GEA values you as a customer or other contact who is interested in GEA and our products, technologies and services. When you interact with us, we will collect and process certain of your personal data. This Data Protection Notice explains how GEA uses the personal data provided by you and which rights and options you have in this respect.
It applies to personal data that you provide to GEA or which is derived from such data. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation. Where the processing of your personal data is not subject to this regulation, different rules will apply under your applicable law.
Who is responsible for your personal data?
Your personal data will be controlled by GEA Group Aktiengesellschaft or an affiliate of GEA Group Aktiengesellschaft which is identified as responsible controller for your personal data in the communication you receive from us (herein referred to as "us" or "GEA") to ensure security and integrity of your personal data. Please click here for a list of the GEA Group affiliates with contact details.
For which purposes will we use your personal data?
We will process your personal data depending on the type of business relationship with you strictly only for the following purposes ("Permitted Purposes"):
- Planning, entering into, performing, managing and administering of your business relationship (or the contractual relationship with your company or organization) with GEA Group or an affiliate of GEA Group Aktiengesellschaft, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services or providing you with other services or things you may have requested;
- Maintaining and protecting the security of our products, services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for antitrust purposes;
- Informing you, where permitted in accordance with applicable local laws, within an existing business relationship about GEA's products or services which are similar or relate to such products and services which have already been purchased or used within that business relationship;
- Providing our distributors with business-relevant information, e.g. new products, price changes, discount campaigns, supplier changes, dealer information, technical problems and sales stops.
- Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims or
- Ensuring compliance with legal obligations, e.g. to keep business records for tax purposes or to send notices and other disclosures as required by law.
Where you have expressly given us your consent to do so or it is permitted under applicable data protection law, we may process your personal data also for the following purposes:
- Communicating with you through the communication channels you have approved to keep you up to date on the latest announcements, special offers and other information about GEA’s products, technologies and services (including marketing-related newsletters) as well as events and projects of GEA;
- Performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events or
- Profiling and automated processing: Collecting information about your preferences on the basis of your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. On the basis of this information (e.g. which content is downloaded, clicked or viewed for how often and how long), we create a user profile to personalize and improve the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you.
Please note : Under the European General Data Protection Regulation (Article 21 (2)) you have the right to object to the use of your personal data for direct marketing purposes, including the profiling described above. Please refer to "Your data protection rights" below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
We apply modern technology to monitor and analyse data in relation to our products (also known as Internet of Things). Such information is used to support our customers, e.g. by improving our product design and enhancing product service. Typically, no personal data is processed in connection with any such technologies. Where that is the case, personal data will be processed strictly in line with this Data Privacy Notice and in accordance with applicable law.
The legal bases for processing of your personal data are set forth in Article 6 of the European General Data Protection Regulation. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with GEA or for compliance with our legal obligations or for purposes of legitimate interests pursued by us, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
Scope of personal data
We may collect and process in particular the following categories of personal data:
- Business or private contact information, such as full name, address, telephone number, mobile phone number, fax number and email address, the identification number of your mobile phone and the IP address of your computer when using our website;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further business information necessarily processed in a project or contractual relationship with GEA or voluntarily provided by you, such as orders placed, payments made, requests and projects;
- Information about your interests and preferences and other information obtained by the analytics described above, in particular your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. This includes which content you download, click or view for how often and how long.
- Information collected from publicly available resources, integrity data bases and credit agencies;
- If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes and
- Special categories of Personal Data. In certain situations, where required by law or where you have given us your consent, we may also collect special categories of your personal data that are subject to special data protection laws. For example in connection with the registration for and participation in an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
How do we collect your personal data?
We will typically collect your personal data directly from you. We do not obtain personal data from third parties unless specified herein (e.g. information from publicly available resources, integrity data bases and credit agencies).
Where you have expressly given your consent, we may also obtain your personal data from third parties for marketing purposes. In such cases, you will be informed about this in accordance with applicable law.
How do we protect your personal data?
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.
With whom will we share your personal data?
We may share your personal data as follows:
- With our affiliates within GEA Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as outlined in this Data Privacy Notice. Please click here for a list of the GEA Group affiliates with contact details.
- We may also instruct service providers (so called data processors) within or outside of GEA Group, domestically or abroad, e.g. shared service centers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. GEA will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
- With courts, law enforcement authorities, regulators or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
- Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
Where will your personal data be processed?
GEA is a globally active enterprise. In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses which are available here. You may contact us anytime using the contact details below if you would like further information on such safeguards.
Your data protection rights
Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. In particular you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the EU General Data Protection Regulation for details on your data protection rights.
For any of the above requests, please send a description of your personal data concerned stating your name, customer number or other GEA identification number(if applicable) as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have given us your consent for the processing of your personal data you may withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint, you can contact us at the contact details below to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you may complain to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (https://ico.org.uk).
Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntary; there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which GEA cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for GEA to provide you with what you request without the relevant personal data.
Retention of your personal data
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will in, particular, retain your personal data where required for GEA to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
Social bookmarks in our online offers
Our website contains so-called “social bookmarks” (from YouTube, LinkedIn, Facebook, and/or Twitter, for example). Social bookmarks are Internet bookmarks that allow users of such a service to collect links and news items. These bookmarks are integrated into our website merely as a link to the relevant services. Upon clicking on the integrated graphic, you will be redirected to the relevant provider’s page, meaning that user information will not be transferred to the relevant provider until then. For information on the handling of your personal data when using these websites, please refer to the respective data protection policy of the providers.
You may use chatbots on our website to communicate your concerns. These are programs that use artificial intelligence to classify your concerns in a common chat with you in order to forward them to our responsible employees and to help you find your way around our website.
If you have given your prior consent, the personal data provided in these chats will be processed for the purpose of answering your inquiry and for contacting you for advertising purposes. The communication is carried out by our Group companies which offer the products and services you have requested in your respective region. It is limited to the communication channels for which you have provided contact data and to the product and service groups you have requested. The processing is based on Art. 6 paragraph 1, sentence 1, letter a) GDPR. The provision of your personal data is voluntary. You are neither obliged to provide us with your personal data, nor is this provision necessary to fulfill a legal or contractual obligation or to conclude a contract. If you do not provide us with your data, this will have no consequences for you, except that we will not be able to answer your inquiry. You can withdraw your consent at any time with effect for the future, e.g. by contacting us without any specific form. Your personal data will be deleted upon the withdrawal of your consent."
Google Tag Manager
We use Google Tag Manager to administer which data is measured and sent in which form to Google Analytics. The provider of the Google Tag Manager component is Alphabet Inc., 1600 AMPHITHEATRE PARKWAY MOUNTAIN VIEW CA 94043. This service enables website tags to be managed via an API. Google Tag Manager only implements tags. This means that cookies are not used and no personal data is collected. Google Tag Manager triggers other tags that can be used to collect data, however, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
Description of the data processing
The following data is collected during your website visit:
- Browser type/version,
- Operating system used,
- Referrer URL (the web page that directed you to our website),
- Host name of the accessing terminal device (IP address, advertising ID)
- Time of the server request
Google Analytics is only used by us in conjunction with Google’s activated “IP Anonymization” function (IP masking). This means that users’ IP addresses are truncated by Google for users within member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional cases (e.g. in the event of a technical defect in the European Union) is the IP address sent to a US server and truncated there.
The “IP address Anonymization" function used by Google does not write IP addresses to a disk, as pseudonymization takes place in the main memory immediately after the request is received. We do not receive any personal data from Google, only anonymized statistics.
Legal basis of the data processing
Your personal data is only processed in connection with Google Analytics if you have given your explicit consent. You have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing of your personal data that has taken place on the basis of your consent up to that point. You can send your revocation at any time by email to the contact listed below.
Period of retention/ deletion
We store the data collected by Google Analytics in pseudonymized profiles that cannot be associated with any individual person for a period of 14 months to prevent cases of abuse and to optimize our web pages. This data is automatically deleted after 14 months.
Third Party Data Transfer
Personal data collected through the Google Analytics Tool will be shared with Google Ireland Limited.
Lead Gen Forms from LinkedIn
We use a lead generation tool to acquire new customers. A lead is a prospective customer who submits their contact details to a company whose services or products they are interested in for the purpose of contacting them. We use the service of LinkedIn (LinkedIn Ireland Unlimited Company) Lead Gen Forms for this purpose.
Description of the data processing
We combine LinkedIn Gen Forms with our advertisements about our products and events on our LinkedIn company pages. LinkedIn Gen Forms allow you to contact us directly about our products and events. The LinkedIn Gen Forms are automatically filled with the data from your LinkedIn profile. If you contact us via the LinkedIn Gen Forms, personal data (e.g. name, email address) will be stored by LinkedIn and then transmitted to us. We use the data to contact you and send you the information you have requested about services and products or to register you for events organized by us.
Purpose and legal basis
The use of Lead Gen Forms serves our public relations work and communication with interested parties about our products and events. The legal basis for the evaluation of the LinkedIn Lead Gen Forms is your consent given when sending the forms. (Art. 6 para. 1 lit. a GDPR). You have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing of your personal data that has taken place on the basis of your consent up to that point. You can send your revocation at any time by post to GEA Group Aktiengesellschaft, Peter-Müller-Str. 12, 40468 Düsseldorf, Germany or by e-mail to firstname.lastname@example.org.
Duration of data storage/deletion
The processing including the storage of your personal data will only take place as long as you have given your consent. If you revoke your consent, your personal data will be deleted, unless there are legal retention periods to the contrary. On LinkedIn, lead data is automatically deleted after 90 days.
Your data will only be forwarded to us by LinkedIn. We only use your data for the above-mentioned purposes and do not transfer it to third parties.
Updates to this data protection notice
This Data Privacy Notice was last updated in July 2019. We reserve the right to update and change this Data Protection Notice from time to time in order to reflect and changes to the way in which we use your personal data or changing legal requirements. In case of any such changes, we will publish the changed Data Protection Notice on our website.
How to get in touch with us?
For any questions and comments or in case you want to assert your rights, please click here. You can also contact us by sending an email to:
Data protection officer of GEA Group AG
GEA Group Aktiengesellschaft