I GENERAL PROVISIONS
1 DATA CONTROLLER, DATA PROTECTION OFFICER
If a Bucher Vaslin company or affiliate discloses personal data to another Bucher Vaslin company or affiliate for certain purposes of the receiving company or affiliate, said company or affiliate is the data controller under Article 4 (7) of the GDPR.
Bucher Vaslin has not appointed a data protection officer under Article 37 of the GDPR. Any request, complaint or concern regarding Bucher Vaslin’s data protection can be addressed to the following contact person if no specific contact is listed in section II: firstname.lastname@example.org
The representative of Bucher Vaslin companies and affiliates domiciled outside the EU or EEA (Article 27 GDPR) is Bucher Vaslin S.A.
2 PERSONAL DATA PROCESSING
Bucher Vaslin collects and processes the personal data of
– users of its Websites registered with Bucher Vaslin;
– natural and legal persons who purchase and receive/benefit from Bucher Vaslin products and services;
– potential or existing parties interested in Bucher Vaslin products and services;
– Bucher Vaslin newsletter recipients;
– participants in Bucher Vaslin’s research campaigns and opinion surveys;
– participants in courses, seminars and other training organized by Bucher Vaslin; and
– users of the WIFI provided in Bucher Vaslin stores and other premises (hereinafter jointly referred to as the Customers).
Customers’ personal data is – generally collected directly when using the Website, in stores or at Bucher Vaslin or Bucher Vaslin dealers’ events respectively or by direct communication via email, telephone or other means. However, personal data may also be collected indirectly, notably through the subsequent acquisition of additional information from third-party data sources (e.g. social media, address brokers).
In particular, the following categories of personal data are processed by Bucher Vaslin:
personal data including, but not limited to, first and last name, maiden name, address, residence, telephone number, email address, date of birth, gender, marital status, parents, emergency contact, photos, etc.;
data relating to orders or purchases including, but not limited to, payment information, credit card information and other payment details, billing and shipping address, products and services ordered and purchased, information regarding requests, complaints and disputes regarding products and services or the corresponding contracts concluded such as warranty claims, terminations and disputes, information on Customers blacklisted by Bucher Vaslin, etc.;
data relating to the marketing of products and services including, among other things, newsletter subscriptions and unsubscriptions, documents received, invitations and participation in special events and activities, preferences and interests, etc.;
data regarding use of the Website, including, among other things, IP address and other identifiers (e.g. username on social media, MAC address of smartphones or computers, cookies), date and time of visits to the Website, sites and content visited, referring websites, etc.;
communication data such as preferred means of communication, correspondence and communications with Bucher Vaslin (including recordings of communications), etc.;
data collected as part of a customer programme such as membership number, access codes (including passwords), preferred language, gift certificate number, date and duration of membership, customer or third party payment information, gift recipient information, number of visits to the Website, purchase history, products purchased, etc. (in addition to all accounts, activities and events on the Website for which a Customer must register by providing his or her personal data and thus enter into a contract with the corresponding Bucher Vaslin companies, which will be considered as a customer programme for the purposes of this policy); (hereinafter jointly referred to as Customer Data).
Bucher Vaslin also collects and processes the following personal data:
data from Website users, who do not register with Bucher Vaslin (Visitors), but which may constitute personal data for example from social media (Visitor Data), the provisions of this policy on data collected from a Customer in connection with the use of the Website will apply accordingly even if it is generally not possible for Bucher Vaslin to identify a Visitor;
information on employees and contacts of their resellers, suppliers and other business partners (natural persons will hereinafter be referred to as Partners and their data as Partner Data) such as, in particular, contact details, information on their job title, information on previous contact with these people, data on marketing activities (e.g. receipt of newsletters), information on business transactions, requests, offers, tenders, conditions and contracts, information on professional or other interests of such people.
As part of their business relationship, Customers will be required to provide the Customer Data necessary for the establishment and performance of the contractual relationship and for the performance of contractual obligations related to or required by law. In the absence of this data, Bucher Vaslin will generally not be able to conclude or execute the contract with the Customer in question. This also applies to Partners and Partner Data. As all access to the Website is logged, connection data (such as IP address) will always be recorded; this procedure occurs automatically during use and cannot be deactivated for individual Visitors, Partners or Customers.
3 PURPOSES OF PROCESSING AND LEGAL BASIS
In accordance with applicable law, Bucher Vaslin may in particular process Customer Data for the following purposes:
– in connection with the services offered, the conclusion of contracts (in particular purchases), the performance of contracts (in particular purchase contracts and contracts for participation in customer programmes and events), the maintenance and development of customer relations, communication, customer service and assistance, promotions, advertising and marketing (including newsletters and the sending of promotional material);
– management of Website users and other activities in which Customers participate, the operation and improvement of the Website (including the provision of functions requiring identifiers or other personal data) and other computer systems, identity checks ;
– protecting Customers, employees and other people and protecting the data, secrets and assets belonging to and entrusted to Bucher Vaslin, the security of Bucher Vaslin’s systems and premises;
– compliance with legal and regulatory requirements and Bucher Vaslin’s internal regulations, enforcement and exploitation of legal rights and claims, defence against legal claims, litigation, complaints, combating abusive behaviour, investigations and legal proceedings and responding to inquiries from public authorities;
– the sale or acquisitions of business divisions, companies or company shares and other corporate transactions as well as the transfer of related Customer Data and;
– for other purposes, insofar as a legal obligation requires processing that was obvious in the circumstances or indicated at the time of collection.
(hereinafter jointly referred to as the Purposes of Customer Data Processing).
Bucher Vaslin uses Customer Data for the Purposes of Customer Data Processing according to the following legal basis:
performance of contracts; compliance with Bucher Vaslin’s legal obligations;
the consent of the Customers (only as long as the processing is based on a specific request and can be cancelled at any time, in particular the receipt of newsletters to which the customer has subscribed); and/or the legitimate interests of Bucher Vaslin including, among others,
– the purchase and shipment of products and services, including to persons who are not direct contractual partners (e.g. gift recipients);
– advertising and marketing activities;
– effective customer care, maintenance of contacts and other communications with Customers outside the performance of contracts;
– understanding customer behaviour, activities, concerns and needs, market research;
– effectively improving existing products and services and developing new ones;
– the effective protection of customers, employees and other people as well as the protection of data, secrets and assets belonging to or entrusted to Bucher Vaslin, the security of Bucher Vaslin’s systems and premises;
– safe and efficient maintenance and organization of business activities, including the safe and efficient operation and successful development of the Website and other IT systems;
– reasonable corporate governance and development;
– the successful acquisition and disposal of business units, companies, shares in companies and other corporate transactions;
– compliance with legal and regulatory requirements and Bucher Vaslin’s internal regulations;
– concerns regarding the prevention and investigation of fraud, misdemeanours and crimes, the handling of claims and actions against Bucher Vaslin, cooperation in legal proceedings and with public authorities, and the prosecution, exercise and defence of legal claims.
In accordance with applicable data protection laws, Bucher Vaslin may in particular process Visitor Data for the purposes of the maintenance and development of the Website (including the provision of functions requiring identifiers or other personal data), for the purposes of statistical analysis regarding the use of the Website as well as to combat abusive behaviour, for the purposes of investigations or legal proceedings and to respond to inquiries from public authorities. Visitor Data will be processed in accordance with the principles established for Customer Data above.
In accordance with applicable data protection laws, Bucher Vaslin may process Partner Data, in particular for the purposes of entering into and performing contracts and other business relationships with Partners, promotions, advertising and marketing, communication, invitations to events and participation in promotions for Partners, organizing joint activities, complying with legal and regulatory requirements and Bucher Vaslin’s internal regulations, enforcement and exploitation of legal rights and claims, defence against legal claims, litigation, complaints, combating abusive behaviour, in judicial investigations and proceedings, and investigations by public authorities, for the sale or acquisition of business units, companies or shares in companies and other corporate transactions, and related transfers of Partner Data. Partner Data will be processed in accordance with the principles established for Customer Data above.
All purposes of processing will apply to Bucher Vaslin, i.e. not only to the Bucher Vaslin company or affiliate that originally collected the personal data. The personal data of Customers, Visitors and Partners is collected for the needs of all Bucher Vaslin companies.
4 DATA DISTRIBUTION AND TRANSFER ABROAD
In accordance with applicable data protection laws, Bucher Vaslin may disclose Customer Data, Visitor and Partner Data to the following categories of third parties who will process Personal Data in accordance with the aforementioned purposes on behalf of Bucher Vaslin or for their own purposes:
service providers (within Bucher Vaslin or external) including processing providers;
resellers, suppliers and other business partners;
Bucher Vaslin customers;
local, national and foreign authorities;
the public, including visitors to Bucher Vaslin websites and users of Bucher Vaslin social media;
industry organizations, associations, agencies and other committees; competitors;
Purchasers or parties interested in acquiring Bucher Vaslin business units, companies or other shares;
other parts of potential or ongoing legal proceedings;
Bucher Vaslin companies;
Bucher Industries Group companies (hereinafter jointly referred to as the Third Parties).
Bucher Vaslin may disclose Customer Data, Visitor Data and Partner Data within Bucher Vaslin as well as to third parties in any country of the world, including, without limitation, all the countries where Bucher Vaslin is represented by companies, affiliates or other offices and representatives as well as in countries where Bucher Vaslin’s service providers process their data. If data is disclosed in countries that do not guarantee adequate protection, Bucher Vaslin will ensure the proper protection of data disclosed by Customers, Visitors or Partners by implementing adequate contractual safeguards, in particular on the basis of European standard clauses, binding company regulations or by basing the transfer on exceptions to consent, the conclusion or performance of contracts, the establishment, exercise or defence of legal claims, overriding public interests or by disclosing the data in order to protect the integrity of these persons. The Customer, Visitor or Partner may obtain a copy of the contractual warranties or will be informed of the source from which to obtain such copies by the relevant data controller. Bucher Vaslin reserves the right to make such copies in order to ensure data protection or secrecy.
5 DATA STORAGE
As a general rule, Bucher Vaslin retains contracts relating to Customer Data, Visitor Data and Partner Data for the duration of the contractual relationship or for as long as it is of interest to Bucher Vaslin (e.g. interest in evidence in the event of claims, documentation of compliance with certain legal or other requirements, for operational reasons) or for as long as Bucher Vaslin is obliged to do so (under contract, law or other provisions). We reserve the right to deviate from legal requirements, in particular where anonymization or pseudonymization is concerned.
6 COOKIES, GOOGLE ANALYTICS AND SOCIAL PLUG-INS
In accordance with applicable law, Bucher Vaslin may install encryption in newsletters and other marketing emails to enable it to know whether the recipient has opened a message or downloaded images contained in the message. However, the recipient can block this function in their email program. In all cases, the recipient consents to the installation of this technology by receiving newsletters on other marketing-related e-mails.
If Bucher Vaslin displays third-party advertisements on its Website (e.g. banners) or wishes to advertise itself on a third-party website, cookies from companies specializing in the use of such advertisements may be used. Bucher Vaslin will not disclose any personal data to these companies, i.e. they will only install a permanent cookie on the Website users’ browser in order to recognize the users and in the sole interest of Bucher Vaslin. This enables Bucher Vaslin to show targeted advertisements to these people on external websites (for example, in connection with products in which these people have expressed an interest on the online store). Bucher Vaslin will also not disclose personal data to operators of external websites.
Bucher Vaslin may use Google Analytics or similar services on its Website. These applications are third-party services that allow Bucher Vaslin to measure and analyse the use of its Website. The provider of these services may be located in any country in the world (in the case of Google Analytics, operated by Google Inc., this is the United States of America, www.google.com). The service provider uses permanent cookies for these applications. Bucher Vaslin will not disclose any personal data to the service provider (nor will it store IP addresses). However, the Service Provider may monitor the User’s use of the Website and combine this data with that of other websites monitored by the same Service Provider visited by the User, and the Service Provider may use these results for its own purposes (e.g. controlling advertising). The service provider knows the identity of the user who has registered with the service provider. In this case, the processing of personal data will be the responsibility of the service provider and the data will be handled in accordance with the service provider’s data protection policies. The service provider will provide Bucher Vaslin with data on the use of the Website.
Furthermore, Bucher Vaslin may use plug-ins from social networks such as Facebook, Twitter, YouTube, Google+, Pinterest or Instagram on its Website. In the default Website settings, plug-ins are disabled. The user can choose when to activate them. If they choose to activate them, the social network providers are able to establish a direct connection with the user when they visit the Website, enabling the provider to be informed of the user’s visit and to analyse the corresponding information. Further processing of personal data will be carried out under the responsibility of the supplier and in accordance with its data protection policies. The provider of the respective social network offer will not disclose any information to Bucher Vaslin.
7 RIGHTS OF CUSTOMERS, VISITORS AND PARTNERS
Any data subject, subject to the GDPR, including any Customer, Visitor and Partner, may request information from Bucher Vaslin as to whether their data is being processed. Furthermore, these data subjects have the right to request the correction, destruction or restriction of personal data regarding them, as well as to object to the processing of personal data. If the processing of personal data is based on consent, data subjects may revoke their consent at any time. In certain cases, these data subjects may have the right to obtain personal data generated when using online services in a well-structured, common and machine-readable format allowing subsequent use and transfer. Requests in this regard should be submitted to the contact person (see paragraph 1). Data subjects not subject to the GDPR may enjoy identical rights under applicable data protection laws. Bucher Vaslin reserves the right to restrict the rights of data subjects in accordance with applicable law and, for example, not to disclose detailed information or not to delete data.
In the event of an automated decision by Bucher Vaslin concerning certain persons that could have legal implications for, or could similarly affect such persons to a material degree, the data subject shall have the right, in accordance with the applicable law, to contact a data controller of Bucher Vaslin and to request a review of the decision or to request a prior assessment from the data controller. In this case, the data subject may no longer be authorized to use a number of automated services. The person will be informed at a later date or separately in advance.
Any data subject may also lodge a complaint with the competent data protection authority in the relevant country.
8 CHANGES TO THE DATA PROTECTION POLICY
II SPECIFIC PROVISIONS
The following provisions supplement the general provisions set forth in Section I above for certain Bucher Vaslin activities. In the event of an inconsistency, the following provisions shall prevail over the general provisions set out in Section I.
1 NEWSLETTER AND BANNER ADVERTISING
Bucher Vaslin may send Customers and Partners newsletters or other commercial communications relating to its products and services. In accordance with applicable law, Bucher Vaslin reserves the right to do so without the prior consent of existing customers and business partners. However, customers and their respective business partners may object at any time to further mailings of newsletters or other commercial communications via their account on the relevant Website or via the link in each message. However, unsubscribing from one newsletter may not result in unsubscribing from other newsletters.
Personalized advertising may be displayed when you visit the Website. Each advertising banner proposed to the Customer relates to products offered on the Website and previously consulted by the Customer. Advertising is generated by Bucher Vaslin using cookies (see Section I paragraph 6 above).