for Customers, Suppliers and other Business Partners
1 Scope of application
2.1 The operator – and therefore the controller – of the Geberit website you have visited is the Geberit company listed in the imprint on the website in question.
2.2 Incidentally, the controller responsible for processing your personal data is Geberit International Sales AG, Neue Jonastrasse 59, CH-8640 Rapperswil, email firstname.lastname@example.org .
3 Data protection officer
Our data protection officer can be reached at email@example.com or at our postal address with the added information “The data protection officer”.
4 Automatic data collection and processing on Geberit websites
4.1 As with every website, our server automatically and temporarily collects information transmitted by your browser in server log files, provided you have not disabled this feature. If you intend to view our website, we require certain types of data on a technical level so that we can display our websites whilst also ensuring stability and security. This data is as follows:
- IP address of the computer sending the request
- file request of the client
- http response code
- the web page that linked you to our website (referrer URL)
- time of the server request
- browser type and version
- operating system used by the computer sending the request
4.2 The data in these server log files will not be analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). The legitimate interest we pursue when collecting this data is to ensure the proper functioning of our websites. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided in Section 2. Collection of the aforementioned data is required for the purposes of providing the functions of our website.
4.3 Our websites use certain technologies and tools, which are outlined below. If there are any that you do not want us to use, we have provided various options and settings for each one that will prevent it from being used.
4.4 Google Analytics
4.4.2 The information generated by the cookie about your use of our website(s) is normally transferred to a Google server in the USA, where it is saved. However, because IP anonymisation has been enabled on our websites, your IP address will be truncated in advance by Google within the member states of the European Union or in other countries outside of the European Union which are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA before it is truncated. The IP address identified from your browser by Google Analytics will not be merged with other data collected by Google. Google will use this information to analyse your use of the website, to compile reports on the website activities and to provide other services for the website operator related to the use of the website and Internet usage.
4.4.3 You can prevent the storage of cookies via the relevant setting in your browser software. Please note, however, that in this case you may not be able to use all of the functions on the website. You can also prevent the recording of the data collected by the cookie with respect to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on (available at https://tools.google.com/dlpage/gaoptout?hl=en-GB ). Opt-out cookies prevent your data from being collected during any future visits to the respective website. In order to prevent the collection of data by Universal Analytics across multiple devices, you must opt out on all the systems that you use.
4.4.4 We use Google Analytics in order to pursue our legitimate interests of building a service that meets our customer’s needs, enabling statistical analysis and promoting our websites efficiently. The legal basis for this is established in point (f) of Article 6(1) of the GDPR.
4.5 Google AdWords
4.5.1 We use the services of Google AdWords (including Google AdWords remarketing) so that we can place advertisements (called “Google AdWords”) on external websites for the purpose of drawing attention to attractive offers. Using the data gathered from these advertising campaigns, we are able to determine how effective individual advertisements are. We use this tool to show you advertisements that might interest you, to make our website more appealing to your specific interests, and to calculate our advertising costs in a fair manner.
4.5.2 These advertisements are delivered by Google via what are known as ad servers. For this purpose, we use ad server cookies that enable us to gauge success by means of a number of metrics, such as how often advertisements are displayed and how many times they are clicked by users. If you are linked to our website by a Google advertisement, Google AdWords will save a cookie on your PC. These cookies will normally expire after 90 days and are not used to identify you personally. A cookie of this type will normally contain data for analysis such as the unique cookie ID, the number of ad impressions for each placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag specifying that the user no longer wishes to be shown advertisements).
4.5.3 These cookies allow Google to recognise your Internet browser. If a user visits specific pages on the website of an AdWords customer and the cookie saved on the user’s computer has not yet expired, Google and the customer are able to discern that the user has clicked on the advertisement and was linked to this page. A different cookie is assigned to each AdWords customer. It is therefore not possible to track cookies via the websites of AdWords customers. We do not collect or process any personal data ourselves in the aforementioned advertisements. Rather, we simply receive statistical analyses of the data from Google. Based on these analyses, we are able to determine which of the advertisements placed are particularly effective. We do not receive any further data from the use of advertising, nor in particular are we able to use this information to identify users.
4.6 DoubleClick by Google
4.7 There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:
4.7.1 by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
4.7.3 by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices . This setting will be undone once you delete your cookies
4.7.4 by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this
4.8 The legal basis for processing your data is established in point (f) of Article 6(1) of the GDPR. Our legitimate interest in the use of DoubleClick by Google is to provide advertisements personalised to the interests of users, and to carry out market research in general. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
4.9 AppNexus, Media Innovation Group, Adform, Plista, Sizmek
4.9.1 Our websites also use tools from AppNexus, Media Innovation Group, Adform, Plista and Sizmek.
4.9.4 Working on the basis of point (f) of Article 6(1) of the GDPR, we use these tools in order to provide advertisements personalised to the interests of users and for the purposes of market research in general. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
4.9.5 Further information on the tools referred to in this section can be found at https://www.appnexus.com/en/company/platform-privacy-policy-de , http://www.themig.com/en-us/privacy.html , https://site.adform.com/datenschutz-opt-out/ , https://www.plista.com/de/about/privacy/ , https://www.sizmek.com/privacy-policy-de/ .
4.10 You can prevent participation in the services from AppNexus, Media Innovation Group, Ad-form, Plista and Sizmek in a number of ways:
4.10.1 by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
4.10.3 by disabling interestbased advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be un-done once you delete your cookies
4.10.4 by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this
4.11 Facebook Custom Audiences
4.11.1 Our websites also use the Custom Audiences remarketing feature from Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. This allows users of our websites to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.
4.11.3 The Facebook Custom Audiences feature can be disabled by making the appropriate setting in your browser or – if you are logged into Facebook – at https://www.facebook.com/ads/preferences .
4.11.4 The legal basis for processing your data is established in point (f) of Article 6(1) of the GDPR. Our legitimate interest in the use of this tool is to allow us to provide interest-based advertisements. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
4.11.5 Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.
– transient cookies (see Section 4.12.2)
– persistent cookies (see Section 4.12.3).
4.12.2 Transient cookies are automatically deleted once you close your browser. These include session cookies in particular. These save a session ID that makes it possible to attribute various request from your browser to a common session, allowing your com-puter to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
4.12.3 Persistent cookies are automatically deleted after a specified amount of time, which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
4.12.4 You can configure your browser settings as required: for example, you can refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all of the functions on our website if you do this.
5 Collection and processing of voluntarily provided data
5.1 We collect and process personal data that has been shared with us voluntarily during the course of interacting with customers, suppliers and other business partners (for example, via email, telephone or our websites)
We process the data for the following purposes:
5.1.1 We require your personal data (such as your first name, last name, email address, postal address, date of birth, telephone number, job title and bank details) to maintain contractual relationships, to process requests, orders and assignments, or to meet the scope of pre-contractual measures. The purposes of data processing are based on the intended business. We collect this data to provide you with relevant services or to maintain a contractual relationship with you. The legal basis for this is established in point (b) of Article 6(1) of the GDPR.
5.1.3 Where legislation in individual countries requires us obtain your prior consent for the aforementioned advertising activities, we will of course do so. The legal basis for pro-cessing your data is established by your consent in these cases (point (a) of Article 6(1) of the GDPR). You have the right to withdraw your consent at any time. If you wish to do this, please contact us via the details specified above or follow the instructions in our promotional messages. The withdrawal of consent does not affect the law-fulness of any data processing that was carried out based on consent being obtained.
6 Sharing your data with third parties
Your personal data will never be shared with third parties without your express prior consent. The only exceptions to this apply in the following cases:
6.1 For prosecution reasons
Where required in order to investigate the unlawful use of our services or for the purposes of prosecution, personal data will be disclosed to the relevant law enforcement authorities and, where applicable, to any third-party claimants. However, such a course of action will only take place if there is concrete evidence of unlawful conduct or misuse. In such cases, your data may also be shared if doing so this is required for the fulfilment of terms and conditions of use or other agreements. If requested, we are also legally obligated to disclose such data to certain public authorities, such as law enforcement bodies, authorities that penalise offences with fi-nancial penalties, and financial authorities.
In these cases, data is disclosed on the basis of our legitimate interest in combating misuse, aiding the prosecution of criminal offences, and aiding the establishment, assertion and enforcement of claims, in line with point (f) of Article 6(1) of the GDPR. If you require further in-formation about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
More specifically, we use the services of the following processors in particular:
6.2.1 other Geberit companies for the purposes of centralised customer administration and order processing
6.2.2 other Geberit companies for the purposes of providing centralised IT services for the other companies in the Group
6.2.3 logistics service providers, for the purpose of sending you products, marketing materials or other items that you have ordered from us
6.2.4 payment service providers for the purpose of processing all payments from you to us or vice versa
6.2.5 service providers for installation work or after-sales services
6.2.6 service providers for the distribution of newsletters or the execution of customer surveys
6.2.7 IT service providers for the provision of hardware and software and for the implementation of maintenance work
Data is disclosed to processors on the basis of Article 28(1) of the GDPR or, alternatively, on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised processors and on the basis of circumstances in which your rights and interests in the protection of your personal data are not overridden (see point (f) of Article 6(1) of the GDPR). If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
7 Your rights
7.1 7.1 As regards your personal data processed by us, you are entitled to the rights outlined below. In order to exercise any of these rights, please send us a written request using the contact details specified above or send an email to the following address: firstname.lastname@example.org .
7.2 Right to access
You have the right to request that we provide access to the personal data concerning you that we have processed. You may exercise this right within the scope outlined in Article 15 of the GDPR.
7.3 Right to rectification or erasure
Subject to the prerequisites specified in Article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you. The prerequisites provide for a right to erasure in particular where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The ability to exercise this right is restricted in accordance with Article 17(3) of the GDPR, particularly in cases where we require your data in order to meet a legal obligation or to process legal claims.
7.4 Right to restriction of processing
You have the right to request from us restriction of processing under the terms specified in Ar-ticle 18 of the GDPR. This right exists in particular (a) where the accuracy of personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, (b) where you oppose the erasure of the personal data (in cases where the right to erasure applies) and request the restriction of its use instead, (c) where we no longer need the personal data for the purposes for which it was being processing, but it is required by you for the establishment, exercise or defence of legal claims, and (d) where the successful exercise of an objection is still contested between you and us. If the processing of your data has been restricted on any of these bases, such data may only be processed in exceptional cases; for example, where you have given your consent to this or where such processing is necessary for the enforcement of legal claims.
7.5 Right to object to processing
In accordance with Article 21 of the GDPR, you have the right to object, on grounds relat-ing to your particular situation and at any time, to the processing of personal data con-cerning you on the basis of point (e) or (f) of Article 6(1) of the GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the circumstances involve the establishment, exercise or defence of legal claims.
7.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format under the terms specified in Article 20 of the GDPR. This requires that the data processing has been based on you having giv-en your consent and has been carried out by automated means.
7.7 Right to lodge a complaint with the relevant data protection supervisory authority.
You have the right to lodge a complaint with a supervisory authority – in particular, within the EU member state of your habitual residence, your place of work or the location of the alleged infringement – if you believe that the processing of personal data relating to you infringes the applicable data protection legislation.
8 Erasure of your data
Generally speaking, we erase or anonymise your personal data as soon as it is no longer need-ed for the purposes for which we collected or used it in accordance with the sections above. If data needs to be retained for legal reasons, it will be blocked. This means that it will no longer be available for further processing. If you require further information regarding our erasure and retention periods, please contact the controller specified in Section 2 using the relevant contact data.
9 Changes of purpose
Your personal data will only be processed for purposes other than those described if a legal provision requires this course of action or if you have given your consent to the changed purpose of the data processing. In cases of further processing for purposes other than those for which we originally collected the data, we will notify you of these other purposes prior to the data being processed further, and will provide you with all other information that relates to this.
10 Automated individual decision-making or profiling
We do not use any automated processing systems for coming to specific decisions – including profiling.
Version: November 2018