PRIVACY POLICY


1 CONTACT DETAILS
Serox GmbH Group (in the following “Serox GmbH” or “we”) is the controller for the personal information we process, unless otherwise stated.
Controllers Contact Details
Contact Details inside European Union
Serox GmbH
Address: Scharhoferstrasse 56, 68307 Mannheim / Germany
Phone: +49 (0) 621 789 588 33
E-Mail: info@serox.com

2 GENERAL TERMS AND LEGAL BASIS FOR DATA PROCESSING
This privacy policy sets out how Serox GmbH collects, uses and protects any information from you, when you use this website and the web shop. Serox GmbH is committed to ensure that your privacy is protected. We only collect and use personal data of users if this is necessary to provide content, services and a functional website.
Usually, collection and use of personal data is limited to cases where the user gives consent (article 6 (1)(a) of the EU General Data Protection Regulation (GDPR)). An exception applies to those cases where processing of data is permitted by law. The law permits processing of personal data to execute a contract (article 6 (1)(b) GDPR), to fulfill legal obligations (article 6 (1)(c) GDPR), to fulfill vital interests of a natural person (article 6 (1)(d) GDPR) and with restrictions to safeguard the legitimate interest of our company (article 6 (1)(f) GDPR).
We will delete personal data of individuals as soon as the data are no longer needed. Beyond that, we still may process personal data if we are obliged to do so by regulations, laws or other provisions of the European Union or a national legislator.

3 SHARING YOUR PERSONAL DATA
We will share your personal data with processors. Processors are third parties that provide services for us. We have contracts in place that ensure that processors retain share and process your data only as instructed by us. All our relevant processors are listed in this privacy notice.
We will share your personal information if we are legally obliged to do so (for example under a court order). In any case, before we share your personal information, we will make sure, that we have a lawful basis on which to share the data and document our decision-making.

4 PROVIDING THE WEBSITE OR ONLINE SHOP AND CREATING LOG FILES
To provide you with our website and online service and to constantly improve it, we need to maintain and monitor the performance of our website and online shop, which is within our legitimate interests as a business (6(1)(f) of the GDPR). Therefore, when you access our website or online shop, our systems automatically collect the following data and information but is deleted as soon as the respective session has ended.:
IP address, date and time of the website call, time zone difference to GMT, content of the called website (the very page), operating system and access status / HTTP-status code, volume of transferred data, referrer-URL, information concerning the type, language and version of the internet browser used
In anonymized form, this data is also stored in log files of our system. We do not evaluate the data for marketing purposes in this context. Data in log files is deleted after 120 days at the latest. If certain parts of the data are subsequently processed the IP addresses of the users are deleted or anonymized, so that an assignment of the data to an individual is impossible. As this data collection is necessary for the operation of the website, there is no possibility of objection on the part of the user.
To provide you with elements related to our website or online shop we have processors in place. Swisscom is hosting our website on servers in Switzerland. For more information, please see Swisscom`s privacy notice. MGT Commerce GmbH (Germany) is hosting our online shop on Amazon Web Services (AWS) servers located in Ireland. For more information, please see AWS’s and MGT’s privacy notices.

5 COOKIES
Our website and online shop use cookies to make our website more user-friendly. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. The cookies we use are essential to ensure our website’s or online shop’s functionality and are therefore in our legitimate interests as a business (article 6(1)(f) of the GDPR). 

6 ORDERING FROM OUR ONLINE SHOP AND REGISTERING
If you register and create an account in our online shop (including your consent to share the necessary data (article 6(1)(a) of the GDPR)) you will have the possibility to:
Manage your address data, view your order portfolio, follow up on the order status, re-order previous orders, place orders without having to re-enter your ordering credentials, generate quotations and opt-in to newsletters
With the data you provide us, we will be able to take the necessary steps to enter into and fulfill a contract such as handle the ordering and payment process (article 6(1)(b) of the GDPR).
If you register for a customer account, generate a quote in our online shop or order from it you provide us with your:
First Name, last name, company, department, TAX/VAT number, email address, password, address, country, city, ZIP / postal code, state/province, telephone, mobile number, fax, purchase order number (or reference), shipping account number
We associate the following data to your identity or order when you order from our online shop, or when you register for an account:
Customer number, customer group, created from, associate website, details about an order (order number, order date, order total, order from
During the registration process of your customer account, we obtain your consent for the processing of the data and reference is made to this privacy notice. We ask for this information to process the order, track your order throughout all systems, assign you to a customer group, process discounts and promotions correctly, execute the payment process and to be able to follow up on your shipping instructions.
We keep the information related to an order between 10 and 11 years as required by article 958(f)(1) of the Swiss Code of Obligations. Information related to a quote request is kept for no more than 4 months after we have handled your request. Personal data stored in your registered account is deleted immediately when we delete your account upon your request.
We use the following processors to provide elements related to our online shop for us:
Stork Business Service (Germany) is hosting our online shop on Amazon Web Services (AWS) servers located in Ireland. For more information, please see AWS’s and Stork’s privacy notices.
Salesforce is hosting our customer relation management system (Salesforce) on servers in the US. For more information, please see Salesforce’s privacy notice. We rely on the Privacy Shield Framework (Link) to transfer information to Salesforce’s servers.

7 NEWSLETTER
You can subscribe to a free newsletter on our website, if you give us your consent to process your data for this purpose (article 6(1)(a) of the GDPR). When registering for the newsletter, the following data is transmitted to us:
First name, last name, email-address, country, topic of newsletters you subscribed to
If you purchase goods or request services on our website or online shop and provide us with your e-mail address, we may use it to send you a newsletter. In such a case, the newsletter will only contain direct advertising for similar goods or services of our own.
You have the right to withdraw your consent, or to object to the processing of your personal data at any time.
To provide you with the newsletter, we use iContact and Salesforce as processors. For more information, please see iContact’s or Salesforce’s privacy notice. Furthermore we rely on the Privacy Shield Framework (Salesforce & iContact) to transfer information to Salesforce’s and iContact’s servers, which are both located in the US.

8 CONTACTING US
You have several means to contact us, so we can provide you with our service. Please contact us with the contact form on our company website, whenever you need a quote, have a technical question, are interested in a topic related to us or our business, want to order, want literature, want us to contact you, need our annual report, want to contact the webmaster, want a brochure, want a catalog, want to give feedback, need an air waybill number, want to subscribe to press releases.
For customer support use, the contact form or the online live chat, on our online shop.
You can write an email for miscellaneous purposes to one of the e-mail addresses displayed on our website or in our online shop.
Depending on your choice of contacting us, the legal basis for processing your personal data is article 6(1)(a) of the GDPR, article 6(1)(b) of the GDPR, article 6(1)(c) of the GDPR or article 6(1)(f) of the GDPR. We will ask you to enter some of the following data:
Country, title, first name, last name, function, company name, department, address 1, address 2, address 3, city, ZIP / postal code, email address, phone number, mobile phone number, topic 1, topic 2, your message, topic of the newsletter that you want to receive from us and comment
If you send us an e-mail, we receive and process the personal data that you transmit along with your e-mail, including the data in the attachments.
We need the data to provide the service you request. We keep the information as long as needed to fulfill your request, namely for miscellaneous queries not more than 4 months, requests for press releases and annual reports 5 years, for orders 10 to 11 years based on article 958(f)(1) of the Swiss Code of Obligations.
The following processors help us to provide elements of our contact process:
Swisscom is hosting our website on servers in Switzerland. For more information, please see Swisscom`s privacy notice
Salesforce is hosting our customer relation management system (Salesforce) on servers in the US. For more information, please see Salesforce’s privacy notice. We rely on the Privacy Shield Framework (Link) to transfer information to Salesforce’s servers.

9 Serox GmbH
We use the Serox GmbH App for direct marketing purposes. After giving your consent (6(1)(a) of the GDPR) you have the possibility to participate in contests, contact us and order brochures.
To be able to provide you with these services and to send you relevant news we ask you for the following data and keep it for 1 year:
First name, last name, email address, phone number, product type, personal comment

11 YOUR RIGHTS AS AN INDIVIDUAL
Serox GmbH assures the following rights of yours related to the processing of personal data which are defined in the GDPR.
11.1. RIGHT OF ACCESS
You have the right to obtain a confirmation if personal data concerning you is processed, or not. If so, you can gain access to it. If we transfer personal data to a third country or to an international organization, you have the right to be informed of the appropriate safeguards that ensure your privacy (article 46 of the GDPR). Upon request, we provide you with a copy of the processed personal data, if this does not adversely affect the rights and freedoms of others.

11.2. RIGHT TO RECTIFICATION
You have the right that Serox GmbH rectifies inaccurate personal data concerning yourself, and to have incomplete personal data completed without undue delay.

11.3. RIGHT TO RESTRICTION OF PROCESSING
You have the right that Serox GmbH restricts the processing of your personal data, if you contest the accuracy of the personal data or if the processing is unlawful, and you oppose the erasure but request the restriction of their use instead. You can restrict processing of your data, if Serox GmbH no longer needs the personal data, but they are required by yourself for the establishment, exercise or defense of legal claims or if you have objected to processing (article 21(1) GDPR) and the case is pending.

11.4. RIGHT TO ERASURE
You have the right that Serox GmbH immediately deletes your personal data. This right does not apply if the data has to be processed for compliance with a legal obligation, for exercising the right of freedom of expression and information, for the establishment, exercise or defense of legal claims.

11.5. RIGHT TO NOTIFICATION
You have the right to obtain upon request a list of recipients to whom Serox GmbH has disclosed your data. Furthermore, Serox GmbH is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with article 16, article 17(1) and article 18 of the GDPR to each to these recipients, unless this proves impossible or involves disproportionate effort.

11.6. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data, which you have provided to Serox GmbH, in a structured, commonly used and machine-readable format. But only where the processing is based on consent pursuant article 6(1)(a), article 9(2)(a) of the GDPR, or on a contract pursuant article 6(1)(b) of the GDPR; and is carried out by automated means.

11.7. RIGHT TO OBJECT
You have the right to object, to processing of personal data concerning yourself based on article 6(1)(e), article 6(1)(f) or article 89(1) of the GDPR. If this right is not restricted by a compelling legitimate ground or by tasks carried out in the public interest
Where personal data are processed for direct marketing purposes including profiling, you have the right to object at any time to the processing. We then no longer process the personal data for such purposes.

11.8. RIGHT TO WITHDRAW CONSENT
You have the right to withdraw your consent to processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.9. RIGHT TO OBJECT AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
You have the right to object to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. This is restricted, if the decision is necessary for entering into, or performance of, a contract between you and Serox GmbH, if the decision is based on your explicit consent or if the Union or Member State law to which Serox GmbH is subject to authorizes the decision.

11.10. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

12 UPDATE TO PRIVACY STATEMENT
From time to time, Serox GmbH may revise this online Privacy Statement. Any such changes to this Privacy Statement will be promptly communicated on this page. Continued use of our sites after receiving notice of a change in our Privacy Statement indicates your consent to the use of newly submitted information in accordance with the amended Serox GmbH Privacy Statement. The effective date of this Privacy Statement is 2021.