Data Privacy Statement

1 Scope of application

This privacy policy applies to the use of these websites www.geberit-aquaclean.co.uk, www.geberitcollection.co.uk, www.geberit.co.uk, www.twyfordbathrooms.com and http://catalog.geberit.co.uk/en-GB/home (referred to as the “website” in the information that follows) and the services that it provides. The privacy of your personal data is very important to us. The information below sets out how we process personal data when you use our website. “Personal data” refers to any data that relates or can be related to you, such as your name, address, e-mail addresses and user behaviour.

2 Controller

The operator of this website and the controller for processing your personal data through this website is the Data Protection Controller, Geberit Sales Ltd, Edgehill Drive, Warwick, CV34 6NH. gdpruk@geberit.com

3 Data protection officer

Our data protection officer can be reached at dataprotection@geberit.com or at our postal ad-dress with the added information “The data protection officer”.

4 Automatic data collection and processing

4.1 As with every website, our server automatically and temporarily collects information transmitted by your browser in server log files, provided you have not disabled this feature. If you intend to view the website, we require certain types of data on a technical level so that we can display the website whilst also ensuring stability and security. This data is as follows:
- IP address of the computer sending the request
- file request of the client
- HTTP response code
- the web page that linked you to our website (referrer URL)
- time of the server request
- browser type and version
- operating system used by the computer sending the request

4.2 The data in these server log files will not be analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). The legitimate interest we pursue when collecting this data is to ensure the proper functioning of our website. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided in Section 2. If we process your data as described above for the purposes of providing the functions of our website, you are legally obligated to provide us with this data. Without it, we will be unable to provide you with these functions.

4.3 This website uses certain technologies and tools, which are outlined below. If there are any that you do not want us to use, we have provided various options and settings for each one that will prevent it from being used.

4.4 Google Analytics

4.4.1 This website uses Google Analytics, a web analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; referred to as “Google” in the information that follows). The features of the service that we use are Universal Analytics features. They make it possible to attribute data, sessions and interactions across multiple devices to a pseudonymous user ID, thus giving us the ability to analyse the activities of a user on all devices. Google Analytics uses cookies: these are text files which are stored on your computer and which allow your use of the website to be analysed.

4.4.2 The information generated by the cookie about your use of this website is normally transferred to a Google server in the USA, where it is saved. However, because IP anonymisation has been enabled on this website, your IP address will be truncated in advance by Google within the member states of the European Union or in other countries outside of the European Union which are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA before it is truncated. The IP address identified from your browser by Google Analytics will not be merged with other data collected by Google. On behalf of the operator of this website, Google uses this information to analyse your use of the website, to compile reports on the website activities and to provide other services for the website operator related to the use of the website and inter-net usage.

4.4.3 You can prevent the storage of cookies via the relevant setting in your browser soft-ware. Please note, however, that in this case you may not be able to use all of the functions on this website. You can also prevent the recording of the data collected by the cookie with respect to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on (available at https://tools.google.com/dlpage/gaoptout?hl=en-GB). Opt-out cookies prevent your data from being collected during any future visits to this website. In order to prevent the collection of data by Universal Analytics across multiple devices, you must opt out on all the systems that you use.

4.4.4 We use Google Analytics in order to pursue our legitimate interests of building a service that meets our customer’s needs, enabling statistical analysis and promoting our website efficiently. The legal basis for this is established in point (f) of Article 6(1) of the GDPR.

4.5 Google AdWords

4.5.1 We use the services of Google AdWords (including Google AdWords remarketing) so that we can place advertisements (called “Google AdWords”) on external websites for the purpose of drawing attention to attractive offers. Using the data gathered from these advertising campaigns, we are able to determine how effective individual advertisements are. We use this tool to show you advertisements that might interest you, to make our website more appealing to your specific interests, and to calculate our advertising costs in a fair manner.

4.5.2 These advertisements are delivered by Google via what are known as ad servers. For this purpose, we use ad server cookies that enable us to gauge success by means of a number of metrics, such as how often advertisements are displayed and how many times they are clicked by users. If you are linked to our website by a Google advertisement, Google AdWords will save a cookie on your PC. These cookies will normally expire after 90 days and are not used to identify you personally. A cookie of this type will normally contain data for analysis such as the unique cookie ID, the number of ad impressions for each placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag specifying that the user no longer wishes to be shown advertisements).

4.5.3 These cookies allow Google to recognise your internet browser. If a user visits specific pages on the website of an AdWords customer and the cookie saved on the user’s computer has not yet expired, Google and the customer are able to discern that the us-er has clicked on the advertisement and was linked to this page. A different cookie is assigned to each AdWords customer. It is therefore not possible to track cookies via the websites of AdWords customers. We do not collect or process any personal data ourselves in the aforementioned advertisements. Rather, we simply receive statistical analyses of the data from Google. Based on these analyses, we are able to determine which of the advertisements placed are particularly effective. We do not receive any further data from the use of advertising, nor in particular are we able to use this information to identify users.

4.6 DoubleClick by Google

4.6.1 This website also makes use of a tool called DoubleClick by Google. DoubleClick uses cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and (if the frequency capping feature is enabled) to prevent users from seeing the same advertisements multiple times. Using a cookie ID, Google can register which advertisements have been shown in which browser, preventing users from seeing the same advertisement multiple times. Furthermore, DoubleClick can use cookie IDs to record what are known as conversions, which are related to ad requests. A conversion happens if, for example, a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes a purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.

4.6.2 Due to the use of Google AdWords and DoubleClick by Google, your browser will automatically establish a direct connection to the Google server. We have no control over the scope and further use of data collected by Google through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As DoubleClick has been integrated into our web services, Google will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Google service, Google may be able to attribute the visit to your individual account. Even if you are not registered with or logged into Google, it may be possible for Google to identify and save your IP address.

4.6.3 More information on DoubleClick by Google can be found at https://www.doubleclickbygoogle.com and http://support.google.com/adsense/answer/2839090. More information on data protection at Google in general can be found at at https://policies.google.com/privacy?hl=en.

4.7 There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:

4.7.1 by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties

4.7.2 by disabling the cookies for conversion tracking by setting your browser to refuse cookies from the domain www.googleadservices.com – see https://www.google.co.uk/settings/ads. This setting will be undone once you delete your cookies

4.7.3 by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies

4.7.4 by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this.

4.8 The legal basis for processing your data is established in point (f) of Article 6(1) of the GDPR. Our legitimate interest in the use of DoubleClick by Google is to provide advertisements per-sonalised to the interests of users, and to carry out market research in general. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.

4.9 AppNexus, Media Innovation Group, Adform, Plista, Sizmek

4.9.1 This website also uses tools from AppNexus, Media Innovation Group, Adform, Plista and Sizmek.

4.9.2 These tools use cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and to prevent users from seeing the same advertisements multiple times. Using a cookie ID, the tools can register which advertise-ments have been shown in which browser, and (if the frequency capping feature is enabled) prevent users from seeing the same advertisement multiple times. According to these third-party providers, the cookies used by the tools do not contain any personal information.

4.9.3 Due to the use of these tools, your browser will automatically establish a direct connection to the server of the relevant third-party provider. We have no control over the scope and further use of data collected through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As these tools have been integrated into our web services, the third-party providers will be noti-fied when you visit the relevant part of our website or click on one of our advertisements.

4.9.4 Working on the basis of point (f) of Article 6(1) of the GDPR, we use these tools in or-der to provide advertisements personalised to the interests of users and for the pur-poses of market research in general. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.

4.9.5 Further information on the tools referred to in this section can be found at https://www.appnexus.com/en/company/platform-privacy-policy, http://www.themig.com/en-us/privacy.html, https://site.adform.com/privacy-policy-opt-out/, https://www.plista.com/about/privacy/ and https://www.sizmek.com/privacy-policy/.

4.10 You can prevent participation in the services from AppNexus, Media Innovation Group, Ad-form, Plista and Sizmek in a number of ways:

4.10.1 by making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties

4.10.2 by disabling the cookies used for conversion tracking. This is done by setting your browser to refuse cookies from the domains www.appnexus.com, www.themig.com, https://site.adform.com, www.plista.com and www.sizmek.com

4.10.3 by disabling interest-based advertising by providers that participate in the About Ads self-regulatory programme at http://www.aboutads.info/choices. This setting will be un-done once you delete your cookies

4.10.4
by permanently opting out at http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this.

4.11 Facebook Custom Audiences

4.11.1 The website also uses the Custom Audiences remarketing feature from Facebook Inc., which allows users of the website to receive interest-based advertising (known as Fa-cebook ads) when visiting the social network Facebook or other websites that also use the feature. We use this tool to show you advertisements that might interest you and to personalise our website to your interests.

4.11.2 Due to the use of this marketing tool, your browser will automatically establish a direct connection to the Facebook server. We have no control over the scope and further use of data collected by Facebook through the use of these tools, so the information in this privacy policy reflects our current understanding of the matter. As Facebook Cus-tom Audiences has been integrated into our web services, Facebook will be notified when you visit the relevant part of our website or click on one of our advertisements. If you are registered with a Facebook service, Facebook will be able to attribute the visit to your individual account. Even if you are not registered with or logged into Facebook, it is possible for Facebook to identify and save your IP address as well as other identi-fying features.

4.11.3 The Facebook Custom Audiences feature can be disabled by making the appropriate setting in your browser or – if you are logged into Facebook – at https://www.facebook.com/ads/preferences.

4.11.4
The legal basis for processing your data is established in point (f) of Article 6(1) of the GDPR. Our legitimate interest in the use of this tool is to allow us to provide interest-based advertisements. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.

4.11.5 Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.

4.12 Cookies

4.12.1 This website uses cookies besides the ones outlined in Sections 4.4 to 4.11. Cookies are small text files that are saved on a local cache in your browser. The cookies specified below are used by us exclusively to ensure that we are able to implement or provide the service that you are using. This is based on point (f) of Article 6(1) of the GDPR. The legitimate interest that we pursue when processing data is to optimise the website settings for the device you are using and to adapt the user interface according-ly. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us us-ing the details provided above. The following types of cookies (the scope and functionality of which are detailed below) are used on this website:
– transient cookies (see Section 4.12.2)
– persistent cookies (see Section 4.12.3)

4.12.2 Transient cookies are automatically deleted once you close your browser. In particular, they include session cookies. These save a session ID that makes it possible to attribute various requests from your browser to a common session, allowing your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

4.12.3 Persistent cookies are automatically deleted after a specified amount of time, which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

4.12.4 You can configure your browser settings as required: for example, you can refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all of the functions on this website if you do this.

5 Collection and processing of voluntarily provided data

On our website, you have the option of voluntarily submitting data relating to you. This data includes personal data and is used by us for the following purposes:

5.1 We require your personal data (such as your first name, last name, e-mail address and postal address) to maintain a contractual relationship with you and to process your requests or orders. We collect this data to provide you with relevant services and in order to maintain a contractual relationship with you. The legal basis for this is established in point (b) of Article 6(1) of the GDPR. If we process your data as described above for the purposes of providing our services and performing a contract, you are contractually obligated to provide us with this data. Without this data, we will be unable to provide you with our services or ensure the proper performance of a contract to which you are party.

5.2 As described in detail in this privacy policy, we also use your data for advertising purposes; in particular, by post or in the form of e-mail newsletters, customer surveys or other forms of contact (such as text message or telephone). The legal basis for this is our legitimate interest in providing relevant advertisements on the basis of point (f) of Article 6(1) of the GDPR. If you require further information about the balancing of interests that must be carried out in accord-ance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above. You can object to the use of your data for advertising purposes at any time. Details of your right to object can be found in [Section 9] of this privacy policy.

5.3 Where legislation in individual countries requires us obtain your prior consent for the aforemen-tioned advertising activities, we will of course do so. The legal basis for processing your data is established by your consent in these cases (point (a) of Article 6(1) of the GDPR). You have the right to withdraw your consent at any time. If you wish to do this, please contact us via the details specified above or follow the instructions in our promotional messages. The withdrawal of consent does not affect the lawfulness of any data processing that was carried out based on consent being obtained. You are under no obligation to provide us with your data for adver-tising purposes. Without such data, however, we will not be able to send you any advertising material.

6 Sharing your data with third parties

Your personal data will never be shared with third parties without your express prior consent. The only exceptions to this apply in the following cases:

6.1 For prosecution reasons
Where required in order to investigate the unlawful use of our services or for the purposes of prosecution, personal data will be disclosed to the relevant law enforcement authorities and, where applicable, to any third-party claimants. However, such a course of action will only take place if there is concrete evidence of unlawful conduct or misuse. In such cases, your data may also be shared if doing so this is required for the fulfilment of terms and conditions of use or other agreements. If requested, we are also legally obligated to disclose such data to certain public authorities, such as law enforcement bodies, authorities that penalise offences with financial penalties, and financial authorities.

In these cases, data is disclosed on the basis of our legitimate interest in combating misuse, aiding the prosecution of criminal offences, and aiding the establishment, assertion and enforcement of claims, in line with point (f) of Article 6(1) of the GDPR. If you require further in-formation about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.

6.2 Processors

We rely on contractually bound third-party companies and external service providers (referred to as “processors”) in order to provide our services. In such cases, personal data will be shared with these processors in order to allow them to continue providing their services. Personal data is also shared with other companies in the Geberit Group. The processors have been carefully selected by us and are subject to regular audits. The processors are permitted to use the data only for the purposes specified by us. Furthermore, they are contractually obligated to handle your data exclusively in accordance with this privacy policy and in line with the applicable data protection laws.

More specifically, we use the services of the following processors in particular:

6.2.1 other Geberit companies headquartered in Switzerland, for the purposes of centralised customer administration and order processing
6.2.2 other Geberit companies headquartered in Switzerland, for the purposes of providing centralised IT services for the other companies in the Group
6.2.3 logistics service providers, for the purpose of sending you products, marketing materi-als or other items that you have ordered from us
6.2.4 payment service providers for the purpose of processing all payments from you to us or vice versa
6.2.5 service providers for installation work or after-sales services
6.2.6 service providers for the distribution of newsletters or the execution of customer surveys
6.2.7 IT service providers for the provision of hardware and software and for the implementation of maintenance work

Data is disclosed to processors on the basis of Article 28(1) of the GDPR or, alternatively, on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised processors and on the basis of circumstances in which your rights and interests in the protection of your personal data are not overridden (see point (f) of Article 6(1) of the GDPR). If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.

7 Your rights

7.1 As regards your personal data processed by us, you are entitled to the rights outlined below. In order to exercise any of these rights, please send us a written request using the contact details specified above or send an e-mail to the following address: dataprotection@geberit.com.

7.2 Right to access

You have the right to request that we provide access to the personal data concerning you that we have processed. You may exercise this right within the scope outlined in Article 15 of the GDPR.

7.3 Right to rectification or erasure

Subject to the prerequisites specified in Article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you. The prerequisites provide for a right to erasure in particular where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. The ability to exercise this right is restricted in accordance with Article 17(3) of the GDPR, particularly in cases where we require your data in order to meet a legal obligation or to process legal claims.

7.4 Right to restriction of processing

You have the right to request from us restriction of processing under the terms specified in Article 18 of the GDPR. This right exists in particular (a) where the accuracy of personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, (b) where you oppose the erasure of the personal data (in cases where the right to erasure applies) and request the restriction of its use instead, (c) where we no longer need the personal data for the purposes for which it was being processing, but it is required by you for the establishment, exercise or defence of legal claims, and (d) where the successful exercise of an objection is still contested between you and us. If the processing of your data has been restricted on any of these bases, such data may only be processed in exceptional cases; for example, where you have given your consent to this or where such processing is necessary for the enforcement of legal claims.

7.5 Right to object to processing

In accordance with Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation and at any time, to the processing of personal data concerning you on the basis of point (e) or (f) of Article 6(1) of the GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the circumstances involve the establishment, exercise or defence of legal claims.

7.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format under the terms specified in Article 20 of the GDPR. This requires that the data processing has been based on you having given your consent and has been carried out by automated means.

7.7 Right to lodge a complaint with the relevant data protection supervisory authority.

You have the right to lodge a complaint with a supervisory authority – in particular, within the EU member state of your habitual residence, your place of work or the location of the alleged infringement – if you believe that the processing of personal data relating to you infringes the applicable data protection legislation. The supervisory authority to which we are answerable is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can use the following e-mail address for correspondence with the supervisory authority: casework@ico.org.uk.

8 Erasure of your data

Generally speaking, we erase or anonymise your personal data as soon as it is no longer need-ed for the purposes for which we collected or used it in accordance with the sections above. If data needs to be retained for legal reasons, it will be blocked. This means that it will no longer be available for further processing. If you require further information regarding our erasure and retention periods, please contact the controller specified in Section 2 using the relevant contact data.

9 Changes of purpose

Your personal data will only be processed for purposes other than those described if a legal provision requires this course of action or if you have given your consent to the changed purpose of the data processing. In cases of further processing for purposes other than those for which we originally collected the data, we will notify you of these other purposes prior to the data being processed further, and will provide you with all other information that relates to this.

10 Automated individual decision-making or profiling

We do not use any automated processing systems for coming to specific decisions – including profiling.

11 Changes to this privacy policy

The latest version of this privacy policy is available to view at all times at www.geberit.co.uk.


Version: May 2018