menu menu_open

    Privacy policy from BRITA SE / BrandPortal

    In this Privacy Policy, BRITA SE, Heinz-Hankammer-Straße 1, 65232 Taunusstein, Germany (“we”, “us”, “BRITA SE”) wishes to inform you about how we process your personal data when you visit the BRITA BrandPortal.

    1. What personal data do we collect from you?

    Personal data is any information about a specific or identifiable natural person that you communicate to us and that is generated or collected by us. This includes:

    Registration data: When you are creating a user account you can permanently store your name, postal address, email address, telephone/mobile number (optional) and country there.

    Usage data: We set up usage profiles about your use of our website using a pseudonym, which we use to track how our website is used.

    Server log data: When you use our websites, data (such as the date and time of your visit, the pages visited and data files requested, the type and version of the web browser you use, the type and operating system of the end device you use as well as your IP address) is temporarily saved in a protocol file.

    1. For what purpose, on what legal basis and how long do we process your personal data?

    2.1 Customer account

    When you also register for a user customer account, we process the registration data to set up and manage your user account. As a registered user you have access to your personal user account (via your user name, email address and a password chosen by you) in which you can store and amend your personal settings.

    The legal basis for the processing is our legitimate interest under Art. 6, para. 1 (f) of the GDPR to provide the service described above and to perform a contract with you (Art. 6, para. 1 (b) of the GDPR).

    You can also object to the processing of your data on the basis of Art. 6, para. 1 (f) of the GDPR (under Art. 21, para. 1 of the GDPR). In principle. we may then demonstrate compelling legitimate grounds for the processing in order to continue it. We will not do so for the use of a user account, however, and the following applies: The user account must then be deleted and is no longer available to you.

    This data is deleted if the user account on our BrandPortal is cancelled, modified or terminated. If it is not possible to delete it for legal reasons, the data concerned is then blocked instead.

    2.2 Your enquiries

    When you contact us with an enquiry using a contact form, by email or a service telephone, we process the information you provided therein to answer you enquiry and, when you use the online contact form the IP address and date/time of the enquiry, to prevent the misuse of the contact form.

    The legal basis for processing is our legitimate interest under Art. 6, para. 1 (f) of the GDPR to provide you with the “Enquiries” service described above. If the intention of your enquiry is to initiate or process a contract (including customer service and warranties), the additional legal basis for processing is Art. 6, para. 1 (b) of the GDPR.

    You can object to the processing of your data based on Art. 6, para. 1 (f) of the GDPR. If we demonstrate compelling legitimate grounds for the processing, we may then continue it. In this case, this may be required in particular in order to be able to prove past communications and enquiries with you. If there are no such compelling legitimate grounds, then we will cease communication with you and delete any data already collected.

    This data is deleted when our communication with you ends, i.e. the relevant facts have been clarified and there are no further legitimate interests for storing the data, or there are no further statutory obligations to store it.

    2.3 Anonymised usage data

    We use anonymised or aggregated data obtained using analytical tools to track the surfing behaviour of the users and thereby improve the design of our website in general. You can find details about these analytical tools in section 4.

    2.4 For the provision of the website and performance of the services

    The processing of server log data is necessary for the provision of the websites and the performance of services for technical reasons and subsequently to ensure system security.
    The legal basis for processing is our legitimate interest in providing the website with our services (Art. 6, para. 1 (f) of the GDPR). Processing is absolutely essential for the use of the website for technical reasons and subsequently to ensure system security; there is therefore no right of objection.

    Server log data (IP-Adress) is stored 7 days and will be anonymized afterwards this period.

    1. Sharing of data with data processing companies

    We sometimes use service providers, subject to compliance with the statutory requirements, by means of commissioned processing, i.e. based on a contract on our behalf, according to our instructions and under our control.

    In particular, data processing companies are

    • technical service providers that we use to provide the website, e.g. service providers for software maintenance, data centre operations and hosting;
    • technical service providers that we use to provide functionalities, e.g. technically essential cookies;
    • service providers that carry out order processing for us;

    In such cases, we remain responsible for the data processing; the sharing and processing of personal data to and from our data processing companies is based on the relevant legal basis that permits us to process data. A separate legal basis is not required.

    1. Cookies and web analysis

    4.1 What are cookies?

    To make our website as user-friendly as possible and to increase the relevance of our advertising for visitors to our website, we and our partners use so-called “cookies”. Cookies are small data files that are placed on the visitor's device. They allow us to provide information over a certain period and identify the visitor's computer. This also takes place in part by using so-called tracking pixels that are not placed on a visitor's hard drive, but may be helpful in identifying the computer in the same way as with a cookie. The term “cookie” below includes both cookies in the technical sense as well as tracking pixels and similar technical methods.

    If you are visiting our website for the first time, then the information on data protection is displayed on your start page with the text for consenting to cookies. By subsequently continuing with active use of the website and not objecting to the use of cookies, you consent to the use of cookies, and this consent is stored on your browser (in the form of a cookie) so that we do not have to show you this information again on every page. If this information does not appear in your browser (e.g. by you deleting the browser history), then this information is shown when you visit our website again.

    4.2 What cookies do we use?

    On this website we use technically essential cookies, without which the functionality of our website would be limited.

    These cookies are essential to make it possible for you to navigate our websites and use their functions. For example, they store which products you have placed in your shopping basket or the progress of your order process, they enable you to look easily for dealers where you can buy our products (e.g. by showing a map of your surrounding area), or they store whether you agree to the use of cookies and your selection in the cookie settings. These cookies do not collect any information about you that is intended to be used for marketing purposes or that store where you have been on the Internet. These cookies are generally session-specific and expire at the end of your visit to the website (session), unless the respective function requires that they are stored for a longer period (e.g. storing the cookie setting). Deactivating this category of cookies would totally or partially restrict the functions of the website.

    Technically essential cookies in detail:

    • Session handling: PHPSESSID - technically necessary to assign the session after a user has logged in;
    • Figma: “_app_element_smart_block_figma_consent” - technically necessary to obtain an optionally given consent when integrating Figma
    1. Security

    We and our service providers take technical and organisational security precautions in order to safeguard your personal data managed by us against accidental or intentional manipulation, loss and destruction, or against access by unauthorised persons. Our data processing systems and security measures are constantly being improved to meet the latest technical developments.

    Of course, our employees and the service providers that we engage are committed to confidentiality.

    1. Your rights to information, rectification, blocking or deletion

    In principle, every natural person whose personal data we process has the following rights in relation to us (i.e. depending on the relevant conditions):

    • If you have any questions on the processing of your personal data by BRITA SE, we will be happy to provide you with information about personal data stored about you at any time free of charge (Art. 15 of the GDPR).
    • You have a right to the rectification of incorrect data and to have incomplete data completed (Art. 16 of the GDPR).
    • You have a right to the blocking / restriction of processing or to the deletion of your personal data that is no longer required or that is stored based on legal obligations (Art. 17, 18 of the GDPR).
    • You have a right to the portability of your data in a structured, commonly used and machine-readable format, if you have provided the data to us based on a consent or a contract between you and us (Art. 20 GDPR).
    • You have a right to object to the processing of your data for direct marketing at any time (cf. also section 2.5, Art. 21 para. 2 and 3 of the GDPR).
    • You have a right to object due to processing based on a legitimate interest; in this case, we may demonstrate our compelling legitimate grounds (Art. 21, para. 1 of the GDPR). We have referred above to when this right exists (see section 2).
    • If you have given your consent to data processing, then you can withdraw this at any time with future effect, i.e. the lawfulness of the data processing remains unaffected up to the time of withdrawal. Once you have withdrawn your consent, you may not be able to use our services any longer.

    Please contact the address stated under section 7 with your concerns. We reserve the right to verify your identity in order to prevent your personal data from being disclosed to unauthorised persons.

    You also have the right to submit a complaint to a supervisory authority for data protection.

    1. Data Protection Officer

    You can reach our Data Protection Officer at the address below:

    Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
    KINAST Rechtsanwaltsgesellschaft mbH
    Nordstraße 17a
    50733 Köln
    Deutschland

    dsb-brita@kinast.eu
    www.kinast.eu

    1. Amendments

    It is necessary to revise the content of this Privacy Policy from time to time. We therefore reserve the right to amend it at any time. We will also publish the amended version of the Privacy Policy here. If you visit us again, you should therefore read through the Privacy Policy once more.

    keyboard_arrow_up