GROHE SPA App Privacy Policy in the version of April 2020

We as GROHE appreciate your interest in our company and our products. We take the protection of your privacy very seriously. In the following we inform you how your personal data is being processed while using GROHE SPA app mobile application in connection with our F-Digital Deluxe products, as well as the rights you have under the European General Data Protection Regulation (“GDPR”).

A. Who is responsible for the data processing and who can you contact?

Responsible as controller for the processing of your personal data is: GROHE AG, Feldmühleplatz 15, 40545 Düsseldorf, Germany

Data protection officer: Data protection officer of GROHE AG, Feldmühleplatz 15, 40545 Düsseldorf, Germany

E-mail: dataprotection@grohe.com

B. How do we process personal data?

We do not process personal data when using GROHE F-Digital Deluxe products via GROHE SPA app.

I. Contacting us via email or contact form

When you contact us by e-mail or via the contact form, your e-mail as well as any other details provided by you will be processed by us in order to best answer any questions or issues you may have.

Legal basis for the processing of personal data is Art. 6 (1) lit. f GDPR (legitimate interests). Our legitimate interest for the processing is the offering of good customer care and optimal handling of your requests.

II. Handling of incidents and provision of support services

We process certain personal data in case of a malfunction or damage reported by the GROHE Devices used by you or reported by you directly, including the accessing of your personal data by the GROHE support team for analyzing and solving the malfunction or damage reported and for the purpose of contacting you. This includes your contact details and the required information regarding the specific incident (“Incident Data”).

In order to provide optimal support and service and to reach out to you, the Incident Data may be transferred to the regionally competent GROHE service group company, located in your country of residence (“Regional Support Entity”). We may also share your contact details and information regarding the specific incident personal data with external service providers (e.g. installers), which act on our behalf in case service requests require on-site visits.

Legal basis for the processing of personal data is Art. 6 (1) lit. b GDPR (performance of a contract).

III. Communication for marketing purposes

We will process your personal data (e.g. e-mail, telephone number) to provide you with market specific products from GROHE or an affiliated company of GROHE.

If you agree, we may also share your personal data with affiliated companies of LIXIL Group, i.e. the mother company of GROHE or other companies belonging to the LIXIL Group, to send you marketing information.

Legal basis for such processing of personal data is Art. 6 (1) lit. a GDPR (consent).

C. How long do we store personal data?

In general, we process personal data only as long as it is necessary in relation to the initial specified, explicit and legitimate purpose.

In addition, we are subject to various statutory filing and documentation obligations. The retention periods for such storage and documentation obligations can be up to ten years.

In light of possible legal claims, the retention period is also determined by statutory time limitations, which can be up to thirty years, whereby the regular limitation period is three years.

D. How do we secure personal data?

We maintain up-to-date technical measures to safeguard data security, in particular to protect your personal information from threats when transferring data and from prior knowledge gained by third parties. These measures are constantly adapted to the latest state of the art.

In order to prevent unauthorized access by third parties to your personal data, the connection is encrypted using SSL technology.

E. Which rights do you have?

You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR).

When personal data is processed based on your consent, you have the right to withdraw your consent according to Art. 7 (3) GDPR. Please keep in mind that your withdrawal only affects future processing based on your consent.

As far as the personal data is processed for the purpose of our legitimate interest according to Art. 6 (1) lit. f GDPR, you have the right to object according to Art. 21 GDPR. You can find further information regarding your right to object at the end of this Privacy Policy.

To exercise the aforementioned rights, you can contact us, in particular via email under dataprotection@GROHE.com. To facilitate the processing of your request it is helpful, if you could indicate in your communication information on where you were in contact with us (e.g. in which country and under which circumstances). Please note that we may require you to present proof of identity to verify the eligibility of your rights execution.

If you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy.

Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).

Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defense of legal claims.

You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.

Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.

The objection is not subject to any form. Ideally, it should be lodged via email at the bodies mentioned in Section E.