This Privacy Statement informs you of our privacy practices and of the choices you can make about the way we collect and use information about you, including information that may be collected from your online activity. This Privacy Statement applies to all TOMRA companies as well as TOMRA-owned websites, domains, services, applications, and products.
In case of inconsistencies between any translations of the English version of this Privacy Statement, the English version will take precedence. To download the TOMRA Privacy statement, please click here.
WHAT DATA IS COLLECTED
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of TOMRA online platforms or during conversations or correspondence with TOMRA representatives.
The personal data we collect from you depends on the nature of your interaction with us or on the services you use, but may include the following:
Information you provide directly
Contact Data: We may collect personal and/or business contact data including your first name, last name, mailing address, telephone number, fax number, email address and other similar contact information.
- Payment Data: We collect data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.
- Account Data: We collect information such as how you purchased or signed up for TOMRA services, your transaction, billing and support history, the TOMRA products and/or services you use and anything else relating to the account you create.
- Location Data: We may collect geolocation data when you enable location-based services or when you choose to provide location-related information.
- Security Credentials Data: We collect user IDs, passwords, password hints, and similar security information required for authentication and access to TOMRA accounts.
- Demographic Data: We may collect, or obtain from third parties, certain demographic data including country, gender, age, preferred language, general educational and employment background, and general job interest data.
- Preferences: We collect information about your preferences and interests as they relate to our products, services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
- Social Media Data: We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites.
- Other Unique Identifying Information: Examples of other unique information that we may collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with company representatives, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of our services and to respond to your inquiries. You are not required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with our services, certain specialized features or be able to effectively respond to any queries you may have.
Information automatically collected about your use of TOMRA services
- Device Data: We collect information about your computer and/or browsing device such as operating system, region, language, time zone, model number, browser version, computer manufacturer, connection port, unique device identifiers, advertising identifiers and additional technical information that varies by product.
- Website Browsing Data: We collect information about your visits to and your activity on TOMRA websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior. Some of this information is collected using automatic data collection tools such as cookies.
- Anonymous or Aggregated Data: We may collect anonymous answers to surveys or anonymous and aggregated information about how TOMRA services are used.
Information from third-party sources
We may also acquire data from third-party sources that we deem to be credible and that are either publicly-available or available on a commercial basis. Such information may include personal data such as your name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media logins (e.g., logging in to our applications using your Facebook or other social media credentials). The basic details we receive may depend on your social network account privacy settings. In addition, if you purchase TOMRA services from a TOMRA partner, we may receive certain information about your purchase from that partner. If applicable, we may also receive information from fraud prevention agencies or from credit reporting agencies in connection with credit determinations.
We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, we may link or combine the information that we collect from the different sources outlined above. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by our automatic data collection tools to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.
HOW COLLECTED DATA IS USED
We collect and use personal data to manage your relationship with TOMRA and better serve you by personalizing your experience and interaction with us. TOMRA will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. TOMRA is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Examples of how we may use your data include:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services and features that may interest you. We also use your data to deliver a tailored experience, personalizing the content you receive and creating recommendations based your use of TOMRA services.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.
Product support & improvement
Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service.
Communicating with you about TOMRA services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, including recruiting, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.
SHARING OF DATA
We may pass your personal data on to third-party service providers contracted to TOMRA in the course of dealing with you if there is a legitimate purpose for doing so, however this will only occur if we have obtained your consent, or if we are otherwise legally required to do so. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with TOMRA’s procedures.
CHOOSING YOUR PRIVACY PREFERENCES
You have the option of subscribing to communications from us related to specific TOMRA services. You can also choose to receive general communications from TOMRA and you can select how those communications are delivered – e.g., via postal mail, email, telephone, fax, mobile device or online.
You can make or change your choices about receiving either subscription or general communications at the data collection point or by using other methods, which are described in the following sections. These options do not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
Subscription communications include email newsletters, notification of company disclosures, etc. that may be expressly requested by you or which you consented to receive.
To register for our newsletter, we use the so-called double-opt-in process. This means that after you register, we send an email to the email address you gave asking for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information is locked and automatically deleted after a month. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the process is to prove your registration and, if necessary, to investigate possible misuse of your personal information.
After you request such communications, you may opt out of receiving them by using one of the following methods:
Select the email’s “Opt out” or “Unsubscribe” link, or follow the instructions included in each email subscription communication.
- Return to the website(s) where you originally registered your preferences and follow the instructions to opt out.
- Contact our Data Protection Officer. Be sure to provide your name, contact information, and specific relevant information about the TOMRA subscriptions or marketing that you no longer wish to receive.
Integration of videos
We offer videos on our website that are integrated from one of two external third-party video platforms: TwentyThree and YouTube. No personal data is stored on the TwentyThree video platform, unless you specifically subscribe to the platform’s notification service. Videos that are hosted on YouTube are all integrated into the “extended data protection mode”, i.e. no data may be transmitted about you as a user of YouTube if you do not play the videos. It is only when you play the videos that data pertaining to your playing of the video is transmitted. We have no influence on this data transmission.
If you are logged into Google when you click on an YouTube video that is integrated on our website, data about your session can be directly associated with your account. If you do not wish YouTube to associate your data with your profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of their website. Such an evaluation takes place, in particular (even for users who are not logged in) to provide needs-based advertising and in order to inform other users in the social network about your activities on our website. You have the right to revoke the creation of these user profiles, although you must contact YouTube to exercise this right.
You can find more information about the purpose and scope of data collection and processing by YouTube in their data protection statement. You can also find further information there on your rights and configuration possibilities to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
Integration of Google Maps
We use the Google Maps service on this website. This enables us to display interactive maps directly on the website and to allow you convenient use of the map function.
When you visit the website, Google receives the information that you have called up the respective sub-page of our website. If you are logged into Google, your data is directly associated with your account. If you do not wish Google to associate your data with your profile, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of their website. Such an evaluation takes place, in particular (even for users who are not logged in) to provide needs-based advertising and in order to inform other users in the social network about your activities. You have the right to revoke the creation of these user profiles, although you must contact Google to exercise this right.
You can find more information about the purpose and scope of data collection and processing by the plug-in provider in their data protection statement. You can also find further information there on your rights in this regard and configuration possibilities to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
HOW TOMRA USES AUTOMATIC DATA COLLECTION TOOLS
Cookies are text files containing small amounts of information which are downloaded to your device, or more technically, to the browser that you use on that device, when you visit a site. The entity that places cookies on your browser can then read the information on that cookie that it set. Cookies are typically classified as either “session cookies” which do not stay on your device after you close your browser or “persistent cookies” which will usually remain on your device until you delete them or they expire.
Different cookies are used to perform different functions which we explain below.
Cookies that are essential
Some cookies are essential in order to enable you to move around our websites and use their features, such as accessing secure areas of the website. Without these cookies, we cannot enable appropriate content based on the type of device you are using.
Cookies to remember your selections
These cookies allow us to remember choices you make on our websites (such as your preferred language or the region you are in) and provide enhanced, more personalized features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
Cookies for personalizing your experience
Cookies for performance and analytics purposes
We use our own cookies and/or third-party cookies and other identifiers (such as Web Beacons) to see how you use our websites and services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies and web beacons may be used to: test different designs and to ensure that we maintain a consistent look and feel across our websites; track and provide trend analysis on how our users interact with our websites and communications; track errors and measure the effectiveness of our promotional campaigns. We use Google Analytics, run by Google Inc., for example, to track website usage and activity.
The data collected will generally be aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics. Our cookies or the resulting analysis may be also shared with our business partners. The type of information we collect includes how many visitors visit our websites, how many customers log in, when they visited, for how long and which areas of our websites and services but is generally not used to identify you individually. We may also receive similar information about visitors to our partner websites.
Cookies may also be used when you share information using a social media sharing button on the websites. The social network will record that you have done this. This information may be linked to targeting/advertising activities. The types of cookies used by these third parties and how they use the information generated by them will be governed by those companies’ privacy policies.
Other automatic data collection tools
We may use and permit select third parties to use web beacons (usually in combination with cookies) to compile information about your website usage and your interaction with email or other communications, to measure performance and to provide content and ads that are more relevant to you. A web beacon (also called a web bug or clear GIFs) is typically a transparent graphic image (usually 1 pixel x 1 pixel) that can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the date and time when you viewed the beacon, and the IP address of your device. For instance, we may include web beacons in our promotional email messages or newsletters to determine whether our messages have been opened or acted upon and whether our mailing tools are working correctly.
YOUR RIGHTS CONCERNING YOUR PERSONAL DATA
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to another organization.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that TOMRA refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by TOMRA, or how your complaint has been handled, you have the right to lodge a complaint directly with the competent supervisory authority and/or TOMRA’s Data Protection Officer at Dpo@tomra.com or +49 151 22659374.
Version Date: May 14, 2018