Data Privacy Disclaimer

We as GROHE appreciate your interest in our company and our products. We take the protection of your privacy when using our websites very seriously. In the following we are pleased to inform you about the collection of anonymous and personal data.

A. Responsible for the data processing

The person responsible for the processing of personal data in the context of this website in accordance with the regulations of the European General Data Protection Regulation (GDPR) is named in the imprint.

You can reach our Corporate Data Protection Officer at "DataProtection@grohe.com".

With this privacy statement we inform you about the extent of the processing of your personal data (hereinafter only "data").

B. Data processing

As part of the operation of our website we process data.

The processing of the data also includes the disclosure by transmission.

The data, processing purposes, legal bases, recipients and transfers to non-EEA countries concerned are listed in the following list:

a) Log file
We log your visit to our websites. The following data is processed: Name of the retrieved web page, date and time of retrieval, time difference to Greenwich Mean Time, access status, amount of data transferred, browser type and version, the operating system you are using, the referrer URL (previously visited Website), your IP address and the requesting provider. This is necessary to ensure the security of the website. We process the data on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. The log file will be deleted after seven days, unless it is required to clarify or to prove concrete infringements that have become known within the retention period.

b) Hosting
Hosting will store all data to be processed in connection with the operation of this website. This is necessary to enable the operation of the website. We process the data accordingly on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. To provide our online presence, we use the services of web hosting providers to whom we provide the above data.

c) Contacting us
If you contact us, your data (name, contact details, if provided by you) and your message will be processed solely for the purpose of processing and processing your request. These data are processed by us on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR to handle your request.

d) Newsletter
In order to provide you with regular information about our company and our range of service and products, we offer the dispatch of a newsletter. By registering for the newsletter, we process the data entered by you (e-mail address and other voluntary information).

In doing so we receive your consent as follows:
"I would like to order the Grohe AG newsletter as per my configuration of interest. I can revoke my consent at any time by using the unsubscribe link in the newsletter. "

The transmission of the newsletter by means of registration takes place on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR.

The registration for the newsletter takes place in the so-called double opt-in procedure. To prevent abuse, we will send you an e-mail after your registration, asking you to confirm your registration. In order to prove the registration process according to the legal requirements, your application will be logged. Affected are the storage of the registration and the confirmation time and your IP address. To send the newsletter, we use service providers to whom we provide the above data.

To receive details regarding the specific Newsletter such as content or frequency, please refer to the respective registration page.

e) Customer Account
When you open a customer account, you consent to the storage of your data (name, address, e-mail address, bank details) as well as your usage data (username, password). This allows us to identify you as a customer and gives you the ability to manage your orders.

We receive your consent as follows:
"I want to create a customer account. Please process my data for this purpose. I can revoke my consent with effect for the future at any time by e-mail to the indicated e-mail address.".

You will find specific contact details to exercise your rights, including your right to revoke your consent, with each dedicated registration page.
Your data will be processed on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR.

f) Purchase Processing
We process your order data to process the purchase contract. The processing of the data is carried out accordingly on the basis of Art. 6 para. 1 b) GDPR.

We transmit your address data to the company commissioned with the delivery. If it is necessary to process the contract, we will also provide your e-mail address or telephone number to coordinate a delivery date (Avis) to the company commissioned with the delivery.

We will transmit your transaction data (name, date of order, method of payment, date of dispatch and / or receipt, amount and payee, if applicable bank details or credit card details) to the payment service provider responsible for processing the payment.

In addition, we may use your email address to send you information and customer and satisfaction surveys to improve our products and services. This includes information on product maintenance, warranty topics and the maintenance of our products. In these cases, we process the data on the basis of Article 6 (1) f) GDPR. The purpose of the data processing and our legitimate interest is to improve and adapt our products and services in a customer-oriented manner.

You may object to the sending of such communications and requests by e-mail at any time free of charge by contacting us to exercise your rights as a data subject at the e-mail address specified in section D. Paragraph g) or by clicking on an unsubscribe button in certain communications, without incurring any costs other than the transmission costs according to the prime rates.

g) Customer Service
We offer you access to our customer service through various contact channels.

Should you contact our customer service, via contact forms, fax or telephone, we will process your data in order to help you with your request. This generally includes data processing purposes such as problem discussion, quotation, delivery and invoicing, but also purposes of responding to support requests and complaints, as well as documenting our support services.

We also offer you the possibility to place a customer order directly via our web form. The applicable order conditions can be found on the corresponding page.

Required data for the processing of your request result from our online forms, or are requested individually by you. Required data includes at least your master data (name, contact information, address information), if applicable customer number or already existing reference numbers, as well as data regarding your request such as affected products, error images or warranty evidence.

Upon receipt of your request, we will send you an e-mail confirmation of receipt of your inquiry along with a reference number under which your request will be processed.

Should it be necessary, we will, in consultation with you, pass on your data to partner companies that support you on site with repair, installation and / or maintenance services.

The basis of our data processing and, if necessary, data transfer to partner companies is either your consent pursuant to Article 6 (1) a) GDPR or your commissioning based on Article 6 (1) b) GDPR.

In addition, we may use your email address to send you customer and satisfaction surveys in order to improve our service level, and to regularly inform you about new offers and services related to the services you have requested. This includes information about product maintenance, warranty issues, and servicing our products. In these cases, we process the data on the basis of Article 6 (1) f) GDPR. The purpose of the data processing and our legitimate interest is to improve and adapt our services and customer service provision according to your needs.

If you also give us your consent, we will inform you ourselves about offers and services of our cooperation partners and pass on your data to them so that our cooperation partners can contact you directly for advertising purposes. This concerns other national companies within the GROHE Group as well as external cooperation partners (e.g. installers, service partners). In this case, the processing is based on Article 6 (1) a) GDPR.

You may object to the sending of such communications and requests by e-mail at any time free of charge by contacting us to exercise your rights as a data subject at the e-mail address specified in section D. Paragraph g) or by clicking on an unsubscribe button in certain communications, without incurring any costs other than the transmission costs according to the prime rates.

h) Trade fairs, exhibitions and GROHE Truck Tour
At trade fairs, exhibitions and the GROHE Truck Tour we offer you the opportunity to request information from us. Information can be provided in digital form, in writing or in the form of personal meetings you can request. You are free to choose from the available information services offered.

We process your data for the purpose of sending you the requested information and to be allowed to contact you for further support. Furthermore, we use your data for statistical purposes to measure success and further improve our offer. We transmit relevant data to the company entrusted with the delivery. In the event of a personal appointment, we will pass on relevant data to the GROHE branch responsible for you. Your data will not be passed on to third parties.

After you have selected your information requests and/or communication channels, we will obtain the following consent:
"I would like to receive the selected information from GROHE via the specified communication channels. I agree that GROHE may process my information for the purpose of providing information, arranging appointments and for statistical purposes and may transfer my data within the GROHE Group to the GROHE company responsible for me for further support. I can revoke my consent at any time by sending an email to the email address published at the trade fair."

Your data will be processed on the basis of your consent in accordance with Art. 6 Par. 1 a) GDPR.

i) Photo and Video Recording
We may take photos and/or video recordings at trade fairs, exhibitions, events and the GROHE Truck Tour that are not based on an invitation. We will draw your attention to the recording activity as soon as possible, and at the latest before you enter the relevant area where recordings are being made, by providing information notices and handouts. You always have the opportunity to object to an individual recording with the respective film team.

This does not apply to overall shots in which the focus is on the presentation of the event and not on the presentation of a single person.

GROHE will use the documentation to accompany communication measures in print, on the Internet and/or social media, as well as for internal training and communication purposes. We process the data accordingly on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR.

j) Competitions and Marketing Campaigns
As part of our business activities, we organize contests and marketing campaigns (hereinafter "Promotions") at irregular intervals.

We request personal data from you via web forms in order to carry out campaigns. This data is required so that you can participate in the respective campaign.

We process the data provided by you to carry out the respective campaign. In doing so, we obtain the following consent:
"I would like to participate in the action of the organising GROHE unit according to the action page. For this purpose, I consent to the processing of the personal data provided by me. I can revoke my consent at any time with effect for the future by sending a message to the e-mail address provided in the campaign."

The participation in these actions is voluntary. With your participation you agree to these data processing.

We process your data on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR.

To carry out campaigns, we make use of other service providers who support us in processing the campaign. The information on data processing listed under B.a) to B.m) applies.

You will find further promotion-specific regulations on the respective promotion pages.

k) Website Analysis and Marketing
To enable the use of certain functions we use so-called cookies. These are short data packets that are stored on your end device and exchanged with other providers. Some of the cookies we use are deleted immediately after closing your browser (so-called session cookies). Other cookies remain on your terminal device and make it possible to recognize your browser the next time you visit us (persistent cookies).

Optional cookies that are required to provide certain website functions ("Functional Cookies"), that contribute to performance measurement ("Performance Cookies"), or that are used for marketing purposes ("Targeting Cookies") are set exclusively on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR. You have the option to adjust your cookie selection at any time via the "Cookie Settings" function in the footer section of our webpage. This also includes the revocation of a previously given consent to the setting of cookies with effect for the future.

Insofar as you have consented to the use of cookies, first party cookies and third party cookies are placed on your device when you visit the website. Third party cookies are cookies that are controlled and managed by a third-party provider (such as Google or Facebook). First party cookies are placed by us are managed and read out directly by us. In certain cases - which we explicitly address in this section - we pass on the data collected by first party cookies (IP address and cookie IDs) to third parties.

You can delete all cookies stored on your terminal device and set the common browsers to prevent cookies from being stored. In this case you may have to manage your settings each time you visit this website and accept the impairment of some functions.

We use cookies in connection with the following functionalities:

aa) Google Analytics
We use Google Analytics a service of Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 USA. Google uses certain cookies. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States. We use the information stored to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other website-related services. Due to our predominant interest, we process the data thus obtained for the optimal marketing of our online offer according to Art.6 para. 1 f) GDPR. Google will never associate your IP address with other Google data.

Please note that this website uses Google Analytics with the extension "anonymizeIp ()". This truncates IP addresses before transmitting them to a server in the United States. A direct personal reference in connection with the stored data is thus usually excluded. Only in exceptional cases will the full IP address be sent to a server in the USA and shortened there.

You may opt-out of the collection of data at any time by opting for the Google Analytics Disable Add-on at any time
http://tools.google.com/dlpage/gaoptout?hl=en

Please also note the notes on the use of Google data in the Google Partner Network at:
http://www.google.com/intl/de/policies/privacy/partners/

https://www.google.com/policies/privacy/ads/

For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en

bb) New Relic
We use the software NewRelic on our website. This will allow an analysis of your website usage. The information stored by the cookie about your use of this website (including your IP address) will be transmitted to a server of NewRelic in the USA. We process the data due to our predominant interest in the optimal marketing of our online offer according to Art.6 para. 1 f) GDPR.

NewRelic will use the information stored to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website activity and internet usage.

Further information on data protection can be found at:
https://newrelic.com/termsandconditions/privacy

cc) Privacy Policy for Product Reviews (Bazaarvoice)
We work with Bazaarvoice to provide customers with rating options for our products. Bazaarvoice uses cookies to process information from consumers and monitor user behavior across multiple websites.

When you submit a product review, we collect personally identifiable information from you in a form. These are "display name", IP address, e-mail address, as well as a rating assigned to you, as well as any additional information voluntarily provided. The data provided will be processed for the use of the product evaluation and displayed on a GROHE website.

In doing so we get the following consent:
"I agree that GROHE and its service providers may use my e-mail address to contact me as part of my product review for administrative issues or for receiving information about rated or similar products. I can withdraw my consent at any time with effect for the future by message to GROHE. "

The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. In case of a cancellation we will delete your data as well as your product rating (s) according to legal regulations.

Your Product Review will be processed by Bazaarvoice Inc, 3900 N. Capital of Texas Highway, Suite 300, Austin, Texas 78746, USA.

Further information on data protection can be found at:
https://www.bazaarvoice.com/legal/privacy-policy/

dd) Use of Google ReCAPTCHA
To protect the comment section and the input forms of our websites against spam and abuse, we use the external service reCAPTCHA. This is a service provided by Google Inc, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereafter Google). reCAPTCHA makes it possible to differentiate between inputs of human origin and those that are abused by automated software (also called bots). When using the service, the following data will be transmitted to Google's servers in the USA:

• referrer URL
• IP address of the user
• the input behavior of the user as well as mouse movements in the area of the "reCAPTCHA" checkboxes
• Google Account: If the user is logged in to their Google Account at the same time, this will be recognized and assigned
• Information about the browser used, browser size, browser resolution, browser plug-ins, language settings, date
• Mouse and touch events within the page
• scripts and presentation instructions of the website
• cookies

The processing is based on our predominant legitimate interest in the security of our website in accordance with Art. 6 para. 1 f) of the GDPR.

For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en

l) Integration of external content
We use external dynamic content to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made via the API to the server of the respective content provider, in which certain log data (for example the IP address of the users) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use external content in connection with the following functionalities:

aa) Google Maps
We use Google's "Google Maps" map service on our website to provide you with an interactive map. When the map is displayed, data, including your IP address and location, is transmitted to Google's servers in the United States and stored there. This processing is based on our predominant legitimate interest in an optimal marketing of our offer according to Art. 6 para. 1 f) of the GDPR.

For more information about privacy, please visit: https://policies.google.com/privacy?hl=en&gl=en

bb) Facebook Visitor Tracker
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users.

When the website is called, the pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or are already logged in to Facebook, your website visit will be noted in your profile. The collected user data are anonymous for us and thus do not allow us to conclude on the user identity. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy:
https://www.facebook.com/about/privacy/

You can allow Facebook and its partners to serve ads on and off Facebook. For these purposes, a cookie may also be stored on your computer. The legal basis for the use of this service is consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.

cc) TikTok Pixel

When visiting this website, personal data is processed. Categories of data processed: Data about the use of the website and logging of clicks on individual elements.
Purpose of processing: Investigation of usage behavior, analysis of the effect of online marketing measures and selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on usage behavior.
The legal basis for the processing: Your consent according to Art. 6 (1) a GDPR.
A transfer of data takes place: to the independent data controller TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (https://www.tiktok.com). The legal basis for the transfer of data to TikTok Technology Limited is your consent according to Art. 6 (1) a GDPR. This may also mean a transfer of personal data to a country outside the European Union. The transfer of data is based on your consent in accordance with Art. 6 (1) (a) in conjunction with Art. 49 (1) (a) GDPR.
For an e-mail contact to the Data Protection Officer of TikTok Technology Limited: https://www.tiktok.com/legal/report/DPO.
For the Data Privacy Policy of TikTok Technology Limited: https://www.tiktok.com/legal/page/eea/privacy-policy/en.
Duration of processing: is variable and ends when the purpose of processing ceases.

dd) Partner Programs
GROHE partners with online retailers to offer you, as a customer, online shops where you can buy GROHE products.

These are the retailers that are displayed after you have clicked on the 'Buy now' button on a product page. If you click on the online retailer's logo, you will be redirected to their website.

This routing is done by HATCH B.V. (Weerdestein 117-II, 1083 GH Amsterdam, the Netherlands). Hatch will place a tracking pixel on the purchase confirmation page at the retailer to track the initial lead at GROHE through to the sale at the retailer. In this context, anonymous data provided on the retailer website will be forwarded to the partner Hatch.

For more information on the use of tracking pixels on behalf of the retailer, please visit the privacy section on the website of the specific retailer. Despite careful control of content, we do not assume any liability for the content of external links. The operators of the linked pages are solely responsible for the content of their pages.

You can find more information about the use of data by Hatch in their privacy policy:
https://www.gethatch.com/en/privacy-policy/.

m) International Data Transfers
Where data is transferred to a third country or an international organization, such transfer takes place in accordance with Articles 44-49 GDPR.

C. Duration of data storage

We only store personal data for as long as it is necessary for the purposes for which it is processed or if your consent has been revoked. As far as statutory storage requirements are concerned, the storage period for certain data can be up to 10 years, regardless of the processing purposes.

D. Data Subjects’ Rights

a) Information
Upon request, you will receive information about all personal data that we have stored about you free of charge at any time.

For your own protection, we reserve the right to obtain further information upon request to confirm your identity in order to prevent unauthorized persons from gaining access to personal data that we undertake to protect. If identification is not possible, we reserve the right to refuse to process the request.

b) Correction, cancellation, limitation of processing (blocking), opposition
If you no longer consent to the storage of your personal data or if these have become incorrect, we will, upon appropriate instructions, arrange for the deletion or blocking of your data or make the necessary corrections (to the extent permitted by applicable law). The same applies if we are to process data in the future only in a restrictive way.

c) Data Portability
Upon request, we will provide you with your data in a standard, structured and machine-readable format so that you can, if you wish, submit the data to another person in charge.

d) Right to Complain
There is a right of appeal to the competent supervisory authority:
( https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

e) Right of revocation in the case of consent with effect for the future
Any given consent can be revoked at any time with effect for the future. Your revocation does not affect the lawfulness of the processing until the time of revocation.

f) Limitation
Data where we are unable to identify the data subject, for example, if they have been anonymised for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible with respect to such information if you provide us with additional information that allows us to identify it.

g) Exercising your Rights
If you have any questions regarding the processing of your personal data, information, correction, blocking, opposition or deletion of data or the desire to transfer the data to another company, please contact “dataprotection_cy@grohe.com"

E. Data Security

To ensure the security of the data transmitted to us, we use TLS encryption with 128 bits. You recognize such encrypted connections with the prefix "https: //" in the page link in the address bar of your browser. Unencrypted pages are identified by "http: //".

All data that you submit to our website - such as inquiries or logins - cannot be read by third parties thanks to SSL encryption.

F. Change of the privacy policy

In order to ensure that our data protection guidelines always comply with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information must be adjusted due to new or revised offers or services.

STATUS: 07.2021