1. Name and contact details of the data controller and the company data protection officer
Data Processor: Emmi Management AG („Emmi“)
Emmi Management AG, Landenbergstrasse 1, CH — 6005 Luzern, Switzerland
Telephone: +41 58 227 27 27
Fax: +41 58 227 27 37
The company data protection officer of the Emmi Group can be contacted at Data Protection, Emmi Group, Landenbergstrasse 1, CH — 6005 Luzern, Switzerland, or at email@example.com.
2. Collection and storage of personal data as well as the nature and purpose of its use
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows (and see below for more details):
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
a) When visiting the website
When you visit our website www.emmi-caffelatte.com/uk, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information will automatically be collected by us and deleted after 3 months:
- IP address of the requesting terminal,
- date and time of access,
- name and URL of any visited page,
- Website from which any access takes place (so-called referrer URL),
- device type and operating system of the device,
- Name of your ISP
- browser type and version used, and other information provided by the browser (such as geographical origin, language setting, add-ons used, screen resolution, etc.).
- The above data will be processed by us for the following purposes:
- ensuring a smooth connection to the website,
- ensuring the best possible user experience on our website,
- Evaluation of system security and stability
- for further administrative purposes.
The legal basis for this is Article 6(1)f of the EU General Data Protection Regulation (GDPR), which is that we have a legitimate interest in processing your personal data for the purposes listed above. We never use this data to identify you personally.
For clarity, this website may include links to third-party websites, plug-ins and applications (for further details, please see below). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
b) When registering for our newsletter
If you have expressly given us consent (pursuant to Article 6(1)a GDPR), we will use your e-mail address to regularly send you our newsletters, or have them sent to you on our behalf. To receive newsletters, we only require your E-Mail address.
You can unsubscribe at any time via a link at the end of each newsletter. Alternatively you can also send an unsubscribe request to firstname.lastname@example.org by e-mail.
c) By using our contact form
If you have any questions, we provide a contact form on the website. It is necessary to provide a valid e-mail address, first and last name, postal code and telephone number so that we know who the request came from, and to efficiently answer that request. You may provide further personal information voluntarily.
Data processing for the purpose of contacting us (and our response) is in accordance with Article 6(1)a GDPR (your consent).
The personal data collected by us in the contact form will be deleted after completion, no later than 3 months after the request you have made.
d) Using our live chat
With our live chat, we offer you the opportunity to talk directly with us. For this, the submission of your email address is required, so that we can contact you afterwards.
The duration and time of the call are stored for statistical purposes. The chat history is stored anonymously for quality assurance. This data processing is again based on your consent, in accordance with Article 6(1)a GDPR.
From time to time we may hold competitions or similar promotions. For the purpose of conducting these we require the following personal information:
- salutation, last name, first name,
- Date of birth,
- Contact details (email address and/or mobile telephone number)
This information will be deleted after the prize draw or promotion. However if (in accordance with Article 6(1)a GDPR you have expressly and separately consented to the use of the aforementioned (and possibly further) personal data for marketing purposes (emails, newsletters, etc.) or other purposes, this data will be retained for such purposes in accordance with paragraph b) above. In the context of a competition or other promotion, we will only pass on your personal data to third parties for their own use if you have expressly consented to this (Article 6(1)a GDPR) or this is necessary for the performance of the competition pursuant to Article 6(1)b GDPR.
f) Further purposes
We reserve the right to process your personal data for further purposes. However, we will inform you accordingly and, if necessary, seek your consent.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3. Disclosure of data
We share your personal data within the EmmiGroup. This will involve transferring your data outside the European Economic Area (EEA).
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
a) SAP Hybris
We use the cloud-based licensed software Hybris Marketing of SAP America Inc. (3999 West Chester Pike, Newtown Square, PA 19073 USA) on our site. The SAP Hybris Marketing Cloud System is located in St. Leon-Rot in Germany.
The use of the SAP Hybris Marketing Cloud System is based on our legitimate business interests in the above purposes pursuant to Article 6(1)f GDPR.
b) For other purposes
In addition, we will only pass on your personal data within the Emmi Group and / or to third parties if:
- According to Article 6(1)a GDPR you have given your express consent to this;
- According to Article 6(1)b GDPR it is necessary for the performance of a contractual relationship with you,
- According to Article 6(1)c GDPR processing is necessary for compliance with a legal obligation,
- According to Article 6(1)f GDPR processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and there is no reason to assume that you have an overriding interest otherwise.
The cookie is used to store information that is related to the specific device used. However, this does not mean that we are immediately aware of your identity.
In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.
Insofar as the aforementioned cookies are personal data, they are used on the basis of our legitimate interests pursuant to Article 6(1)f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.
5. Monitoring Tools
We use the services of Brandwatch GmbH (Gutenbergstrasse 77A, 70197 Stuttgart). This is a social media monitoring tool that helps us to identify and monitor content on third-party sites (e.g., posts, tweets, blogs, news, forum posts, and social media platforms). This gives us a detailed insight into customer opinions and any topics on the Internet that mentions our company name(s) or talks about our brand(s). In doing so, so-called "crawlers" search available online sources to seek out the relevant hits. Brandwatch searches both publicly available data on the Internet and closed-loop third-party networks with which they have directly concluded contracts in order to access their data.
The data Brandwatch collects varies depending on the source of the data. The following personal data may be collected:
- your name, username, nickname or other identifier;
- the contents of data you have posted using that name, username, nickname, or other identifier, including comments, phrases, opinions, posts, etc.;
- your profile picture;
- your job title or industry;
- your interests;
- Your location;
- your gender and
- any other information that you post on any Internet site or on any third party platform that provides Brandwatch with data.
Our legitimate interests in the use of Brandwatch are for the purposes of market and opinion research and for marketing and PR purposes. Data processing is external and separate from our corporate web and social media sites, so we are not responsible for any data processing by Brandwatch.
If you object to the use of your information by Brandwatch, or require information about the data stored by them, or if you wish to exercise any other right that you are entitled to, please contact Brandwatch at email@example.com. For more information on privacy at Brandwatch, please click here.
We use the services of Falcon.io ApS (H.C. Andersens boulevard 27, 1st floor, 1553 Copenhagen V, Denmark). This is a social media management tool that allows us to consistently manage our social media profiles and activities. Each user interaction with us is automatically and individually tracked so we can respond to customer requests quickly and efficiently. In addition, we can see whether our companies or our products are mentioned on the social media platforms we use, and then directly contact those users or provide them with content. This gives us a detailed insight into customer opinions. Furthermore, the tool also allows us to create our own campaign pages and to show personalized and interest-based advertising, as well as to measure the results of these.
Our use of Falcon.io is further to our legitimate interests in the purposes mentioned above. Data processing is external and separate from our corporate website and social media site, so we are not responsible for any data processing by Falcon.io.
If you object to the use of your data by Falcon.io, or require information about the data stored by them, or wish to assert any other right to which you are entitled, please contact Falcon.io at the firstname.lastname@example.org e-mail address. More information about privacy at Falcon.io can be found here.
6. Tracking Tools
The tracking measures listed below and used by us are based on Article 6(1)f GDPR (legitimate interests). With the tracking measures used, we seek to ensure a tailored design, and the continuous optimization of our website. We also use the tracking tools to statistically record the use of our website and evaluate it for the purpose of optimizing the content we show you.
a) Google Analytics
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, hereinafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see paragraph 4) are used. Information is generated by the cookie about your use of the website such as:
- browser type / version,
- used operating system,
- Referrer URL (the previously visited page),
- host name of the accessing terminal (IP address),
- time of server request,
and are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purposes of market research and tailor our website design. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that such a merger is not possible (IP masking). Google complies with the US-EU Privacy and US-Swiss Safe Harbor Agreements and is registered with the US Department of Commerce's Safe Harbor Programs.
You can prevent the installation of cookies by setting your browser software accordingly; however, we must point out that in this case not all features of our website may be fully functional.
In addition, you may prevent the collection of data generated by the cookie related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection of data by Google Analytics by clicking on this link. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid on that browser and only for our website, and is stored on your device. If you delete cookies in that browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center.
b) Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our content, we also use Google Conversion Tracking. In doing so, Google Adwords will set a cookie (see section 4) on your device if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If a user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user previously clicked on the ad and was redirected to that page.
Every Adwords customer receives a different cookie. Cookies can not be tracked via the websites of Adwords customers. The information gathered using the cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are notified of the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
7. Targeting Tools
The targeting measures listed below and used by us are based on Article 6(1)f GDPR (legitimate interests). Through the targeting measures we use, we want to make sure that only advertising that meets your actual or inferred interests is displayed on your devices.
a) Google Adwords Remarketing
We must point out, however, that you may not be able to use all the features of the Website if you do so. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information about Google's terms, click here.
b) Double Click
On our website, information for the optimization of advertising impressions is collected and evaluated using cookies (see section 4). For this purpose, we use Google Inc. targeting technologies (Double Click, Double Click Exchange Buyer, Double Click Bid Manager). These technologies enable us to target you with individual interest-based advertising. The cookies used, for example, provide information about which of our products you are interested in. On the basis of the information, we can also show you third-party content that is specifically geared to your interests, as they result from your previous user behavior. The collection and evaluation of your user behavior is anonymous and does not enable us to personally identify you. In particular, this information will not be merged with personally identifiable information about you.
The cookie will be automatically deleted after 30 days.
You can also set preferences for showing interest-based advertising through the Google Ads Settings Manager.
c) Facebook Retargeting / Remarketing
We must point out that as the provider of the pages we are not aware of the content of the data transmitted to, and their use by, Facebook.
For more information, see the Facebook privacy statement.
d) Facebook Custom Audiences and Lookalike Audiences
In addition, we also use Facebook Custom Audiences and Facebook Lookalike Audiences. These are marketing services from Facebook. These allow us to display personalized and interest-based advertising on Facebook for certain groups of visitors to our website who also use Facebook.
You may object to the use of the Custom Audiences and Lookalike Audiences services on the Facebook website. After logging in to your Facebook account, you can adjust your settings for Facebook ads.
8. Your rights
You have the right:
- according to Article 7(3) GDPR, to revoke your consent to our processing of your personal data at any time. As a result, we will not be permitted to continue data processing based on your consent in the future;
- in accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information on: the processing purposes, the categories of personal data processed, the categories of recipients to whom your data has been disclosed, and the planned retention period for the data; the existence and the source of personal data if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about those details;
- to immediately request the correction of incorrect or incomplete personal data stored by us;
- to request the deletion of your personal data held by us, unless such processing is required to exercise any right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to demand the restriction of the processing of your personal data, where the accuracy of the data is disputed by you, or where the processing is unlawful but you refuse its deletion or, where we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing;
- in accordance with Article 20 GDPR to obtain the personal data that you have provided to us in a structured, standard and machine-readable format, or to request its transfer to another data controller and
- to complain to a supervisory authority pursuant to Article77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work, or alternatively in Switzerland. We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.
9. Right to object
If your personal data is processed further to our legitimate interests in accordance with Article 6(1)f GDPR, you have the right to file an objection against this processing in accordance with Article 21 GDPR, either on grounds arising from your particular situation, or if you simply object to direct marketing. In the latter case, you have an absolute right to object.
If you would like to exercise your right to object, please send an e-mail to email@example.com.
10. Data security
We use the widely used Transport Layer Security (TLS) technology on our website in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. Where an individual page of our website is transmitting in encrypted form, this is indicated by the closed padlock symbol in the status bar of your browser.
We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This policy is currently valid and was last amended in March 2018.
and can be saved and printed by you.