Privacy Policy and Data Protection Notice for Customers, Suppliers and other Business Partners

1.1 The privacy of your personal data is very important to us. The purpose of this privacy policy is to inform users of the Geberit Internet services, particularly the Geberit web-site(s) (“website”) – as well as customers, suppliers and other business partners – about how the Geberit companies (collectively, “Geberit”) – as well as their respective representatives and/or agents – handle and or process personal data. With this in mind, not all aspects of this information may apply to you.

1.2 If you are an individual located in Singapore, you also consent to our collection, use or disclosure of your personal data for the purposes set forth in this privacy policy, without affecting any other legal basis upon which we may do so. Where we have identified any particular provisions of the Personal Data Protection Act 2012 (“PDPA”), we are not precluded from relying on other provisions of the PDPA to establish a lawful basis for our handling your personal data. In respect of any automatic data collection and processing referenced in Section 4 below, if you do not agree to such collection, use or disclosure, you may adjust your browser or other system settings as explained below.

1.3 Personal data within the scope of this privacy policy refers to any data that relates or can be related to you, such as your name, address or email address.

2.1 The operator – and therefore the controller (if you are an individual to whom the GDPR applies) – of the Geberit website you have visited is the Geberit company listed in the imprint on the website in question.

2.2 Incidentally, the controller responsible for processing your personal data is Geberit South East Asia Private Limited, 8 Kallang Ave, Aperia Tower 1 #17-09, SG-339509 Singapore. sales.sg@geberit.com

Our data protection department, including the data protection officer can be reached at dataprotection@geberit.com or at our postal address with the added information “data protection”.

To arrange a confidential appointment with only our data protection officer, please use the following contact details:
MAGELLAN Rechtsanwälte, Brienner Straße 11, 80333 Munich
Email: datenschutz_geberit@magellan-legal.de

Our websites use certain technologies and tools, which are outlined below. If there are any that you do not want us to use, provided these are optional, we have provided various options and settings for each one that will prevent it from being used.

4.1 Server log files

4.1.1 As with every website, our server automatically and temporarily collects information transmitted by your browser in server log files, provided you have not disabled this feature. If you intend to view our website, we require certain types of data on a technical level so that we can display our websites whilst also ensuring stability and security. This data is as follows:

• IP address of the computer sending the request
• file request of the client- http response code
• the web page that linked you to our website (referrer URL)
• time of the server request
• browser type and version
• operating system used by the computer sending the request

4.1.2 The data in these server log files will not be analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR) or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the Singapore Personal Data Protection Act 2012 (“PDPA“). The legitimate interest we pursue when collecting this data is to ensure the proper functioning of our websites. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided in Section 2. It is necessary for us to temporarily save your personal data to ensure that the website appears on your computer. To achieve this, your personal data must be saved for the duration of your visit to our website. Your personal data is saved in log files in order to ensure the operability of the website. Your personal data also ensures the security of our IT systems. Your personal data is not processed further. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of your personal data being collected for the provision of the website, this applies as soon as you leave the website. If your personal data is saved in log files, these are deleted after 14 days at the latest. If the data is saved for reasons beyond these, your personal data is anonymised so that you cannot be associated with or identified from this data.

4.2 Improving quality, optimising the website, user behaviour analysis and playing personalised adverts

4.2.1 The legal basis for processing your personal data as part of using cookies or comparable technologies – such as pixels, tags, web beacons or browser fingerprinting (known as ‘tracking cookies’) – for improving quality, optimising the website, user-behaviour analysis and playing personalised adverts after merging with your contract master data and your purchase history, is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA.

4.2.2 Processing your personal data allows us to optimise the user experience on our website and to promote sales by selling goods or services.

4.2.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.2.4 You can find an overview of the cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can adjust your settings for the cookies set on our websites at any time.

You may revoke your consent to the processing of your personal data using tracking cookies at any time with future effect by:

(1) Changing your consent settings on our website

On our website, you can simply revoke your consent to the processing of your personal data using tracking cookies. To access this setting, click on the link in the website footer (‘Change cookie settings’) to open the cookie banner.

Revoking your consent places a further cookie on your computer, which indicates to us that no tracking cookies can be used. If you delete this cookie, you will be asked to submit your declaration of consent again the next time you open our website.

(2) Changing your browser settings

Alternatively, you can change your browser settings to deactivate or limit the transfer of cookies in general. You can delete saved cookies at any time. This process can also be automated. If technically necessary cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.

(3) Google Analytics

As part of the integration of Google Analytics, we use so-called “server-side tagging“. In this case, a server is switched from our side between the collection by us and the transmission to Google. This ensures that no personal data is transmitted to Google.

If you do not want your personal data to be processed by Google Analytics, you can additionally install a browser add-on to deactivate it. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js and dc.js) on websites not to collect your personal data.

For more information on terms of use and data protection, please visit:

https://www.google.com/analytics/terms/gb.html or

https://support.google.com/analytics/answer/6004245?

4.3 Google AdWords

4.3.1 We use the services of Google AdWords (including Google AdWords remarketing) so that we can place advertisements (called “Google AdWords”) on external websites for the purpose of drawing attention to attractive offers. Using the data gathered from these advertising campaigns, we are able to determine how effective individual advertisements are. We use this tool to show you advertisements that might interest you, to make our website more appealing to your specific interests, and to calculate our advertising costs in a fair manner.

4.3.2 These advertisements are delivered by Google via what are known as ad servers. For this purpose, we use ad server cookies that enable us to gauge success by means of a number of metrics, such as how often advertisements are displayed and how many times they are clicked by users. If you are linked to our website by a Google advertisement, Google AdWords will save a cookie on your PC. These cookies will normally expire after 90 days and are not used to identify you personally. A cookie of this type will normally contain data for analysis such as the unique cookie ID, the number of ad impressions for each placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag specifying that the user no longer wishes to be shown advertisements).

4.3.3 These cookies allow Google to recognise your Internet browser. If a user visits specific pages on the website of an AdWords customer and the cookie saved on the user’s computer has not yet expired, Google and the customer are able to discern that the user has clicked on the advertisement and was linked to this page. A different cookie is assigned to each AdWords customer. It is therefore not possible to track cookies via the websites of AdWords customers. We do not collect or process any personal data ourselves in the aforementioned advertisements. Rather, we simply receive statistical analyses of the data from Google. Based on these analyses, we are able to determine which of the advertisements placed are particularly effective. We do not receive any further data from the use of advertising, nor in particular are we able to use this information to identify users.

4.3.4 The legal basis for processing your personal data as part of the ‘Google Adwords’ service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent. As a general rule, the relevant cookies are deleted after 90 days.

4.3.5 You can find an overview of the cookies used on our website for Google Adwords purposes in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can revoke your consent to the processing of your personal data for Google Adwords purposes at any time with future effect.

4.4 DoubleClick by Google

4.4.1 Our websites use the tool DoubleClick by Google. DoubleClick uses cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and (if the frequency capping feature is enabled) to prevent users from seeing the same advertisements multiple times. Using a cookie ID, Google can register which advertisements have been shown in which browser, preventing users from seeing the same advertisement multiple times. Furthermore, DoubleClick can use cookie IDs to record what are known as conversions, which are related to ad requests. A conversion happens if, for example, a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes a purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.

4.4.2 Due to the use of Google AdWords and DoubleClick by Google, your browser will automatically establish a direct connection to the Google server. We have no control over the scope and further use of data collected by Google through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As DoubleClick has been integrated into our web services, Google will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Google service, Google may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Google, it may be possible for Google to identify and save your IP address.

4.4.3 Further information on DoubleClick by Google can be found at: https://www.doubleclickbygoogle.com and on data protection at Google in general at: https://policies.google.com/privacy?hl=en.

4.4.4 The legal basis for processing your personal data as part of the ‘DoubleClick by Google’ service is your declaration of consent in accordance with point (a) of Article 6 (1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.4.5 You can find an overview of the cookies used on our website for purposes relating to the Google DoubleClick service in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:

You may revoke your consent to the processing of your personal data as part of the Google DoubleClick service at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings:

• by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
• by disabling the cookies for conversion tracking by setting your browser to refuse cookies from the domain: www.googleadservices.com – see https://www.google.co.uk/settings/ads. This setting will be undone once you delete your cookies
• by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies
• by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this

4.5 AppNexus, Adform, Plista, Sizmek

4.5.1 Our websites also use tools from AppNexus, Adform, Plista and Sizmek.

4.5.2 These tools use cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and to prevent users from seeing the same advertisements multiple times. Using a cookie ID, the tools can register which advertisements have been shown in which browser, and (if the frequency capping feature is enabled) prevent users from seeing the same advertisement multiple times. According to these third-party providers, the cookies used by the tools do not contain any personal information.

4.5.3 Due to the use of these tools, your browser will automatically establish a direct connection to the server of the relevant third-party provider. We have no control over the scope and further use of data collected through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As these tools have been integrated into our web services, the third-party providers will be notified when you visit the relevant part of our website or click on one of our advertisements.

4.5.4 The legal basis for processing your personal data as part of the service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Processing your personal data allows us to promote sales by selling goods or services. In this context, we use cookies that display adverts relevant to you and reports to improve campaign performance. Use of the relevant cookies also prevents you from seeing the same adverts multiple times. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.5.5 Further information on the tools referred to in this section can be found at https://www.appnexus.com/en/company/platform-privacy-policy, https://site.adform.com/privacy-policy-opt-out/, https://www.plista.com/about/privacy/ and https://www.sizmek.com/privacy-policy/.

4.5.6 You can prevent participation in the services from AppNexus, Adform, Plista and Sizmek in a number of ways:

4.5.7 You can find an overview of the advertising cookies used on our website for the tools described above in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings:

• by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
• by disabling the cookies used for conversion tracking. This is done by setting your browser to refuse cookies from the domains www.appnexus.com, www.themig.com, https://site.adform.com, www.plista.com and www.sizmek.com
• by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies
• by permanently opting out at https://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this

4.6 Facebook Custom Audiences

4.6.1 Our websites also use the Custom Audiences remarketing feature from Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. This allows users of our websites to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.

4.6.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Facebook server. We have no control over the scope and further use of data collected by Facebook through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As Facebook Custom Audiences has been integrated into our web services, Facebook will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Facebook service, Facebook will be able to attribute the visit to your individual account. Even if you are not registered with or logged into Facebook, it is possible for Facebook to identify and save your IP address as well as other identifying features.

4.6.3 The legal basis for processing your personal data for the ‘Custom Audiences’ remarketing function provided by Facebook Inc. is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Processing your personal data using the ‘Custom Audiences’ remarketing function allows us to boost sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature.

4.6.4 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.6.5 You can find an overview of the cookies used on our website for the Facebook Custom Audiences tool in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for use for the Facebook Custom Audiences function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.6.6 The Facebook Custom Audiences feature can also be disabled by making the appropriate setting in your browser or – if you are logged into Facebook – at https://www.facebook.com/ads/preferences.

4.6.7 Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.

4.7 Pinterest tag

4.7.1 Our website also uses the conversion-tracking Pinterest tag from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. This allows users of our websites to receive interest-based advertising when visiting Pinterest or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our website to your interests.

4.7.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Pinterest server. We have no control over the scope and further use of data collected by Pinterest through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter: As the Pinterest tag has been integrated into our web services, Pinterest will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Pinterest service, Pinterest may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Pinterest, it is possible for Pinterest to identify and save your IP address as well as other identifying features.

4.7.3 The legal basis for processing your personal data for conversion tracking using the ‘Pinterest tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Processing your personal data using the ‘Pinterest tag’ conversion tracking element allows us to boost sales by selling goods or services. We use conversion tracking to show you advertisements that might interest you and to personalise our websites to your interests. Conversion tracking allows you to receive interest-based advertising when visiting the social network Pinterest or other websites that also use the feature. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.7.4 You can find an overview of the conversion tracking cookies used on our website using the Pinterest tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for conversion tracking purposes using the Pinterest tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.7.5 The Pinterest tag feature can be disabled by making the appropriate setting in your browser or – if you are logged into Pinterest – at https://help.pinterest.com/en/article/personalized-ads-on-pinterest.

4.7.6 Further information on data processing by Pinterest can be found at https://policy.pinterest.com/en/privacy-policy.

4.8 LinkedIn Insight Tag

4.8.1 Our websites also use LinkedIn Conversion Tracking and Insight Tag feature from LinkedIn Corporation, Sunnyvale, CA 94085, USA. This allows users of our websites to receive interest-based advertising when visiting linkedIn.com or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.

4.8.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the LinkedIn server. We have no control over the scope and further use of data collected by LinkedIn through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As the LinkedIn Insight Tag has been integrated into our web services, LinkedIn will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a LinkedIn service, LinkedIn will be able to attribute the visit to your individual account. Even if you are not registered with or logged into LinkedIn, it is possible for LinkedIn to identify and save your IP address as well as other identifying features.

4.8.3 The legal basis for processing your personal data as part of the conversion tracking ‘Insight Tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Processing your personal data allows us to promote sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as LinkedIn ads) when visiting the social network LinkedIn or other websites that also use the feature.

4.8.4 You can find an overview of the conversion tracking cookies used on our website using the Insight tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for conversion tracking purposes using the Insight tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.8.5 The LinkedIn Insight Tag feature can also be disabled by making the appropriate setting in your browser or – if you are logged into LinkedIn – at https://www.linkedin.com/psettings/advertising.

4.8.6 Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/cookie-policy and https://www.linkedin.com/legal/privacy-policy.

4.9 Google Maps

4.9.1 The legal basis for processing your personal data in relation to integrating Google Maps is your consent acc. to point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA.

4.9.2 The processing of your personal data for the integration Google Maps makes it easier for you to find our locations. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. In our case, this is as per 12 months.

4.9.3 You can revoke your consent to the processing of your personal data for Google Maps at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.. Additionally, you can apply the settings in your browser (for example by installing plug-ins or add-ons) to prevent your data from being transmitted to the Google servers. If your browser does not support Google Maps, there is no access to the Google server.

For more information on terms of use and data protection, please visit: http://www.google.com/intl/en-GB/privacy/

4.10 Geberit AquaClean blog

4.10.1 The legal basis for processing your personal data in relation to the commenting and blog function on the Geberit AquaClean blog is established in point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. We process your personal data as part of the commenting and blog function on the Geberit AquaClean blog to enable transparent and personalised communication between us and you. We also process your personal data to protect ourselves from liability claims by third parties if illegal comments are published. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In our case, this is as per 10 years.

4.10.2 You can object to the processing of your personal data with regard to the commenting and blog function at any time with future effect. We will then delete the comment from our Geberit AquaClean blog or not publish it.

4.11 Geberit LiveChat

4.11.1 The legal basis for processing your personal data for provision of the “Geberit LiveChat” service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA.

4.11.2 The Geberit LiveChat function should offer you the opportunity to contact us quickly and easily using our electronic chat service. If you would like to make use of this service, the purpose of processing your data is for us to make this function available to you. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This usually occurs 3 years after processing your request.

4.11.3 You can revoke your consent for the purposes of using the Geberit LiveChat function at any time and with future effect. Doing so means you can no longer use the LiveChat function. All personal data that is saved when using the Chat function is deleted in this case.

4.12 Geberit Chatbot

4.12.1 The legal basis for processing your personal data for provision of the ‘Chatbot’ service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA.

4.12.2 The Chatbot function offers you the opportunity to have your questions answered quickly and easily via an automatic chat machine. However, if you would still like to contact our customer service team, you can click on ‘Continue chatting’ to be transferred directly from the Chatbot to the LiveChat. Alternatively, you can choose to contact us by email or telephone.Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This usually occurs 90 days after processing your request.

4.12.3 You can revoke your consent to data processing for the purposes of using the Chatbot function at any time and with future effect. Doing so means you can no longer use the Chatbot function. All personal data that is saved when using the Chat function is deleted in this case.

4.13 Video centre

4.13.1 The legal basis for processing your personal data in relation to integrating our videos is established in point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA.

4.13.2 We process your personal data for provision of the video centre in order to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device.

4.13.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This is, at the latest, after you leave our website.

4.13.4 Processing your personal data is strictly necessary for integration of the video centre. It is therefore not possible for you to object to this.

4.14 You Tube

4.14.1 We use the video platform “YouTube“ of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (»YouTube«), a company of Google Inc. to ensure an appealing, consistent presentation of video content on our website that is independent of your terminal device. We do this in the Enhanced Privacy Mode. Unless you agree to the cookie when visiting the website, no data is collected by YouTube when you visit the website. Only when you want to play the video and agree to the cookie, your data is transmitted to YouTube (such as IP address, referring page, device information (browser, device type), retrieved video). We ourselves record and store whether and which YouTube video you have played in order to be able to offer you a customized service.

4.14.2 Your personal data is therefore deleted as soon as it is no longer required to achieve the purpose of its processing.

4.14.3 The legal basis for the processing of your personal data is your consent according to point (a) of Article 6(1) GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. You have the right to withdraw your consent at any time. If you wish to do this, please contact us via the details specified above. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.

4.14.4 We have no influence on the data processing by YouTube. Further information on data processing by You Tube can be found at https://policies.google.com/privacy?hl=en-GB.

4.15 Vimeo

4.15.1 We use the Vimeo video platform from Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA (hereafter: ‘Vimeo’), to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device. Unless you have already agreed to the cookie when visiting the website, no data is collected by Vimeo through your visit to the website. Your data (such as your IP address, device information – including browser and device type – and retrieved video) is only shared with Vimeo when you want to play the video and agree to the cookie. For our part, we record and store information on whether you have played a Vimeo video – and if so, which one – to offer you a more personalised service.

4.15.2 We delete your personal data as soon as it is no longer required for the purpose for which it was processed.

4.15.3 The legal basis for processing your personal data is established by your consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. You have the right to withdraw your consent at any time. Please contact us via the details provided above if you would like to do so. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.

4.15.4 We have no influence on how data is processed by Vimeo. Further information on data processing by Vimeo can be found at https://vimeo.com/privacy.

4.16 Moving Image

4.16.1 We use the “Moving Image“ service of the company movingimage EVP GmbH, Tempelhofer Ufer 1, 10961 Berlin, Germany, to optimise the integration of videos, livestreams and events provided on our website. Moving Image enables us to generate statistics about the videos we make available on the website by setting cookies and a local storage. The following personal data is processed for this purpose: IP address, date and time of your visit, time zone, operating system, browser used, ge-rat information, website URL, referrer URL.

4.16.2 The legal basis for the processing of your personal data is your consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. You can revoke your declaration of consent to the processing of your personal data at any time in the future by calling up our cookie banner again via the footer of our homepage and adjusting your settings accordingly.

You can find more information on data protection at: https://www.movingimage.com/de/agb/datenschutzerklarung-der-movingimage-evp-gmbh/.

4.17 Technically Necessary Cookies

4.17.1 Our websites use technically necessary cookies besides the ones outlined in Sections 4.4 to 4.15. Cookies are small text files that are saved on a local cache in your browser. The cookies specified below are used by us exclusively to ensure that we are able to implement or provide the service that you are using. This is based on point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA. Some of our website functions cannot be provided without the use of cookies. For these functions, your browser needs to be identified again even after changing pages. Your personal data is not processed further. The legitimate interest that we pursue when processing data is to optimise the website settings for the device you are using and to adapt the user interface accordingly. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA, please contact us using the details provided above. The following types of cookies (the scope and functionality of which are detailed below) are used on our websites:

• transient cookies (see Section 4.17.2)
• persistent cookies (see Section 4.17.3).

4.17.2 Transient cookies are automatically deleted once you close your browser. These include session cookies in particular. These save a session ID that makes it possible to attribute various request from your browser to a common session, allowing your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

4.17.3 Persistent cookies are automatically deleted after a specified amount of time, which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

4.17.4 You can find an overview of the technically necessary cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. If permitted, cookies are saved on your computer and transferred from there to our website. This allows you full control over the use of cookies. You can change settings in your browser to deactivate or limit the transfer of cookies. You can delete saved cookies at any time. This process can also be automated. If cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.

5.1 We collect and process personal data that has been shared with us voluntarily during the course of interacting with customers, suppliers and other business partners (for example, via email, telephone or our websites)

To the extent you disclose any third party personal data to us, you warrant that all necessary consents from the relevant individuals to whom the personal data relates will have been obtained at the time of disclosure, for the disclosure of such individual's personal data to us, for our collection, use and/or disclosure of the personal data for the purposes contemplated under this privacy policy, and that such consents have not been withdrawn.[WP1] [WP1]If third parties are disclosing personal data to Geberit, Geberit may wish to extract various warranties and undertakings relating to data protection from such third parties, e.g. warranties and undertakings that where such third parties disclose personal data to Geberit, all necessary consents from the relevant individuals to whom the personal data relates have been obtained, for Geberit’s collection, use or disclosure of their personal data on terms contemplated. PDPC’s position is that notwithstanding such steps taken, if the third party individuals have not in fact consented, the party collecting such personal data is still liable for a breach of the PDPA, but the checks and steps taken above may be seen as mitigating factors.

We process the data for the following purposes:

5.1.1 Online catalogue:

The legal basis for processing your personal data for the online catalogue is established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. The purpose of processing your personal data for the online catalogue is to fulfil a contract between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of data processing for the online catalogue, this is when the contract has been fulfilled and all claims from the contract relationship lapse or legal retention periods have expired. The purpose of processing your personal data within the online shop is to fulfil a contract between you and us and is strictly necessary. It is therefore not possible for you to object to this.

5.1.2 Account registration / Creating a new Geberit ID

The legal basis for processing your personal data for customer account registration is established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. Registering or creating a Geberit ID allows, in particular, the conclusion of contracts as well as a customer service relationship. While creating your Geberit ID, we validate your telephone number by sending a confirmation SMS. Processing your personal data as part of the registration process is therefore necessary to fulfil a contract, carry out pre-contractual measures and maintain our customer relationship. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This is, at the latest, when your customer account is terminated. You may terminate the registration of your customer account at any time. If you do so, your personal data is deleted, provided that no legally binding retention periods apply.

5.1.3 Contact form and email contact

The legal basis for processing your personal data that is transferred during customer contact interactions is established in point (f) of Article 6(1) of the GDPR. or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA. If the aim of the contact is to conclude a contract, then point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA, is an additional legal basis for processing your personal data. For customer communications, we only process your personal data to handle your issues. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent during customer communications, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to customer communications at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.

5.1.4 Technik-Telefon

The legal basis for processing your personal data that is transferred during customer interactions via the Technik-Telefon is established in point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA. If the aim of the contact is to conclude a contract or continue with the fulfilment of a contract, then point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA, is an additional legal basis for processing your personal data. For customer interactions via the Technik-Telefon, we only process your personal data to handle your issues. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent during customer communications, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to customer communications at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.

For customer interactions via telephone, some telephone conversations may be recorded in individual circumstances. You will be informed of this before the start of the conversation. As a general rule, the legal basis for processing your data in these cases is point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. If the legal system of a European member state provides for express consent, the legal basis is point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA.

5.1.5 Geberit customer bathroom consultation

The legal basis for processing the personal data that you transfer as part of the bathroom consultation service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPRor the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. If the aim of the contact as part of the consultation is to initiate, conclude or continue with the fulfilment of a contract, then point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA is an additional legal basis for processing your personal data. If you use the optional, automatic appointment system and receive appointment information by e-mail, the legal basis is your consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Your data is processed for the purpose of handling your issues as well as providing a timely and competent consultation regarding our products. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of your request, this is when your issues are fully processed and there is no legal retention period in effect. You can revoke your consent to the processing of your personal data with regard to the requested consultation service at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.

5.1.6 Service & customer service

The legal basis for processing your personal data that is transferred during the requested service and customer service interaction is generally established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. If you transfer additional information to us as part of your issue, your consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA, is an additional legal basis for processing your personal data. Your personal data is processed for purposes of handling your service or customer service request and therefore serves to settle potential service and customer service requests. It is therefore necessary to process your personal data within the scope of handling your issues to ensure we provide the best possible service. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of your request, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to settling your service or customer service request at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during your service or customer service request is deleted unless there is a legal retention period that prevents deletion.

For customer interactions via telephone, some telephone conversations may be recorded in individual circumstances. You will be informed of this before the start of the conversation. As a general rule, the legal basis for processing your data in these cases is point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. If the legal system of a European member state provides for express consent, the legal basis is point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA.

5.1.7 Download Centre

The legal basis for processing your personal data within the Download Centre is established in point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. If the aim of the contact within the scope of the Download Centre is to conclude a contract, then point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA, forms an additional legal basis for processing your personal data. Your data is processed for the purposes of providing and sending documentation you have requested via our website. Processing your personal data in the Download Centre is therefore necessary to process your request or to supply documents you have requested. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of the order request, this is when your order is fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to the order process at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the order process is deleted unless there is a legal retention period that prevents deletion.

5.1.8 Streaming services

You can register for and take part in our digital events (known as streaming services) via our home page. The legal basis for processing your personal data for streaming services, for example in the context of the ‘Geberit NeuheitenTreff’ innovation meeting, is established in point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. The registration process relating to this and the processing of your personal data is necessary to enable you to use the digital streaming services. Your personal data is processed for the purposes of providing and carrying out the streaming services you have requested. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is processed as part of the streaming service, this is when the digital event ends and there are no legal retention periods preventing deletion. You can object to the processing of your personal data with regard to our streaming service at any time with future effect. However, if you do so, you can no longer take part in the digital event All personal data that was saved during your registration for or participation in our digital streaming services is deleted unless there is a legal retention period that prevents deletion.

5.1.9 Geberit Fire Test Laboratory

The legal basis for processing your personal data for registration, logging into and participating in the ‘Geberit Fire Test Laboratory’ event is established in point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. The registration process relating to this and the processing of your personal data is necessary to enable you to take part in the Geberit Fire Test Laboratory. Your personal data is processed for the purposes of registering for and participating in the Geberit Fire Test Laboratory service. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is required for registration for and signing in to the Geberit Fire Test Laboratory, this is when the event is finished and there is no legal retention period in effect. You can object to the processing of your personal data with regard to participating in the Geberit Fire Test Laboratory at any time with future effect. However, if you do so, you can no longer take part in the Geberit Fire Test Laboratory event All personal data that was saved during your registration for or participation in the ‘Geberit Fire Test Laboratory’ event is deleted unless there is a legal retention period that prevents deletion.

5.1.10 Geberit Pro planner and Revit® plug-in

The legal basis for processing your personal data for installation and use of the sanitary planning tool is established in point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. This processing is necessary to enable you to use the sanitary planning tool. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is required for installation and use of the sanitary planning tool, this is when the tool is deleted and there is no legal retention period in effect. You can object to the processing of your personal data with regard to the use of the sanitary planning tool at any time with future effect. If you do so, you can no longer use the sanitary planning tool. All personal data that was saved during the installation and use of the tool is deleted unless there is a legal retention period that prevents deletion.

5.1.11 Geberit press mailing list

The legal basis for processing your personal data when subscribing to our press mailing list is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. The purpose of processing your personal data is to send you mailshots as part of the press mailing list. The purpose of processing your personal data for sending mailshots as part of the press mailing list is to send you information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. Your data is therefore saved until you unsubscribe from our press mailing list. You can revoke your consent to receive mailshots as part of the press mailing list at any time or click on the unsubscribe link within the mailshot to unsubscribe from further mailshots.

5.1.12 Geberit media releases

The legal basis for the processing of your personal data in the context of registering for our media releases is your declared consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. The purpose of processing your personal data in the context of Geberit media releases is to send corporate communications relating to the Geberit Group. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was processed. Your personal data will therefore be stored until you have unsubscribed from our media releases. You can revoke your consent to receive media releases at any time or use the unsubscribe link contained within the media releases to object to further receipt of media releases.

5.1.13 Geberit Newsletter or Useletter

The legal basis for processing your personal data to send you the Geberit Newsletter (for end customers) or geberit Useletter (for business customers) is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA. Your personal data is processed so that we can send the Geberit Newsletter or Useletter to you. The purpose of processing your personal data for sending the Geberit Newsletter or Useletter is to send information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. Your data is therefore saved until you unsubscribe from our Newsletter or Geberit Useletter. You can revoke your consent to receive the Geberit Newsletter or Useletter at any time or click on the unsubscribe link within the Newsletter or Useletter to unsubscribe from further newsletters.

5.1.14 Direct marketing

The legal basis for processing your personal data for direct marketing measures is either your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 14 of the PDPA, or the legal permission according to point (f) Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law for residents, or the respective regulation of Unfair Competition Law. The purpose of processing your personal data for direct marketing measures is to send information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed and especially if we receive a withdrawal of consent or objection to its processing. You can revoke your consent with future effect at any time and/or may object to the processing of your data for direct marketing measuring at any time, also with future effect.

5.1.15 Competitions

The legal basis for processing your personal data for competitions is established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. The purpose of processing your personal data for competitions is to fulfil a contract for participation in the competition between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data processing within the scope of competitions, this is when the competition is completely finished. You can object to the processing of your personal data with regard to competition participation at any time with future effect. Doing so means you can no longer take part in the competition. All personal data that is saved during the competition is deleted in this case.

5.1.16 Cashback offers and warranty extension

The legal basis for processing your personal data for cashback offers and warranty extensions is established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. The purpose of processing your personal data for cashback offers or warranty extensions is to fulfil a contract between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of data processing for cashback offers and warranty extensions, this is when the cashback offer is fully completed or the warranty period has expired. You can object to the processing of your personal data with regard to cashback offers or warranty extensions at any time with future effect. If you do so, you can no longer participate in the cashback offer or benefit from warranty extensions. All personal data that is saved in relation to cashback offers and warranty extensions is deleted in this case.

5.1.17 Virtual events

The legal basis for processing your personal data for holding digital or virtual events is established in point (b) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 15 of the PDPA. The purpose of processing your personal data for virtual events is to fulfil a contract for holding the event between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data processing regarding virtual events, this is when the event is completely finished. You can object to the processing of your personal data with regard to virtual events at any time with future effect. Doing so means you can no longer take part in the virtual event. All personal data that is saved for the virtual event is deleted.

5.1.18 Data collection related to Covid-19 for in-person events/training

The legal basis for processing your personal data for in-person events/training is established in point (c) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA, in connection with the current regulations of the Infection Prevention Act and the infection prevention measures that can be derived from this, as well as other Covid regulations. The purpose of processing your personal data for in-person events and training is to comply with the legal regulations for infection prevention. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed.Your personal data is processed when holding in-person events or training to comply with legal obligations. It is therefore not possible for you to object to this besides not participating in the in-person event or training.

6.1.1 Facebook Insights (Facebook fan page):

We operate our Facebook fan page together with Meta Platforms Inc. 1 Hacker Way, Menlo Park, California 94025, USA (hereafter ‘Facebook’). For this purpose, we have concluded an agreement with Facebook regarding which party has which obligations concerning the GDPR. You can view the essential content of this agreement at https://www.facebook.com/legal/terms/page_controller_addendum. Information about how Facebook processes your personal data can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. By processing your personal data using Facebook Insights, we can analyse your user behaviour. We evaluate the captured data and use it to collate information about our Facebook fan page activity. This helps us to design our Facebook fan page in a more user-friendly way that meets the needs of our target audience. The personal data that is collected from our Facebook fan page is provided to us by Facebook. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Facebook Insights, you can object to the processing of your personal data by Facebook Insights at any time and with future effect. If you do so, we refer your objection to Facebook.

6.1.2 Instagram

Instagram is a product belonging to Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereafter ‘Meta’). We run our Instagram page together with Meta. For this purpose, we have concluded an agreement with Meta regarding which party has which obligations concerning the GDPR. You can find the detailed information on the processing of your personal data by the Instagram service at: https://help.instagram.com/519522125107875. Information about how Meta processes your personal data can be found at https://help.instagram.com/519522125107875. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA. The processing of your personal data by Meta via the Instagram service helps us analyse your user behaviour. We evaluate the captured data and use it to collate information about activity on our Instagram page. This helps us to design our Instagram page in a more user-friendly way that appeals to our target audience. The personal data that is collected from our Instagram page is provided to us by Meta. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Meta, you can object to the processing of your personal data by Instagram/Meta at any time and with future effect. If you do so, we refer your objection to Meta.

6.1.3 YouTube channel

To ensure we design our social media offering to meet customers’ needs, we use a YouTube channel which is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereafter ‘Google’). YouTube is a video platform that enables users to upload and publish their videos for public viewing. You can find more information on how Google processes your personal data at https://policies.google.com/privacy?hl=en&gl=en#infocollect. If you wish to use our YouTube channel, we remind you that you use this service at your own risk. This applies especially to the features offered within the YouTube platform, such as the comment, like and share features under each video. We have no influence over the type and scope of the data processed by Google in relation to the YouTube channel. By using the YouTube channel, your personal data is processed by Google and, in doing so, will be transferred to the United States, Ireland and any other country in which Google does business, regardless of your place of residence, and may be further processed there. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, including Section 17 of the PDPA. Your personal data is processed for the purposes of designing an appealing and user-friendly YouTube channel that meets the needs of our viewers. In this context, we only process your personal data within the YouTube channel insofar as it is necessary for providing information on our offers and services. We also process personal data in relation to this YouTube channel for the purposes of communicating with users and potential interested parties. The personal data that is collected from our YouTube channel is provided to us by Google. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Google, you can object to the processing of your personal data in relation to this YouTube channel at any time. If you do so, we refer your objection to Google.

6.2 Twitter

Twitter is a product of Twitter International Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland (hereinafter “Twitter“). We operate our Twitter site together with Twitter. For this purpose, we have concluded an agreement with Twitter on which of us fulfils which obligation in accordance with the GDPR and with the PDPA for Singapore residents. You can view the main content of the processing of your personal data by Twitter at https://twitter.com/de/privacy. The legal basis for the processing of your personal data is point (f) of Article 6(1) of the GDPR or the equivalent or similar provision under applicable local law, and for Singapore residents, includes Section 17 of the PDPA. The processing of your personal data by Twitter enables us to analyse your usage behaviour. By evaluating the data obtained, we are able to compile information about the attractiveness of our Twitter page. This helps us to make our Twitter page more user-friendly and tailored to your needs. Your personal data collected in the course of operating our Twitter page is made available to us by Twitter. Your personal data will be deleted as soon as it is no longer required for our aforementioned purposes. If you do not wish your data to be collected by Twitter, you have the option at any time to object to the processing of your personal data within the framework of Twitter for the future. In this case, we will forward your request for objection to Twitter.

Where the GDPR applies to you, the legal basis for processing your personal data as part of processing your data protection enquiries (data-subject information) is established in point (c) of Article 6(1) of the GDPR in connection with Article 12 ff. of the GDPR. The legal basis for the subsequent documentation of the legally compliant processing of the data-subject information is established in point (f) of Article 6(1) of the GDPR. The purpose of processing your personal data for processing the data-subject information is to answer your data protection enquiry. The legally compliant processing of the relevant data-subject information is subsequently documented to fulfil legal obligations regarding accountability according to Article 5(2) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of processing data-subject information, this is three years after the end of the process. Where the GDPR applies to you, you can object to the processing of your personal data with regard to processing data-subject information at any time with future effect. However, if you do so, we cannot continue to process your data-protection enquiry. It is strictly necessary to document the legally compliant processing of the affected data-subject information. It is therefore not possible for you to object to this.

In jurisdictions where the GDPR does not apply to you, you may seek access to and/or corrections of your personal data records in accordance with applicable local law.

The legal basis for processing your personal data for legal defence and enforcement is established in point (f) of Article 6(1) of the GDP or the equivalent or similar provision under applicable local law, including Section 17 of the PDPA. The purpose of processing your personal data for legal defence and enforcement is to prevent unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. It is strictly necessary to process your personal data for legal defence and enforcement. It is therefore not possible for you to object to this.

Personal data is provided within our company to the appropriate positions and departments which require it for fulfilling the previously mentioned purposes. We also some-times use various service providers and transfer your personal data to other trustworthy recipients. These may include:

• other Geberit companies for the purpose of centralised customer administration and order processing
• other Geberit companies for the purpose of providing centralised IT and other services
• logistics providers
• banks and other payment service providers for the purpose of processing any payments
• service providers for the purpose of organising, carrying out and handling of possible installation work and after-sales services
• scanning services
• printers
• IT service providers
• lawyers and courts

10.1.1 In the course of processing your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries that are outside the country in which the personal data was collected, including outside of the European Union (EU) or the European Economic Area (EEA). We only work with service providers who can provide us with suitable guarantees for the security of your personal data and who can guarantee that your personal data will be processed in accordance with strict European data protection standards or applicable data protection law, including the PDPA. A copy of these suitable guarantees can be inspected at our premises if the GDPR applies to you.

10.1.2 If we transfer personal data to third countries, this will be done on the basis of a so-called adequacy decision of the European Commission, or, in the absence of such a decision, on the basis of so-called standard contractual clauses, which have also been issued by the European Commission, and if required further measures.

11.1 As regards your personal data processed by us, you are entitled to the rights outlined below where you are an individual to whom the GDPR applies. In order to exercise any of these rights, please send us a written request using the contact details specified above or send an email to the following address: dataprotection@geberit.com

Your rights to your personal data in jurisdictions where the GDPR does not apply may be different from those set forth below.

11.2 Right to access

You have the right to request that we provide access to the personal data concerning you that we have processed. You may exercise this right within the scope outlined in Article 15 of the GDPR.

11.3 Right to rectification

In accordance with Article 16 of the GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

11.4 Right to erasure

Subject to the prerequisites specified in Article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you. The prerequisites provide for a right to erasure in particular where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The ability to exercise this right is restricted in accordance with Article 17(3) of the GDPR, particularly in cases where we require your data in order to meet a legal obligation or to process legal claims.

11.5 Right to restriction of processing

You have the right to request from us restriction of processing under the terms specified in Article 18 of the GDPR. This right exists in particular (a) where the accuracy of personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, (b) where you oppose the erasure of the personal data (in cases where the right to erasure applies) and request the restriction of its use instead, (c) where we no longer need the personal data for the purposes for which it was being processing, but it is required by you for the establishment, exercise or defence of legal claims, and (d) where the successful exercise of an objection is still contested between you and us. If the processing of your data has been restricted on any of these bases, such data may only be processed in exceptional cases; for example, where you have given your consent to this or where such processing is necessary for the enforcement of legal claims.

11.6 Right to object to processing

In accordance with Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation and at any time, to the processing of personal data concerning you on the basis of point (e) or (f) of Article 6(1) of the GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the circumstances involve the establishment, exercise or defence of legal claims.

11.7 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format under the terms specified in Article 20 of the GDPR. This requires that the data processing has been based on you having given your consent and has been carried out by automated means.

11.8 Right to lodge a complaint with the relevant data protection supervisory authority.

You have the right to lodge a complaint with a supervisory authority – in particular, within the EU member state of your habitual residence, your place of work or the location of the alleged infringement – if you believe that the processing of personal data relating to you infringes the applicable data protection legislation.

Generally speaking, we erase or anonymise your personal data as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the sections above. If data needs to be retained for legal reasons, it will be blocked where you are an individual to whom the GDPR applies. This means that it will no longer be available for further processing. The steps taken by us in resect of your personal data in jurisdictions where the GDPR does not apply may be different from that set out in this Clause 12. If you require further information regarding our erasure and retention periods, please contact the controller specified in Section 2 using the relevant contact data.

Your personal data will only be processed for purposes other than those described if a legal provision requires this course of action or if you have given your consent to the changed purpose of the data processing. In cases of further processing for purposes other than those for which we originally collected the data, we will notify you of these other purposes prior to the data being processed further, and will provide you with all other information that relates to this.

We do not use any automated processing systems for coming to specific decisions – including profiling.

Version: July 2022