We as GROHE appreciate your interest in our company and our
products. We take the protection of your privacy when using our
websites very seriously. In the following we are pleased to inform
you about the collection of anonymous and personal data.
A. Responsible for the data processing
The person responsible for the processing of personal data in the
context of this website in accordance with the regulations of the
European General Data Protection Regulation (GDPR) is named in the
imprint.
You can reach our Corporate Data Protection Officer at
DataProtection(a)Grohe.com.
With this privacy statement we inform you about the extent of the
processing of your personal data (hereinafter only "data").
B. Data processing
As part of the operation
of our website we process data. The processing of the data also
includes the disclosure by transmission.
The EU Commission, the EU-US privacy shield, has an adequacy
decision for data transfers to the United States. In this, the
Commission has certified that the guarantees for the transmission
of data to the United States on the basis of the EU-US privacy
shield comply with the standards of data protection in the EU. As
far as we transmit data to the USA, we have identified the
participation of our service providers in the EU-US privacy
shield.
The data, processing purposes, legal bases, recipients and
transfers to non-EEA countries concerned are listed in the
following list:
a) Log file
We log your visit to our websites. The following data is processed:
Name of the retrieved web page, date and time of retrieval, time
difference to Greenwich Mean Time, access status, amount of data
transferred, browser type and version, the operating system you are
using, the referrer URL (previously visited Website), your IP
address and the requesting provider. This is necessary to ensure
the security of the website. We process the data on the basis of
our legitimate interests in accordance with
Art. 6 para. 1
f) GDPR. The log file will be deleted after seven days,
unless it is required to clarify or to prove concrete infringements
that have become known within the retention period.
b) Hosting
Hosting will store all data to be processed in connection with the
operation of this website. This is necessary to enable the
operation of the website. We process the data accordingly on the
basis of our legitimate interests in accordance with
Art. 6
para. 1 f) DSGVO. To provide our online presence, we use
the services of web hosting providers to whom we provide the above
data.
c) Contact
If you contact us, your data (name, contact details, if provided by
you) and your message will be processed solely for the purpose of
processing and processing your request. These data are processed by
us on the basis of
Art. 6 para. 1 b) GDPR or
Art. 6 para. 1 f) GDPR to handle your
request.
d) Newsletter
In order to provide you with regular information about our company
and our range of service and products, we offer the dispatch of a
newsletter. By registering for the newsletter, we process the data
entered by you (e-mail address and other voluntary
information).
In doing so we receive your consent as follows:
"I would like to order the Grohe AG newsletter. I can revoke my
consent at any time by using the unsubscribe link in the
newsletter. "
The transmission of the newsletter by means of registration takes
place on the basis of your consent in accordance with
Art.
6 para. 1 a) GDPR.
The registration for the newsletter takes place in the so-called
double opt-in procedure. To prevent abuse, we will send you an
e-mail after your registration, asking you to confirm your
registration. In order to prove the registration process according
to the legal requirements, your application will be logged.
Affected are the storage of the registration and the confirmation
time and your IP address. To send the newsletter, we use service
providers to whom we provide the above data.
e) Customer Account
When you open a customer account, you consent to the storage of
your data (name, address, e-mail address, bank details) as well as
your usage data (username, password). This allows us to identify
you as a customer and gives you the ability to manage your orders.
We receive your consent as follows:
"I want to create a customer account. Please save my data for
this purpose. I can revoke my consent at any time by e-mail to
"smart.de (a) grohe.com".
Your data will be processed on the basis of your consent in
accordance with
Art. 6 para. 1 a) GDPR.
f) Purchase Processing
We process your order data to process the purchase contract. The
processing of the data is carried out accordingly on the basis of
Art. 6 para. 1 b) GDPR.
We transmit your address data to the company commissioned with the
delivery. If it is necessary to process the contract, we will also
provide your e-mail address or telephone number to coordinate a
delivery date (Avis) to the company commissioned with the
delivery.
We will transmit your transaction data (name, date of order, method
of payment, date of dispatch and / or receipt, amount and payee, if
applicable bank details or credit card details) to the payment
service provider responsible for processing the payment.
g) Website Analysis and Marketing
In order to enable the use of certain functions, we use so-called
cookies. These are short data packets that are stored on your
device and exchanged with other providers. Some of the cookies we
use are immediately deleted after closing your browser (so-called
session cookies). Other cookies remain on your device and allow
your browser to be recognized the next time you visit it
(persistent cookies).
You can delete all cookies stored on your device and set the common
browsers to prevent the storage of cookies. In that case, you may
need to re-adjust some settings every time you visit this website
and accept the impact of some features.
We use cookies in connection with the following
functionalities:
aa) Google Analytics
We use Google Analytics a service of Google LLC 1600 Amphitheater
Parkway Mountain View, CA 94043 USA. Google uses certain cookies.
The information generated by the cookie about your use of this
website (including your IP address) will be transmitted to and
stored by Google on servers in the United States. We use the
information stored to evaluate your use of the website, to compile
reports on website activity for website operators, and to provide
other website-related services. Due to our predominant interest, we
process the data thus obtained for the optimal marketing of our
online offer according to
Art.6 para. 1 f) DSGVO.
Google will never associate your IP address with other Google
data.
Please note that this website uses Google Analytics with the
extension "anonymizeIp ()". This truncates IP addresses before
transmitting them to a server in the United States. A direct
personal reference in connection with the stored data is thus
usually excluded. Only in exceptional cases will the full IP
address be sent to a server in the USA and shortened there.
You may opt-out of the collection of data at any time by opting for
the Google Analytics Disable Add-on at any time
http://tools.google.com/dlpage/gaoptout?hl=en.
Please also note the notes on the use of Google data in the Google
Partner Network at:
https://policies.google.com/technologies/partner-sites
https://policies.google.com/technologies/ads
Google is certified under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit:
https://policies.google.com/privacy?hl=en&gl=en
bb) New Relic
We use the software NewRelic on our website. This will allow an
analysis of your website usage. The information stored by the
cookie about your use of this website (including your IP address)
will be transmitted to a server of NewRelic in the USA. We process
the data due to our predominant interest in the optimal marketing
of our online offer according to
Art.6 para. 1 f)
DSGVO.
NewRelic will use the information stored to evaluate your use of
the website, to compile reports on website activity for website
operators, and to provide other services related to website
activity and internet usage.
NewRelic is certified under:
https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active
Further information on data protection can be found at:
https://newrelic.com/termsandconditions/privacy
cc) Privacy Policy for Product Reviews
(Bazaarvoice)
When you submit a product review, we collect personally
identifiable information from you in a form. These are "display
name", IP address, e-mail address, as well as a rating assigned to
you, as well as any additional information voluntarily provided.
The data provided will be processed for the use of the product
evaluation and displayed on a GROHE website.
In doing so we get the following consent:
"I agree that GROHE and its service providers may use my e-mail
address to contact me as part of my product review for
administrative issues or for receiving information about rated or
similar products. I can withdraw my consent at any time with effect
for the future by message to GROHE. "
The revocation of consent does not affect the legality of the
processing carried out on the basis of the consent until the
revocation. In case of a cancellation we will delete your data as
well as your product rating (s) according to legal
regulations.
We work with Bazaarvoice to provide customers with rating options
for our products. Bazaarvoice uses cookies to process information
from consumers and monitor user behavior across multiple
websites.
Your Product Review will be processed by Bazaarvoice Inc, 3900 N.
Capital of Texas Highway, Suite 300, Austin, Texas 78746, USA. A
transfer of data to the USA may be made in accordance with Art. 45
General Data Protection Regulation if the EU Commission decides in
an implementing act that the USA has an adequate level of data
protection. On July 12, 2016, the EU Commission has determined that
the US guarantees an adequate level of data protection due to the
agreements on EU-US Privacy Shield. Bazaarvoice Inc has entered the
EU-US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000KzSfAAK&status=Active
Further information on data protection can be found at:
https://www.bazaarvoice.com/legal/privacy-policy/.
h) Use of Google ReCAPTCHA
To protect the comment section and the input forms of our websites
against spam and abuse, we use the external service reCAPTCHA. This
is a service provided by Google Inc, 1600 Amphitheater Parkway,
Mountain View, CA 94043 USA (hereafter Google). reCAPTCHA makes it
possible to differentiate between inputs of human origin and those
that are abused by automated software (also called bots). When
using the service, the following data will be transmitted to
Google's servers in the USA:
• referrer URL
• IP address of the user
• the input behavior of the user as well as mouse movements in the
area of the "reCAPTCHA" checkboxes
• Google Account: If the user is logged in to their Google Account
at the same time, this will be recognized and assigned
• Information about the browser used, browser size, browser
resolution, browser plug-ins, language settings, date
• Mouse and touch events within the page
• scripts and presentation instructions of the website
• cookies
The processing is based on our predominant legitimate interest in
the security of our website in accordance with
Art. 6 para.
1 f) of the GDPR.
Google is certified under:
https://www.privacyshield.gov/participant?
id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit:
https://policies.google.com/privacy?hl=en&gl=en
i) Integration of external content
We use external dynamic content to optimize the presentation and
the offer of our website. When visiting the website, a request is
automatically made via the API to the server of the respective
content provider, in which certain log data (for example the IP
address of the users) is transmitted. The dynamic content is then
transmitted to our website and displayed there.
We use external content in connection with the following
functionalities:
aa) Google Maps
We use Google's "Google Maps" map service on our website to provide
you with an interactive map. When the map is displayed, data,
including your IP address and location, is transmitted to Google's
servers in the United States and stored there. This processing is
based on our predominant legitimate interest in an optimal
marketing of our offer according to
Art. 6 para. 1 f) of
the DSGVO.
Google is certified under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit:
https://policies.google.com/privacy?hl=en&gl=en
bb) Facebook Visitor Tracker
The "Visitor Tracker" is a service of Facebook Inc., 1601 Willow
Road, Menlo Park, CA 94025, USA, or if you are located in the EU,
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
This enables us to determine target groups for advertising on
Facebook, so-called "Facebook Ads", based on website visits and the
local surfing behavior. We also use this pixel to measure the
effectiveness of online marketing measures. This allows us to track
users' actions after they have seen and / or clicked a Facebook ad
and then placed an order.
When the website is called, the pixel is integrated directly by
Facebook and can store a cookie on your device. If you subsequently
log in to Facebook or are already logged in to Facebook, your
website visit will be noted in your profile. The collected user
data are anonymous for us and thus do not allow us to conclude on
the user identity. However, this data is stored and processed by
Facebook, so that a conclusion on the respective user profile is
possible. The data processing by Facebook takes place in accordance
with the data usage policy of Facebook. If you are not a member of
Facebook, you are not affected by this data processing.
C. Duration of data storage
We only store personal data for as long as it is necessary for the
purposes for which it is processed or if your consent has been
revoked. As far as statutory storage requirements are concerned,
the storage period for certain data can be up to 10 years,
regardless of the processing purposes.
D. Data Subjects’ Rights
a) Information
Upon request, you will receive information about all personal data
that we have stored about you free of charge at any time.
For your own protection, we reserve the right to obtain further
information upon request to confirm your identity in order to
prevent unauthorized persons from gaining access to personal data
that we undertake to protect. If identification is not possible, we
reserve the right to refuse to process the request.
b) Correction, cancellation, limitation of processing
(blocking), opposition
If you no longer consent to the storage of your personal data or if
these have become incorrect, we will, upon appropriate
instructions, arrange for the deletion or blocking of your data or
make the necessary corrections (to the extent permitted by
applicable law). The same applies if we are to process data in the
future only in a restrictive way.
c) Data Portability
Upon request, we will provide you with your data in a standard,
structured and machine-readable format so that you can, if you
wish, submit the data to another person in charge.
d) Right to Complain
There is a right of appeal to the competent supervisory
authority:
(https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
e) Right of revocation in the case of consent with effect
for the future
Any given consent can be revoked at any time with effect for the
future. Your revocation does not affect the lawfulness of the
processing until the time of revocation.
f) Limitation
Data where we are unable to identify the data subject, for example,
if they have been anonymised for analysis purposes, is not covered
by the above rights. Information, deletion, blocking, correction or
transfer to another company may be possible with respect to such
information if you provide us with additional information that
allows us to identify it.
g) Exercising your Rights
If you have any questions regarding the processing of your personal
data, information, correction, blocking, opposition or deletion of
data or the desire to transfer the data to another company, please
contact “dataprotection_be (a) grohe.com”.
E. Data Security
To ensure the security of the data transmitted to us, we use TLS
encryption with 128 bits. You recognize such encrypted connections
with the prefix "https: //" in the page link in the address bar of
your browser. Unencrypted pages are identified by "http: //".
All data that you submit to our website - such as inquiries or
logins - cannot be read by third parties thanks to SSL
encryption.
F. Change of the privacy policy
In order to ensure that our data protection guidelines always
comply with the current legal requirements, we reserve the right to
make changes at any time. This also applies in the event that the
data protection information must be adjusted due to new or revised
offers or services.