Section 1: Introduction and general information
Data Protection Information
About us and our website
We, BSH Hausgeräte GmbH, Carl-Wery-Strasse 34, 81739 Munich, operate this website. Please use the contact information provided on the Company Information page to contact us.
If you get in touch with us, we will store and process the information you provide for the purpose of handling your enquiry and any follow-up questions. We are permitted to process data in this context by law (article 6(1b) of Regulation (EU) 2016/679). We will delete your information once your enquiry has been handled.
Our guiding principles
We take protecting your information very seriously. Your data is therefore processed with great care and in strict compliance with applicable data protection law. Organisational and technical security measures have been taken to protect all of our websites against the risks present in processing personal data. Our partners who support us in the provision of this website must comply with these provisions as well.
What we log as standard
You can use all the areas of our website that are not access-protected without disclosing your identity. We log every use of our website as standard in order to remedy faults and clarify security incidents. You can find more about our log data in the section "How we process your data".
Which permissions do we have to process your data
We respect your privacy. Consequently, we only process your data when we are permitted to do so. It goes without saying that you can also give us permission to process your data by opting in to data processing on our website. In other cases, we process your data because we are permitted to do so by law. If, for example, you place an order through our website, we are permitted to process your data in order to fulfil that contract. The same applies when you make use of other services on our website that require your data to be processed. We are also permitted to process your data when we have a legitimate interest in doing so. One example of this is the log data that we collect in order to ensure that our website can be operated without defects, amongst other things. In any case, we will inform you if any relevant processing of your data takes place, and your interests are taken into consideration each time that data is processed as a matter of course. In the event that you have cause for complaint, you can find your rights regarding the processing of your data in the latter section of this Data Protection Information.
The permissions we make use of, and when, are outlined in the following section. You can find more detailed information on how your data is collected, processed and used on our website (i.e. the type, scope and purpose of data processing) in the same section.
What else you should know:
Users below the age of 16 should only transmit personal data to us with the consent of their parent or legal guardian. The data protection law that applies may result in different age limits in this regard.
Our website may contain links to other websites. We have no influence over how your data is processed on these websites or their compliance with provisions on data protection. Please note any Data Protection Information they provide.
Section 2: Data processing on the website
How we process your data (logs, cookies, tracking, etc.)
Log data
For technical reasons, each time your internet browser accesses our website it automatically sends information to our web server (i.e. log data). We store some of this information in log files, such as:
• The date of the access
• The time of the access
• The URL of the linking website
• The files accessed
• The volume of data transferred
• The browser type and version
• The operating system
• The IP address (anonymised)
Log data does not contain personal data. As a general rule, we only analyse log data in order to remedy faults in the operation of our website or clarify security incidents. We store this log data indefinitely.
It is sometimes necessary for us to collect additional personal information as well as log data in order to remedy faults or preserve evidence relating to security incidents. In these cases, we are permitted to process the log data by law (article 6(1f) of Regulation (EU) 2016/679). We delete this data once the fault has been remedied or the security incident has been clarified in full, or if the original purpose of the processing no longer exists due to other factors. In the event of a security incident, we will transmit log data to the investigating authorities on a case-by-case basis, to the extent permitted.
We always store log data separately from other data collected that relates to the use of our website.
Cookies
We use cookies. Cookies are small text files which we store on your device when you visit our website. These cookies are sent back to us every time you access our website subsequently. This allows us to recognise you, for example, or makes navigating our website easier for you thanks to the information stored in the cookies.
Cookies cannot be used to run programs or transfer viruses to a computer. Cookies can only be read by the web server they originate from.
We do not share the information stored in the cookies with third parties without your express permission.
You can also view our website without cookies. Internet browsers are often configured to accept cookies. To prevent your internet browser from using cookies, you can (1) opt out of the use of cookies when you access our website using the cookie layer (if available) or (2) disable cookie use via the settings in your internet browser. The help functions in your browser can show you how to disable and/or delete cookies in your internet browser. Please note that disabling/deleting cookies may result in individual functions on our website no longer working as expected. Cookies that may be required for certain functions on our website are set out below. In addition, disabling/deleting cookies will only affect the internet browser used to do so. Disabling/deleting cookies must therefore be repeated for any other internet browsers accordingly.
Cookies that we use for specific functions, without references to individuals:
– Cookies that store certain user preferences (e.g. search or language settings)
– Cookies that store information in order to guarantee flawless playback of video or audio content
– Cookies that temporarily store certain user entries (e.g. the contents of a shopping basket or online form)
Cookies that we use for specific functions, with references to individuals:
– Cookies that serve to identify or authenticate our users
We are permitted to process data in this context by law (article 6(1f) of Regulation (EU) 2016/679). We store this data until the cookie in question expires or until you delete it.
Any further processing of personal data using cookies is outlined in the relevant sections within this information.
Web analytics using pseudonymised user profiles
We use web analytics tools for various purposes on our website. You can find information on the web analytics tools we use below, including a description of the data processing in question, the purposes of that processing and how you can prevent the web analytics tool from collecting and processing your data. Please note that placing opt-out cookies can only prevent the collection and processing of your data by web analytics tools to a limited extent. You can find more information about this in the section on cookies.
Web analytics tool: Adobe Analytics (Omniture)
In order to carry out marketing and market research and tailor our website (and potentially newsletter) appropriately, we use analytics cookies and/or JavaScript to collect and process usage data relating to your visit to our website and your use of links in the newsletter (if applicable). Your usage data is collected and a usage profile is generated from this data on a pseudonymised basis, using a cookie ID. Your IP address is either not recorded or is anonymised immediately after recording as part of this.
We use the Adobe Analytics service provided by Adobe Systems Software Ireland Ltd., 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland ("Adobe") to collect the usage data and generate the usage profiles. The information relating to your use of our website is transferred to Adobe servers, analysed and solely returned to us as cumulative data. This data allows us to identify trends in how the website is generally used.
We do not conflate the resultant usage profiles with your name or any other details that could disclose your identity, such as your e-mail address. We are permitted to process data in this context by law (article 6(1f) of Regulation (EU) 2016/679). The usage data is stored by the service used for a maximum duration of 37 months from the date on which it was collected.
Opt-out: Please use Adobe's opt-out website if you wish to prevent your usage data being collected. You can find information about how Adobe Analytics cookies work and the opt-out option via the following link: http://www.adobe.com/de/privacy/opt-out.html.
Web analytics tool: Adobe Test & Target
In order to tailor our website (and newsletter) appropriately, we collect and process usage data relating to your visit to our website using analytics cookies and/or JavaScript. Your usage data is collected and a usage profile generated from this data on a pseudonymised basis using a cookie ID.
We use the Adobe Test & Target service provided by Adobe Systems Software Ireland Ltd., 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland ("Adobe") to collect your usage data and generate the usage profiles.
Adobe Test & Target works on the basis of A/B tests. This means that the person using our website is shown a different version of the website from the original (e.g. with altered design and content). Comparing both versions provides us with information about which version of our website is preferred by users. When Adobe Test & Target is used, the only information relating to you that is processed cannot be used to identify you. IP anonymisation is also activated, meaning that your IP address is shortened before Adobe Test & Target carries out any further processing. We do not conflate the usage profiles resulting from this with your name or any other details that could disclose your identity, such as your e-mail address.
We are permitted to process data in this context by law (article 6(1f) of Regulation (EU) 2016/679). The usage data is stored by the service used for a maximum duration of 37 months from the date on which it was collected.
Opt-out: Please use the following link if you wish to prevent your usage data being collected: http://bsh.tt.omtrdc.net/optout. You can find information about how Adobe Test & Target cookies work and the opt-out option via the following link: http://www.adobe.com/de/privacy/opt-out.html.
Web analytics tool: Mouseflow
In order to help us design our website appropriately, we may collect usage data relating to your visit to our website using analytics cookies and other technologies. As part of this, we record the mouse movements and clicks of randomly selected users of our website. Your IP address is anonymised as a matter of course. The resultant log of your use of our website is randomly analysed so that we can derive potential improvements for our website from it.
We use service provider Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark for the purpose of collecting this usage data.
We do not conflate the resultant usage profiles with your name or any other details that could disclose your identity, such as your e-mail address. We are permitted to process data in this context by law (article 6(1f) of Regulation (EU) 2016/679). The usage data is deleted three months after the date on which it is collected.
Opt-out: Please use Mouseflow's opt-out website via the following link if you wish to prevent this usage data being collected: https://mouseflow.de/opt-out.
Sharing content on social networks
Content from our website can be shared on social networks using integrated social media buttons. All social media buttons that facilitate the sharing of content are integrated using simple hyperlinks rather than social plugins developed by social network providers. This ensures that your details are not automatically transmitted to social network servers as soon as you access our website. In addition, when you share content from our website we only transmit the information to the social network that is required to share the relevant content. We do not transfer personal data in this context.
At the same time, simple links to our websites on social networks can be found as well. If you follow a link from our website to a social network, or if you log in to your social network in order to share content from our website, your data is processed by the provider of the social network in question. For information about the purpose and scope of data collection, further processing and use by the social network provider, as well as your associated rights and settings options for protecting your privacy, please refer to the Data Protection Information made available by the respective provider.
Cases where we transmit your data
We work together with a number of service providers to implement and operate our website. We have chosen these service providers carefully and concluded a data protection agreement with each individual service provider to keep your information safe.
The service providers we use to implement and operate our website are:
• Service provider for hosting services
• Service provider for programming services
• Service provider for sales and marketing services
• Service provider for hotline services
We only transmit your data to other recipients where necessary to fulfil a contract with you, where we or the recipient has a legitimate interest in the disclosure of your data, or where you have given your consent to that transmission. These recipients include service providers and other companies within our corporate group. Furthermore, data may be transmitted to other recipients in the event that we are obliged to do so due to legal provisions or enforceable administrative or court orders.
Other recipients of your data are:
• Forwarding agents for delivering/collecting products
• Payment processing service providers
• Receivables management service providers
Transmission to recipients outside the EEA
We also transmit personal data to recipients based outside of the EEA, in so-called third countries. In this case, we ensure ‒ before any data is shared ‒ that either an appropriate level of data protection is maintained by the recipient (e.g. on the basis of an adequacy decision made by the EU Commission for the respective country or the agreement of standard EU contractual clauses between the European Union and the recipient) or that you have given your consent to said sharing.
We are happy to provide you with an overview of the recipients in third countries and a copy of the specific provisions agreed to ensure an appropriate level of data protection. To request this, please use the contact information provided at the end of this Data Protection Information.
Section 3: User rights
Your rights
Should you have cause for complaint, you can find an outline of your rights below. To exercise your rights, please use the contact information provided at the end of this Data Protection Information.
Your right to information about your data
We will provide you with information about the data we hold about you on request.
Your right to correct and complete your data
We will correct inaccurate information about you if you notify us accordingly. We will complete incomplete data if you notify us accordingly, provided this data is necessary for the intended purpose of processing your data.
Your right to delete your data
We will delete the information we hold about you on request. However, some data will only be deleted subject to a defined period of retention, for example because we are required to retain the data by law in some cases, or because we require the data to fulfil our contractual obligations to you.
Your right to have your data blocked
In certain legally determined cases, we will block your data if you would like us to do so. Blocked data is only further processed to a very limited extent.
Your right to withdraw consent
You can withdraw consent given for your data to be processed with effect for the future at any time. The legality of processing your data remains unaffected by this up to the point at which your consent is withdrawn.
Your right to object to the processing of your data
You can object to the processing of your data with effect for the future at any time, if we are processing your data on the basis of one of the legal justifications set out in article 6(1e or 1f) of Regulation (EU) 2016/679. In the event that you object we will cease processing your data, provided that there are no compelling and legitimate grounds for further processing. The processing of your data for the purposes of direct marketing never constitutes compelling and legitimate grounds for us.
Your right to data portability
At your request, we can make certain information available to you in a structured, commonly used and machine-readable format.
Your right to appeal to a regulatory authority
You can lodge an appeal pertaining to data protection with a data protection authority. To do so, contact the data protection authority responsible for your place of residence or the data protection authority under whose jurisdiction we fall (named below).
Bavarian Data Protection Authority (BayLDA), www.baylda.de.
Your point of contact for all questions relating to data protection
If you have any questions relating to data protection or exercising your rights, you can use the following contact information to get in touch with our data protection officer directly:
BSH Hausgeräte GmbH
Data Protection Officer
Carl-Wery-Str. 34
81739 Munich, Germany
Changes to this Data Protection Information
This Data Protection Information reflects the current state of data processing on our website. In the event of changes to data processing, this Data Protection Information will be updated accordingly. We always provide the latest version of this Data Protection Information on our website so that you can find out about the scope of data processing on our website.
Valid from: 9.3.2018
Version: DPI_1.0.1_1.0
Pinterest Tag
Our website uses Pinterest Tag, a service provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, (“Pinterest Europe”).
Pinterest Tag help us analyze use of our website and to track the effectiveness of our advertising campaigns (Conversion Tracking). We also use the Pinterest Tag to create audiences and show you personalized advertising based on your interest in our products (retargeting). For this purpose, Pinterest Europe processes data, which the service collects from pixels, cookies and similar technologies on our website.
If you have a Pinterest account and have allowed Pinterest Europe to do so in your account’s privacy settings, Pinterest Europe may also link the information collected about your visit to us with your Pinterest account and use it for showing you the targeted advertisements. You may see and change the privacy settings, especially for personalization, in your Pinterest account at any time. For more information, please see https://help.pinterest.com/en/article/edit-personalization-settings.
If you have not agreed to the use of the Pinterest Tag, Pinterest Europe will only show you general Pinterest Ads, which have not been created based on the data collected about you.
This collection and transmission of activity data within the scope of the Pinterest Tag is carried out by Pinterest Europe and us as joint controllers within the meaning of Article 26 of the GDPR. Joint controllership exists when multiple parties (joint controllers) work together to decide how data will be used and managed. Joint Controllers need to be clear about who does what to follow data protection rules. They should agree on their roles and make sure the data subjects (people the data is about) understand these roles. Even if they have an agreement, people can still ask each of these parties to respect their data rights. You may see the details of the Joint Controllership Agreement we have with Pinterest below.
We have an agreement with Pinterest Europe concerning this processing as joint controllers. This agreement defines the division between Pinterest Europe and us of the duties under data protection law. In this agreement, we and Pinterest Europe have agreed, among other things, that we are responsible for providing you pursuant to Articles 13 and 14 of the GDPR with all information about our joint processing of your personal data and that Pinterest Europe is responsible for facilitating the exercise of rights of data subjects pursuant to Articles 15 to 20 of the GDPR. You may see more information on this agreement below.
Responsibilities of BSH and Pinterest Europe under the Joint Controllership Agreement
Obligation under GDPR | Pinterest Europe | BSH Hausgeräte GmbH |
Article 6: Requirement of legal basis for Joint Processing | [x] (regarding Pinterest Europe’s processing) | [X] (regarding BSH’s own processing ) |
Articles 13,14: Providing information on Joint Processing of Personal Data | [X] | |
Article 26(2): Making available the essence of this JCA | [X] | |
Articles 15-20: Rights of the Data Subject with regard to the Personal Data stored by Pinterest Europe after the Joint Processing | [X] | |
Article 21: Right to object insofar as the Joint Processing is based on Article 6(1)(f) |
[X] (regarding Pinterest Europe’s processing) |
[X] (regarding BSH’s own processing) |
Article 32: Security of the Joint Processing | [X] (regarding the security of the Ad Data Features) | [X] (regarding the correct technical implementation and configuration of BSH’s use of the Ad Data Feature) |
Articles 33, 34: Personal Data Breaches concerning the Joint Processing | [X] (insofar as a Personal Data Breach concerns Pinterest Europe’s obligations under the Joint Controller Addendum) | [X] (insofar as a Personal Data Breach concerns BSH’s obligations under the Joint Controller Addendum) |
Pinterest Europe is responsible as sole controller for the processing of activity data subsequent to their transmission.
All processing described above, in particular the setting of pixels and cookies for reading out information on the end device used, will only be carried out if you have given us your consent to do so in accordance with Art. 6 (1) point a GPDR. You can revoke your consent at any time with effect for the future by deactivating this service by clicking the Privacy settings icon at the bottom of the screen and changing the settings. Alternatively, you can use the deactivation page for EU consumers at
http://www.aboutads.info/choices or http://www.youronlinechoices.eu/.
You can find more information on how Pinterest Europe processes Personal Data, including the legal basis Pinterest Europe relies on and the ways to exercise Data Subject rights against Pinterest Europe, in Pinterest Europe’s Privacy Policy at policy.pinterest.com/privacy-policy#section-residents-of-the-eea.
In addition, you can find out more about the Pinterest Tag at https://help.pinterest.com/en/business/article/pinterest-tag-parameters-and-cookies.