Data Security

Revision date: 16.12.2020

WashTec (UK) Ltd at 14a Oak Industrial Park, Chelmsford Road, Great Dunmow Essex, CM6 1XN (“WashTec” or “we” or “our”) and each of its affiliates and subsidiaries (collectively the “WashTec Group”) take data protection seriously. This Data Protection Notice provides users of the website www.washtec-uk.com and www.auwa.de/en, and all other WashTec websites referring to this Data Protection Notice (collectively, “websites”) with information on how we, as controller within the meaning of the General Data Protection Regulation (“GDPR”) and the ePrivacy Regulation (“ePrivacy Regulation”), collect and process personal data and other data concerning users in connection with their use of the website.

Please note that other websites of the WashTec Group may be subject to different data protection notices.

Categories of personal data and purposes of processing 

When you use our website, create a customer account or order products through our website, we process the following metadata: Browser type and version, operating system, interface, referrer URL, pages viewed, date, time, IP address and, if applicable, the following personal data: Your name and other identification information, your payment information, order information, and requests for marketing materials. We process the personal data for the following purposes: Provision of access to our website, quality improvement, managing your user account, answering your queries, provision of marketing materials, provision of requested products and services, fulfilment of contractual obligations and exercise of claims in law. For further information, please see heading 1 of the Full Website Data Protection Notice.

Basis of processing and legal consequences

One of the central requirements of data protection law is that all processing of personal data must have a lawful purpose. We primarily make use of the following lawful purposes: The processing is necessary (i) for performance of a contract, (ii) for compliance with a legal obligation, (iii) in order to protect the vital interests of you or a third party, (iv) for the purpose of legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms. For further information, please see heading 2 of the Full Website Data Protection Notice.

Categories of recipients and international transfers

We transfer your personal data to other WashTec Group companies, processors, other companies in relation to transactions and, in accordance with applicable law, public authorities, courts, outside consultants and similar third parties; some such recipients are domiciled outside of the EU. For further information, please see heading 3 of the Full Website Data Protection Notice.

Storage periods

Your personal data will be erased as soon as it is no longer needed for the purposes for which it was originally collected, or as required by applicable law. For further information, please see heading 4 of the Full Website Data Protection Notice.

Your rights

Under applicable law, you have certain rights in relation to the processing of your personal data, in each case in accordance with the applicable statutory provisions, such as the right of access to your data and the right to rectification, erasure and portability. Please direct your questions to bcook[at]washtec-uk.com. For further information, please see heading 5 of the Full Website Data Protection Notice.

Cookies and other tracking technologies

Our website uses cookies and other tracking technologies. For further information, please see heading 6 of the Full Website Data Protection Notice.

Questions and contact information

If you have any questions about this Data Protection Notice or if you wish to exercise your rights as a data subject, please contact us at: Sales Department, WashTec (UK) Ltd, 14a Oak Industrial Park, Chelmsford Road, Great Dunmow, Essex, CM6 1XN, sales[at]washtec-uk.com.

The WashTec Data Controller can be contacted at:

Hugo Bernal
hbernal[at]washtec.com
WashTec (UK) Ltd
14a Oak Industrial Park
Chelmsford Road
Great Dunmow
Essex
CM6 1XN

Revision of this Data Protection Notice

Both the summary and the Full Website Data Protection Notice are subject to revision. We will notify you of revisions by appropriate means.

 

FULL WEBSITE DATA PROTECTION NOTICE

1.      Categories of personal data and purposes of processing: What personal data do we process and why?

 

1.1    Metadata

You can use the website without providing personal data about yourself. In such cases, we collect only the following metadata, which results from the use of the website: Browser type and version, operating system and interface, referring website (referral URL), pages viewed, the date and time you access our website, and your Internet Protocol (IP) address.

Your IP address is used to provide you with access to our website. Once your IP address is no longer needed for this purpose, we truncate it by removing the last octet of the address. The metadata, including the truncated IP address, is used to improve the quality of the website and the services offered through it by analysing use patterns.

1.2    User account

When you create a user account on our website, you are asked to provide the following personal data about yourself: Name, gender (Mr. or Ms.), postal address, email address, phone number, selected password for your user account, payment information, billing and delivery address, and (optional) requests for marketing materials. We process such personal data to manage your user account, to answer your questions, to provide requested products or services, to provide marketing materials to the extent permitted by law, to analyse your interests for marketing purposes, to improve our website in line with use patterns and for technical management or for other purposes that you have consented to.

1.3    Orders for products

When you order a product on our website, we collect and process the following personal data about you: Name, gender (Mr. or Ms.), postal address, email address, phone number, payment information, billing and delivery address, product type and quantity, purchase price, order date, order status, returns, enquiries to customer service and (optional) requests for marketing materials. We process such personal data to fulfil contractual obligations and process your orders, provide customer service, comply with legal obligations, defend, establish and exercise claims in law, provide marketing materials to the extent permitted by law, and analyse your interests for marketing purposes.

1.4    Newsletter

When you state that you wish to receive our newsletter, we collect and process the following personal data about you: Email address and (optional) whether you wish to receive marketing emails or postal mailings. We process such personal data to send out the newsletter and other marketing materials to the extent permitted by law and to analyse your interests for marketing purposes.

 

2.    Basis of processing and legal consequences: What is the legal basis for the processing of your personal data and what happens if you do not wish to provide personal data?

The legal basis for the collection, processing and use of personal data by the company is as follows:

  • You have given consent to the processing of your data for one or more specific purposes;
  • The processing is necessary for the performance of a contract to which you are party or, at your request, to take steps prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation to which we are subject;
  • The processing is necessary in order to protect your vital interests or those of another natural person;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in WashTec;
  • The processing is necessary for the purpose of legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. These legitimate interests are the fulfilment of the processing purposes specified under heading 1, in particular so that we can process your orders, fulfil contractual obligations and inform you about product innovations;
  • Other applicable legal bases for data processing, notably under provisions stipulated in the law of Member States or

The provision of your personal data is required by law or contract. The provision of your personal data is necessary in order to enter into a contract with us or for the receipt of services/products you have requested. The provision of your personal data is voluntary.

Not providing personal data can be to your detriment; for example, you will not be able to receive certain products and services. However, not providing personal data does not lead to any legal consequences.

 

3.    Categories of recipients and international transfers: Who do we share your personal data with and where are they located?

We may transfer your personal data to third parties for the above-described purposes as follows:

  • Within the WashTec Group: We and any company in the WashTec Group may receive your personal information for the purposes described above. Internal departments within WashTec may receive your personal data commensurate with the categories of personal data and purposes for which the personal data was collected. For example, our IT department may have access to your account information, and our sales department may have access to your account information or data relating to product orders. In addition, further departments within WashTec may have access to personal data about you on a need-to-know basis, for example the legal department, the finance department or the internal audit department.
  • To processors: Specific third parties, which may or may not be affiliated companies, may receive your personal data in order to process it on instruction (“processors”) if this is necessary for the processing purposes described above; examples include website, customer service, marketing and IT support service providers, as well as other service providers who support us in maintaining our business relationship with you. Processors are contractually obliged to implement suitable technical and organisational measures to secure the personal data and to process the personal data only as instructed.
  • Other recipients: In accordance with applicable data protection law, we may transfer personal data to law enforcement agencies, government and judicial authorities, lawyers, outside consultants or business partners. In the event of corporate acquisitions and mergers, personal data may be transferred to third parties involved in the acquisition or merger. We will not share your personal data with third parties for advertising, marketing or other purposes without your consent.

Access to your personal data is restricted to persons who have a need to know in order to perform their work.

International transfers: The personal data we collect and receive from you may be transferred to and processed by recipients located inside or outside the European Economic Area (“EEA”). Some of the recipients outside the EEA are EU-U.S. Privacy Shield certified and others are in countries subject to current adequacy decisions (notably Andorra, Argentina, Canada (for non-public entities subject to the Canadian Personal Information Protection and Electronic Documents Act), Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey and New Zealand, please select the countries that apply). In all transfers, a level of data protection is ensured that is recognised and adequate from a European data protection perspective. Other recipients may be located in countries that do not ensure an adequate level of data protection from a European data protection perspective. We will take all necessary precautions to ensure that all security measures necessary under data protection law are taken when transferring to countries outside the EEA. With regard to transfers to countries that do not ensure an adequate level of data protection, we will take appropriate security precautions in transfers, such as standard data protection clauses issued by the European Commission or a supervisory authority, approved codes of conduct together with binding and enforceable commitments by the recipient or approved certification mechanisms together with binding and enforceable commitments by the recipient. You may contact us as specified under heading 7 below and request a copy of such appropriate security precautions.

 

4.    Storage periods: How long do we store your personal data?

Your personal data will be stored for as long as is necessary to provide you with the services and products you request. When your contractual relationship with us comes to an end or your account is deleted, or when you terminate your relationship with us in any other way, we will remove your personal data from our systems and records and/or properly anonymise it so that you can no longer be identified from it (unless we have to retain your data to comply with legal or regulatory obligations to which WashTec is subject, such as for tax reasons).

We may retain your contact details and information about the interest you have expressed in our products and services for a longer period if you have consented to WashTec sending you marketing materials. We may also be required under applicable law to retain certain personal data for a period of ten years after the relevant tax year. We may retain your personal data after termination of our contractual relationship if your personal data is necessary for compliance with other applicable laws or if we require your personal information, exclusively on a need-to-know basis, in order to establish, exercise or defend a claim in law. As far as is possible, we will restrict the processing of your personal data to such limited purposes after termination of our contractual relationship.

 

5.    Your rights: What are your rights and how can you assert them?

Right to revoke consent: If you have given your consent to the collection, processing and use of your personal data (in particular to receiving direct marketing communications via email, text message or telephone), you can revoke that consent at any time with effect for the future. Revoking consent does not affect the lawfulness of processing performed prior to revocation. If you wish to revoke your consent, please contact us as specified under heading 7 below. You can object to the use of your personal data for marketing purposes without incurring any costs other than basic telecommunication charges.

Additional data protection rights: In accordance with applicable data protection laws, you may have the right (i) of access to your personal data, (ii) to rectification of your personal data, (iii) to erasure of your personal data, (iv) to restrict the processing of your personal data (v) to data portability; and/or (vi) to object to the processing of your personal data (including to the creation of a profile).

Please note that these rights may be restricted under applicable local data protection law. Below you will find more information about your rights under the GDPR:

  • Right of access to your personal data: You have the right to obtain information from us as to whether your personal data is processed, and, if it is, the right of access to that personal data. Your right of access includes – among other things – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data has been or will be disclosed. This is not an absolute right, however, and the interests of other persons may limit your right of access. You have the right to receive a free copy of the processed personal data. For any further copies you request, we may charge a reasonable fee based on administrative costs.
  • Right to rectification:  You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure (right to be forgotten): You have the right to obtain from us the erasure of your personal data.
  • Right to restriction of processing: You have the right to obtain from us the restriction of processing of your personal data. In this event, the data concerned will be marked and may only be processed by us for specific purposes.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another entity without hindrance from us.
  • Right to object:

You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data concerning you and we may be obliged no longer to process your personal data. There may be such a right to object in particular if we collect and process your personal data for direct marketing purposes or to create a user profile in order to obtain a better picture of your interest in our products and services.

If you have a right to object and you exercise that right, your personal data will no longer be processed by us for such purposes. You may exercise this right by contacting us as specified under heading 7.

There may not be such a right to object if the processing of your personal data is necessary in order to take steps prior to entering into a contract or to perform an existing contract with you.

If you no longer wish to receive direct marketing material via email, text message/MMS, fax or telephone, you must revoke your consent as described above.

To exercise your rights, please contact us as specified under heading 7. You also have the right to lodge a complaint with the competent data protection supervisory authority.
 

6.     Cookies and other tracking technologies

This website uses cookies and other tracking technologies. When you visit our website, open our emails, or view our services online, we or an authorised third party may send a cookie. Cookies are small text files that are placed on your device. When a website is accessed, a cookie placed on your device sends information to the party that put it there. Cookies are very common and are used on many websites. A cookie typically contains the name of the domain that sent it, its lifetime, and a value (typically a unique number). A more detailed explanation of what cookies are and how they work can be found at www.allaboutcookies.org.

The overview below lists the cookies we use on our website.

  • Google Analytics _gat and _ga: This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses ‘cookies’, which are text files placed on visitors’ computers, to help the website operators analyse how visitors use the site. The information generated by the cookie about the visitors’ use of the website will generally be transmitted to and stored by Google on servers in the United States. On this website, IP anonymisation has been activated. The IP addresses of Google users from European Union member states, or from other states contracting to the Agreement on the European Economic Area, will be shortened. Only in exceptional cases will a complete IP address be transferred to a Google server in the United States and shortened there. On behalf of the website operator, Google will use this information for the purpose of evaluating the website for its users, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for website operators. Google will not associate the IP address transferred in the context of Google Analytics with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that in this case you may not be able to use the full functionality of this website. Furthermore, users can prevent the collection of data about their use of the website (including their IP address) generated by the cookie, and the processing of data by Google, by downloading and installing the browser plug-in through the following link: The current link is: https://tools.google.com/dlpage/gaoptout?hl=en

    If you do not wish to use the browser plugin or if you use a device that the plugin cannot be installed on (such as a mobile device), please click the following link to create an opt-out cookie that will prevent future data collection by Google Analytics on this website (note that the opt-out cookie only works in this browser and only for this domain; if you delete cookies in this browser, you will need to click here again): Disable Google Analytics

    Further information about Google Analytics:
    Visit developers.google.com for information on how Google Analytics uses cookies: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
    Visit the Google Analytics privacy page provided by Google: https://www.google.com/analytics/learn/privacy.html
     
  • EquityStory: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to define a session for our server.
  • julia: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to identify you on the website. In particular, it show if you have visited the website before. This enables us not just to count how many page views there have been on multiple pages, but also how many visitors have viewed the website. This cookie is also used to collect additional information such as details on your browser, the size of the browser window, and the device that you use to visit the website (such as mobile device or desktop computer).
  • romeo: This cookie is only used on subpages that are technically operated by our third party provider EQS. It is used to track views of other pages belonging to our third-party provider EQS Group AG.
  • Google reCAPTCHA: We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user).The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA.The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

    For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/

  • Analysis by wiredminds:

    Our website uses a counting pixel technology provided by wiredminds GmbH(www.wiredminds.de) to analyze visitor behavior. If necessary, data is collected, processedand stored, from which user profiles are created under a pseudonym. Wherever possible andreasonable, these usage profiles are completely anonymized. Cookies can be used for thispurpose. Cookies are small text files that are stored in the visitor's Internet browser andserve to recognize the Internet browser. The collected data, which may also contain personaldata, will be transmitted to wiredminds or collected directly by wiredminds. wiredminds mayuse information that is left by visiting the websites to create anonymized usage profiles. Thedata obtained without explicit consent of the affected person will not be used to personallyidentify the visitor of this website and will not be merged with personal data of the bearer ofthe pseudonym. Whenever IP addresses are recorded, their immediate anonymization takesplace by deleting the last number block.

    Permission for data collection, processing and storage can be revoked at any time with effect for the future under the following link.

    Exclude from tracking





  • 7.     Questions and contact information

    If you have any questions about this Data Protection Notice or if you wish to exercise your rights as specified under heading 5, please contact us at: Sales Department, WashTec (UK) Ltd, 14a Oak Industrial Park, Chelmsford Road, Great Dunmow, Essex, CM6 1XN, sales[at]washtec-uk.com.

    The WashTec Data Controller can be contacted at:

    Hugo Bernal
    hbernal[at]washtec.com
    WashTec (UK) Ltd
    14a Oak Industrial Park
    Chelmsford Road
    Great Dunmow
    Essex
    CM6 1XN

     

    8.     Revision of this Data Protection Notice

    We may revise this Data Protection Notice from time to time in response to changes in legal, regulatory or operational requirements. We will notify you of such changes, including when they will come into effect by updating the ‘Revision date’ at the top of this Notice or as otherwise required by law.