Privacy Policy of Neoperl AG
Neoperl AG, Pfeffingerstrasse 21, 4153 Reinach BL, Switzerland and its subsidiaries/fellow subsidiaries attach great importance to the protection of your personal data. We would like you to know when we store which data and how we use such data. We are subject to the provisions of the Swiss Federal Data Protection Act (Bundesgesetz über den Datenschutz, DSG) and/or – if we offer our goods and services in the EU/EEA area – the provisions of the European General Data Protection Regulation (GDPR). In order to ensure that these data protection provisions are being complied with by us and also by our external services providers, we have taken appropriate technical and organisational measures.
This Privacy Policy applies to our online offerings. These include websites, functions and content as well as external online presences, for instance our social media presence or any apps developed by us. At the same time, this Privacy Policy is intended to inform you about any further processing of your personal data, and our compliance with the information obligations we have towards you.
The terminology used in this Privacy Policy, such as controller (or in the Swiss DSG occasionally referred to as the “controller of the data file”) or personal data, is used in accordance with the applicable definitions in the DSG and/or the GDPR as applicable. For reasons of easier readability and therefore also for purposes of a transparent provision of information, we have generally refrained from quoting individual articles, sections or similar.
Controller
Controller for purposes of the DSG and/or the GDPR or other national data protection laws in EU member states as well as other data protection provisions is
Neoperl AG
Pfeffingerstrasse 21
4153 Reinach BL
Switzerland
Tel.: +41 61 716 74 11
Fax. +41 61 716 74 09
E-Mail: ch.infonet@neoperl.com
Webseite: www.neoperl.ch
Data protection officer
The controller has appointed a data protection officer. His contact details are:
Michael Kranzer
Bechtle GmbH IT-Systemhaus Freiburg
Leinenweberstraße 1
79108 Freiburg im Breisgau
Germany
E-Mail: ch.datenschutz@neoperl.com
For questions, suggestions or comments regarding data protection and in order to exercise your rights as set out below, please contact our data protection officer.
General information regarding data processing
Scope of the processing of personal data
We use the personal data provided by you in order to respond to your queries, process your orders, deliver products, process payments or to give you access to certain information or offers (in particular on our Neoperl website and webshop or in our Neoperl apps).
Legal bases for the processing of personal data
Where the GDPR is applicable, the processing of personal data is generally not permitted unless there is statutory permission. We are obliged, in this regard, to inform you about the legal bases for the processing of the data. Where the DSG is applicable, the processing of personal data is allowed in principle, provided that the statutory principles of the DSG are complied with.
If we obtain your consent for the processing of personal data, such consent constitutes the legal basis.
If the processing of personal data is necessary for the performance of a contract, whose contracting party is you, the performance of the contract constitutes the legal basis. This also applies to any processing that is necessary in order to implement pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this constitutes the legal basis.
In the event that interests which are essential for the life of the data subject or that of another natural person make the processing of personal data necessary, this constitutes the legal basis.
If the processing of personal data is necessary for purposes of safeguarding a legitimate interest of our company or of a third party, and if your interests or fundamental rights and freedoms do not override that interest, this constitutes the legal basis for the processing.
Children
Our offering is generally aimed at adults. People under the age of 16 must not transfer any personal data to us without the consent of their parents or legal guardians. We do not request or collect any personal data from children and young people and therefore also do not pass it on to third parties.
Deletion of data and storage time
As soon as the purpose for storing data ceases to apply, we will delete or block your personal data. Data may, however, be stored beyond such time period if this is required due to statutory provisions to which we are subject. This may, for instance, concern data that needs to be stored for commercial or tax-related reasons, such as delivery slips or invoice data.
Your data will be blocked or deleted if the storage time prescribed by such provisions expires, unless a continued storage of the data is required for the conclusion or performance of a contract.
Sharing personal data with third parties
As a general rule, we will not share any personal data with third parties without your express consent. In the event that we do share your data with third parties, transmit it to them or grant them access to it in any other way in the context of the processing, this also occurs only on the basis of one of the aforementioned legal bases.
We transfer data, for instance, to payment providers or suppliers if this is necessary in order to fulfil the contract. If we are obliged to do so by statute or by court order, we have to transfer your data to the respective bodies entitled to such data.
On occasion, we use carefully selected external service providers in the processing of your data. If, in the context of what is known as commissioned data processing, data is transferred to service providers, this occurs on the basis of the provisions of the DSG and the GDPR. Our commissioned data processors have been carefully selected, are bound by our instructions and are checked at regular intervals. We only commission such data processors who provide sufficient guarantees that suitable technical and organisational measures are taken to ensure that the processing takes place in accordance with data protection requirements and safeguards the protection of your rights.
Data transfers to third countries
The DSG ensures a high level of data protection in Switzerland. The GDPR ensures a consistently high level of data protection within the European Union. Where possible, when selecting our service providers and cooperation partners we therefore rely on partners in Switzerland and the EU in the event that your personal data is to be processed. Only in exceptional cases will we allow your data to be processed outside of the European Union in the context of using third party services.
We may share your data with subsidiaries or fellow subsidiaries abroad if this is required for intra-group management purposes.
We will only allow your data to be processed in a third country if the special requirements of the DSG and the GDPR have been met. That means that your data may then only be processed on the basis of special guarantees. These guarantees include the EU Commission making an official decision that a third country has an adequate level of data protection in line with that of the EU, compliance with officially recognised special contractual clauses (known as standard contractual clauses) or other conventions between Switzerland and/or the EU and third countries (such as the Privacy Shield, an agreement between Switzerland and the U.S., and the EU and the U.S.).
Automated decision making
We refrain from using automated decision making processes or profiling (in Switzerland also referred as the processing of personality profiles).
Rights of the data subject
If your personal data is processed, you are a data subject for purposes of the data protection laws (in Switzerland also referred to as the person affected). You have the following rights against us.
To exercise your rights, please contact our data protection officer.
Right to withdraw consent
If the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. The withdrawal of your consent does not affect the lawfulness of any processing that has taken place until then.
Right of access
You have the right to ask us to confirm whether we are processing any personal data relating to you. If this is the case, you have the right to obtain details of the following information:
- the purposes of the processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed;
- where the GDPR is applicable, the envisaged period for which the personal data will be stored or, if actual details cannot be provided on this, the criteria used to determine that period;
- where the GDPR is applicable, the existence of the right to request us to rectify or erase personal data or restrict our processing of personal data concerning you or to object to such processing;
- where the GDPR is applicable, the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, any available information as to its source;
- the existence of automated decision making, including profiling, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to obtain information on whether your personal data is transferred to a third country or to an international organisation. In this context you have the right to request information about the appropriate safeguards in connection with such transfer.
Within one month from receipt of your request for information, we will provide you with a copy of the personal data that is being processed. Where you make the request by electronic means and unless otherwise requested by you, we will provide the information to you in a commonly used electronic form.
Right to rectification
You have the right to require us to immediately rectify your personal data if it is incorrect. In due consideration of the purposes of the processing, you have the right to request completion of any incomplete personal data concerning you.
Right to erasure (“right to be forgotten”)
You have the right to require us to erase personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing.
- Personal data has been unlawfully processed.
- The personal data has to be erased to comply with a legal obligation in Union or Member State law.
- The personal data has been collected in relation to the offer of information society services.
- Where we have made personal data concerning you public and are obliged to erase it, taking account of available technology and the cost of implementation, we will take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
The right to erasure (“right to be forgotten”) does not apply insofar as the processing is required:
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health;
- to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- to assert, exercise or defend legal claims.
Right to restriction of processing
You have the right to require us to restrict the processing of your personal data if one of the following conditions applies:
- you contest the accuracy of the personal data concerning you, namely for a period that enables us to check the accuracy of the personal data;
- the processing is unlawful and instead of the erasure of the personal data you require us to restrict its use;
- we no longer need the personal data for the purposes of the processing, but you require it for the assertion, exercise or defence of legal claims; or
- you have objected to the processing pending verification as to whether our legitimate reasons override yours.
- Where processing has been restricted in accordance with the aforementioned conditions, such personal data will, with the exception of storage, only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted in accordance with the aforementioned conditions, we will notify you before lifting the restriction.
Right to data portability
Where the GDPR is applicable, you have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and is carried out by automated means.
In exercising the right to data portability you can have the personal data transmitted directly from us to another controller, where technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task vested in us and carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of a weighing up of interests. In this case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the data is processed for reasons of asserting, exercising or defending legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services you may exercise your right to object by automated means using technical specifications.
Automated individual decision making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and us,
- is authorised by Union law or Member State law to which we are subject and which lays down suitable measures to safeguard your rights and freedoms and your legitimate interests or
- is based on your explicit consent.
We will implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Where the GDPR is applicable, without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes data protection provisions. Where the Swiss DSG is applicable, you may report your concerns or incidents to the Swiss Federal Data Protection Commissioner. This person can then initiate an investigation of facts, make recommendations and, where required, take legal steps.
Use of our online offerings
You are generally able to use our online offerings without disclosing your identity. In this section we will provide information to you as to when and in what connection we process data during the use of our online offerings, what offers of service providers and cooperation partners we have implemented, how these work and what happens to your data.
Data collection upon visits to our websites
If you use our websites purely for purposes of obtaining information, i.e. if you do not register for an offer, enter into a contract with us or otherwise disclose information to us, we will only collect personal data that your browser transmits to our server.
When you access our websites, we will collect the following data which we require for technical reasons in order to display our websites and ensure that they are stable and secure:
- IP address of the visitor
- date and time of the request
- requested content (specific page)
- access status / http status code
- data volume transmitted in each case
- website from which the request originates
- operating system of the visitor
- language and version of the browser software.
This data is temporarily stored in our system log files for a period lasting no longer than seven days. Data may be stored for longer; in this case, however, the IP addresses will be truncated or distorted such that it is no longer possible to identify the accessing client. In this connection the log files will not be stored together with other personal data concerning you. The legal basis for these processing operations is our legitimate interest.
Given that the collection of the data is strictly required in order to display the websites, and the storage of the data in log files is strictly required for the operation of our websites and to ensure IT security, you have no right to object in this regard.
Customer account
Personal data is required for a customer account. Required data is marked with an asterisk (*) in the registration process. By registering, you consent to the use of this data for the purpose of managing your account. In order to process electronic payments, we may cooperate with electronic payment service providers and transfer your personal data for these processing purposes.
Payment service providers
In the context of the fulfilment of contracts we use payment service providers in order fulfil contracts. Apart from this, we use external payment service providers on the basis of our legitimate interests in order to offer our users an effective and secure payment method.
The data processed by our payment service providers includes inventory data, such as name and address, bank details including account numbers or credit card numbers, passwords, TANs and checksums as well as details relating to contracts, sums and recipients. These details are required in order to process the transactions. The data provided is, however, processed and stored by the payment service provider. That means we receive no account-related or credit card-related information, but only information containing a statement as to whether payment has or has not been made. In certain cases, payment service providers may transfer the data to credit agencies. Such data transfers are made for purposes of checking ID and credit history. In this regard, please refer to the general terms and conditions and privacy policies of the payment service providers.
The payment transactions are governed by the terms and conditions and privacy policies of the respective payment service provider, which can be accessed on the respective websites or transaction apps. Please also refer to these for further information and in order to assert rights to withdraw, rights of access and other data subject rights.
Delivery of goods
Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.
Apps
Besides our online offering, we also provide mobile apps for you to download to your mobile device. In the following, we provide information to you about the processing of personal data when using our apps. We do this to ensure that you are aware of how the services implemented as part of our offer work and what will happen to your data.
If you do not agree to your data being processed by one of our partner service providers you can use the opt-out function provided by the respective partner.
Usage data
When an app is downloaded, the required information is transferred to the respective app store; namely, in particular, the user name, email address, customer number at the app store and the individual device ID. We have no influence over such data processing; this is the responsibility of the respective app store. We only process data required for the app to be downloaded to your device.
When the app is used, we process the following data in order to enable the usability of the functions provided and to ensure the app’s security and stability:
- the user’s IP address
- date and time of the request
- requested content (specific page)
- access status / http status code
- data volume transmitted in each case
- the user’s operating system
The legal basis for this is our legitimate interest.
Push notifications
Push notifications are sent with the help of a pseudonymised push token provided by your operating system or the push service in question. Neither we nor our contractual partners are able to deduce personal data via the push token or link it to the mobile device.
Push notifications are sent on the basis of your consent. You may revoke your consent at any time by disabling the “receive push notifications” function in the app settings or deactivating the receipt of push notifications in the settings of the operating system.
Crash reports
In order to improve the stability and reliability of our apps, we rely on anonymised crash reports.
iOS apps: If you have voluntarily and expressly consented to the transmission of a crash report in the app settings, anonymous information regarding the crash will be transmitted to our service provider’s servers and stored therein for purposes of analysis. Crash reports do not contain any personal information. In iOS these consist of a stack trace, some device information (no serial number or similar), the app version, the time stamp of the crash, and the list of software libraries stored in the memory. No processor register content or log files are contained therein.
Android apps: If, when configuring your mobile device, you voluntarily and expressly consent to the general transmission of crash reports to Google, following a crash of the app, information (status of the app at the time of the crash, stack trace, manufacturer and operating system of the mobile phone, last log notices) will be transferred to Google and stored for purposes of analysis. This information does not contain any personal data.
Neoperl identification/water saving
When using these apps, your entries in the decision tree as well as the version number of the app will be processed. Further, your information regarding your smartphone (model/version, operating system and language selected) will be processed.
When using “Send Me Picture”(SMP), the photographs you have taken of the aerators and your comments will be processed. In addition, the time and the result of the measurement will be processed. A push token and a reference ID of the status of the decision tree will be generated.
Data processing when visiting our websites/use of cookies
General information on the use of cookies
When you use our websites, cookies will be stored on your device in addition to the aforementioned data. Cookies are small text packages that may be sent by a website to the browser, and stored and returned by it. Cookies can be used to store various details, which are read by the entity that has placed the cookie. They typically contain a characteristic string (ID) which allows unambiguous identification of the browser in the event of renewed access to the website or a change of page. They are primarily used to make our online offerings more user friendly and more effective overall. The user data collected in cookies is pseudonymised through technical means, which typically makes it impossible to link the data to the accessing user. If identifiability is possible, for instance in the case of a login cookie whose session ID is necessarily linked to the account of the user, we will notify you at the appropriate time.
We use different types of cookies:
- “Session cookies” are cookies that are deleted after you leave our website and close the browser. Such cookies are used to store, for instance, language settings or the content of a shopping basket.
- “Permanent cookies” remain stored even after the browser has been closed. This allows, for instance, the storage of the login status or any search terms entered. We use such cookies, inter alia, to measure reach or for marketing purposes. Permanent cookies are automatically deleted after a defined period of time, which may differ depending on the cookie. You may, however, delete such cookies at any time, inter alia with the help of your browser.
Besides “first party cookies”, which we use in our capacity as data controller, we also use “third party cookies” offered by other providers.
- In our capacity as controller we set “first party cookies”:
The legal basis for the processing of your personal data in this respect is our legitimate interest. - External service providers who carry out web tracking or reach measurements for us, for instance, may also set cookies.
The legal basis for the processing of your personal data is your consent.
Note:
A general objection to the deployment of cookies for advertising purposes can be lodged for a variety of services via the EU website https://www.youronlinechoices.com/de/ or the U.S. website https://www.aboutads.info/choices/. Furthermore, you can configure your browser settings and, for instance, accept third party cookies, refuse all cookies or activate the option “do not track”. This may, however, mean that you will no longer have access to all of our online functions.
Live Chat
On this website, we use a live-chat system with technology of the company LiveChat Inc. (101 Arch Street, 8th floor, Boston, MA 02110, USA). This allows us to enter into direct online communications with you and to support you as swiftly as possible if you have any questions. Cookies are also used to operate the chat function.
The legal basis for the processing of your personal data is our legitimate interest to offer you a service or, where applicable, to enter into or fulfil a contract with you. We will delete the processed data as soon as it is no longer required.
Matomo
Our website uses Matomo. This is a web analysis service for purposes of statistical analysis. This does not involve the transfer of data to third parties. Matomo also uses cookies. The information obtained about the use of our website through the cookie will be transmitted to and stored by our server in order for user behaviour to be analysed. As part of this process your IP address will immediately be anonymised to ensure that your usage behaviour can no longer be linked to your person. The information generated by the cookie about your use of this website will not be passed on to third parties.
We regard this analysis as part of our internet services. We carry out this analysis in order to continuously improve our website and to adjust our offers to the needs of users. We will delete the processed data as soon as it is no longer required for our analysis purposes.
The legal basis is our legitimate interest in the continuing improvement of our websites.
Information regarding data processing by third parties
Google Analytics
If you have consented, we use Google Analytics on this website, a web analysis service of Google Ireland Limited. This allows us to match data, sessions and interactions across several devices to a pseudonymous user ID and, by doing so, to analyse the activities of a user across devices.
Having been certified under the CH-U.S. and EU-U.S. Privacy Shield, Google guarantees that the data protection rules are also complied with if data is processed in the U.S.
Google Analytics uses cookies which enable an analysis of your use of the website. The information gathered by the cookie about your usage of this website will generally be transferred to a Google server in the U.S. and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will first be truncated within member states of the European Union or other parties to the Agreement on the European Economic Area. We would like to point out that, on this website, Google Analytics was extended to include IP anonymisation in order to enable the anonymised capture of IP addresses. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
- Number of page views
- Number of users
- Bounce rate (page is closed after viewing one page only)
- Session duration (average duration across all users)
- Country from which the website was accessed
- Use of website functions
- How many times which page is visited
- Which website the user comes from
- Booking conversion rate (how many users of the website book goods or services)
- What region the user comes from
- Device and device category used by the user to access our website
Google will use this information on our behalf in order to analyse your use of the website, in order to compile reports regarding the activities on our site, and in order to provide additional services to us in connection with the use.
The legal basis for the use of Google Analytics is your voluntary consent.
You can find further information on terms of use and privacy at Google here:
Recipients/categories of recipient
Google is the recipient of the collected data.
Transfer to third countries
The personal data will be transferred to the U.S. under the Privacy Shield on the basis of an adequacy decision. You can view the associated certificate here.
Duration of data storage
The data sent to us and linked to cookies, user ID or similar or advertising ID will be automatically deleted after 14 months. The data whose retention time has expired will be deleted automatically once a month.
In addition, you can prevent the data generated by the cookie about your use of the website from being collected by Google as well as the processing of this data by Google by downloading and installing the browser add-on to deactivate Google Analytics for your browser.
An opt-out cookie prevents any future collection of your data when visiting this website. In order to prevent the collection across different devices, you must however opt out on all devices used by you.
Google Maps
We deploy Google Maps to allow you to plan your route to us quickly and comfortably. This is a service offered by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland. If you click on the route planning link, you will leave our website and will be redirected to an offer from Google. By using Google Maps you enter into a direct user relationship with Google.
You can find further information on terms of use and privacy at Google here.
Google reCAPTCHA
In order to protect our websites against spam, we use the reCAPTCHA service of Google Inc. (Google) in places where you can enter data. A question is used to establish whether it was a human who entered data or whether the data was entered improperly by automated, electronic means. The reCAPTCHA service includes IP addresses and any other data required by Google to operate the reCAPTCHA service being sent to Google. Your input will be sent to Google for these purposes and used there. Google will, however, first truncate your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to analyse your usage of this service. The IP address transferred by your browser as part of reCAPTCHA will not be combined with other Google data.
Links to third party websites
This Privacy Policy does not apply to external links which are available to you within the scope of our website. When we provide such links, we endeavour to ensure that they also comply with our data protection and security standards. However, we have no influence over other providers' compliance with data protection and security regulations. Please therefore also read the privacy policies set out on the websites of other providers.
Online services on social media
We offer online services on various platforms in order to provide information to you and to make contact with you.
We have no influence over the processing of personal data by the respective platform operator. Typically, when visiting our offers on social media platforms, the platform operator will store cookies in your browser, which are used to store your user behaviour and your interests for purposes of market research and advertising.
The platform operators use those user profiles which are generated – usually across devices – in order to show you personalised advertising. Data processing may affect persons who are not registered as a user with the platform in question. In certain cases your data will be processed outside of Switzerland or the European Union, which may impede the assertion of your rights. In selecting such platforms, however, we look at whether the operators undertake to comply with the high data protection levels applicable in Switzerland and the EU.
When visiting one of our social media offerings, your personal data will be processed on the basis of our legitimate interest in maintaining a diverse public image for our company and in using effective means of information and communication with you.
You may obtain detailed information regarding data processing in connection with the use of our offering on these platforms, rights to object and the exercise of rights of access to information in the privacy policy of the platform operator in question.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The basis of the processing is an agreement regarding the joint processing of personal data in accordance with the GDPR.
Privacy policy of the provider
Google+/ YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy of the provider
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy of the provider
LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy of the provider
Xing
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy of the provider
Newsletter
We offer you the opportunity to subscribe to our free email newsletter. We will only send this newsletter with your consent. When you subscribe to a newsletter, the data provided in the form (name and email address) will be transmitted to us and stored for as long as the subscription to the newsletter is active.
You consent to the processing of your data for purposes of sending the newsletter will be obtained and you will be referred to this Privacy Policy. The registration procedure is based on a “double-opt-in process”. After you have subscribed to the newsletter, you will receive an email asking you to click on a link in order to confirm your subscription. This allows us to prevent unauthorised third parties subscribing under your email address.
We keep a record of the subscription process, for purposes of providing evidence of our compliance with legal requirements. This involves storing the IP address of the accessing device, as well as the subscription date and time. The data provided by you will be stored while the newsletter subscription is active.
You may terminate the subscription at any time. For these purposes each newsletter contains a link to unsubscribe. This also allows you to revoke your consent. The legal basis for the processing of your data is your voluntary consent to the receipt of the newsletter.
If you purchase goods or services from us and provide us with your email address as part of this process, we reserve the right to use it in order to send newsletters containing direct marketing materials for similar goods or services provided by us. This is done for purposes of our legitimate interest of promoting our goods and services to our customers, which prevail when weighing up the various interests. You may object to this use of your data at any time by sending a message to the point of contact set out below or via the unsubscribe link in the promotional email, without incurring any transmission costs other than in accordance with the base tariffs.
Enquiries sent to us
If you send us an enquiry – for instance by using the contact form or chat function – your personal data will be processed in order to respond to your enquiry:
- to process the enquiry you have transmitted in the contact form
- to process your service enquiry
- to process your return
- to handle queries raised by telephone and in writing (email)
- to provide information about products and services
We will not use your data for any automated decision making processes or for profiling.
Applications
When applying to us, the data provided by you – for example your contact details and qualifications – will only be used to process the application procedure.
Your data will be passed on internally to the relevant department managers. We will process your personal data for purposes of your job application to the extent that this is necessary for a decision to be made regarding the conclusion of an employment relationship.
In addition, we may process personal data concerning you to the extent that this is required to defend against any legal claims asserted in the context of the application procedure.
Your data will generally be deleted 3 months after the application procedure has ended, unless there are agreements to the contrary in place with the applicant (see, inter alia, admission to the pool of applicants). If your application results in the conclusion of an employment contract, the data will be included in your personnel file.
For how long will your data be stored?
We will store your personal data for as long as this is required to arrive at a decision regarding your application. If no employment relationship is entered into between you and us, we may continue to store the data insofar as this is necessary to defend against any legal claims. The application documents will be deleted two months after the rejection has been communicated, unless a longer storage time is required due to legal disputes.
Admission to the pool of applicants
In the event that we currently do not have any open positions available that match your application – for instance in the event of an unsolicited application – we are happy to admit your application to our pool of applicants. This does, however, require your consent which we will request in such a case.
If we do not use your application documents in the pool of applicants within one year, we will automatically delete your application documents.
No automated decision making
There will be no automated decision making in individual cases; this means that the decision regarding your application will not be solely based on automated processing.
Amendments
This Privacy Policy will be amended from time to time. These amendments will be made, for instance, if there are changes due to technical developments, legal provisions or other influences.
Last updated: October 2019
The original text was written in German. In the event of legal disputes, the German version shall apply.