1. CONTROLLER
Controller within the meaning of the General Data Protection Regulation (“GDPR”) or any other applicable law is the respective Franke company published in the imprint of the website.
2. PERSONAL DATA
Personal Data is any information relating to an identified or identifiable natural person; identifiable is any natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. This includes information such as your first and last name, your address and email address, your telephone number or your birthday. Personal Data can be in any form (e.g., paper, electronic, video, audio). FRANKE is committed to take necessary steps to ensure that all Personal Data processed by us is processed fairly and lawfully. All of our employees, data processors and third party service providers who have access to Personal Data are obliged to respect the confidentiality of Personal Data and comply with this Privacy Policy. We collect personal data only when you submit it to us, through registration, completion of forms or e-mails, as part of an order for products or services, inquiries or requests about products being ordered and similar situations in which you have chosen to provide the information to us.
The database and its contents remain at FRANKE or stay with data processors and servers acting on our behalf and responsible to us.
We will retain control of and responsibility for the use of any personal data you disclose to us. Some of this data may be stored or processed at computers located in other jurisdictions, such as the United States, whose data protection laws may differ from the jurisdiction in which you live. In such cases, we will ensure that appropriate protections are in place to require the data processor in that country to maintain protections on the data that are equivalent to those that apply in the country in which you live.
3. COLLECTION AND PROCESSING OF PERSONAL DATA – LEGAL BASIS
You can use our website without disclosing your personal data. You are not required to provide personal information as a condition of using our website, except as may be necessary to provide you a product or service or communicate with our website at your request. The following explains how we collect, process and use your personal data on our website:
a) Data when visiting our website
When you use our website, data may be processed in order for you to be able to communicate with our website or for security purposes, such as preventing improper access, trouble shooting or testing. Data we collect may include the name of your internet service provider, the website that you used to link to our website, the date and time of your visit, the websites that you visit from our website and your IP-address. This processing is necessary for providing our services or is based on our legitimate interest in the handling of communication. We assume that this is also in your interest, as the website cannot be displayed without this communication. You can object to the processing of your data for this purpose at any time without giving reasons with effect for the future. However, we would like to point out that the processing of your personal data can be processed even after an objection has been raised to the website, as it is not possible to stop the processing necessary for technical reasons for individual users of the website or in general. Thus, there are compelling grounds for processing which outweigh your interests, rights and freedoms. If you wish to prevent the processing described above, simply refrain from visiting our website. Such data are deleted after a session, unless a security incident requires longer storage for investigation of documentation purposes.
b) Data for setting up a customer account
If you set up a customer account on our website, the personal data you provide (e.g. name, address, e-mail address, telephone, title and access data) will be stored and processed in FRANKE\`s customer database. This data is processed in order to fulfil a contract or pre-contractual measures. You can deactivate your customer account at any time and/or object to the further storage and use of your personal data for this purpose without giving reasons with effect for the future by contacting the contact address given below. In the event of an objection, we will delete your personal data immediately. In case of deactivation of the customer account we will also delete your customer account.
c) Your contact via contact form or email
If you contact us (e.g. via contact form or email), your personal data that you provide us in the contact form will be stored and processed by FRANKE. Which data are collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the answering of your request and/or for the establishment of contact and the associated technical administration. The processing of this data takes place for the fulfilment of a contract or pre-contractual measures or the processing is also in our legitimate interest, without conflicting interests outweighing your interests in this respect, since the processing of these requests is in our mutual interest.
After the processing of the request has been completed, we will keep the correspondence only insofar as statutory, legal retention periods or statutes of limitation exist or further storage is required to assert, exercise or defend legal claims.
d) Newsletter registration sign-up data
If you register for our newsletter service, your personal data (e.g. name, address and email address) will be stored and processed by FRANKE for marketing, advertising or promoting purposes. The processing of this data is based on your consent or takes place for the fulfilment of the contract. In this case, we will regularly send you promotional information about the services and products associated with products, services, offers or events of FRANKE. You can opt out of receiving such newsletters at any time without giving reasons for the future by contacting the contact address below or by unsubscribing via the unsubscribe option provided in the newsletter. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately, with exception of a copy in our opt-out database for which we assume a legitimate interest to hold so we can ensure you are no longer served with newsletters.
e) Disclosure
We may disclose your personal information to third parties in order to enforce or apply this Privacy Policy and other agreements or to protect the rights, property, or safety of FRANKE our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction or with a payment gateway offered by a banking institute in our online-shop, to process payments for ordered products. We also may provide personal data to government agencies and regulatory and legal authorities as required by law or regulation. This kind of disclosure may be required for compliance with a legal obligation, or necessary for the performance of a task carried out in the public interest or may be based on our or a third party’s legitimate interest. In the latter case you have a right to object to such use, however, we may then still process the data if we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms; or in case this is required for the establishment, exercise of defense of legal claims.
4. USE OF COOKIES
4.1. GENERAL
4.2. USER SURVEYS
Participation in the user surveys conducted from time to time on our website is voluntary. We use functional cookies to carry out the user surveys. The technical information recorded by the user survey is the same information that is recorded when users visit the website (see above). Your responses submitted during the user survey will not be linked to your personal data such as your IP-address.
5. THIRD PARTY SERVICES OR CONTENT ON OUR WEBSITE
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. FRANKE controls neither the websites, nor the privacy practices, of the third parties managing these websites. The privacy practices of third party website providers may differ from FRANKE’s, so we cannot endorse or make any representations about third party websites. Please check these policies before you submit any personal data to these websites.
The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
a) Website links:
Our website may contain links to and from the websites of our partner networks, dealers, affiliates or other third parties. Upon accessing these links, the FRANKE website is automatically exited. FRANKE controls neither the websites, nor the privacy practices, of the third parties managing these websites. The privacy practices of third party website providers may differ from FRANKE’s, so we cannot endorse or make any representations about third party websites. Please check these policies before you submit any personal data to these websites.
b) Social plugins:
FRANKE uses so-called social plugins ('buttons') of social networks such as Facebook, Google+, LinkedIn and Twitter. When you visit our website these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you are able to use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies (please refer to 'Cookies').
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website by it. After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to other FRANKE websites unless and until you activate the respective button there as well.
If you are a user of a social network and do not wish it to combine data retrieved from your visit to our website with your user data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy notices of the providers whose services and/or content we include and who are responsible for the protection of your data in this context.
6. THIRD PARTY PROCESSORS
We do not pass on any personal data to third parties unless this is necessary for the fulfilment of the contract, permitted by relevant legal provisions or you have given your consent. This being said, FRANKE may contract with other companies or individuals (“Processors”) to perform certain duties on our behalf. In so doing, it may be necessary that we provide the Processors with access to personal data. Our Processors are required to maintain the confidentiality of the personal data, and are restricted from using the information for any other purpose than the purposes defined by FRANKE. Examples of duties performed by Processors include business partners or sub-contractors in technical, payment and delivery services, credit risk reduction or fraud protection, analytics providers, search information providers or intragroup processing. They will only have access to the personal data necessary for the performance of the respective activity. In particular, these Processors are prohibited from processing or using your personal data for other purposes.
We take appropriate measures, by contract or otherwise, to provide adequate protection for personal data that is disclosed to our Processors, and to ensure that our Processors have sufficient legal, organizational and technical procedures in place to protect personal data in accordance with applicable data protection law.
7. SECURITY
FRANKE is a global organization, with legal entities, business processes, management structures, and technical systems that cross borders. Therefore, our privacy practices are designed to provide protection for personal data all over the world. It is FRANKE’s policy to give access to personal data only to those authorized employees, agents, contractors, entities and Processors that FRANKE determines have a legitimate need to know, or have access to, the information in order to carry out their responsibilities. FRANKE uses technical and organizational security measures to protect the data supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
8. DATA RETENTION
Unless we provided specific retention periods above, these general rules apply:
Your data will be deleted as soon as it is no longer necessary for the intended purposes or if you revoke your consent, or objected to a use based on legitimate interest and we have no overriding legitimate grounds. In some cases, longer retention periods may apply because we are required by law (e.g. under tax and commercial law), or data are required for the establishment, exercise or defense of legal claims.
9. YOUR RIGHTS AND CONTACT
Under the European General Data Protection Regulation or similar law applicable to you, you may be entitled to exercise some or all of the following rights:
1. require (i) information whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
3. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
4. take legal actions in relation to any potential breach of your rights regarding the processing of your Personal data, as well as to lodge complaints before the competent data protection authority;
5. require (i) to receive and reuse the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller.
Right to object:
You may be entitled to exercise your right to object, on grounds relating to your particular situation, that your personal data shall not be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing.
We reserve the right to update and change this Privacy Policy from time to time in order to reflect and changes to the way in which we use your personal data or changing legal requirements. In case of any such changes, we will publish the changed Privacy Policy on our website.
If you have any queries or complaints about our compliance with this Privacy Policy, or if you would like to exercise your right described above, please contact us as follows:
The respective Franke company published in the imprint of the website, click here.
Attn: Data Protection Coordinator
or by e-mail to: DPC-FCE@franke.com
MAY 2018