GERMAN PRODUCTS BALTICS plc and its subsidiaries (“GPB”) recognize that the Personal Data it receives is held in a position of trust. GPB seeks to fulfil that trust by following the principles regarding the protection of Personal Data set forth in this Notice. This Privacy Notice (“Notice”) explains how and why GPB collects, stores, uses, and shares Personal Data (including Personal Information) when you use our services or visit our websites and applications. This Notice is meant to help you understand your privacy rights and choices.
WHAT TYPES OF PERSONAL DATA WE COLLECT
We may collect the following categories and types of Personal Data, depending on what product or service you use:
- Contact information: name, email address, mailing address, phone number;
- Other identifying information: IP address, passwords and other security information for authentication and access, username, social media handle or digital or electronic signature, and your photograph if you provide it to us (for example product testimonials);
- Biographical and demographic information: date of birth, age, gender, nationality, marital status;
- Payment-related information such as credit card number and financial account information to complete a transaction with you;
- Commercial information: records of products or services purchased, obtained or considered, or other purchasing or consuming histories;
- Professional or employment-related information of job applicants: current or past job history or performance evaluations, education records, salary range;
- Internet or other electronic activity: browsing and click history, including information about how you navigate our websites as described in our Cookie Statement;
- Audio and visual information: security camera recordings in our facilities;
- Health and medical information: medical condition, information about physical and mental health conditions and diagnoses, treatments for medical conditions, family medical history and medications (including the dosage, timing, and frequency) and medical insurance details related to adverse events; your voluntary participation for instance in a weight loss or smoking cessation program;
- Publicly available information: we may collect Personal Data about you from public databases and social media platforms regarding your interactions with us. For example, we may review LinkedIn profiles of job applicants or Instagram profiles of social media campaign entrants.
HOW WE COLLECT PERSONAL DATA
GPB collects Personal Data in a variety of ways depending on how you interact with us:
We collect Personal Data directly from you. This includes Personal Data that you communicate to us through direct interactions with GPB, through our services, our websites, when you interact with us on social media, through registrations, applications, surveys, etc. For example, we collect data you provide to sign up for an online account, to send us a request for information, to take advantage of special offers and discounts, to register for events sponsored by GPB, to submit an online job application, to interact with us on our Facebook pages, Twitter, Instagram, etc.
We collect Personal Data automatically. We collect certain information about your interactions with our websites, platforms, applications and services through certain technologies, such as cookies. For more information about this type of data collection and your choices, please see our Cookie Statement.
We collect Personal Data in accordance with applicable law from available public sources. This includes data that is published in public profiles, for example LinkedIn, Facebook, etc.
We collect Personal Data from third parties. We collect certain Personal Data from service providers and business partners. We receive this Personal Data from third parties that are authorized to do so as specified by their own privacy and data protection policies or in accordance with the law. For example, this data may be collected for soliciting consumer reviews of products.
WHY WE COLLECT PERSONAL DATA
GPB collects your Personal Data for the following purposes:
To allow us to communicate with you: to respond to your requests or inquiries, provide support for products and services, provide you with important updates, administrative information, required notices, organize and manage professional events, including your participation in such events;
To market our products to you: to sell our products to you, to send you news, information and promotional materials about our products, our services, our brands, our operations, to post testimonials or product reviews from you with your consent;
To provide you access to: our online services, applications and platforms, and to manage your online accounts;
To allow us to identify or authenticate you: to allow you to create and access accounts with us, or to identify or authenticate you by government-issued ID or Healthcare Professional number, when necessary;
To process payments from you and facilitate future payments;
To improve and develop our products and services: identify usage trends, understand how you and your device interacts with our services, determine the effectiveness of our promotional campaigns, conduct surveys, offer special programs, activities, trials, events or promotions via our services, carry out market or consumer studies;
To personalize your experience when using our services: ensure that our services are presented in the way that best suits you and present you products and offers tailored to you;
To comply with legal or regulatory obligations that apply to GPB, including to monitor the safety of our products, manage adverse events, and carry out prevention and investigatory activities. We may also use your Personal Data to carry out administrative formalities, to comply with government registration requirements or declarations, or to conduct audits;
To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws, comply with a subpoena, or legal process;
For security and to protect our rights and interests: for fraud monitoring and prevention, to maintain the security of our services and operations, protect the rights, privacy, safety or property of GPB or third parties, and to allow us to pursue available remedies or limit the damages that we may incur, as necessary.
OUR LEGAL BASES FOR COLLECTING PERSONAL DATA
GPB will generally process your Personal Data on one of the following legal bases:
Your consent: where you have expressed your approval of GPB’s processing of your Personal Data.
Contractual relationship between you and GPB: in this instance, the processing of your Personal Data is necessary for the provision of products or services you have requested; this means that if you do not wish GPB to process your Personal Data in that context, GPB will not be able to provide the products or services you requested.
Legal obligations: we may process your Personal Data to comply with our legal obligations, including reporting to a regulatory authority. For instance, to comply with health and safety regulations GPB must monitor any adverse effects of its products, which generally involves the collection and retention of Personal Data.
Legitimate interest: where the processing is necessary for our legitimate interests or the legitimate interests of a third party.
Processing of health data: We process data concerning health where the processing is necessary for us to comply with our legal obligations to monitor the safety of our products and comply with government reporting obligations, or where we have obtained your explicit consent.
SHARING AND DISCLOSING DATA
We may share Personal Data with:
- Our subsidiaries and affiliates: where allowed and consistent with legal requirements;
- Service providers: who we rely on to provide services such as data storage, website hosting, email services, advertising, marketing, and consulting. Examples of service providers include email, IT services and SMS providers, web hosting providers, analysis firms, advertisers, payment processing companies, customer service and support providers and development companies and fulfillment companies. These service providers will be given limited access to your Personal Data only to the extent reasonably necessary to deliver the services they are engaged to provide. They are required to process any Personal Data collected from you, including on our behalf, in a manner that is consistent with applicable privacy laws or this Notice. Service providers that process your Personal Data on our behalf also commit to implement reasonable security measures;
- A buyer or other successor: in the event of a merger, acquisition, reorganization, or other sale or transfer of some or all of GPB’s assets;
- A governmental agency or representative: for mandatory reporting including reporting adverse events, tax reporting, or other regulatory reporting requirements;
- Regulators, courts or third parties in order to comply with any court order, law or legal process, including to respond to a legitimate government request, or to protect your safety or the safety of others;
- Data security providers, law firms, law enforcement agencies, data protection authorities: in the case of a suspected data breach, to communicate with outside parties, such as experts in data breach detection or relevant government authorities, as necessary;
STORING PERSONAL DATA
We will securely store your Personal Data only for as long as necessary for the purposes described above, as required by law, and for the exercise or defense of any legal claims.
SAFEGUARDING PERSONAL DATA
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure. We encourage you to use caution when using the internet.
YOUR RIGHTS UNDER THE GDPR
If you are within the EEA or the UK this section provides additional information applicable to you. GPB Company plc is the controller with respect to your Personal Data. You can contact us by email at email@example.com or by mail at the following address:
German Products Baltics
You have the following rights under the GDPR:
- The right to be provided with a copy of your Personal Data (right of access).
- The right to request that we correct your Personal Data if it is inaccurate, incomplete or out of date.
- The right to have your Personal Data deleted in certain circumstances.
- The right to require us to restrict processing of your Personal Data in certain circumstances (e.g. if you contest the accuracy of the data).
- In certain circumstances, you have the right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party (right of data portability).
- You have the right to object to our processing of your Personal Data at any time if your Personal Data is being processed for direct marketing (including profiling); and in certain other situations you may object to our continued processing of your Personal Data (e.g. processing carried out for the purpose of our legitimate interests).
- You have the right to withdraw your consent at any time to processing that is based on your consent.
To exercise any of these rights, please click here. Proof of identification may be required as a security measure prior to fulfilling any requests.
Additionally, you always have the right not to share any of your Personal Data with GPB.
Furthermore, you have the right to opt-in to receive newsletters, announcements, or other communications and/or services from us. If you change your mind, you have the right to opt-out from continuing to receive these items. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages (e.g. in case of a product recall, etc.), from which you cannot opt-out.
We encourage you to contact us so we can address any privacy concern you may have. But you have the right to submit a complaint with your local Data Protection Authority regarding how GPB is processing your Personal Data. (A complete list of these authorities is found here.)
YOUR RIGHTS UNDER CALIFORNIA LAW
Under California law, including the California Consumer Privacy Act (‘CCPA’), California residents have certain rights regarding the Personal Information that businesses have about them. This includes the rights to request access or deletion of your Personal Information, as well as the right to direct a business to stop selling your Personal Information.
Personal Information we collect
We collect identifiers (such as name, address, email, phone number, job title, and transactional information), personal characteristics (such as age, gender), commercial information (such as a record of the products and services purchased or sample products requested), and internet or other electronic network activity information (such as usage information, IP address, cookie information, and customer feedback).
Why we collect Personal Information
We use identifiers and personal characteristics to provide the services requested, such as to fulfill a request, provide access to an application, or provide you with information about our services and products.
We use identifiers, internet or other electronic network activity, and commercial information for general website administration, which includes record keeping, troubleshooting, data analysis, testing, and survey purposes.
We use identifiers, personal characteristics, commercial information, and Internet or other electronic network activity for trend monitoring, marketing, and advertising, as well as to ensure website security.
How we collect Personal Information
We collect identifiers, personal characteristics, and commercial information directly from you.
We collect Internet or other electronic network activity from your usage of the GPB website and its services. Our Cookie Statement provides additional details about this collection.
With whom we share and sell Personal Information
GPB shares Personal Information with third parties and service providers (as described in the section “Sharing and Disclosing Data” above) as necessary for certain business purposes, as defined by the CCPA (Cal. Civ. Code 1798.140(d)). This includes sharing identifiers, commercial information, personal characteristics, and internet or other electronic network activity for the purposes of payment processing, customer relationship management, consulting, email communications, product feedback and helpdesk services.
While GPB does not sell Personal Information in exchange for any monetary consideration, we do share Personal Information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). This includes sharing identifiers, personal characteristics, commercial information and internet or other electronic network activity with advertising networks, social networks, and website analytics companies. We do not knowingly sell the Personal Information of minors under 16 years of age.
The right to opt-out of the sale of Personal Information
You have the right to direct GPB to not sell your Personal Information. Click here to exercise your right to opt-out of the sale of Personal Information.
With respect to cookies, you can always customize your settings at any time in the Cookie Preference Center.
Right to know
You have the right to request that we disclose certain information about our collection and use of your Personal Information during the past 12 months. This includes the specific pieces of information we collected about you, the categories of Personal Information we collected, our purposes for collecting it, the categories of sources of information, and categories of third parties with whom GPB shared information for a business purpose or sold information.
Right to request deletion
You have the right to request that GPB delete any Personal Information about you that GPB has collected from you. Please note that there are exceptions where GPB does not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation.
The right to non-discrimination
GPB will not discriminate against you (e.g. through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
How to exercise these rights
To exercise these rights email us at firstname.lastname@example.org
Verification: Before we can respond to your request, we will first need to verify your identity using Personal Information you recently provided to us. If we are not able to verify your request, we will contact you for more information. If we are unable to verify your identify after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.
You can designate an agent to make a request on your behalf by providing your authorized agent signed permission to do so and verifying your identity directly with us and confirming to us that you provided the authorized agent permission to submit the request on your behalf.
Please note that we may still use aggregated and de-identified Personal Information that does not identify you or any individual; we may also retain information as needed in order to comply with legal and recordkeeping obligations, enforce agreements, and resolve disputes.
Further notice to California residents
We are especially committed to protecting the privacy of children who may visit our websites or use our services. While in some instances we may collect Personal Data about children with the consent of their parent or guardian for the provision of our services such as clinical activities or for patient support programs, we do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that their child has provided us with Personal Data, they may exercise their privacy rights by clicking here.
LINKS TO THIRD PARTY WEBSITES
Our websites may have links to third party websites and content. We do not control those websites or content and are not responsible for the third party’s privacy practices. We encourage you to read their privacy policies to understand how they use your information.
INTERNATIONAL DATA TRANSFERS
GPB may transfer your Personal Data outside of the EEA, where GPB’s affiliates and subsidiaries may assist with processing the data for the purposes described above. Such transfers are made based on Standard Contractual Clauses approved by the Commission of the European Union to allow the transfer of your Personal Data outside of the EEA and ensure processing in accordance with applicable laws and regulations and with this Notice.
CHANGES TO THIS NOTICE
Any change to this Notice will be effective immediately. We will notify you by updating the date at the top of this Notice. We encourage you to stay informed about our privacy and cookie practices by reviewing the Notice whenever you interact with us. In certain cases, we may provide you with additional notice of changes to this Notice. We will not treat your Personal Data collected under a previous version of the Notice in a materially different manner without first receiving your consent. Any change to this Notice will be effective immediately.
If you have any questions about this Notice or our privacy practices please contact our Data Protection Officer at email@example.com