Data Privacy Disclaimer
We as GROHE appreciate your interest in our company and our products. We take the protection of your privacy when using our websites very seriously. In the following we are pleased to inform you about the collection of anonymous and personal data.
A. Responsible for the data processing
The person responsible for the processing of personal data in the context of this website in accordance with the regulations of the European General Data Protection Regulation (GDPR) is named in the imprint.
You can reach our Corporate Data Protection Officer at DataProtection(a)Grohe.com.
With this privacy statement we inform you about the extent of the processing of your personal data (hereinafter only "data").
B. Data processing
As part of the operation of our website we process data. The processing of the data also includes the disclosure by transmission.
The EU Commission, the EU-US privacy shield, has an adequacy decision for data transfers to the United States. In this, the Commission has certified that the guarantees for the transmission of data to the United States on the basis of the EU-US privacy shield comply with the standards of data protection in the EU. As far as we transmit data to the USA, we have identified the participation of our service providers in the EU-US privacy shield.
The data, processing purposes, legal bases, recipients and transfers to non-EEA countries concerned are listed in the following list:
a) Log file
We log your visit to our websites. The following data is processed: Name of the retrieved web page, date and time of retrieval, time difference to Greenwich Mean Time, access status, amount of data transferred, browser type and version, the operating system you are using, the referrer URL (previously visited Website), your IP address and the requesting provider. This is necessary to ensure the security of the website. We process the data on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. The log file will be deleted after seven days, unless it is required to clarify or to prove concrete infringements that have become known within the retention period.
b) Hosting
Hosting will store all data to be processed in connection with the operation of this website. This is necessary to enable the operation of the website. We process the data accordingly on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) DSGVO. To provide our online presence, we use the services of web hosting providers to whom we provide the above data.
c) Contact
If you contact us, your data (name, contact details, if provided by you) and your message will be processed solely for the purpose of processing and processing your request. These data are processed by us on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR to handle your request.
d) Customer Account
When you open a customer account, you consent to the storage of your data (name, address, e-mail address, bank details) as well as your usage data (username, password). This allows us to identify you as a customer and gives you the ability to manage your orders.
We receive your consent as follows:
"I want to create a customer account. Please process my data for this purpose. I can revoke my consent with effect for the future at any time by e-mail to the indicated e-mail address.".
Your data will be processed on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR.
e) Notifications about new content on the Website
We are constantly striving to adapt and expand the content provided on the Website. If you create a user account, we will regularly notify you about new content on the Website via the email address you provided during registration. This includes, for example, information on new products and other new content as well as news on new features and services on the Website and Webshop. The sending of this information is based on your personal target group according to your interests.
We process the personal data on the basis of Article 6 para. f) DSGVO. The purpose of the data processing and our legitimate interest is to inform you about content on the Website at any time. You can object to the sending of such notifications by e-mail at any time free of charge by clicking on the unsubscribe button contained in the respective notifications, without incurring any costs other than the transmission costs according to the prime rates.
f) Purchase Processing
We process your order data to process the purchase contract. The processing of the data is carried out accordingly on the basis of Art. 6 para. 1 b) GDPR.
We transmit your address data to the company commissioned with the delivery. If it is necessary to process the contract, we will also provide your e-mail address or telephone number to coordinate a delivery date (Avis) to the company commissioned with the delivery.
We will transmit your transaction data (name, date of order, method of payment, date of dispatch and / or receipt, amount and payee, if applicable bank details or credit card details) to the payment service provider responsible for processing the payment.
g) Website Analysis and Marketing
In order to enable the use of certain functions, we use so-called cookies. These are short data packets that are stored on your device and exchanged with other providers. Some of the cookies we use are immediately deleted after closing your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognized the next time you visit it (persistent cookies).
You can delete all cookies stored on your device and set the common browsers to prevent the storage of cookies. In that case, you may need to re-adjust some settings every time you visit this website and accept the impact of some features.
We use cookies in connection with the following functionalities:
aa) Google Analytics
We use Google Analytics a service of Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 USA. Google uses certain cookies. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States. We use the information stored to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other website-related services. Due to our predominant interest, we process the data thus obtained for the optimal marketing of our online offer according to Art.6 para. 1 f) DSGVO. Google will never associate your IP address with other Google data.
Please note that this website uses Google Analytics with the extension "anonymizeIp ()". This truncates IP addresses before transmitting them to a server in the United States. A direct personal reference in connection with the stored data is thus usually excluded. Only in exceptional cases will the full IP address be sent to a server in the USA and shortened there.
You may opt-out of the collection of data at any time by opting for the Google Analytics Disable Add-on at any time
http://tools.google.com/dlpage/gaoptout?hl=en.
Please also note the notes on the use of Google data in the Google Partner Network at:
https://policies.google.com/technologies/partner-sites
https://policies.google.com/technologies/ads
Google is certified under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en
bb) New Relic
We use the software NewRelic on our website. This will allow an analysis of your website usage. The information stored by the cookie about your use of this website (including your IP address) will be transmitted to a server of NewRelic in the USA. We process the data due to our predominant interest in the optimal marketing of our online offer according to Art.6 para. 1 f) GDPR.
NewRelic will use the information stored to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website activity and internet usage.
NewRelic is certified under:
https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active
Further information on data protection can be found at:
https://newrelic.com/termsandconditions/privacy
h) Use of Google ReCAPTCHA
To protect the comment section and the input forms of our websites against spam and abuse, we use the external service reCAPTCHA. This is a service provided by Google Inc, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereafter Google). reCAPTCHA makes it possible to differentiate between inputs of human origin and those that are abused by automated software (also called bots). When using the service, the following data will be transmitted to Google's servers in the USA:
• referrer URL
• IP address of the user
• the input behavior of the user as well as mouse movements in the area of the "reCAPTCHA" checkboxes
• Google Account: If the user is logged in to their Google Account at the same time, this will be recognized and assigned
• Information about the browser used, browser size, browser resolution, browser plug-ins, language settings, date
• Mouse and touch events within the page
• scripts and presentation instructions of the website
• cookies
The processing is based on our predominant legitimate interest in the security of our website in accordance with Art. 6 para. 1 f) of the GDPR.
Google is certified under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en
i) Integration of external content
We use external dynamic content to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made via the API to the server of the respective content provider, in which certain log data (for example the IP address of the users) is transmitted. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
aa) Google Maps
We use Google's "Google Maps" map service on our website to provide you with an interactive map. When the map is displayed, data, including your IP address and location, is transmitted to Google's servers in the United States and stored there. This processing is based on our predominant legitimate interest in an optimal marketing of our offer according to Art. 6 para. 1 f) of the DSGVO.
Google is certified under:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en
bb) Facebook Visitor Tracker
The "Visitor Tracker" is a service of Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. This enables us to determine target groups for advertising on Facebook, so-called "Facebook Ads", based on website visits and the local surfing behavior. We also use this pixel to measure the effectiveness of online marketing measures. This allows us to track users' actions after they have seen and / or clicked a Facebook ad and then placed an order.
When the website is called, the pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or are already logged in to Facebook, your website visit will be noted in your profile. The collected user data are anonymous for us and thus do not allow us to conclude on the user identity. However, this data is stored and processed by Facebook, so that a conclusion on the respective user profile is possible. The data processing by Facebook takes place in accordance with the data usage policy of Facebook. If you are not a member of Facebook, you are not affected by this data processing.
C. Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or if your consent has been revoked. As far as statutory storage requirements are concerned, the storage period for certain data can be up to 10 years, regardless of the processing purposes.
D. Data Subjects’ Rights
a) Information
Upon request, you will receive information about all personal data that we have stored about you free of charge at any time.
For your own protection, we reserve the right to obtain further information upon request to confirm your identity in order to prevent unauthorized persons from gaining access to personal data that we undertake to protect. If identification is not possible, we reserve the right to refuse to process the request.
b) Correction, cancellation, limitation of processing (blocking), opposition
If you no longer consent to the storage of your personal data or if these have become incorrect, we will, upon appropriate instructions, arrange for the deletion or blocking of your data or make the necessary corrections (to the extent permitted by applicable law). The same applies if we are to process data in the future only in a restrictive way.
c) Data Portability
Upon request, we will provide you with your data in a standard, structured and machine-readable format so that you can, if you wish, submit the data to another person in charge.
d) Right to Complain
There is a right of appeal to the competent supervisory authority:
(https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
e) Right of revocation in the case of consent with effect for the future
Any given consent can be revoked at any time with effect for the future. Your revocation does not affect the lawfulness of the processing until the time of revocation.
f) Limitation
Data where we are unable to identify the data subject, for example, if they have been anonymised for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible with respect to such information if you provide us with additional information that allows us to identify it.
g) Exercising your Rights
If you have any questions regarding the processing of your personal data, information, correction, blocking, opposition or deletion of data or the desire to transfer the data to another company, please contact “ro@order.shop.grohe.com”.
E. Data Security
To ensure the security of the data transmitted to us, we use TLS encryption with 128 bits. You recognize such encrypted connections with the prefix "https: //" in the page link in the address bar of your browser. Unencrypted pages are identified by "http: //".
All data that you submit to our website - such as inquiries or logins - cannot be read by third parties thanks to SSL encryption.
F. Change of the privacy policy
In order to ensure that our data protection guidelines always comply with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information must be adjusted due to new or revised offers or services.
Status: 08.2023