Version Comerge AG dated 29.08.2023
This Privacy Statement describes the collection and further processing of personal data by the company Comerge AG as far as they are not covered by other data protection policies or are evident from the circumstances or are provided for by applicable law. The term personal data shall include all information relating to an identified or identifiable person.
1. Data Protection Officer
The website (including mini sites for special offers), the presence on social media, multimedia portals, chatbots and every app of Comerge AG has a dedicated data protection officer within Comerge AG with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) (or comparable provisions according to applicable data protection laws).
Furthermore, any inquiry, claim or concern regarding data protection at Comerge AG can be addressed to the following contact: privacy(at)comerge.net
2. Processing of Personal Data
Comerge AG collects and processes personal data of
- visitors of its websites registered or not registered with Comerge AG
- contact persons and employees of suppliers, retailers vendors and providers of products and parts of products of Comerge AG
- customers, buyers, recipients and beneficiaries or prospects of products and services (including warranty-, repair- and maintenance services) of Comerge AG resp. its contact persons and employees / staff
- contact persons and employees of business partners and associated companies, personnel providers and employment agencies (as well as brokered employees/workers) and further commercial- and economic partners
- recipients of newsletters of Comerge AG
- participants in research campaigns and opinion surveys conducted by Comerge AG
- participants in courses, seminars and other training organized by Comerge AG
(together business partner).
The personal data of business partners is generally collected directly during the course of using the website, in stores or at events of Comerge AG or Comerge AG retailers, respectively, or during direct communication personally or via email, telephone or in any other way.
However, personal data can also be collected indirectly, namely when the business partner engages in a commercial activity, which does not correspond with the person benefiting from the commercial activity or if a purchase is shipped to a different person (e.g. as a gift), based on the recommendation of a third party (e.g. recommendation by friends and acquaintances of the business partner) or through further obtaining or acquisition of supplementary information from third party data sources (e.g. social media, address brokers).
In particular, the following categories of personal data are processed by Comerge AG:
- personal data and contact information including but is not limited to first and last name, address, residence, telephone number, email address, age, date of birth, gender, marital status, relatives, contact in case of emergency, pictures, information about function within the company, information about business relationships with this data subject, information about commercial transactions, enquiries, offers, stipulations and contracts, statements about work or other interests of the data subject, etc.;
- data pertaining to deliveries and sales as well as orders and purchases including but is not limited to payment information, credit card details and other payment details, billing and shipping address, products and services delivered and sold as well as ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescissions and disputes;
- data in connection with product and services marketing including but is not limited to information about marketing activities such as the receipt of newsletters, newsletters opt-ins and opt-outs, documents received, invitations to and participations at events and special, personal preferences and interests, etc.;
- data concerning the use of the website including but is not limited to the IP address and other identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), web beacons, pixel tags, log files, local shared objects (Flash cookies) or other technologies, with which personal data is collected, data and time of website visits, visited sites and contents, referring websites, etc.;
- data in connection with communication such as preferred means of communication, correspondence, correspondence language and communication with Comerge AG (including records of the communication), etc.;
(together business partner data).
3. Purpose of the Processing and Legal Basis
In accordance with applicable law, Comerge AG may process business partner data namely for, but not limited to, the following purposes:
- in connection with products and services offered, conclusions of contracts (namely purchases and sales of products and services), executions of contracts (namely purchase- and supply agreements and contracts regarding the participation at customer programs and events), maintenance and development of business partner relations, communication, customer service and support (namely orders and enquiries), marketing-, promotion- and advertising activities (including newsletters and mailing of promotional materials);
- management of the users and visitors of the website and other activities in which business partners participate, operation and enhancement of the website (including the provision of functions which require identifiers or other personal data) and further IT systems, identity verifications;
- quality control, market research, improvement of products and services, creation of statistics, budgets, records, reports and management information as well as further reports on business partners, transactions and activities, offers and other commercial aspects of Comerge AG for the purposes of company management and development of the company, its choice of products and services, its activities and project management;
- protection of business partners, employees and other individuals and protection of data, secrets and assets of and entrusted to Comerge AG, safety of systems and premises of Comerge AG;
- compliance with legal and regulatory requirements and internal rules of Comerge AG, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities;
- sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of business partner data associated therewith; For other purposes as far as a legal obligation requires processing and such processing was evident from the circumstances or indicated at the time of the collection;
(together the purpose of business partner data processing).
Comerge AG uses the business partner data for the purpose of business partner data processing based on the following legal grounds:
- performance of contracts;
- compliance with legal obligations of Comerge AG
- consent of the business partner (only insofar as the processing is based on a specific query and can be withdrawn at any time, namely the receipt of newsletters for which the client has registered for);
- legitimate interests of Comerge AG, including but not limited to
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as e.g. individuals receiving a gift);
- carrying out advertisement and marketing activities;
- efficient and effective customer support, maintenance of contact and other communication with business partner outside of the processing of contracts;
- understanding customer behavior, activities, concerns and needs, market research;
- efficient and effective improvement of existing products and services and development of new products and services;
- efficient and effective protection of business partners, employees, and other individuals as well as protection of data, secrets and assets of or entrusted to Comerge AG, safety of systems and premises of Comerge AG;
- maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the website and other IT systems;
- reasonable corporate governance and development;
- successful sale and acquisition of business units, companies or parts of companies and other corporate transactions;
- compliance with legal and regulatory requirements and internal rules of Comerge AG;
- concerns regarding the prevention of fraud, offenses and crimes as well as investigation in connection with such offenses and other improper conduct, handling of claims and actions against Comerge AG, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions.
In accordance with applicable data protection laws, Comerge AG may namely process visitor data for the purpose of maintaining and developing the website (including the provision of functions which require identifiers or other personal data), for statistical analysis regarding the use of the website as well as for combating abusive conduct, for purposes of legal investigations or proceedings and for the response to inquiries of public authorities. The visitor data shall be processed in accordance with the principles set out for business partner data above.
In accordance with applicable data protection laws, Comerge AG may process partner data namely for the purpose of entering into and performance of contracts and other business relationships with partners, promotions, advertisement and marketing, sales measures, communication, invitation to events and participation in promotions for partners, organization of joint activities, compliance with legal and regulatory requirements and internal rules of Comerge AG, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities, for the sale or acquisition of business units, companies or parts of companies and other corporate transaction and related transfers of partner data. The partner data shall be processed in accordance with the principles set out for business partner data above.
All the purposes of processing shall be applicable for the whole Comerge AG, i.e. not only for the company which initially collected the personal data. Personal data of business partners is collected for the purpose of all Comerge AG companies.
4. Disclosure of Data and Transfer of Data Abroad
In accordance with applicable data protection laws, Comerge AG may disclose business partner data, visitor data and partner data to the following categories of third parties who process personal data in accordance with the purpose of data processing on behalf of Comerge AG or for their own purposes:
- service providers (within Comerge AG as well as external, namely for support and services), including processors;
- dealers, suppliers and other business partners;
- customers and consumers of products and services of Comerge AG;
- local, national and foreign authorities;
- media and private reporters and journalists;
- the public including visitors of websites and social media of Comerge AG;
- industry organizations, associations, organizations and other committees;
- acquirers or parties interested in acquiring business units, companies or other parts of Comerge AG;
- other parties in potential or actual legal proceedings;
- other companies of Comerge AG
(together third parties).
Comerge AG may disclose business partner data, visitor data and partner data within Comerge AG as well as to third parties and in every country worldwide, including namely all countries in which Comerge AG is represented by companies, affiliates or other offices and representatives as well as to countries in which service providers of Comerge AG process their data. If data is disclosed to countries that do not guarantee adequate protection, Comerge AG will ensure adequate protection of data disclosed by business partners, visitors or partners by way of putting adequate contractual guarantees in place, namely on the basis of EU standard clauses, binding corporate rules or it bases the transfer on the exceptions of consent, conclusion or performance of contract, the determination, exercise or enforcement of legal claims, overriding public interests or it discloses the data in order to protect the integrity of these individuals. The business partner, visitor or partner can obtain a copy of the contractual guarantees from or will be advised where to obtain such copies by the contact person named above. Comerge AG reserves the right to redact such copies for reasons of data protection or secrecy reasons.
5. Store of Data
As a rule, Comerge AG retains contract related business partner data and partner data as long as the contractual relation is ongoing and for ten years after the termination of the contractual relationship unless a longer statutory store obligation is applicable on a case-by-case basis, this is required for reasons of proof or another valid reason for an exception is pertinent based on applicable law or the deleting of the data is required earlier (namely because the data is no longer required or Comerge AG is required to delete the respective data).
As a rule, shorter retention periods are applicable for operational data containing business partner data, visitor data and partner data (e.g. protocols, logs).
Business records, including communications, will be retained as long as Comerge AG has an interest in them (namely an interest in reasons of proof in case of claims, documentation of compliance with certain legal, regulatory or other requirements, an interest in non-personalized analysis) or is obligated to do so (by way of contract, law or other provisions). Deviating legal obligations are reserved namely with respect to anonymization or pseudonymization.
6. Cookies, Google Analytics and Social Plug-ins
In accordance with applicable law, Comerge AG may install coding in newsletters and other marketing emails, which allows it to determine if the recipient has opened an email or downloaded pictures contained in the email. However, the recipient may block this application in his/her email application. In any case he/she consents to the application of this technology by way of receiving newsletters or other marketing related emails.
Should Comerge AG place advertisements of third parties on the website (e.g. banners) or intend to place an own ad on the website of a third party, cookies from companies specializing in the use of such advertisement may be employed [used]. Comerge AG will not disclose personal data to such companies, i.e., they shall only place a permanent cookie with users of the website in order to recognize users and do so in the sole interest of Comerge AG. This allows Comerge AG to place targeted advertisements for these individuals on external [third party] websites (e.g. in connection with products for which these individuals showed an interest in the online-shop). Comerge AG will not disclose personal data to the operators of external websites either.
Comerge AG may use Google Analytics or similar services on its website. These applications are third party services which allow Comerge AG to measure and analyze the use of its website. The provider of these services may be located in any country worldwide (in the case of Google Analytics which is operated by Google Inc. it is the U.S., www.google.com). The service provider uses permanent cookies for these applications. Comerge AG will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the website by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the servicer may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider's responsibility and data shall be processed according to the data protection policies of the service provider. The service provider will provide data on the use of the website to Comerge AG.
In addition, Comerge AG may use plug-ins from social media networks such as Facebook, Twitter, Youtube, Google+, Pinterest, Instagram or business partners on its website. In the default setting of the website plug-ins are deactivated; the user can thus choose when to activate them. Should the user do so, the social media providers are able to establish a direct connection to the user during his visit on the website, which allows the provider to be aware of the user's visit and may analyze the respective information. The subsequent processing of the personal data will be conducted in the responsibility of the provider and according to his data protection policies. The provider of the respective social media offering will not disclose any information to Comerge AG.
7. Newsletter and Banner Advertisement
Comerge AG may send newsletters or other commercial communications in connection with its products and services to business partners. In accordance with applicable law Comerge AG reserves the right to do so without prior consent of existing customers and business partners. In other cases, Comerge AG will send such communications only upon a previous request of the business partner (e.g. newsletter opt-in via a website-account). However, the respective customers and business partners may object to a further mailing of newsletters or other commercial communications at any time through their account on the respective website or through the link indicated in every mailing. However, the termination of one newsletter may not entail the termination of other newsletters, as well.
It is possible that personalized advertisements are placed during the visit on the website. Every banner advertisement displayed to the business partner contains products offered on the website which have previously been looked at by the business partner. The advertisement is generated by Comerge AG by the means of cookies (see Section I para. 1.6 supra).
8. Rights of the Business Partners, Visitors and Partners
Any affected individual, including any business partner, visitor, and partner, may request information from Comerge AG as to whether data concerning them is being processed. In addition, they have the right to request the correction, destruction, or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected individual may withdraw consent at any time. In countries of the EU and EEA the affected individual may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common, and machine-readable format which allows for further use and transfer. Requests in this respect shall be submitted to the contact person (see para. 1.1 supra). Comerge AG reserves the right to restrict the rights of the affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.
Should Comerge AG make an automated decision with respect to a certain individual, which may have a legal effect for the affected individual or seriously affect her in a similar way, the affected individual shall have, in accordance with applicable law, the right to communicate with a controller of Comerge AG and to request a reconsideration of the decision or to request the prior evaluation by the controller. In this case the affected individual might no longer be able to use certain automated services. The individual will be informed thereof subsequently or separately in advance.
Any affected individual may also raise a complaint with the competent data protection authority.
9. Changes to the Privacy Statement
Comerge AG is entitled to amend this Privacy Statement at any time and without prior notice or announcement. The latest version according to the website shall be applicable.
Should the Privacy Statement form part of an agreement with business partners and partners, Comerge AG may inform them of an update or amendments by email or in another appropriate manner. The amendments shall be deemed to have been accepted unless an objection is raised within 30 days of notification. In case of objection Comerge AG shall be free to terminate the agreement exceptionally and with immediate effect.