Privacy policy from BRITA GmbH

In this Privacy Policy, BRITA GmbH, Heinrich-Hertz-Str. 4, 65232 Taunusstein, Germany (“we”, “us”, “BRITA GmbH”) wishes to inform you about how we process your personal data when you visit our websites and use our online shop.

1. What personal data do we collect from you?

Personal data is any information about a specific or identifiable natural person that you communicate to us and that is generated or collected by us. This includes:

Registration data: You can register your product with us. When you open an online customer account with us, you can permanently store your name, postal address, email address, telephone/mobile number (optional) and country there.

Order data: When you order items from our online shop or by telephone, the content data entered by you and about you is processed (such as the information from your order, delivery and billing address, telephone number, email address, payment methods, delivery arrangements, order information, and in the case of professional consumers also the company name and SAP customer number). In the online shop we also collect information about the time, scope and, if applicable, the location of your order.

Other content data: When you use other services or functions on our website, such as when using forms, competitions or when you register to receive newsletters, content data entered by you and about you is processed, together with the information you provide.

Usage data: We set up usage profiles about your use of our website using a pseudonym, which we use to track how our website is used. In addition, your click behaviour when you receive newsletters is evaluated and stored in user profiles; this data is not combined with the pseudonymised usage profiles described in the sentence above or with your customer account.

Server log data: When you use our websites, data (such as the date and time of your visit, the pages visited and data files requested, the type and version of the web browser you use, the type and operating system of the end device you use as well as your IP address) is temporarily saved in a protocol file.


2. For what purpose, on what legal basis and how long do we process your personal data?

2.1 Product registration / Customer account

If you register the product you have purchased, then we collect and use your data in order to record the benefits granted to you with product registration (e.g. extended guarantee, shipment of spare parts).

When you also register for a personal customer account, we process the registration data to set up and manage your customer account and to process future orders. As a registered customer you have access to your personal online customer account (via your email address and a password chosen by you) in which you can view your order history as well as store and amend your personal settings (e.g. setting for the password, newsletter, billing and delivery).

The legal basis for the processing is our legitimate interest under Art. 6, para. 1 (f) of the GDPR to provide the service “Product registration” described above or “Customer account” for you, or perform a user contract with you (Art. 6, para. 1 (b) of the GDPR).

You can also object to the processing of your data on the basis of Art. 6, para. 1 (f) of the GDPR (under Art. 21, para. 1 of the GDPR). In principle. we may then demonstrate compelling legitimate grounds for the processing in order to continue it. We will not do so for the use of a customer account, however, and the following applies: The customer account must then be deleted and is no longer available to you.

This data is deleted if the registration on our website is cancelled or modified, or if the customer account is terminated. If it is not possible to delete it for legal reasons, the data concerned is then blocked instead. Please note that we may store the data about the orders that can be viewed in your customer account for a longer period (see 2.2).

2.2 Your orders

We process your order data for the processing of your order and for the delivery of the items ordered.

The legal basis for the processing is the conclusion and fulfilment of the purchase contract for the items ordered, Art. 6, para. 1 (b) of the GDPR.

This data is deleted if it is no longer required for performance of the contract (including customer service and warranties), unless we are obliged to store it by law, e.g. due to duties of retention under commercial or tax law.

2.3 Your enquiries

When you contact us with an enquiry using a contact form, by email or a service telephone, we process the information you provided therein to answer you enquiry and, when you use the online contact form the IP address and date/time of the enquiry, to prevent the misuse of the contact form.

The legal basis for processing is our legitimate interest under Art. 6, para. 1 (f) of the GDPR to provide you with the “Enquiries” service described above. If the intention of your enquiry is to initiate or process a contract (including customer service and warranties), the additional legal basis for processing is Art. 6, para. 1 (b) of the GDPR.

You can object to the processing of your data based on Art. 6, para. 1 (f) of the GDPR. If we demonstrate compelling legitimate grounds for the processing, we may then continue it. In this case, this may be required in particular in order to be able to prove past communications and enquiries with you. If there are no such compelling legitimate grounds, then we will cease communication with you and delete any data already collected.

This data is deleted when our communication with you ends, i.e. the relevant facts have been clarified and there are no further legitimate interests for storing the data, or there are no further statutory obligations to store it.

2.4 Taking part in competitions

If you enter one of our competitions, then we use your details in order to carry out the competition, in particular also to inform entrants about a win and, where applicable, send a prize.

The legal basis for processing is your consent given when entering the competition (Art. 6, para. 1 (a) of the GDPR). Your data is deleted when the respective competition ends and the prizes are distributed. Any further use of your data for other purposes, e.g. advertising only occurs if you have given your explicit consent for this.

2.5 Advertising and product development (usage data, newsletters etc.), right of objection

We would also like to use your personal data and/or any anonymous statistical information created from it in order to inform you about our products and services with regard to water dispensers, water filters and accessories (“BRITA Products and Services”), and to send you offers and special promotions (advertising), or to improve our offers and services (product improvements, customer analyses).

2.5.1 Anonymised usage data

Here we use anonymised or aggregated data obtained using analytical tools to track the surfing behaviour of every visitor and thereby improve the design of our website and our range of products in general. You can find details about these analytical tools in section 4.

2.5.2 Direct marketing

You can subscribe to a free newsletter on our website. Here the data collected at registration is processed (the data shown as compulsory fields is absolutely essential to receive the newsletters; data identified as voluntary is only used to make contact with you more personal and for the selection of the information displayed).

We will contact you by email or messenger service with information, offers and beneficial promotions for BRITA products and services customised to you personally and your interests or use based on your respective express consent, or – if you buy similar items or services from us and store your email address in so doing – also without any separate consent.

We will only contact you by telephone with information, offers and beneficial promotions for BRITA products and services customised to you personally and your interests or use with your explicit consent. We also inform our professional consumers (BRITA professionals) by phone about our BRITA products and services if we can legitimately presume their consent to this.

We will also contact you by written advertising sent by post without consent where necessary in the extent permissible by law for our services.

You can also send us some of your information voluntarily within the scope of lead ads (request forms, such as on Facebook, Instagram or LinkedIn).

You may object in full or in part at any time to the creation of pseudonymised data, the use of your personal data for purposes of advertising and product development, and to being contacted in a specific form as a result, or where applicable, withdraw any consent given. Please use the relevant functions provided for you (e.g. the unsubscribe function in your personal customer account) or send a communication to that effect in writing (keyword: data protection) or by email to the contact addresses stated under section 8.

The legal basis for processing is your consent (Art. 6, para. 1 (a) of the GDPR) and our legitimate interests (Art. 6, para. 1 (f) of the GDPR), where applicable in conjunction with Section 7, para. 3 of the Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb - UWG).

We will delete this data following your objection or the withdrawal of any consents given or otherwise no later than the end of its use, or we will only store it in aggregated, anonymised form. Where necessary, we will store the fact of your objection to prevent you from being contacted again.

2.6 For the provision of the website and performance of the services

The processing of server log data is necessary for the provision of the websites and the performance of services for technical reasons and subsequently to ensure system security.

The legal basis for processing is our legitimate interest in providing the website with our services (Art. 6, para. 1 (f) of the GDPR). Processing is absolutely essential for the use of the website for technical reasons and subsequently to ensure system security; there is therefore no right of objection.

This data is deleted after no more than 30 days.

The server log data is subsequently analysed on an anonymous basis, where necessary for statistical purposes, and to improve the quality of our Internet presence. The server log data is not linked in any way to your personal data or with other sources of personal data.

2.7 Your product review

If you rate our products on the platform of our external service provider Bazaarvoice Inc., we process the information you provide there (e-mail address, name) for evaluation of the reviews as well as the IP address and date / time of the evaluation to avoid abuse of the review service.
The legal basis for the processing is your consent given in the submission of the review, Art. 6, para. 1 (f) of the GDPR.
Your data will be deleted when it is no longer required or when you revoke your consent to your data being stored.

3. Sharing of data

3.1 Sharing of data with data processing companies

We sometimes use service providers, subject to compliance with the statutory requirements, by means of commissioned processing, i.e. based on a contract on our behalf, according to our instructions and under our control.

In particular, data processing companies are

  • technical service providers that we use to provide the website, e.g. service providers for software maintenance, data centre operations and hosting;
  • technical service providers that we use to provide functionalities, e.g. technically essential cookies;
  • service providers that carry out order processing for us;
  • service providers for the practical implementation of advertising and marketing, e.g. call centres for telephone contact, printers and letter shops for shipment by post (also including the shipment of analytical test-strips for water hardness), service providers for sending emails.

In such cases, we remain responsible for the data processing; the sharing and processing of personal data to and from our data processing companies is based on the relevant legal basis that permits us to process data. A separate legal basis is not required.

3.2 Data transmission to third parties

Sometimes we also share your data with third parties, i.e. partners with which we collaborate outside commissioned processing. Partners of this kind perform their services on their own responsibility; processing of your data by partners is governed solely by their privacy policy.

3.2.1 Payment service providers

In order to process your orders, we share payment information with payment service providers that carry out the payments processes associated with the orders. These particularly include PayPal, PayOn and Elavon. The legal basis for sharing the data is performance of the contract with you, Art. 6, para. 1 (b) of the GDPR.

3.2.2 Other service providers within the Brita Group

Some accounts are managed for accounting purposes by companies affiliated to BRITA GmbH (Brita Group companies) as defined in Section 15 of the German Stock Corporation Act (Aktiengesetz - AktG). The legal basis for sharing data is our legitimate interest in sharing customer data within a corporate group for administrative purposes, Art. 6, para. 1 (f) of the GDPR.

3.2.3 Local sales companies

When you send us an enquiry, we may transfer your contact data to a BRITA Group company based in your country or a distributor appointed to sell our products for us if they are better able to help you with your concerns based on the actual circumstances (e.g. language knowledge, specialisation in a specific product). The legal basis for the data transfer is our legitimate interest in making our sales process as efficient as possible for the benefit of the customer, Art. 6 (1) f) GDPR.

3.2.4 Logistics companies

We share your address with logistics service providers for shipment purposes. The legal basis for processing is the conclusion and fulfilment of the purchase contract for the items ordered, Art. 6, para. 1 (b) of the GDPR.

4. Cookies and web analysis

4.1 What are cookies?

To make our website as user-friendly as possible and to increase the relevance of our advertising for visitors to our website, we and our partners use so-called “cookies”. Cookies are small data files that are placed on the visitor's device. They allow us to provide information over a certain period and identify the visitor's computer. This also takes place in part by using so-called tracking pixels that are not placed on a visitor's hard drive, but may be helpful in identifying the computer in the same way as with a cookie. The term “cookie” below includes both cookies in the technical sense as well as tracking pixels and similar technical methods.

If you are visiting our website for the first time, then the information on data protection is displayed on your start page with the text for consenting to cookies. By subsequently continuing with active use of the website and not objecting to the use of cookies, you consent to the use of cookies, and this consent is stored on your browser (in the form of a cookie) so that we do not have to show you this information again on every page. If this information does not appear in your browser (e.g. by you deleting the browser history), then this information is shown when you visit our website again.

4.2 What cookies do we use?

On this website we use two categories of cookies: (1) Technically essential cookies, without which the functionality of our website would be limited, and (2) optional analytical, targeting or advertising cookies that generally originate from third-party providers:

  • Technically essential cookies

These cookies are essential to make it possible for you to navigate our websites and use their functions. For example, they store which products you have placed in your shopping basket or the progress of your order process, they enable you to look easily for dealers where you can buy our products (e.g. by showing a map of your surrounding area), or they store whether you agree to the use of cookies and your selection in the cookie settings. These cookies do not collect any information about you that is intended to be used for marketing purposes or that store where you have been on the Internet. These cookies are generally session-specific and expire at the end of your visit to the website (session), unless the respective function requires that they are stored for a longer period (e.g. storing the cookie setting). Deactivating this category of cookies would totally or partially restrict the functions of the website.

  • Analytical, targeting and advertising cookies

Analytical cookies collect information about how visitors use a website overall, for example which pages they access most often and whether they receive error messages from websites. These cookies do not collect data that could identify their visitors. Data collected with these cookies is not combined with other information about our visitors. All information collected with the help of these cookies is used exclusively to understand and improve the functionality and service on the website. For the analysis of our website we use Google Analytics, a web analysis service of Google Inc. The information about your use of this website generated by the use of Google Analytics is usually transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, then your IP address is first abbreviated by Google within European Union member states or in other countries that are party to the Agreement on the European Economic Area. Google will use this information to analyse your use of the website in order to compile reports about website activities for the website operators and to provide further services associated with website and Internet usage. Google will also transfer this data to third parties where this is required by law or if third parties process this data on behalf of Google.

Targeting and advertising cookies are used to tailor advertising to you and your interests in a more targeted manner. They are used to limit how often you get to see the same advert, to measure the efficacy of an advertising campaign and to understand people's behaviour after they have seen an advert. These cookies are generally placed on their pages by advertising networks with the consent of the website operator (i.e. in this case ours). They recognise that a user has visited a website and pass this information on to others, e.g. advertising companies, or adapt their advertising themselves accordingly. They are often linked to a website function provided by that company. We therefore use these cookies to create a link to social networks. These can then reuse the information about your visit to customise the advertising on other websites specifically to you and provide the information about your visit to the advertising networks we use, so that the advertising that potentially really interests you can be presented to you later precisely based on your browsing behaviour. Even in these cases, we do not combine the data collected using these cookies with other information about our visitors.

Furthermore, we use phone call conversion tracking to identify and measure calls from our website (including the mobile website) and from our call-only ads or call extensions used in our ads. In this context, the telephone numbers provided on our (mobile) website or in our ads may be so-called call tracking numbers. When such a call tracking number is called, information about the start time, end time, status (missed or received), duration, caller area code and call type is collected. In no case the storage of call contents takes place. Also, we do not combine the data with other information about the caller. We use the data exclusively for the purpose of determining the number of calls per online marketing channel to measure the efficacy of an advertising campaign. They will not be used for any other purpose and will not be passed on to third parties.

Deactivating this category of cookies does not impair the functionalities of our website. We currently use this category of cookies from the providers below. You can find out more information about cookies and their descriptions from them and object to the use of cookies directly there:

If you would like to receive further information about these cookies from us instead, please contact us by email at: datenschutz@brita.net

4.3 How do I deactivate cookies?

You can totally deactivate the analytical, targeting and advertising cookies conveniently in our cookie settings. Alternatively, you can also deactivate individual cookies using the links in the table above (objection options). Finally, you can also prohibit the use of any cookies by adjusting the settings for cookies in your browser accordingly. Nonetheless, we would point out that in this case it would inhibit the functionality of our website if technically essential cookies are also blocked.

You can read further information about cookies and the individual providers, e.g. on the website www.youronlinechoices.com. You have the option there of objecting to usage-based online advertising by individual or by all tools. To go directly to the preference manager, please click here.

5. Links 

We use links to our other Internet presences on third-party websites and services, e.g. on social media channels such as Facebook, Twitter or YouTube. These third parties are solely responsible for data processing by such other service providers on their websites; their respective privacy policies apply. 

6. Security

We and our service providers take technical and organisational security precautions in order to safeguard your personal data managed by us against accidental or intentional manipulation, loss and destruction, or against access by unauthorised persons. Our data processing systems and security measures are constantly being improved to meet the latest technical developments.

When your personal data is transmitted to us, encryption takes place via a Secure Socket Layer (SSL). Personal data that is exchanged between you and us or another company of the BRITA Group is transmitted via encrypted connections that conform to the current state of technology.

Of course, our employees and the service providers that we engage are committed to confidentiality.

7. Your rights to information, rectification, blocking or deletion

In principle, every natural person whose personal data we process has the following rights in relation to us (i.e. depending on the relevant conditions):

  • If you have any questions on the processing of your personal data by BRITA GmbH, we will be happy to provide you with information about personal data stored about you at any time free of charge (Art. 15 of the GDPR).
  • You have a right to the rectification of incorrect data and to have incomplete data completed (Art. 16 of the GDPR).
  • You have a right to the blocking / restriction of processing or to the deletion of your personal data that is no longer required or that is stored based on legal obligations (Art. 17, 18 of the GDPR).
  • You have a right to the portability of your data in a structured, commonly used and machine-readable format, if you have provided the data to us based on a consent or a contract between you and us (Art. 20 GDPR).
  • You have a right to object to the processing of your data for direct marketing at any time (cf. also section 2.5, Art. 21 para. 2 and 3 of the GDPR).
  • You have a right to object due to processing based on a legitimate interest; in this case, we may demonstrate our compelling legitimate grounds (Art. 21, para. 1 of the GDPR). We have referred above to when this right exists (see section 2).
  • If you have given your consent to data processing, then you can withdraw this at any time with future effect, i.e. the lawfulness of the data processing remains unaffected up to the time of withdrawal. Once you have withdrawn your consent, you may not be able to use our services any longer.

Please contact the address stated under section 8 with your concerns. We reserve the right to verify your identity in order to prevent your personal data from being disclosed to unauthorised persons.

You also have the right to submit a complaint to a supervisory authority for data protection.

8. Data Protection Officer

You can reach our Data Protection Officer at the address below:

Dr. Karsten Kinast
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln

E-Mail: datenschutzbeauftragter@kinast-partner.de

URL: www.Kinast-Partner.de

9. Amendments

It is necessary to revise the content of this Privacy Policy from time to time. We therefore reserve the right to amend it at any time. We will also publish the amended version of the Privacy Policy here. If you visit us again, you should therefore read through the Privacy Policy once more.

Version dated November 2018