Privacy statement

Privacy statement

Website privacy policy

This data protection information applies for data processing by:

Controller: Franz Kaldewei GmbH & Co. KG, Beckumer Strasse 33-35, 59229 Ahlen

The company data protection officer of Franz Kaldewei GmbH & Co. KG can be contacted at the address above, f.a.o. Ms Simone Rosenthal, or via rosenthal[at]isico-datenschutz.de.

1. The collection and storage of personal data and the nature and purpose of processing

The protection of personal data and its confidential handling are of major concern to Franz Kaldewei GmbH & Co. KG. We therefore want to be transparent about what data we record, and how these data are processed and stored.

a) Accessing the website
When you access the www.kaldewei.de website, the browser your device uses automatically send information to our website’s server. This information is stored temporarily in what is called a Logfile. The following information is recorded automatically and saved until it is deleted automatically:

• IP address of the requesting computer,

• date and time of access,

• name and URL of the retrieved file,

• website from which access is made (referrer URL),

• browser used, and your computer’s operating system where applicable, as well as the name of your access provider.

We process the data specified for the following purposes:

• to guarantee a smooth connection is established to the website,

• to guarantee convenient use of our website,

• to evaluate system security and stability, and

• for further administrative purposes.

Data processing takes place on the basis of Art. 6(1)(1)(f) GDPR. We collect the data solely for the purposes specified above, from which our legitimate interest arises.

When you visit our website, we also use cookies and similar technologies. See points 3 to 6 of this privacy policy for more detailed explanations.

b) Newsletters
You have the opportunity to subscribe to our newsletters, and so receive regular information about our product and campaigns/events.

For subscription to our newsletter, we use the ‘double opt-in’ process, which means that we will not send you newsletters via email until you have confirmed that you are the owner of the email address provided by clicking on a link in our notification email. One you have confirmed your email address, we will store your data until you unsubscribe from the newsletter. Your data are saved for the purpose of sending you the newsletter and further promotional material that is relevant to you, and as evidence of your subscription. The legal basis for processing is your consent pursuant to Art. 6(1)(1)(a) GDPR.

So that we can send you personalised information as effectively as possible, in addition to your email address, we may also save other information, depending on the form of newsletter subscription, such as country of origin and background to your activity.

Optionally, we may ask you for further information such as your first name and surname, form of address, title, language, company name, address, telephone number, areas of interest and details of your company (e.g. display area size). If you have provided your express consent pursuant to Art. 6(1)(1)(a) GDPR, we will use your data to further personalise our newsletter and to send you other promotional materials where you expressly request this. We will also compare your data with our existing customer data.

We use standard market newsletter tracking methods such as email opened, links clicked on, etc. so that we can serve you with target audience-specific information and optimise our content for you. We want to provide our customers with content that is as relevant as possible and so better understand what our readers are truly interested in. If you do not want your usage behaviour to be analysed, you cannot use the newsletter service.

You may unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can of course simply send a message to the contact details that appear in the newsletter (e.g. via email or letter).

c) Contact
If you send us data under the headings Product, Contact, Service, Inspiration or Career (e.g. when ordering informational material), we ask you to provide your name, address or email address and other personal data. We save these data in order to comply with your request.

Not all details are mandatory. Mandatory information is marked with a *.

Data processing for the purpose of contacting us will take place on the basis of your voluntary consent pursuant to Art. 6(1)(1)(a) GDPR.

The personal data we collect for use of the contact form will be automatically deleted once your request has been processed (within a maximum of 60 days), unless you have consented to further processing for the purpose of sending you newsletters/promotional materials.

d) Applications
You can apply to us for available jobs via our applicant management system. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. In particular, we collect the following data for the receipt and processing of your application: first name and surname, address and other contact details, date of birth, application documents (e.g. references, CV), date of earliest possible start and expected salary. The legal basis for processing your application documents is Art. 6(1)(1)(b) and Art. 88(1) GDPR in conjunction with Section 26(1)(1) of the German Data Protection Act (BDSG).

We will delete the data collected during the application process immediately on completion of the application process, but no later than 6 months after submission, unless you have given your separate consent to the retention of your data.

e) Surveys, competitions and campaigns
Should you take part in one of our surveys, we use your data for market and opinion research. In principle, we evaluate the data anonymously for internal purposes. In principle, we evaluate the data anonymously for internal purposes. In the case of anonymous surveys, the GDPR does not apply and in the case of exceptional personal evaluations, the legal basis is the aforementioned consent pursuant to Art. 6(1)(1)(a) GDPR.

In the context of competitions and campaigns, such as give-away campaigns for example, we use your data for the purpose of conducting the competition and notifying you of your win or to conduct the campaign. Detailed information can be found in the terms and conditions of participation for the respective competition. The legal basis for the processing is the competition agreement pursuant to Art. 6(1)(1)(b) GDPR.

f) Registration
You have the opportunity to register for our login area, and so utilise our website’s full range of functions. The data you are obliged to provide (company, category, name, address, email address) are marked with a * as mandatory fields. Without these data, registration is not possible. The legal basis for processing is Art. 6(1)(1)(b) GDPR.

2. Transmission of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will pass on your personal data to third parties only if:

• you have granted your express consent pursuant to Art. 6(1)(1)(a) GDPR,

•transfer pursuant to Art. 6(1)(1)(f) GDPR is necessary in order to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not transferring your data,

• a statutory obligation exists for such transfer pursuant to Art. 6(1)(1)(c) GDPR, or

• this is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6(1)(1)(b) GDPR.

A proportion of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, marketing agencies, consulting firms, data centres which store our website and databases, and IT service providers which maintain our systems. Data may also be the transferred within our group of companies. Where we pass data onto our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

In addition, a transfer of your data may occur in connection with official enquiries, court orders and legal proceedings if this is deemed necessary for legal prosecution or enforcement.

a) Email marketing service provider
We use the provider port-neo Freiburg GmbH (Engesserstrasse 4a, 79108 Freiburg) to carry out our email marketing. This requires that we pass on your master data (name, address, email address and, if applicable, company, reference group, telephone number, website) as well as your registration data (IP address, permission, date of entry) to this provider. The legal basis for this is Art. 6(1)(1)(f) GDPR, based on our legitimate interest in the efficient execution of product advertising and customer communication, the provision of information and work materials, lead generation and lead qualification. Further information can be found in the privacy policy ofport-neo Freiburg GmbH.

b) Website marketing service provider
We use the services of the provider Marketing Factory Consulting GmbH (Marienstr. 14, 40212 Düsseldorf) to provide our website and its associated functions. This means that it may sometimes be necessary to pass on your master and usage data to this provider. The legal basis for this is Art. 6(1)(1)(f) GDPR, based on our legitimate interest in the provision of an appealing and useful website to represent our company, product advertising and customer information. Further information on data protection can be found in the privacy policy of Marketing Factory Consulting GmbH.

c) Advertising materials service provider, mail order
We use the service provider PROWERB Werbe- und Versandservice GmbH (Huissener Strasse 7-9, 47533 Kleve) to despatch advertising materials such as catalogues. In order to be able to send you catalogues etc., it is necessary to transmit your master and usage data to this service provider. The legal basis for this is Art. 6(1)(1)(f) GDPR, based on our legitimate interest in the efficient despatch of attractive advertising materials such as catalogues and colour charts. Please see the Prowerb privacy policy for further details.

d) Localisation of website visitors
We use the GeoIP service provided by MaxMind Inc (14 Spring Street, Waltham, MA 02451, USA) to direct website users to a suitable country version of our website. The transfer of your IP address to this provider will be required for this purpose. Since this involves the transfer of data to the USA, we have concluded a data processing agreement and standard contractual clauses with MaxMind to guarantee an adequate level of data protection. The legal basis for this is Art. 6(1)(1)(f) GDPR, based on our legitimate interest in being able to show our customers the website that is relevant to them.

See the MaxMind Inc. privacy policy for further details.

e) Webinars
To enable website users to participate in webinars, we work with the service provider ieQ-systems GmbH & Co. KG (Fridtjof-Nansen-Weg 8, 48155 Münster). When you register for a webinar, you provide your details, i.e. First name/surname, company and email address, to this service provider so that they can send you information about this event. We process your data based on the legitimate interest in providing webinars to users of the website pursuant to Art. 6(1)(1)(f) GDPR. Without this processing, participation in a webinar is not possible.

You can find further information regarding the protection of your data in the context of a webinar online here: www.logmeininc.com/de/gdpr/gdpr-compliance.

f) Microsoft Teams
For communication with you we may use the Microsoft Teams service Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland. This enables the exchange of text messages in chats and the carrying out of audio and video calls. You can reach our employees via a corresponding link in the email signature and write to them or call them directly via Teams.

When communicating via Microsoft Teams, the following data can be processed:

• Information about you: if applicable, display name, first name, last name, telephone number, email address, password (encrypted for authentication), profile picture;
• When using the chat: Text messages;
• When using audio: Recording data from the microphone;
• When using video: Recording data from the video camera;
• When sharing the screen: Recording data of the desktop;
• When using the telephone: incoming and outgoing telephone numbers, country name, start and end time, possibly other connection data such as the IP address of the device;
• Metadata: IP address, phone number if applicable, type of device and software, time of last activity on Teams, number of chat messages, number of calls made, length of time for audio, video and screen sharing.

Microsoft also stores and uses the metadata to enable aggregate analysis and reporting on Teams usage. All data traffic while using Microsoft Teams is encrypted (generally TLS 1.2 with Perfect Forward Secrecy (PFS), MTLS for text messages and SRTP for audiovisual content) and encrypted data storage generally takes place on servers in the European Economic Area (EEA).

The legal basis for data processing in connection with the fulfilment of a contract or the implementation of pre-contractual measures is Article 6 para. 1 sentence 1 lit. b GDPR. Otherwise, the legal basis is Article 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interest in providing a secure and functional communication channel.

We have concluded an order processing contract with Microsoft. In the event that data are exceptionally transmitted to the USA Microsoft Ireland Operations Limited has entered into standard contractual clauses with Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, as well as additional measures.

For more information, see the privacy policy of Microsoft at:
https://privacy.microsoft.com/de-de/privacystatement.

3. Cookies and similar technologies

This website uses cookies and similar technologies (collectively knows as ‘Tools’) which are provided either by ourselves or by third parties.

A cookie is a small text file which the browser saves on your device. Cookies re not used to run programs or to upload viruses onto your computer. Similar technologies include, in particular, web storage (local/session storage), fingerprints, tags or pixels. Most browsers accept cookies and similar technologies as standard. However, you can generally change your browser settings so that cookies or similar technologies are blocked, or are saved only with prior consent. If you block cookies or similar technologies, it is possible that not all our services will function properly for you.

The tools we use are listed and explained by category below (points 4 to 6). We also set out in which instances we obtain your consent for the use of tools, and how you can revoke this consent. We explain how we obtain your consent below under 4 a) Usercentrics.

4. Essential tools

We use certain tools to enable the basic functions of our website (‘essential tools’). Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent based on our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR, due to legal requirements pursuant to Art. 6(1)(1)(c) GDPR or to fulfil a contract or to execute contractual measures pursuant to Art. 6(1)(1)(b) GDPR.

To save whether you have already seen the notification about our newsletter, we set the necessary ’newsletterRegistrationLayerAlreadySeen’ cookie for 1 year. It does not contain any personal data.

a) Usercentrics – obtaining your consent
To obtain and manage your consent, we use the Usercentrics tool provided by Usercentrics GmbH, Rosental 4, 80331 Munich (‘Usercentrics’). This generates a banner which informs you of data processing on our website, and gives you the option to agree to all, individual or no data processing through optional tools. This banner appears on the first visit to our website, when you go back to your settings choices to change them or to revoke consent, or if you click on ‘Go to settings’ in the message field of a tool that has not been loaded due to lack of consent. The banner also appears on further visits to our website if the settings saved by Usercentrics have been deleted in the local storage.

During your visit to our website, your consents or revocation, your IP address, information about your browser, your device and the time of your visit are transmitted to Usercentrics. Usercentrics also saves necessary information in the local storage (‘ucSettings’, ‘ucConsents’, ‘usercentrics“’) to save your consent and revocation orders. If you delete your information in the local storage, we will ask for your consent again when you access the site at a later date.

This data processing by Usercentrics is necessary to provide you with the legally required consent management, and fulfil our documentation obligations. The legal basis for the use of Usercentrics is Art. 6(1)(1)(c) GDPR to comply with the legal requirements with respect to cookie consent management.

b) Google ReCAPTCHA
Our website uses the Google reCAPTCHA service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’). reCAPTCHA prevents automated software (called bots) from carrying out improper activities on the website, i.e. it checks whether the entries made are actually from a human being. To determine this, the following data are processed:

Referrer (address of the page on which the captcha is used), IP address, cookies set by Google, input behaviour of the user (e.g. response to the reCAPTCHA question, input speed in form fields, sequence of selection of input fields by the user), browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (Javascript).

Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not wish to be linked with your Google account in this way, you must log out of Google before visiting our contact page.

The specified data are sent to Google in encrypted form. Google’s analysis determines the form in which the captcha is displayed on the page.

The legal basis is the necessity for the fulfilment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(1)(b) GDPR, for example in the context of registering a user account, the use of a contact form or subscription to a newsletter. Google reCAPTCHA serves to safeguard IT security, guarantee the stability of our website and prevent misuse.

In some cases, the data may also be processed on servers in the USA. In the event that personal data is transferred to the USA or other third countries, this is done on the basis of Art. 49(1)(1)(b) GDPR to enable the fulfilment of a contract with you or the implementation of pre-contractual measures.

You can find further information in the Google data protection statement: https://policies.google.com/privacy.

c) Design@Web
We use the Design@Web tool to provide a bathroom planning tool for the purpose of advising customers.

The tool allows you to save and print out the plans you have prepared, provided you have registered with an account. In addition, necessary cookies with a storage period of one week are set to temporarily save the planning status (before saving/printing the planning) in order to be able to return to the started planning for a limited period of time. If you have consented to the use of Google Analytics, a usage analysis is also carried out when you use Design@Web.

For registration, at least your email address, salutation, first name and surname, country and profession are collected. This information is marked as a mandatory with a *. The account is activated following successful double opt-in. If you also subscribe to the newsletter when registering, we refer you to the ‘Newsletter’ section under 1. b).

The legal basis is the necessity for the fulfilment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(1)(b) GDPR.

5. Functional tools

We additionally use tools to improve the user experience on our website and so that we can offer you more functions (‘functional tools’). While these are not strictly necessary for the basic functionality of the website, they can deliver considerable benefits for users, in particular in terms of user-friendliness and the provision of additional communication, display or payment channels.

The legal basis for these functional tools – unless specified otherwise – is your consent pursuant to Art. 6(1)(1)(a) GDPR. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49(1)(1)(a) GDPR). The cookie banner and this privacy policy inform you of the associated risks.

You may revoke your consent to use the tools at any time. To do this, click on ‘Privacy settings’ at the bottom of the page, which will display the cookie banner again and allow you to select or deactivate individual tools.

a) Google Tag Manager
Our website uses the Google Tag Manager service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).

Google Tag Manager is used solely to manage website tools by integrating ‘website tags’. A tag is an element stored in the source code of our website to execute a tool, for example through scripts. Where these are optional tools, these are integrated by Google Tag Manager only with your consent. Google Tag Manager does not use cookies.

For the purposes of ensuring stability and functionality, Google collects information on which tags are integrated by our website when using the Google Tag Manager, but in principle no personal data, in particular no data on user behaviour, the IP address or the pages visited.

We have concluded a data processing agreement with Google. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.

You can find more details about this in the Google Tag Manager information: https://support.google.com/tagmanager/answer/9323295?hl=de.

b) Google Fonts
Our website uses the Google Fonts service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).

When you access a website, your browser loads the necessary fonts so that texts are displayed correctly and attractively. To do this, your browser needs to establish a connection to the Google servers. The server with which a connection is established may be located in the USA. This tells Google that you accessed our website from your IP address. According to Google, such access is separate from other Google services that require user authentication. There is no merger with other data. No cookies are saved.

Google Fonts serves a uniform and appealing presentation of our online presence through maintenance-free and efficient use of fonts, also taking into account any licensing restrictions for their local integration.

For more information, please see Google's Frequently Asked Questions and privacy policy: https://developers.google.com/fonts/faq und https://www.google.com/policies/privacy/.

c) YouTube
On our website we use videos from YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (‘YouTube’), a company owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). We have integrated YouTube videos into our online offering; these are stored on YouTube and can be played directly from our website. Integrating YouTube videos increases the attractiveness of our website.

When you visit the website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This happens irrespective of whether you are logged into YouTube or Google. YouTube and Google use this data for the purposes of advertising, market research and the needs-based design of their websites. If you access YouTube on our website when you are logged into your YouTube or Google profile, YouTube and Google may also link this event with the respective profiles. If you do not wish this link to be created, you must log out of Google before visiting our website.

In addition to revoking your consent, you also have the option to deactivate personalised advertising in Google's advertising settings. In this case, Google will display only non-customised advertising: https://adssettings.google.com/.

You can find further information in Google's privacy policy, which also applies to YouTube: https://policies.google.com/privacy?hl=de&gl=de.

d) Google Maps
Our website uses the Google Maps mapping service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).

In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the United States, when visiting a subpage that has integrated maps from Google maps.

This gives Google the information that the subpage of our website on which maps from Google maps are integrated has been accessed from the IP address of your device. If you access the Google Maps service on our site while logged in to your Google profile, Google may also link this event to your Google profile. If you do not wish to be linked with your Google profile, you must log out of Google before visiting our subpage on which maps from Google Maps are integrated. Google stores your data and uses them for the purposes of advertising, market research and personalised presentation of Google Maps.

You can find more information about this in Google’s privacy policy and in the additional terms of usage for Google Maps: https://www.google.com/intl/de/policies/privacy/index.html and https://www.google.com/intl/de/help/terms_maps.html.

e) Rexx Recruitment
We use Rexx Recruitment applicant management provided by rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg, Germany, which is integrated on our website under ‘vacancies’. Rexx Recruitment enables our vacancies to be displayed, searched and applied for. Rexx Recruitment also carries out aggregated usage analysis using the Matomo tool. Rexx Recruitment further facilitates the maintenance and management of applications and job vacancies in the context of the overall recruitment process, including email correspondence and the scheduling of interviews. The specialist departments and the works council are also involved in this process.

On the application form, the mandatory information is marked with a *.

Rexx Recruitment processes the following data: technical information (operating system; browser type, version and language; device type, make, model and resolution), IP address, referrer URL (previously visited page), pages accessed (date, time, URL, title, time spent), application data from the form on the website (master data (min. first name, surname, street, postcode, city, country, telephone, email address), framework data, where applicable data regarding school-leaving qualifications and languages as well as attachments (covering letter, CV, references, photo), further application-related data communicated during the recruitment process.

Rexx Recruitment places the following cookies for the storage period specified: ‘sid’ to save the current session, ‘job_views’ to save views of advertised vacancies (1 year).

These data are processed in a data centre in Germany. We have concluded a data processing agreement with rexx systems for Rexx Recruitment.

With respect to processing application data, we also refer you to the ‘Applications’ section under 1. d).

6. Marketing tools

In addition, we use tools for the statistical collection and analysis of general usage behaviour based on usage data, in particular to optimise and improve our website, as well as for advertising purposes (‘marketing tools’). Some of the usage data generated when using our website is used for interest-based advertising and to evaluate our marketing channels. Analysing and evaluating this usage data enables us to show you personalised advertising that actually corresponds to your interests and needs on our website and on the websites of other providers.

In the section below, we would like to explain these technologies and the providers we engage for them in more detail. In particular, the data collected may include: the IP address of the device; the identification number of a cookie; the device identification of mobile devices (device ID); referrer URL (previously visited page); pages accessed (date, time, URL, title, time spent); files downloaded; links to other websites clicked on; where applicable the achievement of specific targets (conversions); technical information: operating system; browser type, version and language; device type, make, model and resolution; approximate location (country, and city where applicable). The data collected is saved exclusively in pseudonymised format so that there can be no direct conclusions drawn concerning individuals.

a) Google Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).

Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. However, your IP address is truncated before the usage statistics are evaluated, so that no conclusions can be drawn regarding your identity. For this purpose, Google Analytics has been extended on our website with the ‘anonymizeIP’ code to ensure the anonymous collection of IP addresses.

Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the use of the website and the internet. GA Audience also performs target audience remarketing in the context of the activated advertising function. The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there.

In particular, Google places the following cookies for the purpose specified and with the respective storage duration: ‘_ga’ for 2 years and ‘_gid’ for 24 hours (both to identify and differentiate website visitors by means of a user ID); ‘_gat’ for 1 minute (to reduce requests to the Google servers); ‘IDE’ for 13 months (third-party cookie identify and differentiate website visitors by means of a user ID, to record the interaction with advertising and in the context of playing personalised advertising).

We have concluded a data processing agreement with Google for the use of Google Analytics. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.

You can find further information about this in the Google Analytics privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

b) Google Ads Conversion Tracking and Ads Remarketing (formerly AdWords)
Our website uses the ‘Google Ads’ services, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).

Google Ads uses ‘Google Ads Conversion Tracking’ to record and analyse customer actions defined by us (such as clicking on an advertisement, page views, downloads). We use ‘Google Ads Remarketing’ so that we can show you customised advertising messages for our products on Google partner websites.

The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.

In particular, Google places the following cookies for the purpose specified and with the respective storage duration: ‘IDE’ for 13 months (third-party cookie to identify and differentiate website visitors by means of a user ID, to record the interaction with advertising and in the context of playing personalised advertising); ‘1P_JAR’ for 1 month (optimisation of personalised advertising, avoid playing the same advertisement multiple times); ‘DV’ for 5 minutes (user preferences, such as language); ‘NID’ for 6 months (settings for Google services and further functions for advertising purposes).

If you use a Google account, Google may, depending on the settings stored in the Google account, link your web and app browsing history to your Google account and use information from your Google account to personalise advertisements. If you do not wish to be linked with your Google account in this way, you must log out of Google before visiting our website.

If you have not consented to the use of Google Ads, Google will display only general advertising that has not been selected on the basis of information collected about you on this website. In addition to withdrawing your consent, you also have the option to deactivate personalised advertising in the Google advertising settings: https://adssettings.google.com/.

You can find further information in the Google data protection statement: https://policies.google.com/privacy.

c) Microsoft Advertising (formerly Bing Ads)
Our website uses Microsoft Advertising, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (‘Microsoft’). Microsoft uses cookies and similar technologies to present advertisements relevant to you. The use of these technologies enables Microsoft and its partner websites to place advertisements based on previous visits to our or other websites on the internet. To this end, we also analyse your usage behaviour and use retargeting technologies. The data arising in this context may be transferred by Microsoft to a server in the USA for evaluation and stored there.

In particular, Microsoft Advertising places the following cookies for the purpose specified and with the respective storage duration: ‘_uetsid’ for 24 hours (session ID); ‘_uetvid’ for 16 days (user identification, usage analysis and to play personalised advertising); ‘MUID’ for 1 year (visitor identification, usage analysis and to play personalised advertising).

In particular, Microsoft Advertising saves the following information in the local storage: ‘_uetsid’ and ‘_uetvid’ (the same purposes as the corresponding cookies); ‘_uetsid_exp’ and ‘_uetvid_exp’ (information about the expiry date of cookies).

In addition to revoking your consent, you also have the option to deactivate Microsoft Advertising personalised advertisements in the advertising settings in your Microsoft account: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen und http://choice.microsoft.com/de-de/opt-out.

You can find more information about this on the Microsoft Advertising help pages, and Microsoft’s data protection provisions: https://help.bingads.microsoft.com/#apex/3/de/53056/2 and https://privacy.microsoft.com/de-de/privacystatement.

d) The Trade Desk
Our website uses The Trade Desk, a service of The Trade Desk, Inc. 42 N. Chestnut Street Ventura, CA 93001 USA (‘The Trade Desk’). The Trade Desk uses cookies and similar technologies to present advertisements that are relevant to you. The use of these technologies enables The Trade Desk and its partner websites to place advertisements based on previous visits to our or other websites on the Internet. The data arising in this context may be transferred from The Trade Desk to a server in the USA for evaluation and stored there.

You can find further information in the data protection provisions of The Trade Desk: https://www.thetradedesk.com/general/privacy.

e) Google Marketing Platform and Ad Manager (formerly DoubleClick)
Our website uses the Google Marketing Platform and the Google Ad Manager, services which for users from the European Economic Area and Switzerland are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).

These services use cookies and similar technologies to present advertisements that are relevant to you. The use of these services enables Google and its partner websites to place advertisements based on previous visits to our or other websites on the internet. The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.

If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will display only general advertising that has not been selected on the basis of information collected about you on this website. In addition to withdrawing your consent, you also have the option to deactivate personalised advertising in the Google advertising settings: https://adssettings.google.com/.

You can find further information about this in Google’s privacy policy: https://policies.google.com/?hl=de.

f) Facebook pixel
For marketing purposes, our websites use the Facebook social network’s ‘Facebook pixel’ service, which for users outside the USA and Canada is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and for all other users by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (collectively known as ‘Facebook’).

We use Facebook pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (‘Conversion Tracking’). We also use Facebook pixel to play you personalised advertising messages based on your interest in our products (‘Retargeting’). To this end, Facebook processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites.

The data arising in this context may be transferred by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Facebook.

Facebook Pixel places the following cookies for the purpose specified and with the respective storage duration: ‘_fbp’ for 3 months (usage analysis and retargeting).

If you are a Facebook member and have allowed Facebook to do so via the privacy settings of your account, Facebook can also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook advertisements. You can view and amend the privacy settings of your Facebook profile at any time: https://m.facebook.com/privacy/touch/basic/.

If you have not consented to the use of Facebook pixel, Facebook will display only general Facebook advertisements that have not been selected on the basis of information collected about you.

You can find further information about this in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

7. Online presence on social networks

We maintain an online presence on social networks so that we can communicate there with customers, prospects and other interested parties, and provide information about our products and services.

The respective social networks general process users’ data for market research and advertising purposes. This allows usage profiles to be created based on users’ interests. To this end, cookies and other identifiers are stored on the user’s computer. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks, as well as on third-party websites.

As part of operating our online presence, we may possibly access information such as statistics on the use of our online presence, which are provided by the social networks. These statistics are aggregated, and in particular may include demographic information and data regarding interaction with our online presence and the posts and content disseminated via them. See the list below for details and links to the social network data that we as operator of the online presence have access to.

The legal basis for the data processing is Art. 6(1)(1)(f) GDPR, based on our legitimate interest in effectively informing and communicating with users, and Art. 6(1)(1)(b) GDPR, to maintain contact with our customers and provide them with information, and to execute pre-contractual measures with future customers and prospects.

For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network. The links below will take you to further information regarding the respective data processing and the options to object.

Please note that data protection requests can be asserted most efficiently with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information concerning the social networks on which we maintain an online presence:
• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland): Data protection statement: https://www.facebook.com/policy.php;
• Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Data protection statement: https://help.instagram.com/519522125107875;
• Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): Data protection statement: https://policies.google.com/privacy; Opt-out: https://www.google.com/settings/ads;
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland): Operation of the LinkedIn company site in joint responsibility based on an agreement concerning the joint processing of personal data (‘Page Insights Joint Controller Addendum’): https://legal.linkedin.com/pages-joint-controller-addendum; Information concerning the Page Insights Data and contact options in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
• Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland): Data protection statement: https://policy.pinterest.com/de/privacy-policy.

8. Data transfer to third-party countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case, and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is provided for and no adequacy decision or suitable guarantees are in place, it is possible, and there is a risk, that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. You will be informed if your consent is obtained via the cookie banner.

9. Storage duration

In general, we store personal data only for as long as they are necessary to fulfil the contractual or statutory obligations for which we have collected the data. Following this, we immediately delete the data unless we need them until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations.

For evidence purposes, we must retain contractual data for a further three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the statutory period of limitation, at the earliest at this point in time.

Even after this term, we are sometimes required to save your data for accounting purposes. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified in this legislation for the retention of documents range from two to ten years.

10. Rights of the data subject

You have the right:
• To request information about the processing of your personal data by us pursuant to Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of the personal data, the categories of recipients to whom your data have been or will be disclosed, the planned duration of storage, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge an appeal, the origin of your data, if they have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;

• Pursuant to Art. 16 GDPR, to request the rectification of inaccurate personal data or the completion of personal data stored by us without undue delay;

• Pursuant to Art. 17 GDPR, to request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

• Pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have filed an objection to the processing pursuant to Art. 21 GDPR;

• Pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of this data to another controller;

• Pursuant to Art. 7 Abs(3)(21) GDPR, a right of revocation and objection (see 11. Right of revocation and objection).

To assert your rights as described here, you can use the contact details above at any time. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, even longer for the assertion, exercise or defence of legal claims. The legal basis is Art. 6(1)(1)(f) GDPR, based on our interest in defending any civil rights claims pursuant to Art. 82 GDPR, avoiding fines pursuant to Art. 83 GDPR, and fulfilling our accountability obligations pursuant to Art. 5(2) GDPR.

Finally, you have the right to file a complaint with a data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or in the place of the alleged infringement. The responsible supervisory authority in Ahlen (Westphalia) is: State Commissioner for Data Protection in North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

11. Right of revocation and objection

Pursuant to Art. 7(2) GDPR, you have the right to revoke consent granted to us at any time. As a result, we shall not continue to process data based on this consent in the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to revocation.

You can easily revoke your consent to cookies and similar technologies via ‘Data settings’ at the bottom of the page.

Where we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you are entitled pursuant to Art. 21 GDPR to object to the processing of your data for reasons arising from your particular situation. Where you object to the processing of data for the purposes of direct marketing, you have a general right of objection which we must implement without you providing us with reasons. Should you wish to exercise your right of revocation or objection, simply send an e-mail to info[at]kaldewei.de or an informal letter to the above address.

12. Data security

Within the website visit, we use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. Should your browser not support 256-bit encryption, we revert to 128-bit v3 technology instead. You can determine whether a single page of our website is transmitted in encrypted form by the closed display of the key or padlock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

13. Currency and amendment of this privacy policy

This privacy policy is currently valid and was issued in May 2022.

Due to the further development of our website and offers related to it or due to changes in statutory or official requirements, it may become necessary to change this privacy policy. You can view the current privacy policy and print it at any time at https://www.kaldewei.us/privacy-statement/.