Data protection
Privacy Policy
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. On this website, personal data is only collected and processed to the extent necessary. The following declaration gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.
Name and address of the controller
Controller in accordance with the General Data Protection Regulation (“GDPR”):
Kermi Duschdesign GmbH
Pankofen-Bahnhof 1
94447 Plattling
E-Mail: info@kermi-design.com
Phone: +49 9931 7026-0
Data protection officer
Statutory data protection officer:
IDR – Weller, Institut für Datenschutzrecht
Rechtsanwalt Sascha Weller, Mag. Jur.
Ziegelbräustraße 7
85049 Ingolstadt
E-Mail: dataprotection@kermi-design.com
Tel.: +49 841 - 885 167 15
Every data subject can contact our data protection officer directly any time with any questions or suggestions regarding data protection.
1. Personal data
Various personal data is collected when you use this website. Personal data is data with which you can be personally identified. In your case, this could be your name, your email address or your telephone number, for example.
2. Children
Children (up to the age of 18) should not transmit any personal data to us without the consent of their parents or guardian. We encourage all parents and guardians to instruct their children in the safe and responsible use of personal data on the internet. In any case, we will not knowingly collect or in any way use personal data from children or disclose it to third parties.
3. Collection and processing of personal data
a) When you are visiting our website
When you visit our website, we process the data which your browser automatically transfers to us. This data includes your IP address, the time of the server request, the browser type and browser version, the operating system used, the referrer URL, and the host name of the accessing computer. We only process personal data concerning the use of our website to the extent necessary to allow the user to use of the service.
Such data is only collected and processed for internal, statistical purposes. The basis for data processing is processing data to fulfil a contract or pre-contractual measures. Further basis for data processing is our a legitimate interest in processing the data in order to ensure the stability and security of the website.
In some cases we also use cookies. Cookies are small text files that are stored on your computer and saved by your browser. Our Internet pages use cookies in several places. They make our website more user-friendly, effective, and secure. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Cookies do not cause any harm to your computer or contain viruses. We have a legitimate interest in storing cookies for technically error-free and optimised provision of the services our website provides.
How can I prevent cookies being saved?
If you wish to block cookies, you can change your browser settings accordingly. Here you will find the instructions for setting cookies in the most important browsers:
• Internet Explorer
• Chrome
• Safari
• Safari (mobile version)
• Firefox
• Blackberry
• Android
• Opera
Blocking cookies means that no information about device or browsing behaviour is stored when visiting our website. Blocking cookies will affect the functionality of our website. It may mean that you cannot use all functions and services that we can offer you.
Other cookies that are stored (e.g. cookies for analysing your browsing behaviour) are treated separately in this data protection declaration.
b) When you register on our website
You can register on our website to be able to use additional functions on the site. We only use this data entered for the purpose of using the respective offer or service you have registered for. Any mandatory information requested during registration must be entered completely. Otherwise, your registration will be rejected.
We will inform you of important changes, such as changes concerning the scope of our offer or if technical changes should become necessary via the email address you provided during registration.
The data entered during registration will be processed on the basis of your consent. You can withdraw your consent at any time. To do this, simply send an informal message by email to dataprotection@kermi-design.com. The lawfulness of any data processing already carried out remains unaffected by your consent being withdrawn.
The data collected during registration will be stored by us in the CRM in Germany as long as you are registered on our website and will be deleted afterwards. Legal retention periods remain unaffected.
c) When using a contact form / sending an email
If you send us an email or fill in the contact form, the data you have submitted voluntarily (e.g. title, first name, surname, telephone number, company name) will only be used for correspondence with you. Otherwise, we would explicitly point this out to you and request your consent.
Please refrain from transmitting confidential information by email, as communication this way does not use a secure data connection. The contacts are stored in the inboxes of the respective email addresses. The Arbonia Group email infrastructure is hosted in Switzerland and Germany.
Your personal data will be processed on the basis of your consent. You can withdraw this consent at any time. To do this, simply send an informal message by email to dataprotection@kermi-design.com. The lawfulness of any data processing transactions already carried out before consent is withdrawn remains unaffected by your consent being withdrawn.
The data entered by you in the contact form will be retained by us until you either request us to delete the data, withdraw your consent for storage, or if the purpose for the storage of the data no longer applies (e.g. after processing your request has been completed). Legal retention periods remain unaffected.
d) Processing customer and contract data
We collect, process and use personal data to the extent that it is necessary to establish, define the content of, or change a legal relationship, to manage customers and customer relationships, and to conduct the company’s sales and marketing activities.
We process such personal data to enable us to process transactions, execute sales activities, process deliveries, provide customer services, for invoicing, and to establish contact with customers in the context of contract execution, marketing, and in other ways to maintain customer relations. We may also use personal data to handle incidents and claims and to provide support requested by customers.
The personal data comes directly from the customer or has been collected by us in connection with their use of products and services. Personal data may also be obtained from public registers and other reliable external sources. Processing personal data is necessary for the provision of services under the purchase contracts to which the client company is a party. Furthermore, processing personal data is necessary for the legitimate interests pursued by us within the scope of the company’s business objectives.
Our customer data is saved in a CRM system (salesforce.com Germany GmbH, Erika-Mann-Strasse 31, DE-80636 Munich, Germany) that is hosted in Germany. After completion of the order or termination of the business relationship, the customer data collected will be deleted. Legal retention periods remain unaffected.
In general, we use the personal data exclusively for internal business purposes and do not transfer the data to external parties. Companies in the Arbonia Group may gain access to and process personal data to the extent necessary to fulfil the above-mentioned purposes. We only transfer personal data to third parties outside of the Arbonia Group of companies if this is necessary within the context of execution of the contract, for example to the company entrusted with the delivery of the goods or the bank entrusted with payment processing. The data will not be transmitted further or only after you have explicitly consented to the transmission. Any transmission of personal data will be carried out in accordance with the applicable data protection laws and when appropriate contractual, technical, and organisational measures are in place.
4. Analysis of usage data and use of analysis tools
Our aim is to tailor the contents of our website as precisely as possible to your interests and in this way improve our offer for you. We use various web analysis services for this demand-oriented design and to continuously optimise our website. Declarations on these analysis tools – find out more in our Privacy Settings.
5. Passing on personal data and data processing by third parties
As a matter of principle, we treat your personal data as confidential and only pass it on if you have consented to this, if we are legally obliged or entitled to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
We also disclose your personal data to third parties to the extent that this is necessary or expedient in the context of the use of the website or for the possible provision of the services requested by you (also outside the website).
The legal regulations regarding passing on personal data to third parties are of course complied with. Where we use order processors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure that your data is protected in accordance with the relevant legal requirements.
If the level of data protection in a country where the data is processed does not comply with the applicable data protection regulations, we will contractually ensure that the protection of your personal data is equivalent to that in Switzerland or the EU/EEA at all times, for example by including the EU standard contractual clauses.
If data is exchanged within the Group, we ensure that your data is protected by means of appropriate contracts and in compliance with the applicable data protection regulations.
6. Services or third-party content on our website
We offer third-party services and/or content on our website. If you use such third-party services or if third-party content is displayed, then communication data is exchanged between you and the respective provider for technical reasons. We do not monitor the websites nor the data protection practices of the third parties who manage these websites. Accordingly, this data protection declaration does not apply to pages or services of third parties we provide a link to.
The respective service or content provider can also collect additional data and use it for their own other purposes. To the best of our knowledge, we have configured the services and content of providers who process data for their own purposes so that either the communication for other purposes than for presenting the services or content on our website is blocked or that personal data can only be collected if you have decided to use the respective service. However, as we have no control over the data that is collected and processed by third parties, we are not able to provide binding information on the scope and purpose of such processing of your data by the respective third party.
a) Website links
We provide links referring to pages of third parties to optimise the information you are provided with on our website. As they are websites of other providers, we do not have any influence on the contents that the provider is exclusively responsible for. Accordingly, this data protection declaration does not apply to third-party pages we have provided a link to.
b) Tools
Our website uses the functions of different tools to increase the functionality of our website.
Notes regarding Google Web Fonts
Our website uses the “Web Fonts” function provided by Google to ensure uniform display of fonts. When you access a page, your browser loads the required web fonts to your browser cache to display texts and fonts correctly. For this purpose, your browser connects to Google’s servers. This will inform Google that your IP address has been used to access our website.
The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest. If your browser does not support Web Fonts, your computer uses a default font.
The provider of these functions is: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information about how Google handles user data is available in Google’s Privacy Policy.
c) Social plug-ins
Our website uses functions of various social plug-ins (ׅ“buttons”) from social media platforms such as Facebook, Google+, LinkedIn, and X. Social media (e.g. Facebook, X, Instagram, Pinterest, Youtube, or LinkedIn) enable users of these social media platforms to create links on their social media profiles to then store them or share them with their social media contacts.
When you visit our website, the buttons for such social media platforms are disabled by default. No data is sent to the respective social networks without your intervention. To be able to use these buttons, you have to activate them by clicking on them. They will then remain activated until you deactivate them.
Once activated, a direct connection is made to the server of the respective social network. The content of the button is then transmitted directly from the social network to your browser and integrated into the website. After activating a button, the social network can retrieve data, whether you interact with the button or not. If you are logged into a social network, the network can associate your visit to the site with your user account.
If you are a user of a social network and do not want it to combine data from your visit to our website with your user data, you must log out of the respective social network before activating the buttons.
We do not have any influence on the scope of data collected by social networks via their buttons. The privacy policies of the social networks provide information about the purpose and extent of the data they collect, how that data is processed and used, the rights available to you, and the settings you can use to protect your privacy. For further information on the scope and purpose of such collection and processing of your data, please refer to the data protection information of the providers whose services and/or contents we hold responsible for the protection of your data in this context.
Notes regarding Facebook plug-ins (Like & Share-Button)
Our website uses functions of the social network Facebook. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button on our site. When you visit our website and log into Facebook, the plug-in establishes a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to link the visit to our pages with your user account. You can prevent this by logging out of your Facebook account. We point out that we have no knowledge of the content of the transmitted data and its use by Facebook.
These functions are provided by: Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You will find further information on how Facebook handles user data in the Facebook Privacy Policy.
Notes regarding Instagram
Our website uses functions of the service Instagram. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your account with your visit to our web page. We point out that we have no knowledge of the content of the transmitted data and its use by Instagram.
These functions are provided by: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. You will find further information on how Instagram handles user data in the Instagram Privacy Policy.
Notes regarding Pinterest
Our website uses functions of the social network Pinterest. If you visit one of our websites equipped with a Pinterest plug-in and are logged into Pinterest, a connection to Pinterest’s servers is established. Protocol data (your IP address, the address of the visited websites, which also contain Pinterest functions, type and settings of the browser, date and time of the request, your use of Pinterest) can be transmitted to the Pinterest server in the USA by the plug-in. We point out that we have no knowledge of the content of the transmitted data and its use by Pinterest.
This plug-in is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA. More information about how Pinterest handles user data is available in Pinterest’s Privacy Policy.
7. Deletion of personal data
Providing we do not specify any particular retention periods in this data protection declaration, these general rules apply:
As a general rule, your data will be deleted as soon as it is no longer necessary for the intended purposes or if you withdraw your consent or object to its use for legitimate reasons. Beyond this point in time, data will only be stored if this is necessary according to legal regulations which we are subject to (e.g. tax and commercial law regulations) or if data is needed to establish, exercise, or defend against legal rights.
8. Data security
We take technical and organisational security precautions to protect your personal data against manipulation, loss, destruction, or against access by unauthorised persons and to ensure the protection of your rights and compliance with applicable data protection regulations.
The measures taken are designed to ensure the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services in processing your data on an ongoing basis. They are also designed to ensure the rapid restoration of the availability of your data and access to you in the event of a physical or technical incident.
Our data processing and our security measures are continuously being improved in line with technological developments.
We also take our own internal data protection very seriously. Our employees and the service companies we deploy are obliged to maintain confidentiality and to comply with the provisions of data protection law. They are also only granted access to personal data to the extent necessary.
9. Your rights
In the following, we set out what rights you have in relation to your personal data. Please note that data protection regulations and practices are subject to change. It is therefore advisable and necessary to keep abreast of changes in legal provisions and company practice.
Rights of information and rectification
You can obtain information about your data stored by us at any time without giving reasons at dataprotection@kermi-design.com. You also have the right to request the correction of your incorrect personal data and, if necessary, the completion of incomplete personal data in our systems.
Rights to restricting processing
You can request the restriction of the processing of personal data concerning you via dataprotection@kermi-design.com. Where processing personal data relating to you has been restricted, such data may only be processed – apart from being stored – with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.
Right of deletion
You have the right to request via dataprotection@kermi-design.com that your personal data be deleted, e.g. if the data is no longer required for the purposes pursued. However, if we are obliged to retain your personal data for legal or contractual retention reasons, we can only restrict or block your personal data in these cases to the extent necessary.
Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against us, you have the right to be informed via dataprotection@kermi-design.com about the recipients to whom your personal data has been disclosed by us.
Right to data transfer
You have the right via dataprotection@kermi-design.com to receive your personal data, which we process automatically on the basis of your consent or for the performance of a contract, in a structured, common and machine-readable format, or to request the transfer of this data to a third party. If you request direct transfer of the data to another controller, this will only be done insofar as this is technically feasible.
Right to object
You have the option to object to the data collection and storage presented in the privacy policy. You can withdraw your consent to data collection and use at any time in future, without stating reasons, at dataprotection@kermi-design.com.
Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes applicable data protection laws.
10. Amendment to the data protection declaration
This data protection declaration may be subject to amendments, for example due to amendments in the law or changes in processing. We therefore ask you to read this page regularly.
11. Contact
Your trust is important to us. So we would like to be available to answer your questions regarding processing your personal data at any time. If you have any questions that are not answered by this privacy statement, or if you would like more detailed information on any point, please contact us via email at dataprotection@kermi-design.com.
Date: September 2024