International Site

Data protection declaration

11.12.2020

1. Scope of application

This privacy policy (in its current version) applies to the use of the App and the services offered through it.

When using the App, personal data about you will be processed. Personal data is understood to be all information that allows an inference to an identified or identifiable natural person ("Personal Data"). Because the protection of your privacy is important to us, we would like to inform you which personal data we process when you use the App and how we handle this data.

When you access our App, you accept the current version of this Privacy Policy. If you do not agree with it in whole or in part, you may not use our app.

This legal notice is available in the language you select within the countries in which we provide our service.

2. Responsible person, data protection officer and EU representative

2.1 Responsible for the processing of your personal data is the entity of the [Roca Group] where you have acquired your product and/or service. A list of the key entities you can find here:

For Switzerland

Laufen Bathrooms AG
Wahlenstrasse 46
CH – 4242
Laufen
Tel.: +41 (0)61 765 71 11
HR Nr CHE-101.906.866

For Spain:

Roca Sanitario S.A
Av. Diagonal, 513 (08029)
Barcelona, España
Tel.: 93 366 1200
Email: lopd@roca.net

For Germany:

Roca GmbH
Feincheswiese 17
56424 Staudt
Tel: 02602-93 61 0
Telefax: 02602-93 61 22

2.2 If you have any questions regarding the processing of your data you can contact this email address gdpr@laufen.ch or at our postal address mentioned above (under IMPRINT) with the addition "the data protection officer". In any case of doubt you can reach out to our representative in Spain …

3. Processed Personal Data

In the following, you will find more detailed information on what personal data we collect and how we process it:

3.1 Information collected during download

When you download the app, certain required information is transferred to the App Store you have selected (e.g. Google Play or Apple App Store). This includes in particular your user name, e-mail address, customer number of your account, time of download, payment information, if applicable, as well as the individual identification number of your end device. This data is processed exclusively by the respective App Store and is beyond our control.

The purpose and scope of data processing by the respective App Store as well as your rights and settings options for protecting your privacy can be found in the corresponding data protection information of the relevant App Store.

RETENTION PERIOD: the retention period for this activity is 10 years.

3.2 Information that is collected automatically:

In the course of using the App, we automatically collect certain data required for the use of the App. This includes: Internal device ID, version and language of your operating system, screen resolution, Bluetooth MAC address, time of access.

This data is automatically transmitted to us (1) in order to provide you with the App and the associated functions, (2) to improve the functions and features of the App, and (3) to prevent and eliminate misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the provision of the App and (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service in line with the market and interests. For further information regarding this balancing of interests, please contact us using the contact details given in section 2 above.

RETENTION PERIOD: the retention period for this activity is 10 years.

3.3 Information collected in the course of using the App:

Within the app you have the possibility to transmit personal data to us for processing. We use this data, including personal data, for the following purposes:

3.3.1 If you register your device via the App, make a service request, order consumables, or use our contact form, we collect your personal data (e.g. title, last name, first name, e-mail address, postal address, telephone number). We use this data to provide you with our services and to carry out the user relationship with you. The legal basis for this is your consent and the necessity for the fulfilment of the contract.

3.3.2 We or our affiliated companies also use your data for advertising purposes (in particular by post or in the form of e-mail newsletters or customer surveys or to contact you, e.g. by SMS or telephone) if you wish to receive such communication. The legal basis for this is your consent, provided we have obtained it, or our legitimate interest in advertising measures relevant to you. If you wish to receive further information regarding this balancing of interests, please contact us using the contact details given in section 2 above.

RETENTION PERIOD: the retention period for this activity is 10 years.

3.3.3 Marketing Separated

You can object to the use of your data for advertising purposes at any time. Details of your right to object can be found in section 5.4 of this privacy policy. Insofar as we are obliged by local laws in individual countries to obtain your prior consent for the aforementioned advertising measures, we will of course do so. The legal basis for processing your data is then your consent. You can revoke your consent at any time. To do so, please contact us using the contact options listed above under point 2 or follow the respective instructions in our advertising messages. Revocation of your consent does not affect the legality of the processing of your data.

RETENTION PERIOD: the retention period for this activity is 10 years.

3.4 The App uses one or more of the tools and technologies listed below:

3.5 Microsoft App Center Analytics

In our App we use technologies of the Microsoft Analytics App Center (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA "Microsoft") with different functionalities ("Microsoft Analytics"). Microsoft Analytics enables the analysis of the usage of our App offer. This means that completely anonymous information about the use of our App is collected and transmitted to Microsoft and stored there. Microsoft uses the aforementioned information to evaluate the use of our App and to provide us with additional services associated with the use of Apps. The legal basis for the use and

evaluation of the data and the use of Microsoft is a legitimate interest in the analysis, optimization and economic operation of our app.

You can prevent your activity data from being shared with Microsoft by disabling the "Send Analytics Data" setting via the slider.

RETENTION PERIOD: the retention period for this activity is 10 years.

e.g.: We need your data for as long as you are on the site. We keep it for the duration of your browsing session.

3.6 Google Analytics

In our App we use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). The use may also include the operating mode "Universal Analytics". This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous User ID and thus analyze the activities of a user across multiple devices. Google Analytics uses so-called cookies, text files which are stored on your mobile device and which enable an analysis of your use of the app (instead of cookies, comparable technologies can be used).

The information generated by the cookie about your use of the App is usually transferred to a Google server in the USA and stored there. Since IP anonymization is activated on this app, your IP address will be shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the App, to compile reports on App activities and to provide us with additional services related to App and Internet usage.

The use of Google Analytics is based on our legitimate interest in a needs-based design, statistical analysis and the efficient promotion of our App.

RETENTION PERIOD: the retention period for this activity is 10 years.

4. Transfer of your data to third parties

In principle, your personal data will only be passed on in the following cases:

4.1 For reasons of prosecution

If it is necessary for the investigation of an illegal use of our app or other services or for legal prosecution, personal data will be forwarded to law enforcement agencies and, if applicable, to injured third parties. However, this only happens if there are concrete indications of illegal or abusive behavior. A transfer can also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences or the financial and supervisory authorities.

The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims. If you require further information regarding this balancing of interests, please contact us using the contact details given in section 2 above.

4.2 Affiliated companies of the LAUFEN Group

In order to ensure the best possible sales support for Laufen customers in the respective country, personal data is passed on to the respective country sales company associated with our group. The transfer of this data is based on our legitimate interest in ensuring effective customer service. If you require further information regarding this balancing of interests, please contact us using the contact details given in section 2 above.

4.3 Order Processor

We rely on contractually affiliated third-party companies and external service providers ("contractors") to provide the services. In such cases, personal data will be passed on to these processors to enable them to further process the data. These processors are carefully selected and regularly reviewed by us. These processors may only use the Data for the purposes we have specified and are also contractually bound by us to treat your Data only in accordance with this Privacy Policy and the applicable data protection laws.

In particular, we use the following processors:

Other Laufen companies for the purpose of central customer administration and order processing or for the purpose of providing central IT services for the other group companies
Cloud computing providers that process selected usage and device data of your end device within Europe
Logistics service provider for the shipment of products, marketing materials or other items you have ordered from us
Payment service provider to process any payments from you to us or vice versa
Service provider for assembly work or after-sales services
Service provider for sending newsletters or conducting customer surveys

5. Facebook and Google login

We offer you the possibility to sign up for our app with Facebook-Connect (a service of Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA; "Facebook") or Google Single Sign On. An additional registration is therefore not possible. To register, you will be redirected to the appropriate Facebook or Google page where you can log in with your usage data. This will link your Facebook profile or Google login and our app. Through the link we automatically receive the following information from Facebook or Google: E-mail, name, date of birth.

This information is absolutely necessary to identify you.

For more information about Facebook Connect and privacy settings, please see the Facebook Privacy Notice and Terms of Use.

For more information about Google Single Sign On and privacy settings, please see the Google Privacy Notice.

6. Data security

The use of or access to your personal data is limited to those persons who need it.

Laufen uses appropriate technical and organizational security measures to protect your data, especially against accidental or intentional manipulation, disclosure, loss or destruction. Our security measures are continuously improved in line with technological developments and comply with the applicable data protection laws.

However, data transmission via the Internet is not completely secure and any transmission of your personal data to us via the App or otherwise is at your own risk.

7. Your rights

As a person affected by data processing, you have the rights described below with regard to our processing of your personal data in accordance with and to the extent provided for under the data protection law applicable to you in each case, in particular the Swiss Data Protection Act or the EU Data Protection Regulation (EU 2016/679). If you wish to assert your rights, please send your written request to us using the contact details given in section 2 above or to the following e-mail address: gdpr@laufen.ch.

8.1 Right to access

To the extent that applicable law so provides, you have the right to obtain from us, at any time, information about the personal data we process concerning you.

8.2 Right of rectification or erasure

To the extent that the applicable law provides for this for you, you have the right to demand that we correct incorrect data, complete incomplete data or delete the personal data concerning you. In particular, you have the right to have your personal data deleted if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed. Exercising this right of deletion is particularly limited if we need your data to fulfil a legal obligation or to enforce legal claims.

8.3 Right to restrict processing

To the extent that the applicable law provides for this for you, you have the right in certain cases to request us to limit the processing of your personal data.

8.4 Right to objection

You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you, including the performance of a task carried out in the public interest or for reasons relating to our legitimate interests. We will stop processing your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

8.5 Right to data portability

To the extent provided for by applicable law, you have the right to obtain from us the personal data relating to you which you have provided to us in a structured, common, machine-readable format and to transfer it to another provider, provided that the processing is based on your consent or is necessary for the performance of a contract with you and that the processing is carried out using automated procedures.

8.6 Right to complain to the competent data protection supervisory authority.

You have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you is in breach of the applicable data protection legislation.

8.7 Right to withdraw consent

You have the right to revoke your consent if our processing is based on your consent. The revocation of your consent does not affect the lawfulness of the previous processing of your personal data based on your consent.

9. Deletion of your data

To delete your data, please send us an e-mail to gdpr@laufen.ch. In general, we delete or make anonymous your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. If data must be retained for legal reasons or if applicable regulations make it seem reasonable to retain it, it will be blocked. The data is then no longer available for further use. If you would like further information on our deletion and storage periods, please contact us using the contact details given in section 2 above.

10. Changes of purpose

Processing of your personal data for purposes other than those described above will only be carried out to the extent permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you about these other purposes before processing and provide you with all further relevant information.

11. Automated individual case decisions or profiling measures

We do not use automated processing to make a decision.

12. Contact

If you have any questions regarding data protection, you can contact us at any time at the address given in the imprint or via the contact details given under point 2 of this data protection declaration. You also have the right to contact the data protection supervisory authority in your country of residence.

13. Changes

We occasionally make changes to our privacy policy. The currently valid version of the privacy policy can be found on our app under the menu item "Information". By continuing to access our App, you agree to the updated Privacy Policy.