Data Protection
We at Grünbeck Waterbehandeling B.V. are pleased that you have decided to visit our website and by your interest in our company. We take the protection of your personal data very serious and want you to feel good and secure when visiting our website. Protecting and safeguarding all personal data with which you entrust us is therefore a particular concern for us. This document will provide you with more information on how we use and process your personal data. In the following, we describe which data is processed during your stay on our website.
Table of contents
I. Data protection notices for website visitors, customers, suppliers, interested parties and other persons concerned
1. Name and address of the data controller
2. Contact details of the data protection officer
3. General information on data processing and data sources
4. Purpose of the processing and legal basis
5. Use and disclosure of personal data
6. Transfer to third countries
7. Storage period
8. Provision of the website and creation of log files when called up via the browser
9. Use of cookies
10. YouTube components with enhanced privacy mode and Spotify link on our website
11. Google Web Fonts
12 Statistical evaluations
13. Links to social networks
14. Grünbeck Cloud and apps
15. Upload of the log files of the Grünbeck systems to the Cloud for fault analysis
16. Reading out the device information
17. Registrations
18. Contact form and e-mail contact
19. Video surveillance on our factory premises
20.Particiation in the competition
21. Data security
22. Rights of people affected
23. Obligation to provide personal data
II. Data protection guidelines for the processing of job applicant data
_________________________________________________________________________________
I. Data protection notices for website visitors, customers, suppliers, interested parties and other persons concerned
1. Name and address of the data controller
The data controller within the scope of the General Data Protection Regulation (GDPR) and other national data protection legislation of the member states of the European Union and other privacy law provisions is as follows:
Grünbeck Waterbehandeling B.V.
Rententieweg 44
7572 PH Oldenzaal
NIEDERLANDE
Phone: +31 5 41820903
E-mail: info@gruenbeck.nl
Website: www.gruenbeck.nl
2. Contact details of the data protection officer
MMC
Thomas Hoch
Adalbert-Stifter Strasse 52
89415 Lauingen
Phone: 0152-53144668
E-mail: Datenschutzbeauftragter@gruenbeck.de
3. General information on data processing and data sources
Personal data
Personal data constitutes individual information on the personal or factual situation of a determined or determinable natural person. This includes information such as the IP address, your proper name, your address, your telephone number and your date of birth.
Information that cannot be directly connected to your real identity, such as favourite websites or the number of users to a website, are not considered to be personal data.
In addition, we also process data from applicants. For information on processing applicant data, see II. Data protection guidelines for the processing of job applicant data.
Scope of the processing of personal data
We process the personal data of our users basically only insofar as required for the provision of a functional website, as well as our content and services.
Data sources
We process the personal data that we receive from our customers, suppliers or interested parties in the course of our business relationships. In addition and insofar as is necessary for our business relationships, we process personal data which we obtain from publicly accessible sources such as debtor directories, commercial and association registers, the press or the Internet, or which is transmitted to us by other companies affiliated with the Group.
4. Purpose of the processing and legal basis
We will process your personal data only for specified, expressly stated and legitimate purposes and we will not process your personal data in a way that is incompatible with such purposes.
Such a purpose may include fulfilling an order you have placed, improving your visit to one of our websites, improving our products and services in general, and so on.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and other national regulations. We can refer to the following legal bases when processing personal data:
(1) For the fulfilment of contractual obligations (Art. 6 (1) (b) GDPR)
The processing of personal contractual data is carried out for the execution of orders and commissions within the framework of the undertaking our contracts with our customers and suppliers or for undertaking pre-contractual measures, which are carried out on request. This includes, in particular, specific enquiries which we receive at events such as trade fairs.
The purposes of data processing depend primarily on the specific product and service and may include, but are not limited to, needs assessments, advice, sales and service contracts, research contracts and regulatory requirements. Further details for data processing purposes can be found in the relevant contractual documents.
Irrespective of established contractual relationships and interest in our services, you also enter into a user relationship with us by visiting our website and registering on our website. The processing of usage data by visiting our online offers and the processing of data collected in connection with registration are also legitimised by Art. 6 (1) (b) GDPR.
(2) For the purposes of legitimate interests (Art. 6 (1) (f) GDPR)
If necessary, we also process personal data beyond the scope of actually fulfilling the contract to protect our legitimate interests or those of third parties. Due to the multitude of theoretically conceivable processing contexts, the following points are only to be understood as a subset of situations relevant to practice. We can provide more detailed information regarding your data within the scope of concrete requests for information. Examples include the following (this list is not exhaustive):
(3) Based on your consent (Art. 6 (1) (a) GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. product registration), the lawfulness of this processing is based of this consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. You can revoke your consent at any time by sending an e-mail to info@gruenbeck.nl, Tel. +31 5 41820903 or by writing to Grünbeck postal address. The revocation of consent only takes effect for the future and does not affect the legality of the data processed until the revocation.
Consent for the establishment of contact for advertising purposes
By giving your consent for the establishment of contact for advertising purposes, you agree that you will received personalised information on news, products, applications, events and advertising promotions and that you can be contacted by e-mail, text message, telephone, push notifications or post for such purposes. You can revoke your consent at any time.
(4) Based on legal requirements (Art. 6 (1) (c) GDPR)
As a company, we are also subject to various legal obligations, i.e. legal requirements such as tax laws and other regulatory requirements. The purposes of the processing include, among other things, the fulfilment of control and reporting obligations under tax law as well as the assessment and control of risks within the company.
We are legally obligated to process personal data that is provided due to legal requirements. The legitimation of such processing operations is based on Art. 6 (1) (c) GDPR in connection with the respective legal standard which obliges us.
5. Use and disclosure of personal data
Within the company, those departments that need your data to fulfil our contractual and legal obligations will have access to it. In the course of our business processes, it may also be necessary for us to forward your data to Grünbeck Wasseraufbereitung GmbH for processing. If you do not specify a specialist installer from your region, we reserve the right to pass on your data to a specialist installer from your region for the creation of a quotation. In this case, you consent that Grünbeck, a contractually connected partner of Grünbeck or a specialist installer in your region is authorised to contact the person named in the inquiry by e-mail, telephone, fax and text message in order to create a quotation.
Insofar as you have given your consent, Grünbeck or a contractually connected partner may contact you for advertising purposes (product information/newsletter/promotions) by e-mail, telephone, fax and text message. You can revoke this consent at any time with future effect from Grünbeck and/or the contractually connected partner of Grünbeck.
Service providers and vicarious agents employed by us may also receive data for these purposes, in particular if they maintain confidentiality and integrity. These can be, for example, companies in the categories of IT services, printing services, marketing. These service providers are so-called contract processors which provide services and are especially contractually obliged according to legal requirements.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on personal data to the extent necessary to comply with the applicable data protection regulations. We are only allowed to pass on information about you if this is required by law, if you have consented or if we are authorised to provide information. Under these conditions, recipients of personal data can be:
6. Transfer to third countries
Data will not be transferred to entities in countries outside the European Union (so-called third countries) unless
7. Storage period
We process and store your personal data as long as necessary for the fulfilment of our contractual obligations and to uphold our rights.
If the data is no longer necessary for the fulfilment of contractual or legal obligations, it is deleted at regular intervals, unless its further processing – for a limited period – is necessary for the following purposes:
Translated with DeepL.com (free version)
8. Provision of the website and creation of log files when called up via the browser
Description and scope of data processing
Each time our website is called, our system automatically collects data and information from the computer system of the computer calling the site.
In the process, the following data is collected:
(1) Information about the browser type and the version
used
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites accessed by the user's system via our website
The data is also stored in the log files of our system. Processing this data together with other personal data of the user does not take place.
Legal basis for data processing
The legal basis for the temporary storage of the data and log files is our legitimate interest according to Art. 6 (1) (f) GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable a delivery of the website to the computer of the user. For this purpose, the IP address of the user must remain saved for the duration of the session.
Storage in log files takes place to guarantee the functionality of the website. In addition, we use the data to optimise the website and guarantee the security of our IT systems. In this context, the data is not analysed for marketing purposes.
Duration of storage
The data is deleted as soon as they are no longer required to achieve the purpose of their collection. If a collection of the data is required for the provision of the website, this occurs when the respective session has come to an end.
Possibility of revocation and elimination
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
9. Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are locally stored in the Internet browser itself and/or on the computer system of the user by the Internet browser. If the user calls a website, a cookie can be saved on the operating system of the user. This cookie contains a characteristic sequence of characters that enables a clear identification of the browser the next time the website is called.
We use cookies to make our website more user-friendly, for marketing purposes and evaluations and to ensure IT security. Some elements of our website require that the calling browser remains identifiable even after a page change.
In the process, the following data is stored and transmitted in the cookies:
(1) Language settings
(2) Log-in information
Categories
We distinguish between essential cookies, which are absolutely necessary for the technical functions of the online offer, and non-technically necessary cookies such as marketing and statistics cookies, which are not absolutely necessary for the technical function of the online offers. When you call up our website, a cookie banner appears in which you can choose which cookies are set.
The use of the online offer is generally only possible with the essential cookies.
Please note that when using the tools, your data may be transferred to recipients outside the EEA. Data transfer to the USA is based on standard contractual clauses and individual agreements with our partners. For more information, please refer to the privacy notices of our partners linked below.
Legal basis for data processing
The legal basis for the processing of personal data using essential cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using marketing and statistics cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.
Purpose of data processing
The purpose of the utilisation of technically required cookies is to simplify the use of websites for the user. Some functions of our website cannot be provided without the use of cookies. For these functions, the browser must be able to be recognised even after a page change.
We require cookies for the following applications:
(1) Accepting language settings
(2) Saving of search terms
The user data collected by technically required cookies is not used to create user profiles.
The aforementioned purposes are also the basis for our legitimate interest according to Art. 6 (1) (f) GDPR.
Duration of storage, possibility of objection and removal
Cookies are stored on the computer of the user and sent to our site by the computer. As a user, you therefore also have complete control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or limit the transmission of cookies. Previously stored cookies can be deleted at any time. This deletion procedure can take place automatically. If cookies are deactivated for our website, it is possible that the full scope of all functions of the website will no longer be able to be used.
The transmission of flash cookies can not be prevented through the settings of the browser, but rather by changing the settings of Flash Player.
We use different web tools:
(1) Google AdWords Remarketing
Our website uses the functions of Google AdWords Remarketing, as a result of which we advertise this website in the Google search results, as well as on third party websites. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in the browser of your terminal device, which automatically uses a pseudonymous cookie ID and interest-based advertising, on the basis of the pages visited by you. Processing takes place on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
Any further processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalise adverts you view on the web. In this case, if you are logged into Google during your visit to our website, Google will use your information in conjunction with Google Analytics data to create and define target audience lists for cross-device remarketing. Google will temporarily link your personal data with Google Analytics data in order to form target groups.
You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available from the following link:
https://www.google.com/settings/ads/onweb/
Alternatively, you can contact the Digital Advertising Alliance at the Internet address www.aboutads.info to find out about setting cookies and how to make settings for this. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.
Further information and the privacy policy regarding advertising and Google can be found here: http://www.google.com/policies/technologies/ads/
(2) Use of Google Maps
We use the "Google Maps" component of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google", on our site.
Google sets a cookie each time the "Google Maps" component is accessed in order to process user settings and data when the page on which the "Google Maps" component is integrated is displayed. As a rule, this cookie is not deleted when you close your browser, but expires after a certain period of time, unless you delete it manually beforehand. If you do not agree with this processing of your data, it is possible to deactivate the "Google Maps" service and thus prevent the transmission of data to Google. You have to deactivate the Java Script function in your browser to do this. However, we would like to point out that in this case you will not be able to use "Google Maps", or only to a limited extent.
The use of "Google Maps" and the information obtained via "Google Maps" is governed by the Google Terms of Use.
(3) Google reCaptcha
We use Google reCAPTCHA on our website to check and prevent interactions on our website by automated access, e.g. by so-called bots.
This is a downloaded web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as: Google reCaptcha). We use this data to guarantee the full functionality of our website. In this context, your browser may transmit personal data to Google reCaptcha. The legal basis for the data processing is Art. 6 (1) (f) GDPR. The legitimate interest lies in the error-free operation of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the Google reCaptcha privacy policy: https://policies.google.com/privacy
You can prevent the collection and processing of your data by Google reCaptcha by disabling the execution of script code in your browser or installing a script blocker in your browser.
10. YouTube components with enhanced privacy mode and Spotify link on our website.
On our website, we may use components (videos) of YouTube, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google".
We use the "extended data protection mode" option provided by YouTube.
When you visit a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser.
According to YouTube, in "extended data protection mode", data is only transmitted to the YouTube server, in particular concerning which of our websites you have visited, when you watch the video. If you are logged into YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
More information about YouTube's privacy policy is provided by Google at the following link:
https://www.google.de/intl/de/policies/privacy/
We use the Spotify Music Player widget of the Spotify music platform on our website. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden, Fax: +49 30 5770 2443, email: kundendienst_de@spotify.com ("Spotify"). Personal data is only transmitted when you click on the "Load external content" button. You can find out more about the data processed through the use of Spotify in their privacy policy. This can be accessed here: https://www.spotify.com/de/legal/privacy-policy/
11. Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
12. Statistical evaluations
We need statistical information about the use of our online services in order to make them more user-friendly, measure reach and conduct market research.
We use various web analysis tools for this purpose.
(1) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. Google Analytics uses cookies, which are text files that are stored on your computer to permit an analysis of your use of the website. The data generated by the cookie regarding your use of this website is usually sent to a Google server in the United States and stored there. In case of an activation of IP anonymisation on this website, your IP address is previously shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is sent to a Google server in the United States and stored there only in exceptional cases.
On behalf of the website operator, Google will use this information to analyse your use of the website, compile reports on website activities and render additional services connected to the use of the website and Internet for the website operator. The IP address transferred from your browser within the scope of Google Analytics is not combined with other data from Google.
You can prevent the saving of cookies through a corresponding browser software setting, but we would like to inform you that you will possibly not be able to use all functions of this Website to the full extent in this case. In addition, you can prevent the recording of the data generated by the cookie related to your use of the Website (including your IP address), as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following Link . Detailed information can be found under General information on Google Analytics.
Please note that Google Analytics has been expanded by the code “gat._anonymizeIp();” on this website to guarantee an anonymised collection of IP addresses.
Legal basis for data processing
The legal basis for data processing in connection with the use of Google Analytics our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
(2)PINGDOM
Our website uses Pingdom, a service provided by Pingdom AB, Kopparbergsvägen 8, 72213 Västeras, Sweden. Pingdom uses cookies, amongst other things, which are placed on your computer to enable the use of the website to be analysed. Within the scope of use, data such as in particular the IP address and activities of the user, can be transmitted to a server operated by Pingdom AB and stored there. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the running of Java Script in your browser or by installing a tool such as "NoScript". Further information on data protection when using Pingdom can be found under the following link: https://www.pingdom.com/legal/privacy-policy.
(3)Converify.de in connection with adnet.de as technical service provider
Functions of converify.de and adnet.de are integrated on this site; these enable us to permanently improve your shopping experience and to make it customer-friendly and individual for you. Converify.de and adnet.de use cookies to provide you with this service and to make you an appropriate offer at the right time. These cookies are session cookies that are automatically deleted when you close your Internet browser, as well as cookies that are automatically deleted only after a specified period of time, which may vary depending on the cookie.
Examples of information that we collect and analyse include the Internet Protocol (IP) address that connects your computer to the Internet, logins, e-mail addresses, information about computers and connection to the Internet such as browser type, version, number and extensions, time zone settings, operating system and platform, including date and time, cookie or flash cookie number, of the products you viewed or searched for. During your visits, we sometimes use JavaScript to collect and evaluate information, information about the interaction between pages (e.g. scrolling, clicking, mouse-overs) and about leaving the page. We can also collect technical information that helps us identify your device and prevent misuse or troubleshooting.
13. Links to social networks
On our websites we use references (links) to the profiles of our company on the respective networks. The links are made in order to communicate with our customers, interested parties and users and to inform them about our services.
Please consider the following information regarding the processing of your personal data when following a link. We would like to point out that we have no influence on which of your data is processed by the respective networks. You can find details on data collection by the respective social networks as well as on your rights and setting options in the corresponding data protection guidelines.
Reference to networks and services
On our website, you will find links to the following social networks and services:
(1) Facebook
On our account, there are links to Facebook, the leisure-oriented social network operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The links are recognisable by one of the Facebook logos. By visiting our website, information can be transmitted to Facebook. If you have a Facebook account, Facebook can associate this information with your personal account. If you do not want this, please log out of Facebook.
The data protection guidelines relating to what information Facebook collects and how they use it can be found at https://www.facebook.com/policy.php.
(2) XING
We link our account to the professional network XING of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. The links are identified by the XING logo. The links can be identified by the XING logo. XING's privacy policy is available here https://privacy.xing.com/.
(3) Youtube
Our website contains links to the account of the group of companies of the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA ("YouTube"). YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The links can be identified by the YouTube logo. YouTube's privacy policy is available here https://policies.google.com/privacy.
(4) Instagram
We link to the leisure-oriented social network Instagram on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to indicate that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. You can prevent this transmission by logging out of your Instagram account before accessing our website.
The use of the Instagram plugin is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility on social media.
For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.
(5) LinkedIn
We link functions of the LinkedIn network on our website. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
The links are recognisable by one of the LinkedIn logos. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn plug-in and are logged into your LinkedIn account, it is possible for LinkedIn to assign your visit to our website to your user account. We would like to indicate that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. You can prevent this transmission by logging out of your LinkedIn account before accessing our website.
The use of the LinkedIn-Plugin is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility on social media.
For more information, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
Additional information about Facebook
At Facebook, various data provided by you, including personal data, are processed by Facebook Ireland and us as joint controllers within the meaning of Art. 26 GDPR in order to compile usage statistics (Facebook Insights). The legal basis for the processing of personal data in this context is Art. 6 (1) (1) (f) GDPR (legitimate interests) or, if consent has been obtained, Art. 6 (1) (1) (a), Art. 7 GDPR (consent). The legitimate interest here is also to be able to inform you effectively and communicate with you and to improve the information offered, in particular on our presence on Facebook.
The essential information on the corresponding agreement pursuant to Art. 26 GDPR between Facebook Ireland and us, as well as information on who you can contact to assert your data subject rights, can be found at https://www.facebook.com/legal/terms/page_controller_addendum.
Regardless of what is stated in the referenced agreement, you are free to assert your data subject rights against us and Facebook.
When you visit our online presence on Facebook, your data will be transmitted by Facebook, among others, to third countries, i.e. countries outside the European Union that do not have an adequate level of data protection, such as Facebook Inc. in the USA, and stored and processed there. In order to ensure an adequate level of data protection when transferring data to third countries, Facebook has, according to its own information, concluded so-called EU standard contractual clauses with the recipients in third countries. For more information on how Facebook processes personal data, see https://de-de.facebook.com/about/privacy.
14. Grünbeck Cloud and apps
Description and scope of data processing
Some of our systems can be connected to the Grünbeck Cloud. In order to retrieve current device data, the device must be connected to the Cloud and the appropriate Grünbeck app for the product downloaded. In order to use the services of the app (e.g. overview of the current consumption data of the system), you must register in the Grünbeck app.
The following data is collected during registration or use of the app and stored in the Cloud:
(1) E-mail address
(2) First name
(3) Last name
(4) Address
(5) Information about the browser type and the version used
(6) The user's operating system
(7) The user's Internet service provider
(8) The user's IP address
(9) Consumption data
Legal basis for data processing
The legal basis for the processing of the data is a declaration of consent of the user according to Art. 6 (1) (a) GDPR.
Purpose of data processing
This data is processed and stored in order to display the data (e.g. current consumption data) in the app. The data is transmitted encrypted. The data will not be passed on to third parties. First name, last name and address are processed for service improvements. Data processing is used to check the correct functioning of the system. (Correct setting of the raw water hardness, etc.)
Duration of storage
The data is deleted as soon as they are no longer required to achieve the purpose of their collection.
Possibility of revocation and elimination
The user may revoke his or her consent for the processing of personal data at any time with future effect. In such a case, the app cannot continue to be used.
15. Upload of the log files of the Grünbeck systems to the Cloud for fault analysis
Description and scope of data processing
The system sends device data to the Grünbeck Cloud to analyse errors in Grünbeck products that are connected to the Grünbeck Cloud. Grünbeck can also upload log files to the cloud remotely. This serves as second-level support and is only carried out in individual cases.
The following data is collected:
(1) Operating behaviour of the Grünbeck system
(2) Fault status of the Grünbeck system
(3) Connection behaviour of the Grünbeck system to the router and the Grünbeck Cloud
(4) Consumption data of the user of the Grünbeck system (e.g. water quantity with time)
Legal basis for data processing
The legal basis for uploading data (e.g. log files) to the Grünbeck Cloud is our legitimate interest in ensuring the flawless operation of our systems (Art. 6 para. 1 lit. f GDPR).
Duration of storage
The log files are manually uploaded by Grünbeck in the event of a complaint and stored for a maximum of 12 weeks for analysis. After the purpose has been achieved or at the latest after the agreed storage period has expired, the log files are deleted again.
16. Reading out the device information
Description and scope of data processing
During maintenance and malfunction operations, the device information of the Grünbeck system must be read out in order to be able to analyse the operation of the system and rectify deviations.
In the process, the following data is collected:
(1) System serial number
(2) Consumption data
(3) Error messages
Purpose of data processing
This data is collected in order to guarantee the proper operation of the Grünbeck system.
Legal basis for data processing
The legal basis for the readout of the device data is our legitimate interest in ensuring the flawless operation of our systems (Art. 6 (1) (f) GDPR).
Duration of storage
The data is deleted as soon as they are no longer required to achieve the purpose of their collection.
17. Registrations
Description and scope of data processing
On our website and our Grünbeck apps, we offer users the opportunity to register by entering personal data. The data is entered on an entry screen and sent to us.
At the time of registration, the following data is stored additionally:
(1) The user’s IP address
(2) Date and time of registration
By consenting to our data protection provisions, you confirm that the personal data you specified are correct and actually describe you and no other natural person. If you are not registering for yourself, but rather for another natural person, you confirm that you have a release to do so by consenting to our data protection provisions. In this case, you also confirm that you have the consent of the specified person to establish contact for advertising purposes, whereby Grünbeck, a contractually connected partner of Grünbeck or a specialist installer in the vicinity of the specified person is authorised to contact this person by e-mail, telephone, fax and text message.
Extension of the warranty
The data collection for the extension of the warranty is carried out by direct collection from the data subject themselves via the "Product Registration" form on the website, via the "myProduct" app or by digitisation of the "Warranty Card" submitted in paper form by us or a processor (processor contract available).
Legal basis for data processing
The legal basis for the processing of the data is the presence of a declaration of consent of the user according to Art. 6 (1) (a) GDPR.
If the registration serves the fulfilment of a contract whose contracting party is the user or if it serves the performance of precontractual measures, the additional legal basis for processing the data is Art. 6 (1) (b) GDPR.
Purpose of data processing
A registration of the user is required for the provision of certain content and services on our website (e.g. product registration, water experiment case, seminar registration).
A registration of the user can also be required for the fulfilment of a contract with the user or for the performance of precontractual measures.
Duration of storageThe data is deleted as soon as they are no longer required to achieve the purpose of their collection.
This is the case for data collected during the registration procedure when the registration on our website is revoked or changed.
If the data is required for the fulfilment of a contract or to perform precontractual measures, a premature deletion of the data is possible only insofar as it does not contradict any contractual or legal obligations regarding a deletion.
18. Contact form and e-mail contact Description and scope of data processing
Description and scope of data processing
Our website has a contact form that can be used for establishing contact electronically. If a user takes advantage of this opportunity, the data entered on the entry screen is sent to us and stored briefly for the purpose of the responding.
At the point in time at which the message is sent, the following data is saved:
(1) The IP address of the user
(2) Date and time of registration
The following statements of this privacy policy apply to the data processing.
Alternatively, contact is possible through the provided e-mail address. In this case, the personal data of the user transmitted by e-mail is briefly saved, for the purpose of the responding, and forwarded according to Section 5 if pertinent.
The legal basis for the data processing
The legal basis for the data processing transmitted in the course of sending an e-mail is the protection of our legitimate interest in communication with our customers, interested parties and business partners
(Art. 6 (1) (f) GDPR).
If the objective of the e-mail contact is the conclusion of a contract, the additional legal basis for processing the data is Art. 6 (1) (b) GDPR.
Purpose of data processing
We process personal data from the entry screen solely to establish contact, as well as advertising purposes according to section 4. An establishment of contact by e-mail also constitutes a necessary, legitimate interest in the processing of the data.
The other personal data processed during the sending procedure are used to prevent a misuse of the contact form and guarantee the security of our IT systems.
Duration of storageThe data is deleted as soon as they are no longer required to achieve the purpose of their collection. Insofar as the establishment of contact is aimed at the conclusion of a contract, the corresponding e-mails could be subject to statutory retention periods. In such a case, we store the data according to the legal requirements.
19. Video surveillance on our factory premises
Description and scope of data processing
We use video surveillance on our company premises.
In the process, the following data is collected:
(1) Image files
(2) Movie files
Legal basis for data processing
The legal basis for the processing of personal data using video cameras is our legitimate interest according to Art. 6 (1) (f) GDPR, whereby our interests arise from the purposes listed below.
Purpose of data processing
Video surveillance is used for upholding company regulations, to avoid criminal offences and to preserve evidence in the case of criminal offences.
Duration of storage
The data will be deleted immediately if it is no longer necessary to achieve the purpose. Data from video surveillance is generally deleted after 72 hours.
A longer storage period may be necessary if circumstances justify the assumption that recordings from a limited period of time show acts that are to be prosecuted as a criminal offence or used to assert civil law claims.
Possibility of opposition and removal
You have the right to be informed about the personal data concerning you.
Furthermore, you have the right to correction or deletion or to restriction of the processing to the extent to which you are legally entitled to do so.
Finally, you have the right to object to the processing within the framework of the statutory provisions.
The right to data portability also exists within the framework of data protection regulations.
20. participation in the competition
Description and scope of data processing
When you participate in a Grünbeck competition, we process the data and information you provide. This includes the data required for participation, such as
(1) First and last name
(2) Date of birth
(3) Your e-mail address
(4) Postal address of the winner
In the case of social media competitions, the user name of the social media account is also processed.
Legal basis for data processing
The data processing of competition participants set out in the conditions of participation and data protection information serves the purpose of fulfilling a contract. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR.
Purpose of the data processing
Your personal data is processed for the purpose of running the competition, in particular to determine and notify the winners.
We may subsequently collect and process additional data, e.g. your full name and postal address, for the purpose of sending and delivering prizes.
Duration of storage
The processed data will be deleted after the competition has ended or expired and the prizes have been sent. In the case of social media competitions, however, the likes and comments on Instagram remain and can still be viewed publicly.
Rights of the data subject
As soon as your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights described under point "Rights of data subjects" described rights against us as the controller.
21. Data security
Our employees and the service companies commissioned by us are bound to secrecy and compliance with the provisions of the applicable data protection laws. The company takes appropriate technical and organisational security measures to protect your personal data from loss, alteration, destruction and access by unauthorised persons or unauthorised disclosure. Our security measures are constantly improved in line with technological developments.
22. Rights of the data subjects
If personal data about you is processed, you are the data subject in the sense of GDPR and you are entitled to the following rights with regard to the data controller. To exercise your rights listed below, you may contact the addresses listed in section 2.
(1) You have the right to request information about all personal data that we process from you at any time.
(2) If your personal data is incorrect or incomplete, you have the right to have it corrected and supplemented.
(3) You may request the deletion of your personal data at any time unless we are legally obliged or entitled to process your data further.
(4) If the legal requirements are met, you can demand that the processing of your personal data be restricted.
(5) You have the right to object to the processing, if the processing is based on a balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
(6) If the data processing takes place on the basis of your consent or within the framework of a contract, you have the right to transfer the data provided by you, provided that the rights and freedoms of other persons are not impaired.
(7) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. The processing carried out before a revocation remains unaffected by the revocation.
(8) You also have the right at any time to lodge a complaint with a data protection supervisory authority if you believe that data processing has been carried out in breach of applicable law.
You have the right to lodge a complaint regarding the handling of your personal data with the above-mentioned data protection officer or the data protection supervisory authority.
The supervisory authority responsible for you is:
Hoge Nieuwstraat 8
2514 EL Den Haag
Zuid-Holland
https://www.autoriteitpersoonsgegevens.nl/
23. Obligation to provide personal data
Insofar as a contract exists between you and our company, you must provide any personal contractual data that is legally required for the assumption, execution and termination of a commercial relationship and for the fulfilment of the associated contractual obligations or for the collection of such data. Without this data, we are generally not able to conclude a contract with you, execute it and terminate it.
The same applies to visits to our website and the collection of usage data. Without the collection of usage data, we and our service providers are not in a position to make our online offer available to you
II. Data protection guidelines for the processing of job applicant data
Which personal data do we collect and where does it come from?
Within the scope of an application process, we process the following personal data:
Your personal data is fundamentally collected directly from you within the scope of the application process, particularly from the application documents and job interview(s) You yourself are responsible for the correctly of the provided data.
In addition, we might process data obtained permissibly from publicly accessible sources, such as professional networks.
For what purposes and on what legal basis is data processed?
We process your personal data under consideration of the EU General Data Protection Regulation (GDPR) and other national regulations.
The processing of data primarily serves the selection of applicants and/or the establishment of an employment relationship. The overriding legal basis here is Art. 88 (1) GDPR.
Your data will be used solely to occupy the concrete position for which you have applied.
The processing of health data for the assessment of your ability to work according to Art. 9 Sect. 2 h) may be required.
How long is your data stored?
Your personal data will be stored for the duration of the application procedure in the event of rejection and deleted six months after completion of the application procedure.
If we cannot promise you a specific position, but would like to take your profile into account in any future vacancies, we would like to include your documents in an applicant pool. We would obtain your consent to this procedure separately by e-mail at the appropriate time. After your data has been added to the applicant pool, we will store it for a further 24 months. Your data will then be deleted.
If your application is successful, your data will be stored and processed as employee data.
When you complete the entry of your "personal data" in the first step of the application process by clicking on the "Continue" button, an applicant data record is created in our personnel management system. If the application process is canceled after the second step of the application process, your personal data will be deleted no later than one month after the application process is canceled.
Who receives your data?
Within our company, only those persons and function (e.g., department, works council, the representative for employees with disabilities) involved in the hiring decision receive your personal data.
Should we access the support of external service providers as part of the application process, we will obtain your separate consent before passing on your personal data. We have concluded an order processing contract with the relevant service providers.
Where is your data stored and how is it secured (data security)?
Our online career portal is technically operated by a service provider which stores your data in a computer centre in the Euro zone. The service provider is obliged to comply with data protection according to the GDPR and has current technical measures in place to ensure data security, in particular to protect your personal data from risks in data transfers and from third parties gaining knowledge of it. These measures will be adapted to the state of the art.
What rights can you assert as the person affected?
You have the rights from Art. 15 – 22 DSGVO (GDPR):
In this regard, please contact info@gruenbeck.nl
You have the possibility to submit a complaint to the abovementioned data protection officer (Datenschutzbeauftragter@gruenbeck.de) or to a data protection supervisory body.
Are you obliged to provide your data?
To take your application into consideration, we require he personal data required for the applicant selection process and/or decision on the establishment of an employee relationship.
You have the right to revoke your consent to the use of your personal data at any time with future effect. To do so, just send an e-mail to info@gruenbeck.nl. A revocation will result in the termination of the application procedure.
Our general data protection guidelines also apply (https://www.grue.nbeck.nl/privacy).