SUMMARY DATA PROTECTION NOTICE
Revision date: 30.01.2019
WashTec AG (“WashTec” or “we” or “our”) and each of its affiliates and subsidiaries (collectively the “WashTec Group”) take data protection seriously. This Data Protection Notice provides users of the website www.washtec.de and www.auwa.de, and all other WashTec websites referring to this Data Protection Notice (collectively, “websites”) with information on how we, as controller within the meaning of the General Data Protection Regulation (“GDPR”) and the ePrivacy Regulation (“ePrivacy Regulation”), collect and process personal data and other data concerning users in connection with their use of the website.
Please note that other websites of the WashTec Group may be subject to different data protection notices.
Categories of personal data and purposes of processing
When you use our website, create a customer account or order products through our website, we process the following metadata: Browser type and version, operating system, interface, referrer URL, pages viewed, date, time, IP address and, if applicable, the following personal data: Your name and other identification information, your payment information, order information, and requests for marketing materials. We process the personal data for the following purposes: Provision of access to our website, quality improvement, managing your user account, answering your queries, provision of marketing materials, provision of requested products and services, fulfilment of contractual obligations and exercise of claims in law. For further information, please see heading 1 of the Full Data Protection Notice.
Basis of processing and legal consequences
One of the central requirements of data protection law is that all processing of personal data must have a lawful purpose. We primarily make use of the following lawful purposes: The processing is necessary (i) for performance of a contract, (ii) for compliance with a legal obligation, (iii) in order to protect the vital interests of you or a third party, (iv) for the purpose of legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms. For further information, please see heading 2 of the Full Data Protection Notice.
Categories of recipients and international transfers
We transfer your personal data to other WashTec Group companies, processors, other companies in relation to transactions and, in accordance with applicable law, public authorities, courts, outside consultants and similar third parties; some such recipients are domiciled outside of the EU. For further information, please see heading 3 of the Full Data Protection Notice.
Your personal data will be erased as soon as it is no longer needed for the purposes for which it was originally collected, or as required by applicable law. For further information, please see heading 4 of the Full Data Protection Notice.
Under applicable law, you have certain rights in relation to the processing of your personal data, in each case in accordance with the applicable statutory provisions, such as the right of access to your data and the right to rectification, erasure and portability. Please direct your questions to WashTec AG, Argonstraße 7, 86153 Augsburg, 0821/5584-0, washtec[at]washtec.de. For further information, please see heading 5 of the Full Data Protection Notice.
Cookies and other tracking technologies
Questions and contact information
If you have any questions about this Data Protection Notice or if you wish to exercise your rights as a data subject, please contact our Data Protection Officer or us as controller.
Data Protection Officer:
Data Protection Officer
Mr Lars Breitlich
Revision of this Data Protection Notice
Both the summary and the Full Data Protection Notice are subject to revision. We will notify you of revisions by appropriate means.
FULL DATA PROTECTION NOTICE
1. Categories of personal data and purposes of processing: What personal data do we process and why?
You can use the website without providing personal data about yourself. In such cases, we collect only the following metadata, which results from the use of the website: Browser type and version, operating system and interface, referring website (referral URL), pages viewed, the date and time you access our website, and your Internet Protocol (IP) address.
Your IP address is used to provide you with access to our website. Once your IP address is no longer needed for this purpose, we truncate it by removing the last octet of the address. The metadata, including the truncated IP address, is used to improve the quality of the website and the services offered through it by analysing use patterns.
1.2 User account
When you create a user account on our website, you are asked to provide the following personal data about yourself: Name, gender (Mr. or Ms.), postal address, email address, phone number, selected password for your user account, payment information, billing and delivery address, and (optional) requests for marketing materials. We process such personal data to manage your user account, to answer your questions, to provide requested products or services, to provide marketing materials to the extent permitted by law, to analyse your interests for marketing purposes, to improve our website in line with use patterns and for technical management or for other purposes that you have consented to.
1.3 Orders for products
When you order a product on our website, we collect and process the following personal data about you: Name, gender (Mr. or Ms.), postal address, email address, phone number, payment information, billing and delivery address, product type and quantity, purchase price, order date, order status, returns, enquiries to customer service and (optional) requests for marketing materials. We process such personal data to fulfil contractual obligations and process your orders, provide customer service, comply with legal obligations, defend, establish and exercise claims in law, provide marketing materials to the extent permitted by law, and analyse your interests for marketing purposes.
When you state that you wish to receive our newsletter, we collect and process the following personal data about you: Email address and (optional) whether you wish to receive marketing emails or postal mailings. We process such personal data to send out the newsletter and other marketing materials to the extent permitted by law and to analyse your interests for marketing purposes.
2. Basis of processing and legal consequences: What is the legal basis for the processing of your personal data and what happens if you do not wish to provide personal data?
The legal basis for the collection, processing and use of personal data by the company is as follows:
- You have given consent to the processing of your data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which you are party or, at your request, to take steps prior to entering into a contract;
- The processing is necessary for compliance with a legal obligation to which we are subject;
- The processing is necessary in order to protect your vital interests or those of another natural person;
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in WashTec;
- The processing is necessary for the purpose of legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. These legitimate interests are the fulfilment of the processing purposes specified under heading 1, in particular so that we can process your orders, fulfil contractual obligations and inform you about product innovations;
- Other applicable legal bases for data processing, notably under provisions stipulated in the law of Member States.
The provision of your personal data is required by law or contract. The provision of your personal data is necessary in order to enter into a contract with us or for the receipt of services/products you have requested. The provision of your personal data is voluntary.
Not providing personal data can be to your detriment; for example, you will not be able to receive certain products and services. However, not providing personal data does not lead to any legal consequences.
3. Categories of recipients and international transfers: Who do we share your personal data with and where are they located?
We may transfer your personal data to third parties for the above-described purposes as follows:
Within the WashTec Group: We and any company in the WashTec Group may receive your personal information for the purposes described above. Internal departments within WashTec may receive your personal data commensurate with the categories of personal data and purposes for which the personal data was collected. For example, our IT department may have access to your account information, and our sales department may have access to your account information or data relating to product orders. In addition, further departments within WashTec may have access to personal data about you on a need-to-know basis, for example the legal department, the finance department or the internal audit department.
To processors: Specific third parties, which may or may not be affiliated companies, may receive your personal data in order to process it on instruction (“processors”) if this is necessary for the processing purposes described above; examples include website, customer service, marketing and IT support service providers, as well as other service providers who support us in maintaining our business relationship with you. Processors are contractually obliged to implement suitable technical and organisational measures to secure the personal data and to process the personal data only as instructed.
Other recipients: In accordance with applicable data protection law, we may transfer personal data to law enforcement agencies, government and judicial authorities, lawyers, outside consultants or business partners. In the event of corporate acquisitions and mergers, personal data may be transferred to third parties involved in the acquisition or merger. We will not share your personal data with third parties for advertising, marketing or other purposes without your consent.
Access to your personal data is restricted to persons who have a need to know in order to perform their work.
International transfers: The personal data we collect and receive from you may be transferred to and processed by recipients located inside or outside the European Economic Area (“EEA”). Some of the recipients outside the EEA are EU-U.S. Privacy Shield certified and others are in countries subject to current adequacy decisions (notably Andorra, Argentina, Canada (for non-public entities subject to the Canadian Personal Information Protection and Electronic Documents Act), Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey and New Zealand). In all transfers, a level of data protection is ensured that is recognised and adequate from a European data protection perspective. Other recipients may be located in countries that do not ensure an adequate level of data protection from a European data protection perspective. We will take all necessary precautions to ensure that all security measures necessary under data protection law are taken when transferring to countries outside the EEA. With regard to transfers to countries that do not ensure an adequate level of data protection, we will take appropriate security precautions in transfers, such as standard data protection clauses issued by the European Commission or a supervisory authority, approved codes of conduct together with binding and enforceable commitments by the recipient or approved certification mechanisms together with binding and enforceable commitments by the recipient. You may contact us as specified under heading 7 below and request a copy of such appropriate security precautions.
4. Storage periods: How long do we store your personal data?
Your personal data will be stored for as long as is necessary to provide you with the services and products you request. When your contractual relationship with us comes to an end or your account is deleted, or when you terminate your relationship with us in any other way, we will remove your personal data from our systems and records and/or properly anonymise it so that you can no longer be identified from it (unless we have to retain your data to comply with legal or regulatory obligations to which WashTec is subject, such as for tax reasons).
We may retain your contact details and information about the interest you have expressed in our products and services for a longer period if you have consented to WashTec sending you marketing materials. We may also be required under applicable law to retain certain personal data for a period of ten years after the relevant tax year. We may retain your personal data after termination of our contractual relationship if your personal data is necessary for compliance with other applicable laws or if we require your personal information, exclusively on a need-to-know basis, in order to establish, exercise or defend a claim in law. As far as is possible, we will restrict the processing of your personal data to such limited purposes after termination of our contractual relationship.
5. Your rights: What are your rights and how can you assert them?
Right to revoke consent: If you have given your consent to the collection, processing and use of your personal data (in particular to receiving direct marketing communications via email, text message or telephone), you can revoke that consent at any time with effect for the future. Revoking consent does not affect the lawfulness of processing performed prior to revocation. If you wish to revoke your consent, please contact us as specified under heading 7 below. You can object to the use of your personal data for marketing purposes without incurring any costs other than basic telecommunication charges.
Additional data protection rights: In accordance with applicable data protection laws, you may have the right (i) of access to your personal data, (ii) to rectification of your personal data, (iii) to erasure of your personal data, (iv) to restrict the processing of your personal data (v) to data portability; and/or (vi) to object to the processing of your personal data (including to the creation of a profile).
Please note that these rights may be restricted under applicable local data protection law. Below you will find more information about your rights under the GDPR:
Right of access to your personal data: You have the right to obtain information from us as to whether your personal data is processed, and, if it is, the right of access to that personal data. Your right of access includes – among other things – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data has been or will be disclosed. This is not an absolute right, however, and the interests of other persons may limit your right of access. You have the right to receive a free copy of the processed personal data. For any further copies you request, we may charge a reasonable fee based on administrative costs.
Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (right to be forgotten): You have the right to obtain from us the erasure of your personal data.
Right to restriction of processing: You have the right to obtain from us the restriction of processing of your personal data. In this event, the data concerned will be marked and may only be processed by us for specific purposes.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another entity without hindrance from us.
- Right to object:
You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data concerning you and we may be obliged no longer to process your personal data. There may be such a right to object in particular if we collect and process your personal data for direct marketing purposes or to create a user profile in order to obtain a better picture of your interest in our products and services.
If you have a right to object and you exercise that right, your personal data will no longer be processed by us for such purposes. You may exercise this right by contacting us as specified under heading 7.
There may not be such a right to object if the processing of your personal data is necessary in order to take steps prior to entering into a contract or to perform an existing contract with you.
If you no longer wish to receive direct marketing material via email, text message/MMS, fax or telephone, you must revoke your consent as described above.
To exercise your rights, please contact us as specified under heading 7. You also have the right to lodge a complaint with the competent data protection supervisory authority.
6. Cookies and other tracking technologies
The overview below lists the cookies we use on our website.
If you do not wish to use the browser plugin or if you use a device that the plugin cannot be installed on (such as a mobile device), please click the following link to create an opt-out cookie that will prevent future data collection by Google Analytics on this website (note that the opt-out cookie only works in this browser and only for this domain; if you delete cookies in this browser, you will need to click here again): Disable Google Analytics
Further information about Google Analytics:
Visit the Google Analytics privacy page provided by Google: https://www.google.com/analytics/learn/privacy.html
EquityStory: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to define a session for our server.
julia: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to identify you on the website. In particular, it show if you have visited the website before. This enables us not just to count how many page views there have been on multiple pages, but also how many visitors have viewed the website. This cookie is also used to collect additional information such as details on your browser, the size of the browser window, and the device that you use to visit the website (such as mobile device or desktop computer).
romeo: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to track views of other pages belonging to our third-party provider EQS Group AG.