Rolf C. Hagen Inc.,

20500 Trans-Canada Hwy

Baie d’Urfé, Québec

H9X 0A2

Canada

If you are from the EU or the EEA, the following applies:

-This company is the Controller for the processing of data on our online service pursuant to the General Data Protection Regulation (GDPR).

-Our EU representative pursuant to Art. 27 GDPR is: Kaschae Datenschutz & Compliance GmbH, An der Alster 62, 20099 Hamburg, mail@kaschae.de

Contact information for our company Data Protection Officer (DPO): datenschutzbeauftragter@rchagen.com

You can access the Data Subject Access Request Form here: https://catit.us/pages/dsar

3. Data collection when accessing our online services

Accessing our web pages (without registration) will result in the automatic anonymised collection of the following data on our servers:

  1. masked IP address,
  2. access date/ time/ time zone,
  3. access status,
  4. type of access,
  5. type of protocol,
  6. type and number of pages accessed on our site,
  7. name and size of accessed files,
  8. referring website,
  9. web browser,
  10. operating system.

The listed non-personal data is collected automatically as part of the normal operations of our internet services. The information gathered about the use of our pages is not combined with any personal information provided through the online registration form. We do not have any personal references in our usage data.

We use the above data for the purposes of troubleshooting, generating statistics and measuring website activity with the aim of improving the value and use of our services. As such, we have a legitimate interest to justify the data processing activity pursuant to Article 6 (1) (f) GDPR.

Within our company, our IT Administrator is the only person with access to this data for the purposes listed above.

The above data is only collected for the period of use; once the use has ended, the data shall be deleted without delay, after seven days at the latest.

We use cookies and tools to obtain information as soon as your web browser accesses our website. These identifiers enable a range of our website’s service functions and are automatically transferred to the hard drive of your computer or other mobile device via your browser. This function can be deactivated in the settings of your browser. Should cookies be disabled, personalised service will be unavailable. In this case, your anonymised IP address may be transferred to the USA. For more information on the cookies and tools we use, see the “Use of cookies and tools” section below.

Shopsystem Shopify

We use the Shopify cloud system for online retailers for the purpose of hosting and displaying our online store. Shopify is a service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as "Shopify").

We have concluded a data processing agreement with Shopify (Shopify Vendor DPA).

The personal data collected and transmitted via Shopify relates to the following personal data:

  1. Contact information: Name, home and/or business addresses, telephone numbers, email addresses.
  2. Identification and identity verification information.
  3. Delivery information: Name, delivery address.
  4. Background check information: credit report information, fraud detection information.
  5. Transaction information: processed payments, transaction amounts, time and place of transactions, payment types.
  6. Financial information: Bank or credit card information.
  7. Tax information: Withholding tax deductions and tax filing status.
  8. Usage information: Username, password, access times, browser types and languages.
  9. Device and location information: Hardware model, operating system and version, unique device identifiers.
  10. Device identifiers, information about the mobile network, information about the device's interaction with Shopify.
  11. Shopify services, device location, other information collected via cookies and web beacons.
  12. Browser and device properties, "IP" address, pixel tags.
  13. Inferences about users that may reflect user preferences, characteristics and behavior
  14. Other information: Survey responses; participation in competitions etc.

Legal basis: The above data is collected in order to fulfil the purchase contract with you (Art. 6 para. 1 letter b GDPR). All the above-mentioned data that goes beyond the fulfilment of the contract will only be collected with your express consent (Art. 6 para. 1 letter a GDPR, e.g. data on usage behaviour). The data on device identification, device location and access times are only collected to ensure the security of the systems and trouble-free operation (Art. 6 para. 1 letter f, Art. 5 para. 1 letter f GDPR). We assume that there is no legitimate interest to the contrary because trouble-free operation also serves your security.

Data transfers:

When Shopify processes your data as part of the use of our online store, your data may also be transferred to other Shopify companies, such as Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, (Canada), Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc.

Shopify also works with subcontractors. You can find an overview of Shopify's subcontractors here: https://help.shopify.com/en/manual/privacy-and-security/privacy/subprocessors

If these companies are based in a third country for which there is no adequacy decision by the EU Commission or are based in the USA but do not yet participate in the EU-US data privacy framework, the transfer of data is secured as follows:

  1. Shopify has entered into the EU's standard contractual clauses with these companies.
  2. Shopify has agreed upon additional guarantees with these companies to secure the processing of the data, namely additional guarantees in the event of disclosure requests by authorities: https://www.shopify.com/legal/gvtaccesspolicy

Further information on how Shopify uses your personal data can be found here: https://www.shopify.com/legal/privacy


Backup-Software Rewind

We use the backup software "Rewind" from the provider Rewind Software Inc, 333 Preston Street, Suite 200, Ottawa, Ontario K1S 5N4, Canada (hereinafter referred to as "Rewind").

The processing by Rewind serves to back up and restore all data of our online store. The legal basis for this processing is our legitimate interest in ensuring the smooth and trouble-free operation of our online store (Art. 6(1)(f) GDPR, Art. 5(1)(f) GDPR) in order to protect your data from unintentional loss. Since the security of the systems also benefits you, we assume that this processing does not conflict with any legitimate interest.

The data is stored on a server in Germany. If data is transferred to Canada, the EU Commission has issued an adequacy decision confirming that an adequate level of data protection is in place in Canada.

We have concluded a data processing agreement with Rewind.

You can find Rewind's privacy policy here: https://rewind.com/legal/privacy-notice/


4. Contact

On our pages, we have provided an online form which enables you to contact us electronically. The form requires your first name and family name, your email address and telephone number as well as a box for entering a message to us. We need this data to process your request. You can also choose to provide us with your postal address. Additionally, you can contact us at any time via email. Contacting us is always voluntary.

This data is solely used for the purpose of answering your request or responding to your request for contact, and the technical administration involved. This processing is lawful pursuant to Art. 6 (1) (b) GDPR, as we require the data listed above for the initiation, conduct or termination of a contractual relationship with you.

You request is handled by our internal customer service. We do not pass on your requests to third-parties or to organisations outside of the EU. After your request has been processed, we delete your contact information, at the latest, 72 hours after your request has been dealt with. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond 72 hours only for the purpose of complying with our legal obligations. In this case, we delete your data on termination of the statutory storage period, i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

5. Salesforce – for processing customer inquiries

We use the CRM system of the provider Salesforce Canada Corporation, 10 Bay Street, Suite 400, Toronto, ON, M5J 2R8, Canada (hereinafter referred to as "Salesforce"), to manage your customer data and process your inquiries more quickly and efficiently. The legal basis for this processing is the fulfilment of the contract with you if you purchase products in our online store or maintain an account (Art. 6 para. 1 letter b GDPR).

We only use the data from customer inquiries in the context of Salesforce for the technical processing of the inquiries and do not pass them on to third parties. For this purpose, we collect the correct e-mail address. Pseudonymized use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).

If users do not agree to data being collected via and stored in salesforce's external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post.

Data processing generally takes place on Salesforce servers in Canada. This data transfer is justified by the EU Commission's adequacy decision for Canada. It cannot be ruled out that data may also be transferred to Salesforce, Inc. in the USA. This data transfer is justified by the adequacy decision of the EU Commission, which confirms an equivalent level of data protection for companies in the USA that participate in the EU-US data privacy framework. Salesforce, Inc. participates in the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/

In addition, Salesforce has binding internal data protection regulations or Binding Corporate Rules (BCR) in accordance with Art. 47 GDPR. Salesforce's EU Binding Corporate Rules ("Salesforce EU Processor BCR") were approved by the European Data Protection Authority in 2015 and the UK Binding Corporate Rules ("Salesforce UK Processor BCR") were approved by the Information Commissioner's Office in the UK in 2023.

Users can find further information in the Salesforce privacy policy: https://www.salesforce.com/company/privacy/

6. Data processing on registration to open a customer account and for order processing

You may register as a customer on our pages. This data is processed exclusively for the purpose of carrying out the contracts made with you for the use of our online services, or the processing of purchases. This data processing is lawful pursuant to Art. 6 (1) (b) GDPR.

If you have registered with us as a customer, we will store your most recent purchases on your customer account under “Your recent purchases”. You can prevent the storage of your purchase history a priori by selecting “do not save purchase history” or permanently delete it after purchase using “delete purchase history”. We store your purchase history for the purposes of optimising our product range and to make the shopping experience as convenient for you as possible. It helps us to identify those products that are of regular interest for you. We therefore have a legitimate interest for this processing pursuant to Art. 6 (1) (f) GDPR.

Entry of all data is voluntary. You can also order products as a Guest, without registering for a customer account. In order to process your purchase order, we require at least the data marked with an asterisk (*) in the registration form.

Internally, this data can only be accessed by our customer service and marketing department, and the IT department for the purposes of troubleshooting and system maintenance. Our accounting department is only provided with the information required for tax reporting purposes required under law.

You can delete your customer account at any time. You can delete your account yourself or send a message to the address above requesting deletion.

After processing a Guest contract, or deletion of your customer account, your data is locked under tax and commercial law retention periods, and will be deleted after these retention periods have expired unless you expressly permit further use of your data, or we reserve the right to a legally permissible further use of data by our website, of which you shall be informed appropriately. If you are registered with us as a customer, we suppress all information on purchases older than 3 years in your purchase history, and delete it, at the latest, 10 years after the purchase date. You can grant your consent to us to show your purchase history for a period longer than 3 years for a maximum of 10 years. We delete your data at the latest after the statutory 10-year retention period (Section 147 (3) German Tax Code), i.e. after 10 years from the date the purchase was concluded. We will delete your data at the end of this retention period without any request to do so on your part.

7. Product Reviews

If you create a customer account in our online store, you can submit reviews of our products. In order to offer you this feature, we work together with the service provider Yotpo, Inc, 400 Lafayette St. Fl. #4, New York, NY 1003, USA ("Yotpo").

The submission of reviews is voluntary.

This processing only takes place with your express consent (Art. 6 para. 1 letter a GDPR). You can revoke your consent at any time for the future by sending us an email. If you give us your consent, we will transmit the following personal data to the service provider Yotpo as part of the submission of your rating in order to provide the rating feature:

  1. First and last name,
  2. e-mail address,
  3. the rated product,
  4. Price of the rated product
  5. Purchase date of the product

This data transfer to Yotpo is permitted by the adequacy decision of the EU Commission, which confirms an equivalent level of data protection for companies in the USA that participate in the EU-US data privacy framework. Yotpo participates in the EU-US Framework: https://www.dataprivacyframework.gov/

We have concluded a contract with Yotpo in accordance with the standard contractual clauses of the EU.

Yotpo also transfers data to subcontractors for further processing. If these subcontractors are based in a third country for which there is no adequacy decision by the EU Commission or are based in the USA but do not yet participate in the EU-US data privacy framework, the transfer of data is secured as follows:

  1. Yopto has concluded the EU standard contractual clauses with these companies.
  2. Yotpo has agreed additional guarantees with these companies to secure the processing of the data.
  3. Yotpo has carried out a Transfer Impact Assessment (TIA) for each of these data transfers.

Further information on Yotpo's data protection can be found here: https://www.yotpo.com/privacy-policy/.

8. Working with external service providers for processing of orders

We work with the following service providers to process your order wholly or in part. These service providers support us by carrying out contracts concluded with them, such as payment processing or delivery of our products.

We share your personal data with these service providers only for the purposes of carrying out our contractual obligations to you. This may be for the purposes of processing your payments, or for the purposes of delivering your goods, and we only share the data that is strictly required for that purpose. For payment processing, you can select the nature of payment and the payment service provider yourself. This sharing of data is lawful pursuant to Art. 6 (1) (b) GDPR. Individual service providers are only provided with the data required to provide the service for which they have been contracted. All services providers are obliged to handle your data confidentially.

Processing of payments by payment services provider


Shopify Payments

We use Shopify Payments as a payment service provider to process credit card and other supported payment methods. Shopify Payments is operated by Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. Depending on your country of residence, Shopify may use affiliated companies, including Shopify Payments (Canada) Ltd., Shopify Payments (USA) Inc., and Shopify (UK) Limited, or third-party banking partners, to provide the payment service.

If you select a payment method via Shopify Payments (e.g. Visa, Mastercard, American Express, Maestro, Discover), the payment data you provide will be transmitted to Shopify and the relevant payment networks for the purpose of processing the transaction.

The transmission of your data to Shopify Payments takes place on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfilment). For further information on data processing, please see Shopify’s Privacy Policy: https://www.shopify.com/legal/privacy.

Shop Pay

In our online store we also offer Shop Pay, an accelerated checkout option provided by Shopify. Shop Pay allows you to save your payment information and shipping address for faster checkout on this and other stores powered by Shopify.

If you choose to use Shop Pay, the data you provide (such as your name, email address, payment information and shipping address) is securely stored and processed by Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, and its affiliates, for the purpose of facilitating faster transactions.

The transmission and storage of your data in connection with Shop Pay is based on Art. 6 para. 1 lit. b GDPR (contract fulfilment) and, where you choose to store your details for future purchases, on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your consent for the future at any time by deleting your saved Shop Pay information.

Further details on Shop Pay can be found in Shopify’s Privacy Policy: https://www.shopify.com/legal/privacy.

9. Use of your data for advertising purposes (product recommendations to existing customers/ newsletter subscription)

Recommending products to existing customers

If you have ordered products from us and provided your email address, we take the liberty under the law to send you product recommendations for similar products which could be of interest to you, where you have not objected this use during the purchase process. This form of contact will only occur for the purpose of sending product recommendations via email to you as an existing customer. In this, we are pursuing our legitimate interest in sending personalised direct advertising to existing customers. This is consistent with our legitimate interest in direct advertising to existing customers under Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb - UWG). If you have initially objected to this use of your email address, we will not send this information to you via email. You may withdraw your consent to the use of your email address to receive such messages from us at any time and with future effect. After receipt of your withdrawal of consent, we will cease the use of your email address for this purpose without delay.

Newsletter subscription

You can register for our email newsletter on our website. Our newsletter provides regular updates on new items, interesting offers and new promotions and campaigns. To receive our newsletter, you must only provide your email address. You may also choose to provide your name, to allow us to address you personally. We use the double opt-in process for our newsletter subscription. For this purpose, we will send you a confirmation email after we have received your consent to a newsletter subscription. In this email, we will ask you to confirm your subscription via a provided link. You will only receive our newsletter after this (second) activation of the service.

Consent to newsletter subscription

The address you provided for our newsletter subscription and any other data you provided such as your name will solely be used for the purposes of sending advertisements to you via electronic mail. This sending of electronic advertising is lawful pursuant to Art. 6 (1) (a) GDPR.

You can withdraw your consent to the use of your email to receive newsletters at any time with future effect by sending an email or using our online contact form, or the link provided in the email. After cancellation of this service, we will delete your email address without delay from our distribution list, unless you have expressly consented to another use of your data, or we reserve the right to use your data for lawful purposes and of which you have been informed appropriately.

Your declaration of consent will be recorded electronically for the purposes of verification. You can see your declarations of consent at any time online in your account. On registration for the newsletter we also store the IP address provided by your Internet Service Provider (ISP) as well as the date and time of your subscription to trace any potential misuse of your email address at a later date.

If you have not consented to the newsletter subscription or withdrawn said consent, you will only receive electronic mail from us in connection with the processing of orders you have placed with us.

Service providers for sending electronic advertising – Email Studio (part of Salesforce Marketing Cloud)

We use the Email Studio software, which is part of the Marketing Cloud of the service provider Salesforce Canada Corporation, 10 Bay Street, Suite 400, Toronto, ON, M5J 2R8, Canada (hereinafter referred to as "Salesforce"), to send the aforementioned product recommendations and newsletters by electronic mail. This service provider acts on our behalf strictly in accordance with our instructions and obtains knowledge of your email address and, if applicable, your name for this purpose.

We have concluded a data processing agreement with Salesforce. Data processing generally takes place on Salesforce servers in Canada. This data transfer is justified by the EU Commission's adequacy decision for Canada. It cannot be ruled out that data may also be transferred to Salesforce, Inc. in the USA. This data transfer is permitted by the adequacy decision of the EU Commission for the USA. Salesforce, Inc. participates in the EU-US data privacy framework: https://www.dataprivacyframework.gov/

In addition, Salesforce has binding internal data protection regulations or Binding Corporate Rules (BCR) in accordance with Art. 47 GDPR. Salesforce's EU Binding Corporate Rules ("Salesforce EU Processor BCR") were approved by the European data protection authorities in 2015 and the UK Binding Corporate Rules ("Salesforce UK Processor BCR") were approved by the Information Commissioner's Office in the UK in 2023.

Further information on data processing in the Salesforce Marketing Cloud can be found here: https://help.salesforce.com/s/articleView?id=sf.mc_overview_data_protection_privacy.htm&type=5

You can view Salesforce's privacy policy here https://www.salesforce.com/company/privacy/

If you have given us your consent to receive newsletters and to evaluate the interaction with our newsletters (so-called conversion tracking) (Article 6 (1) (a) GDPR, Section 25 (1) TDDDG), Salesforce uses this information on our behalf to send and statistically evaluate the newsletters. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This enables us to determine whether you have opened a newsletter message, and which links you may have clicked on. With the help of conversion tracking, we can also analyse whether a certain action (e.g. the purchase of a product on our online pages), which we have determined in advance, has taken place after clicking on the link in the newsletter. In addition, we collect further technical information, namely the time of access, the shortened IP address, browser type and operating system. We only collect this technical data in pseudonymized form and do not link it to your personal data or your customer account. We therefore exclude the possibility of the data being directly linked to a person. We use this data exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses enable us to better adapt future newsletter offers to the interests of our customers.

The legal basis for this data processing is your consent (Art. 6 para. 1 letter a GDPR, § 25 TDDDG). You can withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

We will store your email address, your name (if applicable) and the consent you have given for sending the newsletter and conversion tracking for the duration of the newsletter subscription or until you withdraw your consent (unsubscribe from the newsletter). Any other data collected in the course of sending the newsletter will be deleted after seven days.

We store your e-mail address, your name, if applicable, and the consent given for the newsletter dispatch for the duration of the newsletter subscription or until the revocation of your consent given for this purpose (cancellation of the newsletter). Any other data collected in the course of the newsletter dispatch will be deleted after seven days.

An automated decision making or profiling does not take place.

Consent to newsletter tracking

In addition to sending newsletters, it is also possible to evaluate your interaction with the newsletter. This involves the evaluation of delivery, engagement and contact history. We gain insight into whether the newsletter was read/opened (including times of opening), clicks (including visits to our websites, links called up and other web interactions) and undeliverability processes. If you follow a link, we can clearly attribute it to you. The newsletter and contact IDs are logged in the newsletter tool we use. This enables us to create target group profiles and constantly improve the effectiveness of our newsletters.

In order to be able to analyse these interactions, a unique web beacon is integrated into each newsletter. Web beacons are a technique for carrying out the aforementioned analyses inconspicuously (usually invisible to you). Our web beacons are small digital image files that are embedded in the e-mail newsletter. They are the size of a few pixels and can have the same colour as the background or be transparent. As the recipient, you activate the web beacon by loading the images and thus start the analysis.

We only use this technology if you have given us your prior consent to tracking (Art. 7 GDPR). When you subscribe to the newsletter, we ask you separately for your consent to newsletter tracking. You can revoke this consent to newsletter tracking at any time with effect for the future by sending us an email or using our online contact form or the corresponding link in the newsletter. After such a cancellation, we will immediately tag your e-mail address in our newsletter distribution list so that no newsletter tracking takes place in the future.

However, you also have the option of preventing newsletter tracking to a certain extent: you can configure your email reading software to prevent access to remote images. Another option is to disconnect from the Internet before reading the newsletter after you have download-ed it. However, this requires that you use an e-mail reader on your computer and download all e-mails from the server to your own computer. The web beacons contained cannot then trigger any requests to the host server and tracking is prevented. If you delete the messages, the web beacons are also deleted, which means that they cannot perform any activities. It is also possible to filter out web beacons completely at server level.

We have set up the data processing in the newsletter tool we use in such a way that tracking of newsletter interaction is kept to a minimum.

10. Automated decision-making and profiling

We do not use automated decision-making. Profiling only takes place in the cases described in this privacy policy if you have given us your consent to do so. You may revoke your consent at any time with future effect. Processing of your data which occurred prior to the withdrawal of consent is not affected. No further profiling will take place.

11. Use of cookies and tools

What are cookies?

To improve the look of our website and to enable certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device. These text files are used for the temporary storage of information. Your browser stores cookies in the form of a readable text file once you access our site. If you are registered with us, cookies help us to recognise you, your device (computer, tablet or smart phone) the next time you access one of our pages. Some cookies may contain personal data.

What cookies do we use?

According to function, we classify our cookies as Required, Functional, Analysis & Statistics, and Advertising & Marketing. Some of the cookies we use are required for you to use our web pages (so called session cookies). If you disable this cookie, our pages may not be accessed. The authentication cookie provides you with access to the log-in page. Without this cookie, you cannot register or access the log-in page. These session cookies will be deleted when you close your browser.

Other cookies remain on your device and allow us and our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a certain period of time, which differs from cookie to cookie. For advertising purposes, we use a retargeting cookie which allows us to show you interesting offers, even outside of our web pages. For more information, see the following overview of cookies used.

What is the purpose and the legal basis for using cookies?

Most of the cookies we use do not store any information that can identify you personally or that makes you identifiable. Rather, these cookies provide us with general and anonymised information regarding the use of our websites, the pages that are visited, the browsers and operating systems used and the cities our visitors are located. We only collect masked IP addresses which make it impossible to recognise individual users or be assigned to any one individual.

Some of these cookies make the ordering process easier, by saving specific website settings (e.g. noting the content(s) of a virtual shopping basket for a subsequent visit to the website). Where our cookies do process personal data, this processing is done in accordance with Art. 6 (1) (b) GDPR to fulfil our contract with you.

Any cookies we collect are for the purposes of gathering information for improving the functioning and content of our online services. These functional cookies serve a legitimate interest (Art. 6 (1) (f) GDPR) as they enable the technical adaptation of our service and make it easier for you to use our pages. We also use cookies to measure the success of our online marketing. Using statistical data, we can also identify disruptions and understand cost calculations for advertising media. We only understand this processing when you have granted us consent for the use of these cookies for analysis and statistics or for advertising and marketing (Art. 6 (1) (a) GDPR). You may withdraw your consent at any time with future effect. The processing of your data remains lawful until your consent is withdrawn.

How to disable cookies

You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept specific kinds of cookies, or to disable all cookies. Each browser is different in the way it administers its cookie settings. The Help menu of your browser provides information on how to change your cookie settings. You can find this information for your browser using the links below. When following some of these links, you must first select your browser version to see the specific instructions for changing your cookie settings

  1. Internet Explorer: https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d (if you are still using Internet Explorer, we recommend switching to an up-to-date browser)
  2. Edge: https://support.microsoft.com/en-gb/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
  3. Firefox: https://support.mozilla.org/en-US/kb/trackers-and-scripts-firefox-blocks-enhanced-track
  4. Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
  5. Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/12.0/mac/10.14 (via "Select version" you can request information for your operating system version)
  6. Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info.

Do we use cookies from third parties?

We sometimes work with web partners who help us to make our web pages more interesting for you. For this purpose, when you access some of our pages online, cookies from our partner companies may also be stored in your device (Third-party Cookies). This section provides more information regarding the use of these kinds of cookies, their scope, and the data they collect.

We use some cookies or tools because they are necessary for us to provide you with our online services. In this case, the legal basis for the processing is the user agreement concluded with you (Art. 6 Para. 1 Letter b GDPR) or our legitimate interest, provided that no conflicting interests are discernible, and no contradiction exists (Art. 6 Para. 1 letter f GDPR). We use all other cookies exclusively on the basis of your consent (Art. 6 para. 1 letter a GDPR).

The third-party cookies used by us partially lead to data processing in the USA. In this case, too, we only use cookies with your consent (Art. 6 para. 1 letter a GDPR). The use of these providers from the USA is permitted under the EU Commission's adequacy decision (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the level of protection of personal data under the EU-U.S. Data Protection Framework (pub-lished under file number C(2023) 4745)). These providers participate in the EU-U.S. Data Privacy Framework (DPF). The EU and the USA have concluded this agreement for the transfer of personal data from the EU and the EEA to organizations in the USA. To the extent that these US organizations participate in the DPF, the level of protection in the USA is considered adequate. Further information on participation in the EU-US data protection framework can be found on the website that the U.S. Department of Commerce has set up to implement the agreement: www.dataprivacyframework.gov.

Hyperlinks and Third Parties

The website may contain sharing or publishing options or links to third-party websites or platforms. By using or activating these links or features, you leave our website, and your browsing becomes subject to the terms of use and privacy policies of those third parties. We have no control over these third-party platforms, and the fact that they are listed on our website does not imply any responsibility on our part.

With whom do we share your data and why?

We may disclose your Personal Information to the following categories of recipients: (a) to our group companies for purposes consistent with this Policy, and in particular, so that they may contact you regarding products and services that may be of interest to you where you have given your consent. (b) to our third-party vendors, service providers and partners who provide data processing services to us, or who otherwise process Personal Information for purposes that are described in this Policy or notified to you when we collect your Personal Information. We may use external companies and third parties to administer and provide related services, such as data processing and storage, payroll processing, group insurance management, etc. Our third-party vendors, service providers and partners include, without limitation: Sunlife, Dayforce, Inc., Collage HR, LinkedIn. In such cases, we take the necessary measures to ensure that these third parties have access only to the information necessary to carry out the agreed services, that they process your information solely for the purposes we have determined, and that they have in place privacy protection measures that comply with applicable laws and ensure the same conditions and level of protection as outlined in the Policy. We may also disclose the information to fulfil a legal obligation. The company is committed to not specifically selling or renting your personal information to any third party.

How long do we keep personal information?

Hagen Group retains collected data for different periods depending on their nature and usefulness to our activities. The retention period varies depending on the reason for collecting the information. Once the retention period expires, personal information is destroyed. Only statistics or reports containing depersonalized and anonymized data may be retained for extended periods.

Age of Consent

We do not knowingly collect information from children or other individuals under the age of 16. If you are a minor under the age of 16, please do not provide us with personal information without the express consent of a parent or guardian. If you are a parent or guardian and know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minors without verifying parental consent, we will take steps to delete this information without delay.

Web Analysis Services

Google Analytics

We use online services provided by the web analysis service Google Analytics. Google Analytics is a service offered in the EU and EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that are stored on your computer to analyse the use of our online web presence.

The information collected by the cookie regarding your use of our online web presence (including your masked IP address) is transferred to and stored in a Google server in the USA. Google uses this information to evaluate the use of our website to prepare reports about the activities in our online presence and provide us with additional services associated with that use. The IP address provided by your browser as part of the Google Analytics service is not added to any other Google data.

We use Google Analytics in our online presence for web analysis purposes exclusively with an add-on that provides an “anonymise IP” function. This setting ensures that Google Analytics erases the last part of your IP address. This anonymisation of your IP address removes any direct trace of you personally. When using this feature, Google masks your IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transferring that information outside of the EU. The full IP address will only be sent to a Google server for masking in the USA in exceptional cases. In this way, we do not receive data that provides us with a way to identify you personally.

We also use the Universal Analytics function with Google Analytics. Universal Analytics allows us to analyse the use of our online services across devices (e.g. access via a laptop and then later from a tablet). As a user, you will be given a pseudonymous User ID on registration, when you access our site from another device. This is how the system recognises your User ID when you access our site from another device. We do not allocate any names to the User ID. We do not provide Google with any personal data. Privacy measures such as IP masking and Browser Add-ons are not restricted by the use of the Universal Analytics function.

You can prevent the installation of cookies using the settings in your browser software. You can also prevent the collection and processing of the data created by the use of cookies and related to your use of our online services (including your IP address) by Google by downloading and installing the browser plugin available at: https://support.google.com/analytics/answer/181881?hl=en

This will prevent all future collection of data by Google Analytics within our website. This opt-out cookie only works in this browser and only for this domain.

If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.

Google participates in the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/

We have concluded a contract with Google in accordance with the EU’s standard contractual clauses.

For more information regarding how Google Analytics deals with user information, please refer to Google’s Privacy Statement: https://policies.google.com/privacy?hl=en

Google Consent Mode

We use the Google Consent Mode. This is a service that is offered in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland. In the USA, this service is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

Google Consent Mode introduces two new tag settings, namely: tags that trigger data transfer to Google when consent to advertising or analytics cookies has been given, and tags that prevent cookies when consent has been denied. Once you have given consent on a website, Google uses the consent mode to manage cookies from Google services for advertising and analysis purposes for all connected advertisers who use the global website tag or the Google Tag Manager. Consent mode is available in the following Google services: Google Tag Manager, Google Analytics, the Google Marketing Platform and Google Ads.

The purpose of the Google consent mode is that a technical interaction takes place between this mode and our cookie consent banner in order to obtain the consent of visitors to our website. We use Google Consent Mode v2 to respect users’ privacy choices and manage how Google services (like Analytics and Ads) behave based on consent. If you give your consent via our cookie consent banner for the Google services mentioned there, Google tags are loaded. Data will only be transmitted to Google on the basis of your consent. The consent status is transmitted to Google via the Google tags as “default status” or “updated status”. This status is retained on all websites that you visit or access after visiting our website. Once consent has been given, Google dynamically adjusts the behavior of its own tools (e.g. Analytics, Google Ads and third-party tags).

If you do not give your consent to the Google services, the Google tags are blocked and no data is transmitted to Google, not even the consent status. Instead, the consent status and user activity are sent to the Google server using tags by sending pings without cookies. Pings are used in Google products to model measurement values in the analysis tools used and thereby close gaps in data collection. Pings are used to request the consent status of other websites that you have visited and on which the Google consent mode is used. If you have given your consent in the cookie consent banner on one of these websites, the consent status for you also changes from “refused” to “granted” for our website. Pings with information on a conversion (information on purchases) can also be transmitted. Google collects the following data:

Function-related information (timestamp, user agent (only web – visit to our website), referrer URL (websites from which our website was accessed).

Summarized (aggregated), non-personal data: References to information about an ad click in the URL of a visited website.

Boolean information on consent status (mathematical algebraic structure that generalizes the properties of the logical operators AND, OR, NOT).

Random number generated each time a page is loaded.

Information about the consent management platform used by the website owner.

IP addresses are used to derive the IP country. However, they are not logged by Google Ads and Floodlight systems but are deleted immediately after collection. In Google Analytics, IP addresses are recorded as part of normal internet communication but can be masked here (https://support.google.com/analytics/answer/2763052).

We use the Google consent mode for the purpose of checking and optimizing the Google advertising systems we use. This involves assigning purchase processes to specific advertising campaigns in order to measure the success of the advertising campaigns. Insofar as this assignment is personalized, e.g. by assigning the purchases you have made to specific advertising campaigns, the legal basis for this is the consent you have expressly given. Consent is given via the cookie consent banner and is voluntary. You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

If you do not give your consent, the allocation of the visiting of a landing page to specific advertising campaigns will take place without the use of personal data. In this case, we measure the success of our advertising campaign without cookies or identifiers, using estimates and aggregated data on visiting a landing page. We can use this data, for example, to optimize our landing pages, advertising texts or advertising budgets in order to promote our campaigns. The legal basis for this is our legitimate interest in assigning purchase processes to specific advertising campaigns (so-called conversion modelling) and thus being able to measure the success of our advertising campaigns in order to continuously improve our offer (Art. 6 para. 1 letter f GDPR). We assume that your interest does not conflict with this because no personal or personally identifiable data is collected. You can object to such use of your data for the purpose of the aforementioned statistical analysis at any time by notifying us.

It cannot be ruled out that the aforementioned data will be transmitted to Google LLC in the USA. Google participates in the EU-US data privacy framework: https://www.dataprivacyframework.gov. We have concluded a contract with Google in accordance with the EU standard contractual clauses.

You can obtain further information about Google’s data protection provisions regarding Google Consent Mode at the following Internet address: https://support.google.com/google-ads/answer/10031513


Google Tag Manager

We use Google Tag Manager in our online services for the purpose of providing a personalised, interesting, and locally relevant online advertising. This service is operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager allows us to administer website tags using a single interface. Although we use cookies for this, we do not collect any personal data. The Tag Manager was specially developed for retailers and is a system with which elements (tags) from Google and other providers can be marked and administered. In this way, data may be sent to cookies or other tools. Tags can be used for conversion tracking, web site analysis, and other purposes.

Google participates in the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/

We have concluded a contract with Google in accordance with the EU’s standard contractual clauses.

More information on Google Tag Manager is available at: https://www.google.com/analytics/terms/tag-manager/

Further information and the Google Privacy Policy are available at: http://www.google.com/policies/technologies/ads/ and https://policies.google.com/privacy?gl=en&hl=en.


12. Integration of social media

On our website we refer to our accounts in social networks. The use of these providers from the USA is permitted on the basis of the EU Commission’s adequacy decision. The providers referred to by us participate in the EU-U.S. Data Privacy Framework (DPF). The EU and the USA have concluded this agreement for the transfer of personal data from the EU and the EEA to organizations in the USA. Insofar as these US organizations participate in the DPF, the level of protection in the USA is deemed adequate. Further information on participation in the EU-US data privacy framework can be found on the website that the U.S. Department of Commerce has set up to implement the agreement: www.dataprivacyframework.gov.

13. Your rights as a data subject as enforceable in the EU

Please read the following information about your rights as a data subject regarding the processing of your personal data.

The right of access

You have the right to request a confirmation whether your personal data is being processed. Should this be the case, you have the right to be informed of the personal data that has been collected, stored or processed, as well as to the following information:

  1. the processing purpose,
  2. the recipients or categories of recipients to whom this data has been disclosed or will be disclosed,
  3. if possible, the intended duration of storage of your personal data or if this is not possible the criteria for determining that duration,
  4. your additional rights (see below),
  5. if the personal data has not been collected from you, all available information regarding its source,
  6. the existence of automated decision-making, including profiling, and where existent, further relevant information.

You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.

The right to rectification

You have the right to request the correction without delay of incorrect or incomplete personal data.

Right to erasure (right to be forgotten)

You have the right to request that we delete the personal data concerning you without delay. We are obliged to delete your personal data without delay where one of the following grounds applies:

  1. Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
  2. You are withdrawing your consent and there are no other legal grounds for processing that data.
  3. You are filing an objection (see below) to the data processing.
  4. Your personal data were unlawfully processed.
  5. The deletion of your personal data is necessary to fulfil an obligation under EU law or the law of the Member States.
  6. A child has provided consent to the collection of personal data.

Right to restriction of processing:

You have the right to request a restriction of our data processing when one of the following conditions is met:

  1. you are contesting the accuracy of the personal data,
  2. the data processing is unlawful, but you do not agree to the deletion of the personal data, instead requesting a restriction of its use,
  3. we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims; or
  4. you have objected to processing (see below) and it is not yet clear whether our legitimate interest will prevail.

Right to notification

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of those recipients.

Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without interference on our part provided that:

  1. the processing is based on consent granted pursuant to Art. 6 (1) (a) GDPR or Art.9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
  2. the processing is carried our using automated methods.

In exercising this right, you may request that personal data related to you be transferred directly from us to another controller insofar as this is technically feasible and does not infringe on the freedoms and rights of any other person. The right to data portability does not apply to the processing of personal data required for fulfilling a task carried out in the public interest or in the exercise of an official authority invested in the controller.

Right to object

You have the right, based on grounds relating to your particular personal situation to object at any time to the processing of your personal data, unless it is based on one of the following grounds:

  1. the processing of your personal data by us is required for the fulfilment of a task that lies in the public interest or in the exercise of public authority that has been delegated to us; or
  2. the processing is necessary to safeguard our legitimate interest or the legitimate interest of a third-party, in so far as your interests or basic rights require that protection of your personal data prevail.

The right to object also applies to profiling based on these processes.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is associated with such direct marketing.

You also have the right, on grounds arising from your particular personal situation to object to the processing of your personal data undertaken by us for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task in the public interest.

Right to withdraw consent and data protection law

You may revoke your consent at any time with future effect. The revocation may be simply sent to us at any time, e.g., an informal email. Processing of your data which occurred prior to the withdrawal of consent is not affected.

Right of appeal to the supervisory authority

Do you think that the processing of your personal data was illegal? Then you have the right to lodge a complaint with a supervisory authority, particularly in your country of residence or country of work, or at the location the alleged breach took place. If you are in doubt, contact the agency responsible for us at Marit Hansen, ULD – Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, (E-Mail: mail@datenschutzzentrum.de, Holstenstraße 98, 24103 Kiel, telephone: 0431 988-1200, fax: 0431 988-1223). Other administrative or judicial remedies are not affected by the exercise of these rights.

14. Data Protection Officer

Hagen has appointed an individual responsible for Privacy and Data Privacy Matters. If you have any questions about your personal information, to make comments or to make a complaint, you may contact the person responsible for ensuring compliance with this Privacy Policy at data_priv@rchagen.com

Or write to:

Rolf C. Hagen Inc.,

20500 Trans-Canada Hwy

Baie d’Urfé, Québec

H9X 0A2

Canada

If you are from the EU or the EEA, the following applies:

-This company is the Controller for the processing of data on our online service pursuant to the General Data Protection Regulation (GDPR).

-Our EU representative pursuant to Art. 27 GDPR is: Kaschae Datenschutz & Compliance GmbH, An der Alster 62, 20099 Hamburg, mail@kaschae.de

Contact information for our company Data Protection Officer (DPO): datenschutzbeauftragter@rchagen.com