Privacy Policy

We are pleased that you have shown an interest in our website. Protecting your privacy is very important to us, and we are committed to protect your private data.

In the following declaration of data protection, we will inform you extensively about the way we handle your personal data when you visit a website related to Brand Addition, as well as your rights to data protection and how the law protects you.

Important Information and who we are
Purpose of this Information

This privacy policy aims to inform you how we collect and process your personal data through our website, as well as when you sign up to our newsletter, purchase any of our products, or create a user account on our website.
This website is not intended for minors, and we do not knowingly or commonly collect any data relating to children.
We recommend that you read this privacy policy, together with any other privacy notices or fair processing notices we may provide on specific occasions, or when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them. This particularly applies to our extensive English version of the privacy policy on our English website.

Responsibility

Brand Addition (consisting of any and all corporations of the Brand Addition Group) is the data controller in accordance with the Data Protection Regulation (DSGVO) and therefore responsible for your personal data. Our corporate group consists of several companies, including Brand Addition Ltd which is registered in Great Britain, as well as Brand Addition GmbH with its headquarters in 58093 Hagen, Heydastrasse 13-15, Germany. This privacy policy pertains to Brand Addition GmbH.
If you have any questions regarding the collection, processing or use of your personal data, or for any further information, corrections, disabling or erasing of data, as well as withdrawal of given consent, please contact our data protection officer:

JURANDO GmbH,
Rathausplatz 21,
D-58507 Lüdenscheid
z. Hd: Dr. Dennis Werner,
+49 2351 66854-37,
d.werner@jurando.de

We ask you to please first contact the aforementioned address in case you have any enquiries or complaints. You also have the right, irrespective of any further administrative or judicial appeals, to submit a complaint to the relevant data protection authority, the Data Protection and Freedom of Information Commissioner for Nordrhein-Westfalen.
Please be aware that the content of this information may be updated and altered at any time. Any changes or updates will be published on this page. The date of the most recent update or change can be found at the top of this website.
This website may contain links to third-party websites, as well as plug-ins and applications of third parties. Clicking on these links or enabling a connection to these third parties may allow these third parties to collect and disseminate your personal data. We have no control over these third parties accessing your personal data, and therefore we are not held liable for any such accesses or their privacy policies. We encourage you to read the privacy policy of every website you visit once you leave ours.

Collected personal data

Personal data or personal information is any data relating to an identifiable or identifiable natural person. This does not include anonymised data.
We collect, use, store and transfer different kinds of personal data, which we may have received from you through our website, through written or verbal communication, via email, telephone or in different ways, and which can be sorted into the following categories:
• Data that could be used for identification (first name, surname, maiden name, user name, etc.)
• Contact data (billing address, delivery address, email address and telephone numbers)
• Financial data (for example, bank account or credit card details, etc.)
• Transaction data (including information pertaining to payments made or payments received, and information relating to products you purchased)
• Technical data (for example, internet IP addresses, login data, time zone setting, the type of browser and other technical characteristics)
• Profile data (for example, passwords, purchases or orders)
• Usage data (for example, information about how you use our website, or how you use or order our products and services)
• Advertising and marketing communication (for example, your stated preference related to the way we communicate with you)

Please keep us informed of any changes in your personal data.
We also hereby inform you, that we collect, use and – in isolated cases - share aggregated data, such as, for example, statistical or demographic data. This aggregated data can be derived from your personal data, but they do not reveal your identity. Aggregated data therefore are not considered personal data according to the DSGVO. We may, for example, aggregate your usage data to calculate how many users take advantage of specific offers on our website. As soon as we combine aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy policy.
We do not collect or use any personal data covered by a special category of article 9 of the DSGVO (like, for example, ethnicity, religious beliefs, sexual orientation, political opinion, information about your health or genetic or biometric data). Neither do we collect or use any information about criminal convictions and offences through our websites.

Contractual Obligation regarding the Provision of Personal Data

In cases in which we are obliged due to legal stipulations to collect your personal data, or in which we entered a contractual agreement with you to collect them, and you do not grant us access to the required personal data, we will be exempt from our contractual obligation regarding the delivery of your ordered goods or services. We will notify you of this at the appropriate time.

Collection, Processing and Use of Personal Data

You can visit our website without providing any personal details. In this case we merely store access data which is not personally identifiable, such as the name of your Internet service provider, the website from which you are visiting us, or the name of the requested file. This collected data will only be used and evaluated to improve our offers, and you will not be identified based on it. This data is collected through the use of cookies and similar technologies. Please refer to our section about cookies towards the end of this privacy policy.
Personally identifiable data will only be collected if you share them voluntarily either through mail, telephone, email, or in other ways as part of the order process, by creating a customer account, by signing up to our newsletter, by requesting marketing material, or by submitting a review. Additionally we may, where applicable, also receive your personal data from third parties or other publicly available sources, ranging from technical analytics providers from outside the EU (such as, for example, Google etc.) or finance and transaction service providers, for example credit card companies both from inside and outside the EU, data brokers and collectors or other publicly available sources, such as for example the trade register, the electoral register, etc., within the EU.

How we use Personal Data

Without your separate consent, we exclusively use your provided data within the scope of the legal stipulations according to the listed purposes in the table below, so a) to fulfil and process your orders and the enforcement of our claims, b) to fulfil legal, accounting or supervisory regulations, c) to maintain and run our business and d) to evaluate how our customers use our products. After a complete performance of the contract and a completed payment, your data will be disabled for any future use, and after the expiry of the mandatory storage period stipulated by tax and commercial legislation, unless you explicitly consent to the continued use of your data. Upon subscribing to the newsletter, your E-mail address will be used for our own marketing purposes until you unsubscribe. It is possible to unsubscribe at any time.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you (please see paragraph 10 (Glossary) for a definition of performance of a contract)
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review, feedback or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation (please see paragraph 10 (Glossary) for a definition of comply with a legal or regulatory obligation)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests (to develop our products/services and grow our business)
Marketing

We strive to provide you with the highest degree of flexibility regarding the use of your personal data, especially concerning marketing or advertising.

Advertising Promotions from Us

We will use your personal data to evaluate which products or services you may want to know about, need or which products and services you may be interested in. Based on these findings we can decide which products or service to offer (we call this process ‘marketing’). Provided that you requested information from us, or purchase products or services from us, you will receive marketing communication from us, unless you have explicitly informed us that you do not wish to receive further information.

Third Party Marketing

We will only share your personal data with third parties outside of the Brand Addition Group with your explicit agreement.

Rejection of Marketing Communication

At any time you are free to inform us and third parties that you do not wish to receive further marketing communication. In this case we will retain any of your personal data, collected by supplying services to you, or receiving warranty registrations, product feedback or transactions.
You may alter or revoke your preference regarding the collection and use of your personal date for marketing purpose at any time by sending us a written notice.
Use of Cookies

We use session cookies as well as permanent cookies on this website.
The types of cookies used on our website, and the purposes they’re serving are listed below.
We use cookies on our website to identify a device when a user is visiting the website / to track a user while they are browsing the website / to enable the use of a shopping cart for the user / to improve the performance of the website / to analyse the way the website is used / to administer the website / to prevent fraud and to improve the website’s security / to personalise the website for every user / to deliver relevant ads that may be of special interest for certain users.

Analytics Cookies

We use Google Analytics to analyse the use of our website.
Our Analytics service provider generates statistical and other information about website use by means of cookies.
The analytics cookies used by our website have the following names: _utma, _utmb, _utmc and _utmz. The information generated relating to our website is used to create reports about the use of our website. Our analytics service provider's privacy policy is available at http://www.google.com/policies/privacy/.

Third Party Cookies

Our website also uses third party cookies.
We publish Google AdSense interest-based advertisements on our website. These are tailored by Google to reflect your interests. To determine your interests, Google will track your behaviour on our website and on other websites across the web using the DoubleClick cookie. This behaviour tracking allows Google to tailor the advertisements you see on other websites to reflect your interests (we do not publish interest-based advertisements on this website). You can view, delete or add interest categories associated with your browser by visiting:

http://www.google.com/settings/ads/. You can also deactivate the AdSense partner network cookie by using those settings, or using the NAI's (Network Advertising Initiative's) multi-cookie opt-out mechanism at: http://www.networkadvertising.org/choices/.

However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser, then your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-in available at: https://www.google.com/settings/ads/plugin.

Blocking Cookies

Most browsers allow you to refuse to accept cookies. For example:
• In Internet Explorer (version 10), you can block cookies by using settings to override cookies. This can be done by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”.
• In Firefox (version 24) you can block all cookies by selecting “Tools” from the drop-down menu, then clicking on “Options”, “Privacy”, “Use custom settings for history” and then unticking the “Accept cookies from sites” box; and
• In Chrome (version 29) cookies can be blocked by selecting “customise and control” on the menu and then clicking on “Settings”, “Show advanced settings” and “Content settings”, before then clicking on “Block sites from setting any data” under the headline “Cookies”.
Blocking all cookies may have negative impacts upon the user-friendliness of many websites. If you block cookies, you may not be able to use all the features of our website.

Deleting Cookies

You can delete cookies already stored on your computer. For example:
• In Internet Explorer (version 10) you have to manually delete cookie files (instruction for doing so can be found at http://support.microsoft.com/kb/278835).
• In Firefox (version 24) you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history", clicking "Show Cookies", and then clicking "Remove All Cookies"; and
• In Chrome (version 29) you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".
Blocking all cookies may have negative impacts upon the user-friendliness of many websites.

Change of Purpose of Data Collection

We will only use your personal data for the purposes originally collected, unless we have a justified reason to use it on different grounds which are compatible with the original purpose. If you wish to see an explanation regarding how the process on different grounds is compatible with the original purpose, please do contact us
If we need to use your personal data on different grounds, we will inform you of this and clarify the legal foundation that enables us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the aforementioned rules, where this is legally required or permitted.

Disclosure of your Personal Data

Possibly we may have to share your personal data for the purposes set out in the table in paragraph 4 with the parties set out below.
• Internal third parties, such as our employees or leading staff members and legal entities of the corporate group Brand Addition.
• External third parties, including IT-support specialists and sub-contractors processing website, its processes and every contract we enter into with IT-support specialists, suppliers, sub-contractors or you (including Communicator, Qualtrics), supplier companies relating to your order (such as DHL, Royal Mail, Interlink), Adflex card payment solutions, PayPal, PowerWeave, IDynamics, PoxLogix, Ariba, Coupa, Tradeshift, Hubwoo, Adaptris, Communicator).
• Third parties to whom we may choose to sell or transfer parts of our business or assets. Alternatively, we may attempt to acquire other businesses or merge with them. If a change happens within our business, then the new owners may use your personal data in the same way as laid out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes, and we only permit them to process your personal data for particular purposes that are in accordance with our instructions.

International Transfer of Data

We share your personal data with other corporations of the Brand Addition Group in the countries we operate in. This involves transferring your data outside the European Economic Area (EEA), according to the privacy policies of Brand Addition.
Many of the countries in which we transfer personal data are based outside the EEA, and do not provide an adequate and equivalent level of protection for personal data, as deemed by the European Commission. However, where we use certain third parties, we are able to use specific contracts approved by the European Commission which protect personal data in Europe. You can find further information relating to this at the European Commission: Standard contractual clauses for the transfer of personal data to processors established in third countries. Please contact us if you require further information regarding mechanism we employ when transferring of your personal data outside of the EEA.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. Additionally, we also limit access to your personal data to those employees, representatives, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected breach of personal data, and we will notify you and any applicable regulatory authority when we are legally required to do so.

Transfer of Personal Data

Your data is shared with the shipping company charged with the delivery, insofar as this is necessary for the delivery of the goods. To process payments we transfer your payment data on to the credit institute charged with the transactional process. Moreover a transfer is made to the other enterprises of the Brand Addition Group.

Data Security

We have put in place appropriate, and up-to-date security measures to secure your personal data, and we will only grant access to your personal data to people and third parties who have a business need to know.

Data Retention

We will only store and retain your personal data for as long as is necessary to fulfil the purposes we originally collected it for. This includes the fulfilment of any legal, accounting or reporting requirements.
To determine the appropriate retention time frame for personal data, we consider the amount, type and sensitivity of the personal data, as well as the potential risk of harm that could result from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and if these purposes can be fulfilled through any other means whilst adhering to the applicable legal requirements.
If you signed up to receive messages from us as part of a mailing-list, we will retain your personal data for up to 7 years. Once this period has lapsed, we will contact you and attempt to obtain your consent to continue storing your data.

Your Rights

You may be able to exercise the following rights according to the DSGVO and relevant data protection clauses:
Marketing: Before collecting your personal data, we will inform you whether your personal data will be used for marketing purposes, and we will only do so if you did not previously exercise your right to object to this use.
Corrections: If you inform us that any personal data that we hold about you is incomplete or incorrect, then we will strive to correct or complete the data as soon as possible.
Deletion: You can exercise the right to withdraw your consent to the collection and storage of your personal data, object to processing of your personal data, demand restrictions regarding the processing of personal data, or respectively demand that your personal data is deleted. Should you inform us of your withdrawal of consent, or demand the erasure of your personal data, we will erase the respective personal data without undue delay, insofar as this is legally permissible and technically feasible.
Object to processing: You can exercise the right to object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and you are in a particular situation which may cause you to want to object to processing on this ground, as the processing of your information may affect your fundamental rights and freedom. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases we can demonstrate that there are overriding and justified grounds to process your information, which then overrule your rights and your freedom.
Processing restrictions: You have the right to ask us to suspend the processing of your personal data, yet still retain and store the data, in the following cases: the saved personal data we hold from you is incorrect, the processing of the data is unlawful, or we do not require it anymore. As soon as the processing is restricted, we will only process your personal data if you consent to it, or if we have overriding lawful basis to proceed processing it.
Free of charge access: You have the right to access the personal data we hold about you free of charge, and you can demand a copy of the collected data. A charge for this request can only be levied if the request entails disproportionate efforts or disproportionate costs

Data Portability

You have the right to receive a copy of your previously submitted personal data. This copy will be supplied in a commonly used and standard machine readable format. You are also able to ask us to directly transmit such personal data to another controller/data processor, where this is technically possible.
If you wish to exercise any of the aforementioned rights, please do contact us.

Fees

We will not charge any fees if you wish to access your personal data (or exercise any of your other rights). However, we retain the right to charge a reasonable fee if your request for access is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Withdrawal of Consent

You may withdraw your consent to allow us process your personal data at any time, provided that we are relying on your consent to process your personal data. This will, however, not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may potentially not be able to provide certain products or services to you. We will inform you if this is the case.

What we need from you

We may possibly require specific information from you that will help us confirm your identity and secure your right to access your personal data (or to exercise your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to request further information in order to speed up our response.

Responding

We aim to reply to all legitimate requests within one month. It may take longer than one month if your request is especially complex, or if you submitted several requests. In this case we will inform you and keep you up to date.

Glossary

Legitimate Interests means the interest of our business in maintaining and facilitation our business, to enable us to offer the best service, the best product and the best experience. We ensure that we consider and evaluate possible impacts (positive as well as negative) in regards to you and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities where our legitimate interests are overridden due to the impact on you (unless we have your consent, or we are otherwise required to do so by law). Further information regarding how we assess our legitimate interests against possible impacts concerning certain activities can be obtained by contacting us.
Performance of a contract means to process your data insofar as is necessary to perform the contract, or to take steps according to your wishes before you enter such a contract.
A legal or regulatory requirement means processing your data insofar as is required to comply with our obligatory legal or regulatory responsibilities.

Information about joint responsibility under Art. 26 paragraph 2 line 2 of the General Data Protection Regulation (GDPR)


What is the reason for having joint responsibility?
Brand Addition GmbH and MANN+HUMMEL GmbH work closely together on this online shop. This also affects the processing of your personal data. The parties have jointly defined the order of processing of this data in the individual process stages, Consequently, in the process stages described below, they are jointly responsible for protecting your personal data (Art. 26 GDPR).

Which process stages are both parties jointly responsible for?
As soon as you register on this website to receive MANN-FILTER marketing products, both Brand Addition GmbH and MANN+HUMMEL GmbH will have access to the data you enter. Brand Addition GmbH requires your data in order to process the purchase contract that it has entered into with you.
MANN+HUMMEL GmbH requires this data in order to adapt its product portfolio to best meet customer needs.

What have the parties agreed?
In the context of their joint data protection responsibilities, Brand Addition GmbH and MANN+HUMMEL GmbH have agreed upon which party will fulfil specific obligations under the GDPR. This applies in particular to protecting the rights of the individuals in question and complying with the obligation to provide information in accordance with Articles 13 and 14 of the GDPR.
This agreement is necessary because when customers register, their personal data is processed in systems to which both Brand Addition GmbH and MANN+HUMMEL GmbH have access.

What does this mean for the individuals in question?
Notwithstanding their joint responsibility, the parties will comply with their data protection obligations in accordance with their own responsibility for individual stages of the process, as follows:
• In the context of joint responsibility, Brand Addition GmbH and MANN+HUMMEL GmbH are jointly responsible for processing personal data that is entered during the registration process.
• Brand Addition GmbH is responsible for all further processing of personal data.
• Brand Addition GmbH and MANN+HUMMEL GmbH will provide the individual in question with the information required under Articles 13 and 14 of the GDPR in a precise, transparent, comprehensible and easily accessible manner, using clear and simple language, and free of charge. For this purpose, each party will provide the other with all the information that is required from their area of activity.
• The parties will inform one another promptly of any legal positions adopted by individuals. They will provide one another with all the information that is required in order to answer a request for information.
• Data protection rights can be asserted in relation to either Brand Addition GmbH or MANN+HUMMEL GmbH.