Data Protection Policy – Your data is safe with us

Data protection is a question of trust, and your trust is important to us. We respect your privacy. For this reason, protecting, collecting, processing and using your personal data are very im-portant issues for us. We want you to feel secure when visiting our websites. For this reason, we strictly comply with all legal regulations when processing your personal data, and want to share more information about our data collection and usage processes here.

Scope and purpose of data processing

1. Anonymous data collection

You can visit our website without providing any personal information. We only save so-called “server log files”, or anonymous access data such as the name of your internet provider, the internet browser in use, the website from which you are accessing ours, the date and time of access, or the name of the requested file. We only evaluate this information to improve our services, and it cannot be traced back to you. This data is assessed exclusively for the purposes of improving our services and cannot be traced back to you.

This anonymous data is stored separately from any personal data you may provide, which means that it cannot be traced back to any specific person. It is evaluated solely for statistical purposes, to improve our website and services. The legal basis for the temporary storage of data and the “server log files” is Art. 6 para. 1 lit. f GDPR. Saving data in log files helps ensure that the website functions properly. The data is deleted once no longer needed for the purpose for which they were collected. When it comes to data recorded to provide this website, it is deleted when the corresponding session has been ended.
 

2. Collecting and processing personal data

If you wish to use one of our company’s services through our website, it’s possible that it may require processing of your personal data. If there is no legal basis for the processing of personal data, we will first obtain consent from the affected person. This will be clearly visible at these corresponding points throughout the website. This may be necessary when registering for our website, subscribing to our newsletter or contacting us using our contact form. The legal foun-dation for processing data in which we obtain your consent for processing purposes is found in Art. 6 I lit. a) GDPR. If it is necessary to process personal data to fulfil or initiate a contract (e.g. for the delivery of goods or the performance of such services, or for inquiries about our prod-ucts and services), this is done in accordance with Art. 6 I lit. b) GDPR.

We save personal data that you transmit, such as your name, company, address, e-mail and phone number, for the purposes of individual communication with you in compliance with the General Data Protection Regulation (GDPR) and “new BDSG” (German Federal Data Protection Act). Please note that confidential information should not be sent using our contact form.

The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 pa-ra. 1 lit. f GDPR. If the e-mail contact involves signing a contract, the additional legal basis for processing this data is Art. 6 para. 1 lit. b GDPR.
 

3. Registration

You have the opportunity to register on our website by providing your personal data. The data we collect in the process of registration are clearly visible on the input screen.

When you register, we save your IP address, data and the time of your registration. This safe-guards us in the event that a third party would misuse your e-mail address as well as our ser-vices without your knowledge. We do not collect any additional data. We do not pass this data on to third parties provided there is no legal requirement to do so, or if forwarding this data would result in prosecution.

You have the option of changing the personal data you provided during registration at any time, or to have us delete all of it under observation of legal provisions for data storage based on valid regulations and/or tax codes.

Your registration is required to keep certain content and services ready for your use on our website. The legal foundation for processing data with user consent is found in Art. 6 para. 1 lit. a GDPR. If the registration is necessary to fulfil a contract in which the user is a party to the contract, or to implement pre-contract measures, the additional legal basis for processing data is Art. 6 para. 1 lit. b GDPR. The data is deleted once it is no longer needed for the purpose for which it was collected.

4. Cookies

Our website uses so-called “cookies”. These make our website more user-friendly, effective and secure, especially when it comes to accelerating navigation on our platform. Cookies also make it possible for us to track the frequency of page impressions and the navigation overall. Cookies are small text files that are stored on your computer. We point out that several of these cookies are sent from our server to your computer system, most of which are so-called “session cook-ies”. “Session cookies” are automatically deleted from your hard drive once the browser ses-sion has come to an end. Other cookies remain on your computer system, allowing us to recog-nise you when you return to our website (so-called persistent cookies). Of course, you can re-fuse cookies at any time if your browser allows. Please note that you may not be able to use all of the functionalities of our website to their fullest extent in this case. When you access our website, we notify you about the use of cookies for analytics purposes, and ask for your consent to process the personal data used in this context. We also make reference to this Data Protec-tion Policy at this time. The legal basis for the processing of personal data using cookies re-quired for technical reasons is Art. 6 para. 1 lit. f GDPR. The legal basis for using cookies to pro-cess personal data for analytics purposes with your prior consent is Art. 6 para. 1 lit. a GDPR.

 
5. Using plugins

 Use of Google Analytics with anonymization

• Our website uses functionalities provided by web analytics service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These text files are saved to your computer to analyse how you use our website. The information about your website use generated by the cookie is generally sent to a Google server in the United States and saved there. Herein also lies our legitimate interest in accordance with Art 6 para. 1 S. 1 f GDPR. Google is subject to the Privacy Shield framework arranged between the European Un-ion and the United States and earned the corresponding certification. In the process, Google is committed to complying with all European data privacy standards and regula-tions. Please see the following linked entry for more information: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  
  We have activated IP anonymization on this website (anonymizeIp). As a result, Google abbreviates your IP address within European Union member states or in other Privacy Shield framework member states within the European Economic Area. The complete IP address is only sent to the US before being shortened in exceptional cases. We have contracted Google to use this information to evaluate how you use our website, to com-pile reports on website activities, and to perform other services for us related to website and internet use.
  
  The IP address transmitted from your browser for Google Analytics is not combined with any other Google data. You can use a specific setting in your browser software to pre-vent cookies from being saved. Please note that you may not be able to use all of the functionalities of our website to their fullest extent in this case.
  
  You can keep the data relevant to your website use that this cookie generates from be-ing transmitted to Google (including your IP address) and also prevent Google from pro-cessing this data by downloading and installing the browser plug-in available at the fol-lowing link: http://tools.google.com/dlpage/gaoptout?hl=de. 
  
  Instead of using the browser plugin, you can click on the following link (also on mobile device browsers) to set an opt-out cookie that keeps Google Analytics from recording your data (this opt-out cookie only works in this browser and for this domain. If you de-lete the cookies in your browser, you’ll have to click on the link again):

  Deactivate Google Analytics

  Activate Google Analytics

• Pinterest Conversion Tracking
  This website utilises the conversion tracking technology of the social media network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Irland). With this system, data on the surfing behaviour of website visitors can be processed in pseudonymised form and in turn stored and analysed. To make this possible, a so-called conversion-tracking pixel from Pinterest is integrated into our webpages. When you visit our website, the pixel informs Pinterest that you have accessed the website, and tells it which portions of our assortment you found interesting.
  To the extent that personal data are processed, this takes place on the basis of our legitimate interest in including personalised advertising, as well as our legitimate interest in the statistical analysis of the effectiveness of product advertisements on Pinterest and of the purchasing behaviour of users, so that such processing helps us to optimise our online assortment, pursuant to Art. 6 Sec. 1 sub f GDPR. To the extent required by law, we have, pursuant to Art. 6 Sec. 1 sub a GDPR, obtained your consent to process your data in the manner described above. You have the right, at any time, prospectively to revoke your consent.
  To the extent that you have accessed our website from a PIN code on Pinterest, we shall place a cookie on your computer that will interact with a simultaneously implemented tag in the form of a JavaScript code from Pinterest. The cookie will lose its validity in 180 days and is not employed for the purpose of personal identification.
  Further information concerning Pinterest’s data protection provisions can be found at https://policy.pinterest.com/en/privacy-policy
  You can at any time deactivate the gathering of data for the purpose of displaying interest-based advertisement on Pinterest by means of your Pinterest account settings via the link, https://www.pinterest.com/settings.

.

• Facebook Pixel
  This website utilises the so-called Facebook pixel of the Facebook social media network (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, operated in the EU by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland).
  When you visit our online assortment, Facebook is able, through the use of the Facebook pixel, to identify you as a target group for the display of advertisements (so-called Facebook ads). Correspondingly, we deploy the Facebook pixel in order to display our Facebook ads solely to those Facebook users who also have demonstrated an interest in our online assortment or who are characterised by specific features (such as an interest in certain topics or products in view of the websites visited by them), which features we pass on to Facebook (so-called custom audiences). We also use Facebook pixels in order to ensure that our Facebook ads correspond to the potential interests of users and that they do not have an annoying effect. In addition, the Facebook pixel enables us to evaluate the effectiveness of our Facebook ads and, for statistical purposes, to determine the extent to which users are transferred to our website upon clicking on a Facebook ad (so-called conversion).
  To the extent that personal data are processed, this takes place on the basis of our legitimate interest in including personalised advertising, as well as our legitimate interest in the statistical analysis of the effectiveness of product advertisements on Pinterest and of the purchasing behaviour of users, and thus helps us to optimise our online assortment, pursuant to Art. 6 Sec. 1 sub f GDPR. To the extent required by law, we have, pursuant to Art. 6 Sec. 1 sub a GDPR, obtained your consent to process your data in the manner described above. You have the right, at any time, prospectively to revoke your consent.
  The data thus collected are anonymous for us and do not permit us to draw conclusions as to the identity of the website visitor in question. Nevertheless, the data are stored and processed by Facebook, such that a connection to the user profile in question is possible, and Facebook is able to utilise the data for its own advertising purposes, in correspondence with the data use guidelines of Facebook.
  Information concerning Facebook’s rules for data protection is available here: https://www.facebook.com/policy.php
  Information concerning how the Facebook pixel functions is available here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142

• Incorporating third party services and content
  It’s possible that third party content may appear on our website, e.g. YouTube videos, Google Maps material, RSS feeds or graphics from other websites. This takes place on the basis of our legitimate interests (interest in the analysis, optimisation and efficient operation of our website within the meaning of Art. 6 para. 1 lit. f. GDPR). This always assumes that the provider of this content (referred to in the following as “third-party provider”) uses the user’s IP address. Without the IP address, it is impossible for the pro-vider to send the content to the corresponding user’s browser. As such, the IP address is necessary to display this content. We take every effort to only use content supplied by providers who only use the IP address to display this content. However, we cannot pre-vent the third-party provider from storing the IP address for statistical purposes, for ex-ample. We notify users about such situations if we are aware of them.

6. Publishing job advertisements/online job advertisements

We electronically collect and process your application data for the purpose of handling job ap-plications. If your application results in the signing of an employment contract, we can save the data you provided in your personnel file for the purposes of regular organisational and adminis-trative processes under observation of the relevant legal requirements. Data protection law allows for the collection of data necessary to justify an employment relationship in accordance with § 26 para. 1 clause 1 “new BDSG” in combination with Art. 88 para. 1 GDPR. If you willing-ly provide us with information about yourself beyond what is necessary in this process, this is done with your consent in accordance with Art. 6 para. 1 clause 1 lit. a GDPR. During pro-cessing, your data may be transmitted to people within our company as well as contractually tied service providers bound to confidentiality that are responsible for some of the data pro-cessing work. If your application is rejected, the data you sent to us will be automatically deleted two months following notification of this rejection. This does not apply if a longer storage period is required for legal reasons (e.g. burden of proof in accordance with the General Equal Treatment Act, AGG) or if you specifically agreed to a longer storage period in our database of potential candi-dates for employment.


7. Rights of affected persons

According to the General Data Protection Regulation (GDPR), you have the right to receive in-formation about the personal data we have stored about you free of charge. You also have the right to obtain information about the processing purposes, categories of personal data that we process, recipients or categories of recipients to which this data was or will be disclosed (espe-cially for recipients in third countries or in international organisations), the planned storage duration of the personal data if possible, a right to correct, limit (block) or delete this data, as well as the origin of the data. You also have the right to appeal to a regulatory authority, or to revoke your declaration of consent under data privacy law at any time. Revoking this consent will not impact the legality of any processing that took place prior to the revocation.
 

8. Transferability of data

You have the right to receive the personal data you provided directly to us. We will provide this data in a machine-readable and structured format upon request. You will need to prove your identity to obtain your data.

9. Data security

We use TLS to safely transmit your encrypted data when registering on our website and/or us-ing our contact forms. We use technical and organisational means to protect our website and systems in order to keep unauthorised people from losing, destroying, accessing, changing or distributing your data. It is only possible to access your user account by entering your personal password. Be sure to keep your access information confidential at all times and close your browser window once you are done communicating with us, especially when using a public or shared computer.

10. Deleting and blocking personal data

Personal data is deleted and blocked once it is no longer required for its designated purpose, provided it is not needed to fulfil or initiate a contract. This is done under observation of legal provisions for data storage based on valid regulations and/or tax codes.

11. Contact options

We give you the option of contacting us via e-mail and/or by filling out contact forms on our website. In this case, the information you provide to us will be saved for the purposes of pro-cessing your reason for contacting us. In the process of sending us your data, we ask for your consent to process your data and also refer to this Data Protection Policy. It is also possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted in the e-mail will be saved. We only process personal data provided on our contact form for the purpose of processing this communication. The same necessary legitimate interest in pro-cessing data also applies if you contact us by e-mail. We never pass on your data to third par-ties. We also do not compare such collected data with other data that may have been collected by other components on our website. The legal basis for the processing of data with advance user consent is Art. 6 para. 1 lit. a GDPR. The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact involves signing a contract, the additional legal basis for processing this data is Art. 6 para. 1 lit. b GDPR. The data is deleted once it are no longer required to complete the process for which it was collected.

12. More information and representative contact details

Please contact us if you have any additional questions about data protection. If you have any questions about the collection, processing or use of your personal data, or to get information about, correct, restrict (block) or delete data, or to revoke your consent, please contact:

TOTO Europe GmbH'
Mr Stefan Kleinermann
Zollhof 2
40221 Düsseldorf, Germany

Phone: 0211-27308-200
E-mail: teu.information@toto.com