Data Protection Notice
GEA values you as a customer or other contact who is interested in GEA and our products, technologies and services. When you interact with us, we will collect and process certain of your personal data. This Data Protection Notice explains how GEA uses the personal data provided by you in connection with the GEA Portal and any apps available in the GEA Portal and which rights and options you have in this respect. It applies to personal data that you provide to GEA or which is derived from such data. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation (GDPR). Where the processing of your personal data is not subject to this regulation, different rules will apply under your applicable law.
Who is Responsible for your personal data?
Your personal data will be controlled by GEA Westfalia Separator Group GmbH or an affiliate of GEA Group Services GmbH which is identified as responsible controller in the communication you receive from us (herein referred to as “us” or “GEA“) to ensure security and integrity of your personal data. Please click here for a list of the GEA Group affiliates with contact details.
For which purposes will we use your personal data?
We will process your personal data strictly only for the following purposes (“Permitted Purposes“):
· Planning, entering into, performing, managing and administering your (or a third party’s to whom you are related) contractual business relationship with GEA Group or an affiliate of GEA Group Services GmbH in connection with the GEA Portal, e.g. by onboarding customers, interacting, exchanging information and scheduling appointments, performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services or providing you with other services or things you may have requested;
Maintaining and protecting the security of the GEA Portal, products, services, websites, apps or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
· Ensuring compliance with legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for antitrust purposes;
Informing you, where permitted in accordance with local laws, within an existing business relationship about GEA’s products or services which are similar or relate to such products and services which have already been purchased or used within that business relationship;
· Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims; or
Ensuring compliance with legal obligations, e.g. to keep sales records for tax purposes or to send notices and other disclosures as required by law.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
· Communicating with you through the channels you have approved to keep you up to date on the latest announcements, special offers and other information about GEA’s products, technologies and services (including marketing-related newsletters) as well as events and projects of GEA;
Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events or
· Profiling and automated processing: We are collecting information about your preferences and interest in our products on the basis of your activities and engagement on our website, apps, shops and inside the GEA Portal and use this information to create a user profile to personalize and increase the quality of our communication and interaction with you. We capture for example the documents that you downloaded, the title of the document and area to improve our content. The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you. We further apply a scoring method to further examine the areas of interest.
Please note: Under the GDPR (Article 21 (2)) you have the right to object to the use of your personal data for direct marketing purposes, including the profiling described above. Please refer to “ Your data protection rights” below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
We apply modern technology to monitor and analyse data in relation to our products (also known as Internet of Things). Such information is used to support our customers, e.g. by improving our product design and enhancing product service. Typically, no personal data is processed in connection with any such technologies. Where that is the case, personal data will be processed strictly in line with this Data Protection Notice and in accordance with applicable law.
The legal bases for processing of your personal data are set forth in Article 6 of the GDPR. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with GEA or for compliance with our legal obligations or for purposes of legitimate interests pursued by us, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
Scope of personal data
We may collect and process in particular the following categories of personal data:
· Business or private contact information, such as full name, address, telephone number, mobile phone number, fax number and email address, the identification number of your mobile phone and the IP address of your computer when using the GEA Portal or apps therein;
Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
· Further business information necessarily processed in a project or contractual relationship with GEA or voluntarily provided by you, such as orders placed, payments made, requests and projects;
Information about your interests and preferences and other information obtained by the analytics described above, in particular your activities when you use our websites, apps and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. This includes which content you download, click or view for how often and how long;
· Information collected from publicly available resources, integrity data bases and credit agencies; and
If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes.
· Special categories of Personal Data. In certain situations, where required by law or where you have given us your consent, we may also collect special categories of your personal data that are subject to special data protection laws. For example, in connection with the registration for and participation in an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
How do we collect your personal data?
We will typically collect your personal data directly from you. We do not obtain personal data from third parties unless specified herein (e.g. information from publicly available resources, integrity data bases and credit agencies).
Where you have expressly given your consent, we may also obtain your personal data from third parties for marketing purposes. In such cases, you will be informed about this in accordance with applicable law.
How do we Protect Your personal data
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will, at all times, strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.
With whom will we Share Your personal data?
We may share your personal data as follows:
· With our affiliates within GEA Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as outlined in this Data Protection Notice. Please click here for a list of the GEA Group affiliates with contact details.
We may also instruct service providers (so called data processors) within or outside of GEA Group, domestically or abroad, e.g. shared service centers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. GEA will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
· With courts, law enforcement authorities, regulators or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
Where will your personal data be processed?
GEA is a globally active enterprise. In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses which are available here. You may contact us anytime using the contact details below if you would like further information on such safeguards.
Your data protection rights
Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. In particular, you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may ask for an adequate charge for this. Please refer to Articles 15-22 of the GDPR for details on your data protection rights.
For any of the above requests, please send a description of your personal data concerned stating your name, customer number or other GEA identification number (if applicable) as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have given us your consent for the processing of your personal data, you may withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint, you can contact us at the contact details below to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the competent data protection supervisory authority in your country.
Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntary, there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which GEA cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering, app or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for GEA to provide you with what ou request without the relevant personal data.
Retention of your personal data
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will in particular retain your personal data where required for GEA to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
You may use chatbots in the GEA Portal to communicate your concerns. These are programs that use artificial intelligence to classify your concerns in a common chat with you in order to forward them to our responsible employees and to help you find your way around.
If you have given your prior consent, the personal data provided in these chats will be processed for the purpose of answering your inquiry and for contacting you for advertising purposes. The communication is carried out by our GEA Group affiliates which offer the products and services you have requested in your respective region. It is limited to the communication channels for which you have provided contact data and to the product and service groups you have requested. The processing is based on Article 6 para. 1, lit. a) GDPR. The provision of your personal data is voluntary. You are neither obliged to provide us with your personal data, nor is this provision necessary to fulfill a legal or contractual obligation or to conclude a contract. If you do not provide us with your data, this will have no consequences for you, except that we will not be able to answer your inquiry. You can withdraw your consent at any time with effect for the future, e.g. by contacting us without any specific form. Your personal data will be deleted upon the withdrawal of your consent.
Google Tag Manager
We use Google Tag Manager to administer which data is measured and sent in which form to Google Analytics. The provider of the Google Tag Manager component is Alphabet Inc., 1600 AMPHITHEATRE PARKWAY MOUNTAIN VIEW CA 94043. This service enables website tags to be managed via an API. Google Tag Manager only implements tags. This means that cookies are not used and no personal data is collected. Google Tag Manager triggers other tags that can be used to collect data, however, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
Description of the data processing
The following data is collected during your website visit:
• Browser type/version
• Operating system used
• Referrer URL (the web page that directed you to our website)
• Host name of the accessing terminal device (IP address, advertising ID)
• Time of the server request
Google Analytics is only used by us in conjunction with Google’s activated “IP Anonymization” function (IP masking). This means that users’ IP addresses are truncated by Google for users within member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional cases (e.g. in the event of a technical defect in the European Union) is the IP address sent to a US server and truncated there.
The “IP address Anonymization” function used by Google does not write IP addresses to a disk, as pseudonymization takes place in the main memory immediately after the request is received. We do not receive any personal data from Google, only anonymized statistics.
Legal basis of the data processing
Your personal data is only processed in connection with Google Analytics if you have given your explicit consent. You have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing of your personal data that has taken place on the basis of your consent up to that point. You can send your revocation at any time by email to the contact listed below.
Period of retention/ deletion
We store the data collected by Google Analytics in pseudonymized profiles that cannot be associated with any individual person for a period of 14 months to prevent cases of abuse and to optimize our web pages. This data is automatically deleted after 14 months.
Third Party Data Transfer
Personal data collected through the Google Analytics Tool will be shared with Google Ireland Limited and may be transferred to the US. The European Courts do not consider the US to provide an adequate level of protection of personal data. There is, in particular, a risk that your personal data will be subject to access by US authorities for purposes of surveillance or national security without adequate data subject rights or redress avenues.
Updates to this Data Protection Notice
This Data Protection Notice was last updated in February 2023. We reserve the right to update and change this Data Protection Notice from time to time in order to reflect and changes to the way in which we use your personal data or changing legal requirements. In case of any such changes, we will publish the changed Data Protection Notice on the GEA Portal and in the apps therein.
How to get in touch with us
For any questions and comments or in case you want to assert your rights, please contact GEA’s Group Data Protection Officer via email to GroupDataProtection@gea.com.
GEA Westfalia Separator Group GmbH