GEA values you as a customer or other contact who is interested in GEA and our products, technologies and services. When you interact with us, we will collect and process certain of your personal data. This Data Protection Notice explains how GEA uses the personal data provided by you and which rights and options you have in this respect
It applies to personal data that you provide to GEA or which is derived from such data. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation. Where the processing of your personal data is not subject to this regulation, different rules will apply under your applicable law.
Who is responsible for your personal data?
Your personal data will be controlled by GEA Group Aktiengesellschaft or an affiliate of GEA Group Aktiengesellschaft which is identified as responsible controller in the communication you receive from us (herein referred to as "us" or "GEA") to ensure security and integrity of your personal data. Please click here for a list of the GEA Group affiliates with contact details.
For which purposes will we use your personal data?
We will process your personal data strictly only for the following purposes ("Permitted Purposes"):
- Planning, entering into, performing, managing and administering your (or a third party's to whom you are related) contractual business relationship with GEA Group or an affiliate of GEA Group Aktiengesellschaft, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services or providing you with other services or things you may have requested;
- Maintaining and protecting the security of our products, services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for antitrust purposes;
- Informing you, where permitted in accordance with local laws, within an existing business relationship about GEA's products or services which are similar or relate to such products and services which have already been purchased or used within that business relationship;
- Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims or
- Ensuring compliance with legal obligations, e.g. to keep sales records for tax purposes or to send notices and other disclosures as required by law.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- Communicating with you through the channels you have approved to keep you up to date on the latest announcements, special offers and other information about GEA’s products, technologies and services (including marketing-related newsletters) as well as events and projects of GEA;
- Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events or
- Profiling and automated processing: Collecting information about your preferences on the basis of your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. On the basis of this information (e.g. which content is downloaded, clicked or viewed for how often and how long), we create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you.
Please note: Under the European General Data Protection Regulation (Article 21 (2)) you have the right to object to the use of your personal data for direct marketing purposes, including the profiling described above. Please refer to "Your data protection rights" below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
We apply modern technology to monitor and analyse data in relation to our products (also known as Internet of Things). Such information is used to support our customers, e.g. by improving our product design and enhancing product service. Typically, no personal data is processed in connection with any such technologies. Where that is the case, personal data will be processed strictly in line with this Data Privacy Notice and in accordance with applicable law.
The legal bases for processing of your personal data are set forth in Article 6 of the European General Data Protection Regulation. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with GEA or for compliance with our legal obligations or for purposes of legitimate interests pursued by us, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
Scope of personal data
We may collect and process in particular the following categories of personal data:We may collect and process in particular the following categories of personal data:
- Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address,
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further business information necessarily processed in a project or contractual relationship with GEA or voluntarily provided by you, such as orders placed, payments made, requests and projects;
- Information about your interests and preferences and other information obtained by the analytics described above, in particular your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. This includes which content you download, click or view for how often and how long.
- Information collected from publicly available resources, integrity data bases and credit agencies; and
- If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes.
- Special categories of Personal Data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
How do we collect your personal data?
We will typically collect your personal data directly from you. We do not obtain personal data from third parties unless specified herein (e.g. information from publicly available resources, integrity data bases and credit agencies).
Where you have expressly given your consent, we may also obtain your personal data from third parties for marketing purposes. In such cases, you will be informed about this in accordance with applicable law.
How do we protect your personal data?
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.
With whom will we share your personal data?
We may share your personal data as follows:
- With our affiliates within GEA Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as outlined in this Data Privacy Notice. Please click here for a list of the GEA Group affiliates with contact details.
- We may also instruct service providers (so called data processors) within or outside of GEA Group, domestically or abroad, e.g. shared service centers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. GEA will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
- With courts, law enforcement authorities, regulators or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
- Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
Where will your personal data be processed?
GEA is a globally active enterprise. In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses which are available here. You may contact us anytime using the contact details below if you would like further information on such safeguards.
Your data protection rights
Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. In particular you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the EU General Data Protection Regulation for details on your data protection rights.
For any of the above requests, please send a description of your personal data concerned stating your name, customer number or other GEA identification number(if applicable) as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have given us your consent for the processing of your personal you withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint, you can contact us at the contact details below to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (https://ico.org.uk).
Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which GEA cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for GEA to provide you with what you request without the relevant personal data.
Retention of your personal data
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will in particular retain your personal data where required for GEA to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
Updates to this data protection notice
This Data Privacy Notice was last updated in April 2018. We reserve the right to update and change this Data Protection Notice from time to time in order to reflect and changes to the way in which we use your personal data or changing legal requirements. In case of any such changes, we will publish the changed Data Protection Notice on our website.
How to get in touch with us?
For any questions and comments or in case you want to assert your rights, please click here. You can also contact us by sending an email to:
Data protection officer of GEA Group AG
GEA Group Aktiengesellschaft