DATA PRIVACY STATEMENT LAST UPDATED JULY 2022

1 Scope of application

1.1 The privacy of your personal data is very important to us. The purpose of this privacy policy is to inform users of the Geberit Internet services, particularly the Geberit website(s) (“website”) – as well as customers, suppliers and other business partners – about how the Geberit companies within the EU, Switzerland, United Kingdom and Norway process personal data. With this in mind, not all aspects of this information may apply to you.

1.2 Personal data within the scope of this privacy policy refers to any data that relates or can be related to you, such as your name, address or email address.

2 Controller

2.1 The operator – and therefore the controller – of the Geberit website you have visited is the Geberit company listed in the imprint on the website in question.

2.2 Incidentally, the controller responsible for processing your personal data is Geberit International AG, Schachenstrasse 77, CH-8645 Jona, corporate.communications@geberit.com.

3 Data Protection Officer

Our data protection department, including the data protection officer can be reached at dataprotection@geberit.com or at our postal address with the added information “data protection”.

To arrange a confidential appointment with only our data protection officer, please use the following contact details:

MAGELLAN Rechtsanwälte, Brienner Straße 11, 80333 Munich

Email: datenschutz_geberit@magellan-legal.de

4 Automatic data collection and processing on Geberit websites

Our websites use certain technologies and tools, which are outlined below. If there are any that you do not want us to use, provided these are optional, we have provided various options and settings for each one that will prevent it from being used.

4.1 Server log files

4.1.1 As with every website, our server automatically and temporarily collects information transmitted by your browser in server log files, provided you have not disabled this feature. If you intend to view our website, we require certain types of data on a technical level so that we can display our websites whilst also ensuring stability and security. This data is as follows:

  • IP address of the computer sending the request
  • file request of the client
  • http response code
  • the web page that linked you to our website (referrer URL)
  • time of the server request
  • browser type and version
  • operating system used by the computer sending the request

4.1.2 The data in these server log files will not be analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). The legitimate interest we pursue when collecting this data is to ensure the proper functioning of our websites. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided in Section 2. It is necessary for us to temporarily save your personal data to ensure that the website appears on your computer. To achieve this, your personal data must be saved for the duration of your visit to our website. Your personal data is saved in log files in order to ensure the operability of the website. Your personal data also ensures the security of our IT systems. Your personal data is not processed further. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of your personal data being collected for the provision of the website, this applies as soon as you leave the website. If your personal data is saved in log files, these are deleted after 14 days at the latest. If the data is saved for reasons beyond these, your personal data is anonymised so that you cannot be associated with or identified from this data.

4.2 Improving quality, optimising the website, user behaviour analysis and playing personalised adverts

4.2.1 The legal basis for storing information on your PC or mobile device or accessing information already stored on your PC or mobile device is your consent in accordance with the national laws implementing Directive 2002/58/EC (Directive on privacy and electronic communications). The legal basis for processing your personal data as part of using cookies or comparable technologies – such as pixels, tags, web beacons or browser fingerprinting (known as ‘tracking cookies’) – for improving quality, optimising the website, user-behaviour analysis and playing personalised adverts after merging with your contract master data and your purchase history, is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR.

4.2.2 Processing your personal data allows us to optimise the user experience on our website and to promote sales by selling goods or services.

4.2.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.2.4 You can find an overview of the cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can adjust your settings for the cookies set on our websites at any time.

You may revoke your consent to the processing of your personal data using tracking cookies at any time with future effect by:

(1) Changing your consent settings on our website
On our website, you can simply revoke your consent to the processing of your personal data using tracking cookies. To access this setting, click on the link in the website footer (‘Change cookie settings’) to open the cookie banner.

Revoking your consent places a further cookie on your computer, which indicates to us that no tracking cookies can be used. If you delete this cookie, you will be asked to submit your declaration of consent again the next time you open our website.

(2) Changing your browser settings
Alternatively, you can change your browser settings to deactivate or limit the transfer of cookies in general. You can delete saved cookies at any time. This process can also be automated. If technically necessary cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.

(3) Google Analytics

As part of the integration of Google Analytics, we use so-called “server-side tagging“. In this case, a server is switched from our side between the collection by us and the transmission to Google. This ensures that no personal data is transmitted to Google.

If you do not want your personal data to be processed by Google Analytics, you can additionally install a browser add-on to deactivate it. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js and dc.js) on websites not to collect your personal data.

For more information on terms of use and data protection, please visit:

http://www.google.com/analytics/terms/de.html or

https://support.google.com/analytics/answer/6004245?hl=de

4.3 Google AdWords

4.3.1 We use the services of Google AdWords (including Google AdWords remarketing) so that we can place advertisements (called “Google AdWords”) on external websites for the purpose of drawing attention to attractive offers. Using the data gathered from these advertising campaigns, we are able to determine how effective individual advertisements are. We use this tool to show you advertisements that might interest you, to make our website more appealing to your specific interests, and to calculate our advertising costs in a fair manner.

4.3.2 These advertisements are delivered by Google via what are known as ad servers. For this purpose, we use ad server cookies that enable us to gauge success by means of a number of metrics, such as how often advertisements are displayed and how many times they are clicked by users. If you are linked to our website by a Google advertisement, Google AdWords will save a cookie on your PC. These cookies will normally expire after 90 days and are not used to identify you personally. A cookie of this type will normally contain data for analysis such as the unique cookie ID, the number of ad impressions for each placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag specifying that the user no longer wishes to be shown advertisements).

4.3.3 These cookies allow Google to recognise your Internet browser. If a user visits specific pages on the website of an AdWords customer and the cookie saved on the user’s computer has not yet expired, Google and the customer are able to discern that the user has clicked on the advertisement and was linked to this page. A different cookie is assigned to each AdWords customer. It is therefore not possible to track cookies via the websites of AdWords customers. We do not collect or process any personal data ourselves in the aforementioned advertisements. Rather, we simply receive statistical analyses of the data from Google. Based on these analyses, we are able to determine which of the advertisements placed are particularly effective. We do not receive any further data from the use of advertising, nor in particular are we able to use this information to identify users.

4.3.4 The legal basis for processing your personal data as part of the ‘Google Adwords’ ser-vice is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent. As a general rule, the relevant cookies are deleted after 90 days.

4.3.5 You can find an overview of the cookies used on our website for Google Adwords purposes in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There you can revoke your consent to the processing of your personal data for Google Adwords purposes at any time with future effect.

4.4 DoubleClick by Google

4.4.1 Our websites use the tool DoubleClick by Google. DoubleClick uses cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and (if the frequency capping feature is enabled) to prevent users from seeing the same advertisements multiple times. Using a cookie ID, Google can register which advertisements have been shown in which browser, preventing users from seeing the same advertisement multiple times. Furthermore, DoubleClick can use cookie IDs to record what are known as conversions, which are related to ad requests. A conversion happens if, for example, a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes a purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.

4.4.2 Due to the use of Google AdWords and DoubleClick by Google, your browser will automatically establish a direct connection to the Google server. We have no control over the scope and further use of data collected by Google through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As DoubleClick has been integrated into our web services, Google will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Google service, Google may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Google, it may be possible for Google to identify and save your IP address.

4.4.3 Further information on DoubleClick by Google can be found at: https://www.doubleclickbygoogle.com and on data protection at Google in general at: https://policies.google.com/privacy?hl=en.

4.4.4 The legal basis for processing your personal data as part of the ‘DoubleClick by Google’ service is your declaration of consent in accordance with point (a) of Article 6 (1) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.4.5 You can find an overview of the cookies used on our website for purposes relating to the Google DoubleClick service in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:

You may revoke your consent to the processing of your personal data as part of the Google DoubleClick service at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings:

  • by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
  • by disabling the cookies for conversion tracking by setting your browser to refuse cookies from the domain: www.googleadservices.com – see https://www.google.co.uk/settings/ads. This setting will be undone once you delete your cookies
  • by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies
  • by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this

4.5 AppNexus, Adform, Plista, Sizmek

4.5.1 Our websites also use tools from AppNexus, Adform, Plista and Sizmek.

4.5.2 These tools use cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and to prevent users from seeing the same advertisements multiple times. Using a cookie ID, the tools can register which advertisements have been shown in which browser, and (if the frequency capping feature is enabled) prevent users from seeing the same advertisement multiple times. According to these third-party providers, the cookies used by the tools do not contain any personal information.

4.5.3 Due to the use of these tools, your browser will automatically establish a direct connection to the server of the relevant third-party provider. We have no control over the scope and further use of data collected through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As these tools have been integrated into our web services, the third-party providers will be notified when you visit the relevant part of our website or click on one of our advertisements.

4.5.4 The legal basis for processing your personal data as part of the service is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data allows us to promote sales by selling goods or services. In this context, we use cookies that display adverts relevant to you and reports to improve campaign performance. Use of the relevant cookies also prevents you from seeing the same adverts multiple times. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.5.5 Further information on the tools referred to in this section can be found at https://www.appnexus.com/en/company/platform-privacy-policy, https://site.adform.com/privacy-policy-opt-out/, https://www.plista.com/about/privacy/ and https://www.sizmek.com/privacy-policy/.

4.5.6 You can prevent participation in the services from AppNexus, Adform, Plista and Sizmek in a number of ways:

4.5.7 You can find an overview of the advertising cookies used on our website for the tools described above in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings:

  • by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties
  • by disabling the cookies used for conversion tracking. This is done by setting your browser to refuse cookies from the domains www.appnexus.com, www.themig.com, https://site.adform.com, www.plista.com and www.sizmek.com
  • by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies
  • by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this

4.6 Facebook Custom Audiences

4.6.1 Our websites also use the Custom Audiences remarketing feature from Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. This allows users of our websites to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.

4.6.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Facebook server. We have no control over the scope and further use of data collected by Facebook through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As Facebook Custom Audiences has been integrated into our web services, Facebook will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Facebook service, Facebook will be able to attribute the visit to your individual account. Even if you are not registered with or logged into Facebook, it is possible for Facebook to identify and save your IP address as well as other identifying features.

4.6.3 The legal basis for processing your personal data for the ‘Custom Audiences’ re-marketing function provided by Facebook Inc. is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data using the ‘Custom Audiences’ remarketing function allows us to boost sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as Facebook ads) when visiting the social network Facebook or other websites that also use the feature.

4.6.4 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.6.5 You can find an overview of the cookies used on our website for the Facebook Custom Audiences tool in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for use for the Facebook Custom Audiences function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.6.6 The Facebook Custom Audiences feature can also be disabled by making the appropriate setting in your browser or – if you are logged into Facebook – at https://www.facebook.com/ads/preferences.

4.6.7 Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.

4.7 Pinterest tag

4.7.1 Our website also uses the conversion-tracking Pinterest tag from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. This allows users of our websites to receive interest-based advertising when visiting Pinterest or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our website to your interests.

4.7.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Pinterest server. We have no control over the scope and further use of data collected by Pinterest through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter: As the Pinterest tag has been integrated into our web services, Pinterest will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Pinterest service, Pinterest may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Pinterest, it is possible for Pinterest to identify and save your IP address as well as other identifying features.

4.7.3 The legal basis for processing your personal data for conversion tracking using the ‘Pinterest tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data using the ‘Pinterest tag’ conversion tracking element allows us to boost sales by selling goods or services. We use conversion tracking to show you advertisements that might interest you and to personalise our websites to your interests. Conversion tracking allows you to receive interest-based advertising when visiting the social network Pinterest or other websites that also use the feature. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed or if you revoke your consent.

4.7.4 You can find an overview of the conversion tracking cookies used on our website using the Pinterest tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for conversion tracking purposes using the Pinterest tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.7.5 The Pinterest tag feature can be disabled by making the appropriate setting in your browser or – if you are logged into Pinterest – at https://help.pinterest.com/en/article/personalized-ads-on-pinterest.

4.7.6 Further information on data processing by Pinterest can be found at https://policy.pinterest.com/en/privacy-policy.

4.8 LinkedIn Insight Tag

4.8.1 Our websites also use LinkedIn Conversion Tracking and Insight Tag feature from LinkedIn Corporation, Sunnyvale, CA 94085, USA. This allows users of our websites to receive interest-based advertising when visiting linkedIn.com or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests.

4.8.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the LinkedIn server. We have no control over the scope and further use of data collected by LinkedIn through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As the LinkedIn Insight Tag has been integrated into our web services, LinkedIn will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are regis-tered with a LinkedIn service, LinkedIn will be able to attribute the visit to your individual account. Even if you are not registered with or logged into LinkedIn, it is possible for LinkedIn to identify and save your IP address as well as other identifying features.

4.8.3 The legal basis for processing your personal data as part of the conversion tracking ‘Insight Tag’ is your declaration of consent in accordance with point (a) of Article 6(1) of the GDPR. Processing your personal data allows us to promote sales by selling goods or services. We use this tool to show you advertisements that might interest you and to personalise our websites to your interests. The tool allows you to receive interest-based advertising (known as LinkedIn ads) when visiting the social network LinkedIn or other websites that also use the feature.

4.8.4 You can find an overview of the conversion tracking cookies used on our website using the Insight tag in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. You may revoke your consent to the processing of your personal data for conversion tracking purposes using the Insight tag function at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.

4.8.5 The LinkedIn Insight Tag feature can also be disabled by making the appropriate setting in your browser or – if you are logged into LinkedIn– at https://www.linkedin.com/psettings/advertising.

4.8.6 Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/cookie-policy and https://www.linkedin.com/legal/privacy-policy.

4.9 Google Maps

4.9.1 The legal basis for processing your personal data in relation to integrating Google Maps is your consent acc. to point (a) of Article 6(1) of the GDPR.

4.9.2 The processing of your personal data for the integration Google Maps makes it easier for you to find our locations. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. In our case, this is as per 12 months.

4.9.3 You can revoke your consent to the processing of your personal data for Google Maps at any time and with future effect by opening our cookie banner via the footer on our home page and adjusting your settings.. Additionally, you can apply the settings in your browser (for example by installing plug-ins or add-ons) to prevent your data from being transmitted to the Google servers. If your browser does not support Google Maps, there is no access to the Google server.

For more information on terms of use and data protection, please visit:

http://www.google.com/intl/en-GB/privacy/

4.10 Video centre

4.10.1 The legal basis for processing your personal data in relation to integrating our videos is established in point (f) of Article 6(1) of the GDPR.

4.10.2 We process your personal data for provision of the video centre in order to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device.

4.10.3 Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. This is, at the latest, after you leave our website. 4.10.4 Processing your personal data is strictly necessary for integration of the video centre. It is therefore not possible for you to object to this.

4.11 You Tube

4.11.1 We use the video platform “YouTube“ of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (»YouTube«), a company of Google Inc. to ensure an appealing, consistent presentation of video content on our website that is independent of your terminal device. We do this in the Enhanced Privacy Mode. Unless you agree to the cookie when visiting the website, no data is collected by YouTube when you visit the website. Only when you want to play the video and agree to the cookie, your data is transmitted to YouTube (such as IP address, referring page, device information (browser, device type), retrieved video). We ourselves record and store whether and which YouTube video you have played in order to be able to offer you a customized service.

4.11.2 Your personal data is therefore deleted as soon as it is no longer required to achieve the purpose of its processing.

4.11.3 The legal basis for the processing of your personal data is your consent according to point (a) of Article 6(1) GDPR. You have the right to withdraw your consent at any time. If you wish to do this, please contact us via the details specified above. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.

4.11.4 We have no influence on the data processing by YouTube. Further information on data processing by You Tube can be found at https://policies.google.com/privacy?hl=en-GB.

4.12 Vimeo

4.12.1 We use the Vimeo video platform from Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA (hereafter: ‘Vimeo’), to ensure that video content on our website is displayed in an appealing and uniform way, regardless of your end device. Unless you have already agreed to the cookie when visiting the website, no data is collected by Vimeo through your visit to the website. Your data (such as your IP address, device information – including browser and device type – and retrieved video) is only shared with Vimeo when you want to play the video and agree to the cookie. For our part, we record and store information on whether you have played a Vimeo video – and if so, which one – to offer you a more personalised service.

4.12.2 We delete your personal data as soon as it is no longer required for the purpose for which it was processed.

4.12.3 The legal basis for processing your personal data is established by your consent in accordance with point (a) of Article 6(1) of the GDPR. You have the right to withdraw your consent at any time. Please contact us via the details provided above if you would like to do so. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained.

4.12.4 We have no influence on how data is processed by Vimeo. Further information on data processing by Vimeo can be found at https://vimeo.com/privacy.

4.13 Moving Image

4.13.1 We use the “Moving Image“ service of the company movingimage EVP GmbH, Tempelhofer Ufer 1, 10961 Berlin, Germany, to optimise the integration of videos, livestreams and events provided on our website. Moving Image enables us to generate statistics about the videos we make available on the website by setting cookies and a local storage. The following personal data is processed for this purpose: IP address, date and time of your visit, time zone, operating system, browser used, ge-rat information, website URL, referrer URL.

4.13.2 The legal basis for the processing of your personal data is your consent in accordance with point (a) of Article 6(1) of the GDPR. You can revoke your declaration of consent to the processing of your personal data at any time in the future by calling up our cookie banner again via the footer of our homepage and adjusting your settings accordingly. You can find more information on data protection at: https://www.movingimage.com/de/agb/datenschutzerklarung-der-movingimage-evp-gmbh/.

4.14 Technically necessary Cookies

4.14.1 Our websites use technically necessary cookies besides the ones outlined in Sections 4.4 to 4.15. Cookies are small text files that are saved on a local cache in your browser. The cookies specified below are used by us exclusively to ensure that we are able to implement or provide the service that you are using. This is based on point (f) of Ar-ticle 6(1) of the GDPR. Some of our website functions cannot be provided without the use of cookies. For these functions, your browser needs to be identified again even after changing pages. Your personal data is not processed further. The legitimate inter-est that we pursue when processing data is to optimise the website settings for the device you are using and to adapt the user interface accordingly. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above. The following types of cookies (the scope and functionality of which are de-tailed below) are used on our websites:

  • transient cookies (see Section 4.17.2)
  • persistent cookies (see Section 4.17.3).

4.14.2 Transient cookies are automatically deleted once you close your browser. These include session cookies in particular. These save a session ID that makes it possible to attribute various request from your browser to a common session, allowing your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

4.14.3 Persistent cookies are automatically deleted after a specified amount of time, which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

4.14.4 You can find an overview of the technically necessary cookies used on our website in the cookie details of our cookie banner under “Change cookie settings“. You will find this in the footer of the homepage. If permitted, cookies are saved on your computer and transferred from there to our website. This allows you full control over the use of cookies. You can change settings in your browser to deactivate or limit the transfer of cookies. You can delete saved cookies at any time. This process can also be automated. If cookies are disabled on our website, it may cause certain functions to cease, or may stop you from fully utilising all functions on our website.

5 Collection and processing of voluntarily provided data

5.1 We collect and process personal data that has been shared with us voluntarily during the course of interacting with customers, suppliers and other business partners (for example, via email, telephone or our websites)

We process the data for the following purposes:

5.1.1 Contact form and email contact
The legal basis for processing your personal data that is transferred during customer contact interactions is established in point (f) of Article 6(1) of the GDPR. If the aim of the contact is to conclude a contract, then point (b) of Article 6(1) of the GDPR is an additional legal basis for processing your personal data. For customer communications, we only process your personal data to handle your issues. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent during customer communications, this is when your issues are fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to customer communications at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the interaction is deleted unless there is a legal retention period that prevents deletion.

5.1.2 Download Centre
The legal basis for processing your personal data within the Download Centre is established in point (a) of Article 6(1) of the GDPR. If the aim of the contact within the scope of the Download Centre is to conclude a contract, then point (b) of Article 6(1) of the GDPR forms an additional legal basis for processing your personal data. Your data is processed for the purposes of providing and sending documentation you have requested via our website. Processing your personal data in the Download Centre is therefore necessary to process your request or to supply documents you have requested. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. For personal data that is sent as part of the order request, this is when your order is fully processed and there is no legal retention period in effect. You can object to the processing of your personal data with regard to the order process at any time with future effect. However, if you do so, we cannot continue to process your issues. All personal data that was saved during the order process is deleted unless there is a legal retention period that prevents deletion.

5.1.3 Geberit media releases
The legal basis for the processing of your personal data in the context of registering for our media releases is your declared consent in accordance with point (a) of Article 6(1) of the GDPR. The purpose of processing your personal data in the context of Geberit media releases is to send corporate communications relating to the Geberit Group. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was processed. Your personal data will therefore be stored until you have unsubscribed from our media releases. You can revoke your consent to receive media releases at any time or use the unsubscribe link contained within the media releases to object to further receipt of media releases.

6 Further data processing besides our website

6.1 Facebook Insights (Facebook fan page):
We operate our Facebook fan page together with Meta Platforms Inc. 1 Hacker Way, Menlo Park, California 94025, USA (hereafter ‘Facebook’). For this purpose, we have concluded an agreement with Facebook regarding which party has which obligations concerning the GDPR. You can view the essential content of this agreement at https://www.facebook.com/legal/terms/page_controller_addendum. Information about how Facebook processes your personal data can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. By processing your personal data using Facebook Insights, we can analyse your user behaviour. We evaluate the captured data and use it to collate information about our Facebook fan page activity. This helps us to design our Facebook fan page in a more userfriendly way that meets the needs of our target audience. The personal data that is collected from our Facebook fan page is provided to us by Facebook. Your personal data is deleted as soon as it is no longer necessary for the afore-mentioned purposes. If you do not want your data to be collected by Facebook Insights, you can object to the processing of your personal data by Facebook Insights at any time and with future effect. If you do so, we refer your objection to Facebook.

6.2 Instagram
Instagram is a product belonging to Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereafter ‘Meta’). We run our Instagram page together with Meta. For this purpose, we have concluded an agreement with Meta regarding which party has which obligations concerning the GDPR. You can find the detailed information on the processing of your personal data by the Instagram service at: https://help.instagram.com/519522125107875. Information about how Meta processes your personal data can be found at https://help.instagram.com/519522125107875. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. The processing of your personal data by Meta via the Instagram service helps us analyse your user behaviour. We evaluate the captured data and use it to collate information about activity on our Instagram page. This helps us to design our Instagram page in a more user-friendly way that appeals to our target audience. The personal data that is collected from our Instagram page is provided to us by Meta. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Meta, you can object to the processing of your personal data by Instagram/Meta at any time and with future effect. If you do so, we refer your objection to Meta.

6.3 YouTube channel
To ensure we design our social media offering to meet customers’ needs, we use a YouTube channel which is operated by Google Ireland Limited, Gordon House, 4 Bar-row St, Dublin, D04 E5W5, Ireland (hereafter ‘Google’). YouTube is a video platform that enables users to upload and publish their videos for public viewing. You can find more information on how Google processes your personal data at https://policies.google.com/privacy?hl=en&gl=en#infocollect. If you wish to use our YouTube channel, we remind you that you use this service at your own risk. This applies especially to the features offered within the YouTube platform, such as the comment, like and share features under each video. We have no influence over the type and scope of the data processed by Google in relation to the YouTube channel. By using the YouTube channel, your personal data is processed by Google and, in doing so, will be transferred to the United States, Ireland and any other country in which Google does business, regardless of your place of residence, and may be further processed there. The legal basis for processing your personal data is established in point (f) of Article 6(1) of the GDPR. Your personal data is processed for the purposes of designing an appealing and userfriendly YouTube channel that meets the needs of our viewers. In this context, we only process your personal data within the YouTube channel insofar as it is necessary for providing information on our offers and services. We also process personal data in relation to this YouTube channel for the purposes of communicating with users and potential interested parties. The personal data that is collected from our YouTube channel is provided to us by Google. Your personal data is deleted as soon as it is no longer necessary for the aforementioned purposes. If you do not want your data to be collected by Google, you can object to the processing of your personal data in relation to this YouTube channel at any time. If you do so, we refer your objection to Google.

6.4 Twitter
Twitter is a product of Twitter International Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland (hereinafter “Twitter“). We operate our Twitter site together with Twitter. For this purpose, we have concluded an agreement with Twitter on which of us fulfils which obligation in accordance with the GDPR. You can view the main content of the processing of your personal data by Twitter at https://twitter.com/de/privacy. The legal basis for the processing of your personal data is point (f) of Article 6(1) of the GDPR. The processing of your personal data by Twitter enables us to analyse your usage behaviour. By evaluating the data obtained, we are able to compile information about the attractiveness of our Twitter page. This helps us to make our Twitter page more user-friendly and tailored to your needs. Your personal data collected in the course of operating our Twitter page is made available to us by Twitter. Your personal data will be deleted as soon as it is no longer required for our aforementioned purposes. If you do not wish your data to be collected by Twitter, you have the option at any time to object to the processing of your personal data within the framework of Twitter for the future. In this case, we will forward your request for objection to Twitter.

7 Data subject information in accordance with Article 12 ff. of the GDPR

The legal basis for processing your personal data as part of processing your data protection enquiries (data-subject information) is established in point (c) of Article 6(1) of the GDPR in connection with Article 12 ff. of the GDPR. The legal basis for the subsequent documentation of the legally compliant processing of the data-subject information is established in point (f) of Article 6(1) of the GDPR. The purpose of processing your personal data for processing the data-subject information is to answer your data protection enquiry. The legally compliant processing of the relevant data-subject information is subsequently documented to fulfil legal obligations regarding accountability according to Article 5(2) of the GDPR. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. In the case of processing data-subject information, this is three years after the end of the process. You can object to the processing of your personal data with regard to processing data-subject information at any time with future effect. However, if you do so, we cannot continue to process your data-protection enquiry. It is strictly necessary to document the legally compliant processing of the affected data-subject information. It is therefore not possible for you to object to this.

8 Legal defence and enforcement

The legal basis for processing your personal data for legal defence and enforcement is established in point (f) of Article 6(1) of the GDPR. The purpose of processing your personal data for legal defence and enforcement is to prevent unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data is deleted as soon as it is no longer required for the purpose for which it was processed. It is strictly necessary to process your personal data for legal defence and enforcement. It is therefore not possible for you to object to this.

9 Sharing your data with third parties

Personal data is provided within our company to the appropriate positions and departments which require it for fulfilling the previously mentioned purposes. We also sometimes use various service providers and transfer your personal data to other trustworthy recipients. These may include:

  • other Geberit companies for the purpose of centralised customer administration and order processing
  • other Geberit companies for the purpose of providing centralised IT and other services
  • logistics providers
  • banks and other payment service providers for the purpose of processing any payments
  • service providers for the purpose of organising, carrying out and handling of possible installation work and after-sales services
  • scanning services
  • printers
  • IT service providers
  • lawyers and courts

10 Transfer to third countries

10.1.1 In the course of processing your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries that are out-side the European Union (EU) or the European Economic Area (EEA). We only work with service providers who can provide us with suitable guarantees for the security of your personal data and who can guarantee that your personal data will be processed in accordance with strict European data protection standards. A copy of these suitable guarantees can be inspected at our premises.

10.1.2 If we transfer personal data to third countries, this will be done on the basis of a so-called adequacy decision of the European Commission, or, in the absence of such a decision, on the basis of so-called standard contractual clauses, which have also been issued by the European Commission, and if required further measures.

11 Your rights

11.1 As regards your personal data processed by us, you are entitled to the rights outlined below. In order to exercise any of these rights, please send us a written request using the contact details specified above or send an email to the following address: datapro-tection@geberit.com.

11.2 Right to access
You have the right to request that we provide access to the personal data concerning you that we have processed. You may exercise this right within the scope outlined in Ar-ticle 15 of the GDPR.

11.3 Right to rectification
In accordance with Article 16 of the GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

11.4 Right to erasure Subject to the prerequisites specified in Article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you. The prerequisites provide for a right to erasure in particular where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The ability to exercise this right is restricted in accordance with Article 17(3) of the GDPR, particularly in cases where we require your data in order to meet a legal obligation or to process legal claims.

11.5 Right to restriction of processing
You have the right to request from us restriction of processing under the terms specified in Article 18 of the GDPR. This right exists in particular (a) where the accuracy of personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, (b) where you oppose the erasure of the personal data (in cases where the right to erasure applies) and request the restriction of its use instead, (c) where we no longer need the personal data for the purposes for which it was being processing, but it is required by you for the establishment, exercise or defence of legal claims, and (d) where the successful exercise of an objection is still contested between you and us. If the processing of your data has been restricted on any of these bases, such data may only be processed in exceptional cases; for example, where you have given your con-sent to this or where such processing is necessary for the enforcement of legal claims.

11.6 Right to object to processing

In accordance with Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation and at any time, to the processing of personal data concerning you on the basis of point (e) or (f) of Article 6(1) of the GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your inter-ests, rights and freedoms, or unless the circumstances involve the establish-ment, exercise or defence of legal claims.

11.7 Right to data portabilityYou have the right to receive the personal data concerning you, which you have provid-ed to us, in a structured, commonly used and machine-readable format under the terms specified in Article 20 of the GDPR. This requires that the data processing has been based on you having given your consent and has been carried out by automated means.

11.8 Right to lodge a complaint with the relevant data protection supervisory authority.You have the right to lodge a complaint with a supervisory authority – in particular, with-in the EU member state of your habitual residence, your place of work or the location of the alleged infringement – if you believe that the processing of personal data relating to you infringes the applicable data protection legislation.

12 Erasure of your data

Generally speaking, we erase or anonymise your personal data as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the sections above. If data needs to be retained for legal reasons, it will be blocked. This means that it will no longer be available for further processing. If you require further information regarding our erasure and retention periods, please contact the controller specified in Section 2 using the relevant contact data.

13 Changes of purpose

Your personal data will only be processed for purposes other than those described if a legal provision requires this course of action or if you have given your consent to the changed purpose of the data processing. In cases of further processing for purposes other than those for which we originally collected the data, we will notify you of these other purposes prior to the data being processed further, and will provide you with all other information that relates to this.

14 Automated individual decision-making or profiling

We do not use any automated processing systems for coming to specific decisions – including profiling.