Privacy Policy and Data Protection Notice
for Customers, Suppliers and other Business Partners
The privacy of your personal data is very important to us. The purpose of this privacy policy is to inform users of the Geberit Internet services, particularly the Geberit website(s) (“website”) – as well as customers, suppliers and other business partners – about how the Geberit companies within the EU, the EEA, Switzerland and the United Kingdom process personal data. With this in mind, not all aspects of this information may apply to you.
Personal data within the scope of this privacy policy refers to any data that relates or can be related to you, such as your name, address or email address. The controller responsible for processing your personal data is
Name & Address
Our data protection department, including the data protection officer can be reached at dataprotection[at]geberit.com or at our postal address with the added information “data protection”. To arrange a confidential appointment with only our data protection officer, please use the following contact details: KREMER Rechtsanwälte, Disch-Haus, Brückenstraße 21, 60667 Köln, E-Mail: DPO[at]geberit.com.
To avoid spam, “[at]“ has been used instead of “@'“. Please replace “[at]“ with “@“ again in your e-mail.
1. AUTOMATIC DATA COLLECTION AND PROCESSING ON GEBERIT WEBSITES
Our websites use certain technologies and tools, which are outlined below. If there are any that you do not want us to use, provided these are optional, we have provided various options and settings for each one that will prevent it from being used.
1.1 SERVER LOG FILES
1.1.1 As with every website, our server automatically and temporarily collects information transmitted by your browser in server log files, provided you have not disabled this feature. If you intend to view our website, we require certain types of data on a technical level so that we can display our websites whilst also ensuring stability and security. This data is as follows:
- IP address of the computer sending the request
- file request of the client
- http response code
- the web page that linked you to our website (referrer URL)
- time of the server request
- browser type and version
- operating system used by the computer sending the request
1.1.2 The data in these server log files will not be analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). The legitimate interest we pursue when collecting this data is to ensure the proper functioning of our websites. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided in Section 2. It is necessary for us to temporarily save your personal data to ensure that the website appears on your computer. To achieve this, your personal data must be saved for the duration of your visit to our website. Your personal data is saved in log files in order to ensure the operability of the website. Your personal data also ensures the security of our IT systems. Your personal data is not processed further. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of your personal data being collected for the provision of the website, this applies as soon as you leave the website. If your personal data is saved in log files, these are deleted after 14 days at the latest. If the data is saved for reasons beyond these, your personal data is anonymised so that you cannot be associated with or identified from this data.
1.2 IMPROVING QUALITY, OPTIMISING THE WEBSITE, USER BEHAVIOUR ANALYSIS AND PLAYING PERSONAL-ISED ADVERTS
1.2.1 The legal basis for storing information on your PC or mobile device or accessing information already stored on your PC or mobile device is your consent in accordance with the national laws implementing Directive 2002/58/EC (Directive on privacy and electronic communications).The legal basis for processing your personal data as part of using cookies or comparable technologies – such as pixels, tags, web beacons or browser fingerprinting (known as ‘tracking cookies’) – for improving quality, optimising the website, user-behaviour analysis and playing personalised adverts after merging with your contract master data and your purchase history, is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR.
1.2.2 Processing your personal data allows us to optimise the user experience on our website and to promote sales by selling goods or services.
1.2.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent.
1.2.4 You can find an overview of the cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can adjust your settings for the cookies set on our websites at any time. You may withdraw your consent to the processing of your personal data using tracking cookies at any time with future effect by:
(1) Changing your consent settings on our website
On our website, you can simply withdraw your consent to the processing of your personal data using tracking cookies. To access this setting, click on the link in the website footer (‘Change cookie settings’) to open the cookie banner. Revoking your consent places a further cookie on your computer, which indicates to us that no tracking cookies can be used. If you delete this cookie, you will be asked to submit your declaration of consent again the next time you open our website.
(2) Changing your browser settings
Alternatively, you can change your browser settings to deactivate or limit the transfer of cookies in general. You can delete saved cookies at any time. This process can also be automated. If technically necessary cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.
(3) Google Analytics, Google Signals and Google Consent Mode API
As part of the integration of Google Analytics, Google Signals and Google Consent Mode API, we use so-called “server-side tagging“. In this case, a server is switched from our side between the collection by us and the transmission to Google. This ensures that no personal data is transmitted to Google. If you do not want your personal data to be processed by Google Analytics, you can additionally install a browser add-on to deactivate it. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js and dc.js) on websites not to collect your personal data.
For more information on terms of use and data protection, please visit: http://www.google.com/analytics/terms/de.html or https://support.google.com/analytics/answer/6004245?hl=de
1.3 GOOGLE ANALYTICS AND GOOGLE SIGNALS
1.3.1 We use the Google Analytics and Google Signals services provided by Google to analyse and optimise the use of our website. The responsible party is Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, (“Google“).
1.3.2 Google Analytics stores cookies in your web browser for a period of 2 years since your last visit, unless you delete the cookies beforehand. These cookies contain a randomly generated user ID with which you can be recognised during future website visits. The recorded data, together with the randomly generated user ID, is usually transferred to a Google server in the USA and stored there by Google, which enables the evaluation of pseudonymous user profiles. Google provides us with aggregated, anonymous information about this.
1.3.3 Google Signals is a function of Google Analytics that allows us to view demographic data and aggregated data on user interests and behaviour. If you have given your consent to the cookies, Google will use other information that you have provided to Google for other reasons to provide this information to us in anonymous form.
1.3.4 The legal basis for the processing of your personal data in the context of the use of Google Analytics incl. Google Signals is your consent in accordance with point a of Art. 6(1) of the GDPR. Your personal data will be deleted as soon as you withdraw your consent or your personal data is no longer required to achieve the purpose of its processing. The data sent by us and linked to cookies will be automatically deleted by Google after 14 months. The maximum lifespan of Google Analytics cookies is 2 years.
1.3.5 Further information on the terms of use and data protection of Google Analytics can be found at:https://marketingplatform.google.com/about/analytics/terms/us/, at https://policies.google.com/terms?hl=en and at https://support.google.com/analytics/answer/7318509?hl=en. Further information on Google Signals can be found here: https://support.google.com/analytics/answer/9445345?hl=en#zippy=%2Cin-this-article.
1.4 GOOGLE CONSENT MODE API
1.4.1 We use the Google Consent Mode API by
1.4.2 Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (“Google“). The Google Consent Mode API is an interface (API = Application Programming Interface) via which our website can inform Google whether you have made a cookie selection and, if so, which one, in order to activate only those cookies to which you have consented. If you agree to Google Analytics/Signals, the Google Consent Mode API sends anonymised information (so-called pings) about certain actions on the website to Google for the purpose of data modelling, which we use to optimise our website.
1.4.3 The legal basis for the processing of your personal data in the context of the use of the Google Consent Mode API is our legitimate interest in accordance with point f of Art. 6(1) of the GDPR in managing consents to cookies and similar technologies and, in the case of sending pings, your consent in accordance with point a of Art. 6(1) of the GDPR. Your personal data will be deleted as soon as you withdraw your declaration of consent or your personal data is no longer required to achieve the purpose of its processing.
1.4.4 Further information on Google Consent Mode can be found here: https://support.google.com/analytics/answer/9976101?hl.
1.5 GOOGLE ADWORDS
1.5.1 We use the services of Google AdWords (including Google AdWords remarketing) so that we can place advertisements (called “Google AdWords”) on external websites for the purpose of drawing attention to attractive offers. Using the data gathered from these advertising campaigns, we are able to determine how effective individual advertisements are. We use this tool to show you advertisements that might interest you, to make our website more appealing to your specific interests, and to calculate our advertising costs in a fair manner.
1.5.2 These advertisements are delivered by Google via what are known as ad servers. For this purpose, we use ad server cookies that enable us to gauge success by means of a number of metrics, such as how often advertisements are displayed and how many times they are clicked by users. If you are linked to our website by a Google advertisement, Google AdWords will save a cookie on your PC. These cookies will normally expire after 90 days and are not used to identify you personally. A cookie of this type will normally contain data for analysis such as the unique cookie ID, the number of ad impressions for each placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag specifying that the user no longer wishes to be shown advertisements).
1.5.3 These cookies allow Google to recognise your Internet browser. If a user visits specific pages on the website of an AdWords customer and the cookie saved on the user’s computer has not yet expired, Google and the customer are able to discern that the user has clicked on the advertisement and was linked to this page. A different cookie is assigned to each AdWords customer. It is therefore not possible to track cookies via the websites of AdWords customers. We do not collect or process any personal data ourselves in the aforementioned advertisements. Rather, we simply receive statistical analyses of the data from Google. Based on these analyses, we are able to determine which of the advertisements placed are particularly effective. We do not receive any further data from the use of advertising, nor in particular are we able to use this information to identify users.
1.5.4 The legal basis for processing your personal data as part of the ‘Google Adwords’ service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent. As a general rule, the relevant cookies are deleted after 90 days.
1.5.5 You can find an overview of the cookies used on our website for Google Adwords purposes in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can withdraw your consent to the processing of your personal data for Google Adwords purposes at any time with future effect.
1.6 DOUBLECLICK BY GOOGLE
1.6.1 Our websites use the tool DoubleClick by Google. DoubleClick uses cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and (if the frequency capping feature is enabled) to prevent users from seeing the same advertisements multiple times. Using a cookie ID, Google can register which advertisements have been shown in which browser, preventing users from seeing the same advertisement multiple times. Furthermore, DoubleClick can use cookie IDs to record what are known as conversions, which are related to ad requests. A conversion happens if, for example, a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes a purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.
1.6.2 Due to the use of Google AdWords and DoubleClick by Google, your browser will automatically establish a direct connection to the Google server. We have no control over the scope and further use of data collected by Google through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As DoubleClick has been integrated into our web services, Google will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Google service, Google may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Google, it may be possible for Google to identify and save your IP address.
1.6.3 Further information on DoubleClick by Google can be found at: https://www.doubleclickbygoogle.com and on data protection at Google in general at:https://policies.google.com/privacy?hl=en.
1.6.4 The legal basis for processing your personal data as part of the ‘DoubleClick by Google’ service is your declaration of consent in accordance with point (a) of Article 6 (1) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent.
1.6.5 You can find an overview of the cookies used on our website for purposes relating to the Google DoubleClick service in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:
You may withdraw your consent to the processing of your personal data as part of the Google DoubleClick service at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings:
- by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
- by disabling the cookies for conversion tracking by setting your browser to refuse cookies from the domain: www.googleadservices.com – see https://adssettings.google.com/anonymous?hl=en. This setting will be undone once you delete your cookies
- by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies
- by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this
1.7 XANDR, ADFORM, PLISTA, SIZMEK
1.7.1 Our websites also use tools from Xandr, Adform, Plista and Sizmek.
1.7.2 These tools use cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and to prevent users from seeing the same advertisements multiple times. Using a cookie ID, the tools can register which advertisements have been shown in which browser, and (if the frequency capping feature is enabled) prevent users from seeing the same advertisement multiple times. According to these third-party providers, the cookies used by the tools do not contain any personal information.
1.7.3 Due to the use of these tools, your browser will automatically establish a direct connection to the server of the relevant third-party provider. We have no control over the scope and further use of data collected through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As these tools have been integrated into our web services, the third-party providers will be notified when you visit the relevant part of our website or click on one of our advertisements.
1.7.4 The legal basis for processing your personal data as part of the service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data allows us to promote sales by selling goods or services. In this context, we use cookies that display adverts relevant to you and reports to improve campaign performance. Use of the relevant cookies also prevents you from seeing the same adverts multiple times. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent.
1.7.5 Further information on the tools referred to in this section can be found at https://www.xandr.com/privacy/, https://site.adform.com/privacy-policy-opt-out/, https://www.plista.com/about/privacy/ and https://www.sizmek.com/privacy-policy/.
1.7.6 You can prevent participation in the services from Xandr, Adform, Plista and Sizmek in a number of ways.
1.7.7 You can find an overview of the advertising cookies used on our website for the tools described above in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may withdraw your consent to the processing of your personal data at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings: - by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties - by disabling the cookies used for conversion tracking. This is done by setting your browser to refuse cookies from the domains www.appnexus.com, https://site.adform.com, www.plista.com and www.sizmek.com - by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies - by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this
1.8 FACEBOOK CUSTOM AUDIENCES
1.8.1 Our websites also use the Custom Audiences remarketing feature from Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”). This allows users of our websites to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.
1.8.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Meta server. We have no control over the scope and further use of data collected by Meta through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As Facebook Custom Audiences has been integrated into our web services, Meta will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Meta service, Meta will be able to attribute the visit to your individual account. Even if you are not registered with or logged into Facebook, it is possible for Meta to identify and save your IP address as well as other identifying features.
1.8.3 The legal basis for processing your personal data for the ‘Custom Audiences’ remarketing function provided by Meta is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data using the ‘Custom Audiences’ remarketing function allows us to boost sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature.
1.8.4 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent.
1.8.5 You can find an overview of the cookies used on our website for the Facebook Custom Audiences tool in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may withdraw your consent to the processing of your personal data for use for the Facebook Custom Audiences function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.
1.8.6 The Facebook Custom Audiences feature can also be disabled by making the appropriate setting in your browser or – if you are logged into Facebook – at https://www.facebook.com/ads/preferences.
1.8.7 Further information on data processing by Meta can be found at. https://www.facebook.com/about/privacy.
1.9 META CONVERSION API
1.9.1 We use the tracking tool Conversion API (API = Application Programming Interface) of Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA (Meta). This is a data interface through which we establish a direct connection with Meta's server and transmit certain data about your behaviour on our website to Meta for evaluation.
1.9.2 If you enter your e-mail address on our website (e.g. when registering for the newsletter or using a tool, hereinafter referred to as “event“), certain information (the website called up, the event-name, the event ID and Facebook Pixel ID, and your user agent and, if applicable, other specific data together with your e-mail address will be hashed, i.e. pseudonymised, and transmitted to Meta. Meta assigns the hash value back to you if you have a Meta account. We receive an anonymised report from Meta about the effectiveness of our advertising measures. Furthermore, we have no influence on the scope and further use of the data collected by Meta through the use of this tracking tool. We therefore cannot rule out the possibility that Meta may obtain and store your IP address and other identifying features, even if you are not logged in or registered with a Meta service.
1.9.3 The legal basis for the processing of your personal data in the context of our use of the Conversion API is your consent in accordance with point a of Art. 6(1) of the GDPR. This processing of your personal data enables us to promote sales through the sale of goods or services.
1.9.4 Insofar as personal data is collected on our website via the Conversion API and forwarded to Meta, we and Meta are jointly responsible for the data processing pursuant to Art. 26 of the GDPR. The obligations incumbent on us jointly can be found in the following agreement: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of the data protection information and the secure implementation of the Conversion API on our website and Meta is responsible for the data security of its products. You can assert data subject rights (e.g. deletion requests or access requests for information) directly with Meta. We will forward any data subject rights asserted against us to Meta.
1.9.5 Meta is solely responsible for the data processing that takes place after the data collected via the Conversion API has been forwarded to Meta.
1.9.6 Further information on data processing by Meta, the legal basis for data processing and the exercise of your data subject rights can be found at https://www.facebook.com/about/privacy.
1.10 PINTEREST-TAG
1.10.1 Our website also uses the conversion-tracking Pinterest tag from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. This allows users of our websites to receive interest-based advertising when visiting Pinterest or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our website to your interests.
1.10.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Pinterest server. We have no control over the scope and further use of data collected by Pinterest through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter: As the Pinterest tag has been integrated into our web services, Pinterest will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Pinterest service, Pinterest may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Pinterest, it is possible for Pinterest to identify and save your IP address as well as other identifying features.
1.10.3 The legal basis for processing your personal data for conversion tracking using the ‘Pinterest tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data using the ‘Pinterest tag’ conversion tracking element allows us to boost sales by selling goods or services. We use conversion tracking to show you advertisements that might interest you and to personalise our websites to your interests. Conversion tracking allows you to receive interest-based advertising when visiting the social network Pinterest or other websites that also use the feature. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you withdraw your consent.
1.10.4 You can find an overview of the conversion tracking cookies used on our website using the Pinterest tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may withdraw your consent to the processing of your personal data for conversion tracking purposes using the Pinterest tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.
1.10.5 The Pinterest tag feature can be disabled by making the appropriate setting in your browser or – if you are logged into Pinterest – at https://help.pinterest.com/en/article/personalized-ads-on-pinterest.
1.10.6 Further information on data processing by Pinterest can be found at https://policy.pinterest.com/en/privacy-policy.
1.11 LINKEDIN INSIGHT-TAG
1.11.1 Our websites also use LinkedIn Conversion Tracking and Insight Tag feature from LinkedIn Corporation, Sunnyvale, CA 94085, USA. This allows users of our websites to receive interest-based advertising when visiting linkedIn.com or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.
1.11.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the LinkedIn server. We have no control over the scope and further use of data collected by LinkedIn through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As the LinkedIn Insight Tag has been integrated into our web services, LinkedIn will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a LinkedIn service, LinkedIn will be able to attribute the visit to your individual account. Even if you are not registered with or logged into LinkedIn, it is possible for LinkedIn to identify and save your IP address as well as other identifying features.
1.11.3 The legal basis for processing your personal data as part of the conversion tracking ‘Insight Tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data allows us to promote sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as LinkedIn ads) when visiting the social network LinkedIn or other websites that also use the feature.
1.11.4 You can find an overview of the conversion tracking cookies used on our website using the Insight tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may withdraw your consent to the processing of your personal data for conversion tracking purposes using the Insight tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.
1.11.5 The LinkedIn Insight Tag feature can also be disabled by making the appropriate setting in your browser or – if you are logged into LinkedIn – at https://www.linkedin.com/psettings/advertising.
1.11.6 Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/cookie-policy and https://www.linkedin.com/legal/privacy-policy.
1.12 GOOGLE MAPS
1.12.1 The legal basis for processing your personal data in relation to integrating Google Maps is your consent acc. to point (a) of Article 6(1) of the GDPR.
1.12.2 The processing of your personal data for the integration Google Maps makes it easier for you to find our locations. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. In our case, this is as per 12 months.
1.12.3 You can revoke your consent to the processing of your personal data for Google Maps at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.. Additionally, you can apply the settings in your browser (for example by installing plug-ins or add-ons) to prevent your data from being transmitted to the Google servers. If your browser does not support Google Maps, there is no access to the Google server.
For more information on terms of use and data protection, please visit:
http://www.google.com/intl/en_GB/privacy/
1.13 GEBERIT AQUACLEAN BLOG
1.13.1 The legal basis for processing your personal data in relation to the commenting and blog function on the Geberit AquaClean blog is your consent in accordance with point (a) of Article 6(1) of the GDPR. We process your personal data as part of the commenting and blog function on the Geberit AquaClean blog to enable transparent and personalised communication between us and you. We also process your personal data to protect ourselves from liability claims by third parties if illegal comments are published. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In our case, this is as per 10 years.
1.13.2 You can withdraw your consent to the processing of your personal data with regard to the commenting and blog function at any time with future effect. We will then delete the comment from our Geberit AquaClean blog or not publish it.
1.14 LIVECHAT
1.14.1 The legal basis for processing your personal data for provision of the “Geberit LiveChat” service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR.
1.14.2 The Geberit LiveChat function should offer you the opportunity to contact us quickly and easily using our electronic chat service. If you would like to make use of this service, the purpose of processing your data is for us to make this function available to you. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This usually occurs 3 years after processing your request.
1.14.3 You can withdraw your consent for the purposes of using the Geberit LiveChat function at any time and with future effect. Doing so means you can no longer use the LiveChat function. All personal data that is saved when using the Chat function is deleted in this case.
1.15 CHATBOT
1.15.1 The legal basis for processing your personal data for provision of the ‘Chatbot’ service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR.
1.15.2 The Chatbot function offers you the opportunity to have your questions answered quickly and easily via an automatic chat machine. However, if you would still like to contact our customer service team, you can click on ‘Continue chatting’ to be transferred directly from the Chatbot to the LiveChat. Alternatively, you can choose to contact us by email or telephone. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This usually occurs 90 days after processing your request.
1.15.3 You can withdraw your consent to data processing for the purposes of using the Chatbot function at any time and with future effect. Doing so means you can no longer use the Chatbot function. All personal data that is saved when using the Chat function is deleted in this case.
1.16 VIDEO CENTRE
1.16.1 The legal basis for processing your personal data in relation to integrating our videos is established in point (f) of Article 6(1) of the GDPR.
1.16.2 We process your personal data for provision of the video centre in order to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device.
1.16.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This is, at the latest, after you leave our website.
1.16.4 Processing your personal data is strictly necessary for integration of the video centre. It is therefore not possible for you to object to this.
1.17 YOUTUBE
1.17.1 We use the video platform “YouTube“ of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (»YouTube«), a company of Google Inc. to ensure an appealing, consistent presentation of video content on our website that is independent of your terminal device. We do this in the Enhanced Privacy Mode. Unless you agree to the cookie when visiting the website, no data is collected by YouTube when you visit the website. Only when you want to play the video and agree to the cookie, your data is transmitted to YouTube (such as IP address, referring page, device information (browser, device type), retrieved video). We ourselves record and store whether and which YouTube video you have played in order to be able to offer you a customized service.
1.17.2 Your personal data is therefore deleted as soon as it is no longer required to achieve the purpose of its processing.
1.17.3 The legal basis for the processing of your personal data is your consent according to point (a) of Article 6(1) GDPR. You have the right to withdraw your consent at any time. If you wish to do this, please contact us via the details specified above. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.
1.17.4 We have no influence on the data processing by YouTube. Further information on data processing by You Tube can be found at https://policies.google.com/privacy?hl=en.
1.18 VIMEO
1.18.1 We use the Vimeo video platform from Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA (hereafter: ‘Vimeo’), to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device. Unless you have already agreed to the cookie when visiting the website, no data is collected by Vimeo through your visit to the website. Your data (such as your IP address, device information – including browser and device type – and retrieved video) is only shared with Vimeo when you want to play the video and agree to the cookie. For our part, we record and store information on whether you have played a Vimeo video – and if so, which one – to offer you a more personalised service.
1.18.2 We delete your personal data as soon as it is no longer required for the purpose for which it was processed.
1.18.3 The legal basis for processing your personal data is established by your consent in accordance with point (a) of Article 6(1) of the GDPR. You have the right to withdraw your consent at any time. Please contact us via the details provided above if you would like to do so. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.
1.18.4 We have no influence on how data is processed by Vimeo. Further information on data processing by Vimeo can be found at https://vimeo.com/privacy.
1.19 MOVING IMAGE
1.19.1 We use the “Moving Image“ service of the company movingimage EVP GmbH, Tempelhofer Ufer 1, 10961 Berlin, Germany, to optimise the integration of videos, livestreams and events provided on our website. Moving Image enables us to generate statistics about the videos we make available on the website by setting cookies and a local storage. The following personal data is processed for this purpose: IP address, date and time of your visit, time zone, operating system, browser used, ge-rat information, website URL, referrer URL.
1.19.2 The legal basis for the processing of your personal data is your consent in accordance with point (a) of Article 6(1) of the GDPR. You can withdraw your declaration of consent to the processing of your personal data at any time in the future by calling up our cookie banner again via the footer of our homepage and adjusting your settings accordingly.
You can find more information on data protection at: https://www.movingimage.com/de/agb/datenschutzerklarung-der-movingimage-evp-gmbh/
1.20 TECHNICALLY NECESSARY COOKIES
1.20.1 Our websites use technically necessary cookies besides the ones outlined in Sections 1.2 to 1.19. Cookies are small text files that are saved on a local cache in your browser. The cookies specified below are used by us exclusively to ensure that we are able to implement or provide the service that you are using. This is based on point (f) of Article 6(1) of the GDPR. Some of our website functions cannot be provided without the use of cookies. For these functions, your browser needs to be identified again even after changing pages. Your personal data is not processed further. The legitimate interest that we pursue when processing data is to optimise the website settings for the device you are using and to adapt the user interface accordingly. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above. The following types of cookies (the scope and functionality of which are detailed below) are used on our websites:
- transient cookies (see Section 1.20.2)
- persistent cookies (see Section 1.20.3).
1.20.2 Transient cookies are automatically deleted once you close your browser. These include session cookies in particular. These save a session ID that makes it possible to attribute various request from your browser to a common session, allowing your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
1.20.3 Persistent cookies are automatically deleted after a specified amount of time, which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
1.20.4 You can find an overview of the technically necessary cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. If permitted, cookies are saved on your computer and transferred from there to our website. This allows you full control over the use of cookies. You can change settings in your browser to deactivate or limit the transfer of cookies. You can delete saved cookies at any time. This process can also be automated. If cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.
2. COLLECTION AND PROCESSING OF VOLUNTARILY PROVIDED DATA
We collect and process personal data that has been shared with us voluntarily during the course of interacting with customers, suppliers and other business partners (for example, via email, telephone or our websites). The following overview provides you with information on the legal basis and purposes of the individual data processing activities.
2.1 Online catalogue or online shop
The legal basis for processing your personal data for the online catalogue is established in point (b) of Article 6(1) of the GDPR. The purpose of processing your personal data for the online catalogue is to fulfil a contract between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of data processing for the online catalogue, this is when the contract has been fulfilled and all claims from the contract relationship lapse or legal retention periods have expired. The purpose of processing your personal data within the online shop is to fulfil a contract between you and us and is strictly necessary. It is therefore not possible for you to object to this.
2.2 Account registration / Creating a new Geberit ID
The legal basis for processing your personal data for customer account registration is established in point (b) of Article 6(1) of the GDPR. Registering or creating a Geberit ID allows, in particular, the conclusion of contracts as well as a customer service relationship. While creating your Geberit ID, we validate your telephone number by sending a confirmation SMS. Processing your personal data as part of the registration process is therefore necessary to fulfil a contract, carry out pre-contractual measures and maintain our customer relationship. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This is, at the latest, when your customer account is terminated. You may terminate the registration of your customer account at any time. If you do so, your personal data is deleted, provided that no legally binding retention periods apply.
2.3 Contact form and email contact
The legal basis for processing your personal data that is transferred during customer contact interactions is established in point (a) of Article 6(1) of the GDPR. If the aim of the contact is to conclude a contract, then point (b) of Article 6(1) of the GDPR is an additional legal basis for processing your personal data. For customer communications, we only process your personal data to handle your issues. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent during customer communications, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to customer communications at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.
2.4 CONTACT PERSON FOR CONTRACT NEGOTIATIONS
The legal basis for the processing of your personal data as a contact person in the context of (pre-contractual) contract negotiations and the fulfilment of agreements is point b of Art. 6(1) of the GDPR. The purpose of processing your personal data is the fulfilment of a contract between you or the company in which you are employed and us. Your personal data will be deleted as soon as they are no longer required to achieve the purpose of their processing. This is the case when the contract has been fulfilled and all claims arising from the contractual relationship have lapsed or there are no longer any statutory retention periods. The processing of your personal data is absolutely necessary for the fulfilment of a contract. Consequently, you have no right of objection.
2.5 Technik Telefon
The legal basis for processing your personal data that is transferred during customer interactions via the Technik-Telefon is established in point (a) of Article 6(1) of the GDPR. If the aim of the contact is to conclude a contract or continue with the fulfilment of a contract, then point (b) of Article 6(1) of the GDPR is an additional legal basis for processing your personal data. For customer interactions via the Technik-Telefon, we only process your personal data to handle your issues. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent during customer communications, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to customer communications at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.
For customer interactions via telephone, some telephone conversations may be recorded in individual circumstances. You will be informed of this before the start of the conversation. As a general rule, the legal basis for processing your data in these cases is point (a) of Article 6(1) of the GDPR. If the legal system of a European member state provides for express consent, the legal basis is point (f) of Article 6(1) of the GDPR.
2.6 Geberit customer bathroom consultation
The legal basis for processing the personal data that you transfer as part of the bathroom consultation service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. If the aim of the contact as part of the consultation is to initiate, conclude or continue with the fulfilment of a contract, then point (b) of Article 6(1) of the GDPR is an additional legal basis for processing your personal data. If you use the optional, automatic appointment system and receive appointment information by e-mail, the legal basis is your consent in accordance with point (a) of Article 6(1) of the GDPR. Your data is processed for the purpose of handling your issues as well as providing a timely and competent consultation regarding our products. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of your request, this is when your issues are fully processed and there is no legal retention period in effect. You can revoke your consent to the processing of your personal data with regard to the requested consultation service at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.
2.7 Service & customer service
The legal basis for processing your personal data that is transferred during the requested service and customer service interaction is generally established in point (b) of Article 6(1) of the GDPR. If you transfer additional information to us as part of your issue, your consent in accordance with point (a) of Article 6(1) of the GDPR is an additional legal basis for processing your personal data. Your personal data is processed for purposes of handling your service or customer service request and therefore serves to settle potential service and customer service requests. It is therefore necessary to process your personal data within the scope of handling your issues to ensure we provide the best possible service. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of your request, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to settling your service or customer service request at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during your service or customer service request is deleted unless there is a legal retention period that prevents deletion.
For customer interactions via telephone, some telephone conversations may be recorded in individual circumstances. You will be informed of this before the start of the conversation. As a general rule, the legal basis for processing your data in these cases is point (a) of Article 6(1) of the GDPR. If the legal system of a European member state provides for express consent, the legal basis is point (f) of Article 6(1) of the GDPR.
2.8 Download centre
The legal basis for processing your personal data within the Download Centre is established in point (a) of Article 6(1) of the GDPR. If the aim of the contact within the scope of the Download Centre is to conclude a contract, then point (b) of Article 6(1) of the GDPR forms an additional legal basis for processing your personal data. Your data is processed for the purposes of providing and sending documentation you have requested via our website. Processing your personal data in the Download Centre is therefore necessary to process your request or to supply documents you have requested. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of the order request, this is when your order is fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to the order process at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the order process is deleted unless there is a legal retention period that prevents deletion.
2.9 Streaming services
You can register for and take part in our digital events (known as streaming services) via our home page. The legal basis for processing your personal data for streaming services, for example in the context of the ‘Geberit NeuheitenTreff’ innovation meeting, is established in point (a) of Article 6(1) of the GDPR. The registration process relating to this and the processing of your personal data is necessary to enable you to use the digital streaming services. Your personal data is processed for the purposes of providing and carrying out the streaming services you have requested. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is processed as part of the streaming service, this is when the digital event ends and there are no legal retention periods preventing deletion. You can object to the processing of your personal data with regard to our streaming service at any time with future effect. However, if you do so, you can no longer take part in the digital event All personal data that was saved during your registration for or participation in our digital streaming services is deleted unless there is a legal retention period that prevents deletion.
2.10 Geberit Fire Test Laboratory
The legal basis for processing your personal data for registration, logging into and participating in the ‘Geberit Fire Test Laboratory’ event is established in point (a) of Article 6(1) of the GDPR. The registration process relating to this and the processing of your personal data is necessary to enable you to take part in the Geberit Fire Test Laboratory. Your personal data is processed for the purposes of registering for and participating in the Geberit Fire Test Laboratory service. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is required for registration for and signing in to the Geberit Fire Test Laboratory, this is when the event is finished and there is no legal retention period in effect. You can object to the processing of your personal data with regard to participating in the Geberit Fire Test Laboratory at any time with future effect. However, if you do so, you can no longer take part in the Geberit Fire Test Laboratory event All personal data that was saved during your registration for or participation in the ‘Geberit Fire Test Laboratory’ event is deleted unless there is a legal retention period that prevents deletion.
2.11 Geberit Pro planner and Revit® plug-in
The legal basis for processing your personal data for installation and use of the sanitary planning tool is established in point (a) of Article 6(1) of the GDPR. This processing is necessary to enable you to use the sanitary planning tool. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is required for installation and use of the sanitary planning tool, this is when the tool is deleted and there is no legal retention period in effect. You can object to the processing of your personal data with regard to the use of the sanitary planning tool at any time with future effect. If you do so, you can no longer use the sanitary planning tool. All personal data that was saved during the installation and use of the tool is deleted unless there is a legal retention period that prevents deletion.
2.12 Geberit press mailing list
The legal basis for processing your personal data when subscribing to our press mailing list is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. The purpose of processing your personal data is to send you mailshots as part of the press mailing list. The purpose of processing your personal data for sending mailshots as part of the press mailing list is to send you information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. Your data is therefore saved until you unsubscribe from our press mailing list. You can revoke your consent to receive mailshots as part of the press mailing list at any time or click on the unsubscribe link within the mailshot to unsubscribe from further mailshots.
2.13 Geberit media releases
The legal basis for the processing of your personal data in the context of registering for our media releases is your declared consent in accordance with point (a) of Article 6(1) of the GDPR. The purpose of processing your personal data in the context of Geberit media releases is to send corporate communications relating to the Geberit Group. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was processed. Your personal data will therefore be stored until you have unsubscribed from our media releases. You can revoke your consent to receive media releases at any time or use the unsubscribe link contained within the media releases to object to further receipt of media releases.
2.14 Geberit Newsletter or Useletter
The legal basis for processing your personal data to send you the Geberit Newsletter (for end customers) or geberit Useletter (for business customers) is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Your personal data is processed so that we can send the Geberit Newsletter or Useletter to you. The purpose of processing your personal data for sending the Geberit Newsletter or Useletter is to send information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. Your data is therefore saved until you unsubscribe from our Geberit Newsletter or Useletter. You can revoke your consent to receive the Geberit Newsletter or Useletter at any time or click on the unsubscribe link within the Newsletter or Useletter to unsubscribe from further newsletters.
2.15 Direct marketing
The legal basis for processing your personal data for direct marketing measures is either your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR or the legal permission according to point (f) Article 6(1) of the GDPR or the respective regulation of Unfair Competition Law. The purpose of processing your personal data for direct marketing measures is to send information and offers and, where applicable, to promote sales through the sale of goods or services. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed and especially if we receive a withdrawal of consent or objection to its processing. You can revoke your consent with future effect at any time and/or may object to the processing of your data for direct marketing measuring at any time, also with future effect.
2.16 Competitions
The legal basis for processing your personal data for competitions is established in point (b) of Article 6(1) of the GDPR. The purpose of processing your personal data for competitions is to fulfil a contract for participation in the competition between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data processing within the scope of competitions, this is when the competition is completely finished. You can object to the processing of your personal data with regard to competition participation at any time with future effect. Doing so means you can no longer take part in the competition. All personal data that is saved during the competition is deleted in this case.
2.17 Cashback offers and warranty extension
The legal basis for processing your personal data for cashback offers and warranty extensions is established in point (b) of Article 6(1) of the GDPR. The purpose of processing your personal data for cashback offers or warranty extensions is to fulfil a contract between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of data processing for cashback offers and warranty extensions, this is when the cashback offer is fully completed or the warranty period has expired. You can object to the processing of your personal data with regard to cashback offers or warranty extensions at any time with future effect. If you do so, you can no longer participate in the cashback offer or benefit from warranty extensions. All personal data that is saved in relation to cashback offers and warranty extensions is deleted in this case.
2.18 events
The legal basis for processing your personal data for holding virtual or on site events (“event”) is established in point (b) of Article 6(1) of the GDPR. The purpose of processing your personal data for events is to fulfil a contract for holding the event between you and us. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. You can refuse to the processing of your personal data with regard to the event at any time with future effect. Doing so means you can no longer take part in the event. All personal data that is saved for the event is deleted.
2.19 Data collection related to Covid-19 for in-person events/training
The legal basis for processing your personal data for in-person events/training is established in point (c) of Article 6(1) of the GDPR in connection with the current regulations of the Infection Prevention Act and the infection prevention measures that can be derived from this, as well as other Covid regulations. The purpose of processing your personal data for in-person events and training is to comply with the legal regulations for infection prevention. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed.
Your personal data is processed when holding in-person events or training to comply with legal obligations. It is therefore not possible for you to object to this besides not participating in the in-person event or training.
2.20 GEBERIT-HOLTZMANN GIS/DUOFIX CALCULATOR
The legal basis for the processing of your personal data when using the GEBERIT-HOLTZMANN GIS/DUOFIX calculator is your consent in accordance with point a of Art. 6(1) of the GDPR. The purpose of processing your personal data is to forward your request for a quotation with the details required for the construction project to the HOLTZMANN company and to confirm the forwarding to you. Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was processed. Independently of this, we store any uploaded images and the project name you enter. These must not contain any personal information. You can withdraw your consent to the processing of your personal data at any time. In this case, however, you will not be able to send a request for quotation via the GEBERIT-HOLTZMANN GIS/DUOFIX calculator.
2.21 GEBERIT CAMPUS
The legal basis for the processing of your personal data for course participation and in the Geberit Campus dashboard is point b of Art. 6(1) of the GDPR. The purpose is the fulfilment of the contract on the course participation between you and us. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was processed. You have the option at any time to refuse the processing of your personal data in the context of course participation for the future. In this case, you will no longer be able to participate in the course. In this case, all personal data will be deleted, provided that no legal retention periods prevent deletion. In this case, the data will be deleted after the legal retention obligations have ceased to apply.
2.22 FEEDBACK FORMS
The legal basis for the processing of your personal data in the context of the use of feedback forms is your consent in accordance with point a of Art. 6(1) of the GDPR. The purpose of processing is to evaluate your feedback in order to improve our offer and our online presence. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was processed, i.e. your feedback has been fully evaluated. You can withdraw your consent to the processing of your personal data at any time. In this case, however, your feedback cannot be processed any further.
3. FURTHER DATA PROCESSING BESIDES OUR WEBSITE
In addition to our website, further data processing by third-party providers takes place in individual cases and depending on your settings, about which you can find out here.
3.1 FACEBOOK INSIGHTS (FACEBOOK-FANPAGE)
We operate our Facebook fan page together with Meta Platforms Inc. 1 Hacker Way, Menlo Park, California 94025, USA (hereafter ‘Meta’). For this purpose, we have concluded an agreement with Meta regarding which party has which obligations concerning the GDPR. You can view the essential content of this agreement at https://www.facebook.com/legal/terms/page_controller_addendum. Information about how Meta processes your personal data can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. By processing your personal data using Facebook Insights, we can analyse your user behaviour. We evaluate the captured data and use it to collate information about our Facebook fan page activity. This helps us to design our Facebook fan page in a more user-friendly way that meets the needs of our target audience. The personal data that is collected from our Facebook fan page is provided to us by Meta. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Facebook Insights, you can object to the processing of your personal data by Facebook Insights at any time and with future effect. If you do so, we refer your objection to Meta.
3.2 INSTAGRAM
Instagram is a product belonging to Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereafter ‘Meta’). We run our Instagram page together with Meta. For this purpose, we have concluded an agreement with Meta regarding which party has which obligations concerning the GDPR. You can find the detailed information on the processing of your personal data by the Instagram service at: https://help.instagram.com/519522125107875. Information about how Meta processes your personal data can be found at https://help.instagram.com/519522125107875. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. The processing of your personal data by Meta via the Instagram service helps us analyse your user behaviour. We evaluate the captured data and use it to collate information about activity on our Instagram page. This helps us to design our Instagram page in a more user-friendly way that appeals to our target audience. The personal data that is collected from our Instagram page is provided to us by Meta. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Meta, you can object to the processing of your personal data by Instagram/Meta at any time and with future effect. If you do so, we refer your objection to Meta.
3.3 YOUTUBE CHANNEL
To ensure we design our social media offering to meet customers’ needs, we use a YouTube channel which is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereafter ‘Google’). YouTube is a video platform that enables users to upload and publish their videos for public viewing. You can find more information on how Google processes your personal data at https://policies.google.com/privacy?hl=en&gl=en#infocollect. If you wish to use our YouTube channel, we remind you that you use this service at your own risk. This applies especially to the features offered within the YouTube platform, such as the comment, like and share features under each video. We have no influence over the type and scope of the data processed by Google in relation to the YouTube channel. By using the YouTube channel, your personal data is processed by Google and, in doing so, will be transferred to the United States, Ireland and any other country in which Google does business, regardless of your place of residence, and may be further processed there. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. Your personal data is processed for the purposes of designing an appealing and user-friendly YouTube channel that meets the needs of our viewers. In this context, we only process your personal data within the YouTube channel insofar as it is necessary for providing information on our offers and services. We also process personal data in relation to this YouTube channel for the purposes of communicating with users and potential interested parties. The personal data that is collected from our YouTube channel is provided to us by Google. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Google, you can object to the processing of your personal data in relation to this YouTube channel at any time. If you do so, we refer your objection to Google.
3.4 X
X is a product of Twitter International Unlimited Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland (hereinafter “Twitter Inc“). We operate our X site together with Twitter Inc. For this purpose, we have concluded an agreement with Twitter Inc. on which of us fulfils which obligation in accordance with the GDPR. You can view the main content of the processing of your personal data by Twitter Inc. at https://twitter.com/en/privacy. The legal basis for the processing of your personal data is point (f) of Article 6(1) of the GDPR. The processing of your personal data by Twitter Inc. enables us to analyse your usage behaviour. By evaluating the data obtained, we are able to compile information about the attractiveness of our X page. This helps us to make our X page more user-friendly and tailored to your needs. Your personal data collected in the course of operating our X page is made available to us by Twitter Inc. Your personal data will be deleted as soon as it is no longer required for our aforementioned purposes. If you do not wish your data to be collected by Twitter Inc., you have the option at any time to object to the processing of your personal data within the framework of use by Twitter Inc. for the future. In this case, we will forward your request for objection to Twitter Inc.
4. FURTHER DATA PROCESSING, DATA TRANSFER TO THIRD COUNTRIES, DATA ERASURE
In individual cases, we need your data for specific, non-standard data processing, which you can find out about here.
4.1 Data subject information in accordance with Article 12 ff. of the GDPR
The legal basis for processing your personal data as part of processing your data protection enquiries (data-subject information) is established in point (c) of Article 6(1) of the GDPR in connection with Article 12 ff. of the GDPR. The legal basis for the subsequent documentation of the legally compliant processing of the data-subject information is established in point (f) of Article 6(1) of the GDPR. The purpose of processing your personal data for processing the data-subject information is to answer your data protection enquiry. The legally compliant processing of the relevant data-subject information is subsequently documented to fulfil legal obligations regarding accountability according to Article 5(2) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of processing data-subject information, this is three years after the end of the process. You can object to the processing of your personal data with regard to processing data-subject information at any time with future effect. However, if you do so, we cannot continue to process your data-protection enquiry. It is strictly necessary to document the legally compliant processing of the affected data-subject information. It is therefore not possible for you to object to this.
4.2 Legal defence and enforcement
The legal basis for processing your personal data for legal defence and enforcement is established in point (f) of Article 6(1) of the GDPR. The purpose of processing your personal data for legal defence and enforcement is to prevent unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. It is strictly necessary to process your personal data for legal defence and enforcement. It is therefore not possible for you to object to this.
4.3 Sharing your data with third parties
Personal data is provided within our company to the appropriate positions and departments which require it for fulfilling the previously mentioned purposes. We also sometimes use various service providers and transfer your personal data to other trustworthy recipients. These may include:
- other Geberit companies for the purpose of centralised customer administration and order processing
- other Geberit companies for the purpose of providing centralised IT and other services
- logistics providers
- banks and other payment service providers for the purpose of processing any payments
- service providers for the purpose of organising, carrying out and handling of possible installation work and after-sales services
- scanning services
- printers
- IT service providers
- lawyers and courts
4.4 Transfer to third countries
4.4.1 In the course of processing your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries that are outside the European Union (EU) or the European Economic Area (EEA). We only work with service providers who can provide us with suitable guarantees for the security of your personal data and who can guarantee that your personal data will be processed in accordance with strict European data protection standards. A copy of these suitable guarantees can be inspected at our premises.
4.4.2 If we transfer personal data to third countries, this will be done on the basis of a so-called adequacy decision of the European Commission, or, in the absence of such a decision, on the basis of so-called standard contractual clauses, which have also been issued by the European Commission, and if required further measures.
4.5 Erasure of your data
Generally speaking, we erase or anonymise your personal data as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the sections above. If data needs to be retained for legal reasons, it will be blocked. This means that it will no longer be available for further processing. If you require further information regarding our erasure and retention periods, please contact the controller specified in Section 2 using the relevant contact data.
4.6 Changes of purpose
Your personal data will only be processed for purposes other than those described if a legal provision requires this course of action or if you have given your consent to the changed purpose of the data processing. In cases of further processing for purposes other than those for which we originally collected the data, we will notify you of these other purposes prior to the data being processed further, and will provide you with all other information that relates to this.
4.7 Automated individual decision-making or profiling
We do not use any automated processing systems for coming to specific decisions – including profiling.
5. Your rights
As regards your personal data processed by us, you are entitled to the rights outlined below. In order to exercise any of these rights, please send us a written request using the contact details specified above or send an email to the following address: dataprotection@geberit.com.
5.1 Right to access
You have the right to request that we provide access to the personal data concerning you that we have processed. You may exercise this right within the scope outlined in Article 15 of the GDPR.
5.2 Right to rectification
In accordance with Article 16 of the GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.3 Right to erasure
Subject to the prerequisites specified in Article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you. The prerequisites provide for a right to erasure in particular where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The ability to exercise this right is restricted in accordance with Article 17(3) of the GDPR, particularly in cases where we require your data in order to meet a legal obligation or to process legal claims.
5.4 Right to restriction of processing
You have the right to request from us restriction of processing under the terms specified in Article 18 of the GDPR. This right exists in particular (a) where the accuracy of personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, (b) where you oppose the erasure of the personal data (in cases where the right to erasure applies) and request the restriction of its use instead, (c) where we no longer need the personal data for the purposes for which it was being processing, but it is required by you for the establishment, exercise or defence of legal claims, and (d) where the successful exercise of an objection is still contested between you and us. If the processing of your data has been restricted on any of these bases, such data may only be processed in exceptional cases; for example, where you have given your consent to this or where such processing is necessary for the enforcement of legal claims.
5.5 Right to object to processing
In accordance with Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation and at any time, to the processing of personal data concerning you on the basis of point (e) or (f) of Article 6(1) of the GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the circumstances involve the establishment, exercise or defence of legal claims.
5.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format under the terms specified in Article 20 of the GDPR. This requires that the data processing has been based on you having given your consent and has been carried out by automated means.
5.7 Right to lodge a complaint with the relevant data protection supervisory authority
You have the right to lodge a complaint with a supervisory authority – in particular, within the EU member state of your habitual residence, your place of work or the location of the alleged infringement – if you believe that the processing of personal data relating to you infringes the applicable data protection legislation.
Stand: November 2023