I. GENERAL PROVISIONS
1. Controller, Data Protection Officer
Should a Johnston North America, Inc company or affiliate disclose personal data to another Johnston North America, Inc company or affiliate for certain purposes of the receiving company or affiliate, such company or affiliate is the controller according to article 4 (7) GDPR.
Johnston North America, Inc has appointed a data protection officer according to article 37 GDPR. Furthermore, any inquiry, claim or concern regarding data protection at Johnston North America, Inc can be addressed to the following contact person in case no specific contact is listed in Section II: Division Data Protection Coordinator of Johnston North America, Inc.
The representative of companies and affiliates of Johnston North America, Inc domiciled outside of the EU or EEA respectively (article 27 GDPR) is Johnston North America, Inc.
2. Processing of Personal Data
Johnston North America, Inc collects and processes personal data of
- users of its WEBSITES registered with Johnston North America, Inc;
- individuals and legal entities purchasing and receiving/benefitting from products and services of Johnston North America, Inc;
- potential or actual parties interested in products and services of Johnston North America, Inc;
- recipients of newsletters of Johnston North America, Inc;
- participants in research campaigns and opinion surveys conducted by Johnston North America, Inc;
- participants in courses, seminars and other training organized by Johnston North America, Inc; and
- users of WIFI provided at Johnston North American, Inc stores and other locations.
The personal data of CUSTOMERS is generally collected directly during the course of using the WEBSITE, in stores or at events of Johnston North America, Inc or Johnston North America, Inc retailers respectively or in direct communication via email, telephone or otherwise. However, personal data can also be collected indirectly, in particular through further acquisition of supplementary information from third party data sources (e.g. social media, address brokers).
In particular, the following categories of personal data is processed by Johnston North America, Inc:
- Data related to individuals including but is not limited to first and last name, maiden name, address, residence, telephone number, email address, e, date of birth, gender, marital status, relatives, contact in case of emergency, pictures, etc.;
- Data pertaining to orders and purchases including but is not limited to payment information, credit card details and other payment details, billing and shipping address, products and services ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescissions and disputes, information regarding CUSTOMERS blacklisted by Johnston North America, Inc, etc.;
- Data in connection with product and services marketing including but is not limited to information such as newsletter opt-ins and opt-outs, documents received, invitations to and participations at events and special activities, personal preferences and interests, etc.;
- Data concerning the use of the WEBSITE including but is not limited to the IP address and other identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), date and time of WEBSITE visits, visited sites and contents, referring websites, etc.
- Data in connection with communication such as preferred means of communication, correspondence and communication with Johnston North America, Inc (including records of the communication), etc.;
- Data which was collected in connection with a customer program such as number of membership, access codes (including passwords), preferred language, number of gift certificate, date and duration of the membership, payment information of the customer or a potential third party, information concerning the recipient of a gift, number of visits of the WEBSITE, purchase history, products acquired, etc. (besides all WEBSITE accounts, activities and events for which a CUSTOMER must register with their personal data and thus enter into a contract with the respective companies of Johnston North America, Inc shall be deemed a customer program for the purposes of this policy);
(together CUSTOMER DATA).
In addition, Johnston North America, Inc collects and processes the following personal data:
- Data of users of the WEBSITE, who do not register with Johnston North America, Inc (VISITOR) but may constitute personal data for example with social media (VISITOR DATA), the provisions of this policy regarding data collected from a CUSTOMER in connection with the use of the WEBSITE shall apply accordingly even though the identification of a VISITOR usually is not possible for Johnston North America, Inc;
- Information pertaining to employees and contacts of their dealers, suppliers and further business partners (hereinafter natural persons shall be referred to as PARTNERS their data as PARTNER DATA) such as in particular contact details, information regarding their function, information relating to the previous contact with these individuals, data regarding marketing activities (e.g. receipt of newsletters), information regarding business transactions, requests, offers, tenders, conditions and contracts, information related to professional or other interests of the individuals.
Within the framework of their business relationship, CUSTOMERS will be required to provide CUSTOMER DATA necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or required by law. Without this data, Johnston North America, Inc will generally not be able to conclude or execute the contract with the respective CUSTOMER. This also applies analogously to PARTNERS and PARTNER DATA. As any access to the WEBSITE is logged, connection data (such as the IP address) will always be logged; this is done automatically during use and cannot be deactivated for individual VISITORS, PARTNERS or CUSTOMERS.
3. Purpose of the Processing and Legal Basis
In accordance with applicable law, Johnston North America, Inc may process CUSTOMER DATA in particular for, but not limited to, the following purposes:
- In connection with services offered, conclusions of contracts (in particular purchases), executions of contracts (in particular purchase contracts and contracts regarding the participation at customer programs and events), maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials);
- Management of the users of the WEBSITE and other activities in which CUSTOMERS participate, operation and enhancement of the WEBSITE (including the provision of functions which require identifiers or other personal data) and further IT systems, identity verifications;
- protection of CUSTOMERS, employees and other individuals and protection of data, secrets and assets of and entrusted to Johnston North America, Inc, safety of systems and premises of Johnston North America, Inc;
- compliance with legal and regulatory requirements and internal rules of Johnston North America, Inc , enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities;
- sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of CUSTOMER DATA associated therewith;
- to obtain telematics information relating to vehicles’ identity, performance, location and operation, including diagnostics.
- for other purposes as far as a legal obligation requires processing and such processing was evident from the circumstances or indicated at the time of the collection.
(together the PURPOSE OF CUSTOMER DATA PROCESSING).
Johnston North America, Inc uses the CUSTOMER DATA for the PURPOSE OF CUSTOMER DATA PROCESSING based on the following legal grounds:
- performance of contracts;
- compliance with legal obligations of Johnston North America, Inc;
- consent of the CUSTOMERS (only insofar as the processing is based on a specific query and can be withdrawn at any time, in particular the receipt of newsletters for which the client has registered for); and/or
- legitimate interests of Johnston North America, Inc, including but not limited to
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as e.g. individuals receiving a gift);
carrying out advertisement and marketing activities;
- efficient and effective customer support, maintenance of contact and other communication with CUSTOMERS outside of the processing of contracts;
understanding customer behavior, activities, concerns and needs, market studies;
- efficient and effective improvement of existing products and services and development of new products and services;
- efficient and effective protection of customers, employees and other individuals as well as protection of data, secrets and assets of or entrusted to Johnston North America, Inc, safety of systems and premises of Johnston North America, Inc;
- maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the WEBSITE and other IT systems;
- reasonable corporate governance and development;
- successful sale and acquisition of business units, companies or parts of companies and other corporate transactions;
- compliance with legal and regulatory requirements and internal rules of Johnston North America, Inc;
- concerns regarding the prevention of fraud, offences and crimes as well as investigation in connection with such offences and other improper conduct, handling of claims and actions against Johnston North America, Inc, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions.
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as e.g. individuals receiving a gift);
In accordance with applicable data protection laws, Johnston North America, Inc may in particular process VISITOR DATA for the purpose of maintaining and developing the WEBSITE (including the provision of functions which require identifiers or other personal data), for statistical analysis regarding the use of the WEBSITE as well as for combating abusive conduct, for purposes of legal investigations or proceedings and for the response to inquiries of public authorities. The VISITOR DATA shall be processed in accordance with the principles set out for CUSTOMER DATA above.
In accordance with applicable data protection laws, Johnston North America, Inc may process PARTNER DATA in particular for the purpose of entering into and performance of contracts and other business relationships with PARTNERS, promotions, advertisement and marketing, communication, invitation to events and participation in promotions for PARTNERS, organization of joint activities, compliance with legal and regulatory requirements and internal rules of Johnston North America, Inc, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities, for the sale or acquisition of business units, companies or parts of companies and other corporate transaction and related transfers of PARTNER DATA. The PARTNER DATA shall be processed in accordance with the principles set out for CUSTOMER DATA above.
All the purposes of processing shall be applicable for Johnston North America, Inc, i.e. not only for the company or affiliate of Johnston North America, Inc which initially collected the personal data. Personal data of CUSTOMERS, VISITORS and PARTNERS is collected for the purpose of all Johnston North America, Inc companies.
4. Disclosure of Data and Transfer of Data Abroad
In accordance with applicable data protection laws, Johnston North America, Inc may disclose CUSTOMER DATA, VISITOR DATA and PARTNER DATA to the following categories of third parties who process PERSONAL DATA in accordance with the purposes set out above on behalf of Johnston North America, Inc or for their own purposes:
- service providers (within Johnston North America, Inc as well as external), including processors;
- dealers, suppliers and other business partners;
- customers of Johnston North America, Inc;
- local, national and foreign authorities;
- the public including visitors of websites and social media of Johnston North America, Inc;
- industry organizations, associations, organizations and other committees;
- acquirers or parties interested in acquiring business units, companies or other parts of Johnston North America, Inc;
- other parties in potential or actual legal proceedings;
- companies of Johnston North America, Inc
- companies of the Bucher Industries Group
(together THIRD PARTIES).
Johnston North America, Inc may disclose CUSTOMER DATA, VISITOR DATA and PARTNER DATA within Johnston North America, Inc as well as to third parties and in every country worldwide, including in particular all countries in which Johnston North America, Inc is represented by companies, affiliates or other offices and representatives, as well as to countries in which service providers of Johnston North America, Inc process their data. If data is disclosed to countries that do not guarantee adequate protection, Johnston North America, Inc will ensure adequate protection of data disclosed by CUSTOMERS, VISITORS or PARTNERS by way of putting adequate contractual guarantees in place, in particular on the basis of EU model clauses, binding corporate rules or it bases the transfer on the exceptions of consent, conclusion or performance of contract, the determination, exercise or enforcement of legal claims, overriding public interests or it discloses the data in order to protect the integrity of these individuals. The CUSTOMER, VISITOR or PARTNER can obtain a copy of the contractual guarantees from or will be advised where to obtain such copies by the respective controller.
Johnston North America, Inc reserves the right to redact such copies for reasons of data protection or secrecy reasons.
5. Store of Data
As a rule, Johnston North America, Inc retains contract related CUSTOMER DATA, VISITOR DATA and PARTNER DATA as long as the contractual relation is ongoing or it has an interest in them (in particular an interest for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements, operational reasons) or it is obligated to do so (by way of contract, law or other provisions). Deviating legal obligations are reserved in particular with respect to anonymization or pseudonymization.
6. Cookies, Google Analytics and Social Plug-ins
In accordance with applicable law, Johnston North America, Inc may install coding in newsletters and other marketing email which allow it to determine if the recipient has opened an email or downloaded pictures contained in the email. However, the recipient may block this application in his/her email application. In any case the recipient consents to the application of this technology by way of receiving newsletters on other marketing related emails.
Should Johnston North America, Inc place advertisement of third parties on the WEBSITE (e.g. banners) or intend to place an own ad on the website of a third party, cookies from companies specializing in the use of such advertisement may be employed. Johnston North America, Inc will not disclose personal data to such companies, i.e. they shall only place a permanent cookie with users of the WEBSITE in order to recognize users and do so in the sole interest of Johnston North America, Inc. This allows Johnston North America, Inc to place aimed advertisements for these individuals on external websites (e.g. in connection with products for which these individuals showed an interest in the online-shop). Johnston North America, Inc will not disclose personal data to the operators of external websites either.
Johnston North America, Inc may use Google Analytics or similar services on its WEBSITE. These applications are third party services which allow Johnston North America, Inc to measure and analyze the use of its WEBSITE. The provider of these services may be located in any country worldwide (in the case of Google Analytics which is operated by Google Inc. it is the U.S., www.google.com). The service provider uses permanent cookies for these applications. Johnston North America, Inc will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the WEBSITE by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the servicer may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider’s responsibility and data shall be processed according to the data protection policies of the service provider. The service provider will provide data on the use of the WEBSITE to Johnston North America, Inc.
In addition, Johnston North America, Inc may use plug-ins from social media networks such as Facebook, Twitter, Youtube, Google+, Pinterest or Instagram on its WEBSITE. In the default setting of the WEBSITE plug-ins are deactivated; the user can thus choose when to activate them. Should the user do so, the social media providers are able to establish a direct connection to the user during his visit on the WEBSITE, which allows the provider to be aware of the user’s visit and may analyze the respective information. The subsequent processing of the personal data will be conducted in the responsibility of the provider and according to his data protection policies. The provider of the respective social media offering will not disclose any information to Johnston North America, Inc.
7. Rights of the Customer Visitors and Partners
Any affected individual subject to the GDPR, including any CUSTOMER, VISITOR and PARTNER, may request information from Johnston North America, Inc as to whether data concerning them is being processed. In addition, such affected individuals have the right to request the correction, destruction or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, such affected individuals may withdraw consent at any time. In certain cases, such affected individuals have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer. Request in this respect shall be submitted to the contact person (see para. 1). Affected individuals not subject to the GDPR may have similar rights under applicable data protection laws. Johnston North America, Inc reserves the right to restrict the rights of any affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.
Should Johnston North America, Inc make an automated decision with respect to a certain individual which may have a legal effect for the affected individual or seriously affect them in a similar way, the affected individual shall have, in accordance with applicable law, the right to communicate with a controller of Johnston North America, Inc and to request a reconsideration of the decision or to request the prior evaluation by the controller. In this case the affected individual might no longer be able to use certain automated services. The individual will be informed thereof subsequently or separately in advance.
Any affected individual may also raise a complaint with the competent data protection authority of the respective country.
8. Changes to the Data Protection Policy
II. Specific Provisions
The following provisions shall supplement the general provisions set out in Section I above for certain activities of Johnston North America, Inc. In the event there is any inconsistency, the following provisions shall prevail the general provisions set out in Section I.
1. Online Shops
The creditworthiness of CUSTOMERS may be evaluated automatically in online-shops in order to offer the purchase on account based on this decision as far as this payment option shall be offered at all. In this case the credit rating is evaluated on the basis of information from an external credit rating agency, which will provide Johnston North America, Inc with a credit score of the respective individual. The agency will calculate the score based on a secret formula based on data on the payment history of the individual, its debt and insolvency history and possible limitations of its legal capacity. Should the score be below a certain threshold no payment by invoice will be offered. In this event the CUSTOMER may contact the following contact person if he is not ready to accept the decision: Colin Madden, Company Treasurer.
Online shops of Johnston North America, Inc may automatically decide whether to enter into purchase agreements. However, Johnston North America, Inc does not deem this an automated individual decision according to article 22 GDPR. In the event the CUSTOMER does not wish such an automated entering into an agreement he has the option to purchase products and services from Johnston North America, Inc at physical stores run by Johnston North America, Inc and its retailers.
Any requests, claims and information regarding data protection may be addressed to the following contact person: Lonnitta Reid, Data protection Co-ordinator.
2. Newsletter and Banner Advertisement
Johnston North America, Inc may send newsletters or other commercial communications in connection with its products and services to CUSTOMERS and PARTNERS. In accordance with applicable law Johnston North America, Inc reserves the right to do so without prior consent of existing customers and business partners. However, the respective customers and business partners may object to a further mailing of newsletters or other commercial communications at any time through their account on the respective WEBSITE or through the link indicated in every mailing. However, the termination of one newsletter may not entail the termination of other newsletters, as well.
It is possible that personalized advertisement is placed during the visit on the WEBSITE. Every banner advertisement displayed to the CUSTOMER contains products offered on the WEBSITE which have previously been looked at by the customer. The advertisement is generated by Johnston North America, Inc by the means of cookies (see Section I para. 6 above).