1. INTRODUCTION
We at Bauwerk Group (“Bauwerk Group”, “we” or “us”) are committed to protecting and respecting your privacy. This Privacy Policy describes your rights and how we collect and use personal data about our potential, current and former customers, suppliers, business partners, as well as job applicants and visitors of websites, and social networks.
Bauwerk Group owns these well- known brands in the wood flooring industry: Bauwerk, Boen and Somerset. This Privacy Policy applies to our brands globally with respect to the specifics of the activities of relevant companies (local regulation, specific of business operations, etc.).
When processing your personal data, we comply with applicable regulations of the countries in which we operate, the General Data Protection regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) which applies in Swiss jurisdiction (where our parent company is based). When your personal data is processed by our US companies, the regulation of US also applies to the relevant data processing operations.
This Privacy Policy is primarily intended for our websites and other digital platforms that we use to conduct our business operations and process the relevant categories of personal data. Therefore, the Privacy Policy doesn’t provide the definitive list of data processing operations that we carry out in our activities, since part of data processing operations are exclusively related to our internal environment (for example data processing operations related to our employment relationship; to communication within the Group and to others), where specific data processing rules set out in our internal regulation apply.
It should be emphasized that companies of Bauwerk Group may provide you with additional privacy notices related to the performance of specific operations, in which the content of personal data processing operations may differ from those described in this Privacy Policy. For example, we intend to invite you to participate in our new product launch survey, which cannot be completed without processing your personal data (name, surname, age, etc.). Consequently, for this purpose we’ll provide you with a separate data processing notice (depending on the situation, it could be a consent form, an information notice on data processing regarding this operation, etc.) by explaining the purpose, legal background for data processing, retention period, and other required information.
2. WHO IS THE CONTROLLER AND WHOM TO CONTACT IN CASE OF QUESTIONS?
Bauwerk Group Schweiz AG, Neudorfstrasse 49, 9430 St. Margrethen (Switzerland), is the main data controller that usually determines the purposes and means of processing personal data.
Other companies of Bauwerk Group may also receive and process your personal data, either in the capacity of a controller or processor (depending on the specific of the situation). These are usually cases in which respective data processing operations are exclusively related to the relevant company of Bauwerk Group, i.e., when the respective company independently determines purposes and means for data processing in regard of an operation characteristic to this company. For example, large-scale of video surveillance applies only to our company in Lithuania (UAB Bauwerk Group Lietuva), respectively this company is data controller that determines purposes and means for data processing in respect of this operation. Another example, the relevant company performs its own internal administration procedure (e.g. payroll system) and determines by itself the purposes and means for data processing in relation to this operation.
Please do not hesitate to reach out to us if you have any questions or comments regarding your personal data or this privacy policy.
You can reach us by sending an email to dataprotection@bauwerk-group.com
3. WHAT PERSONAL DATA DO WE PROCESS, HOW AND HOW LONG AND WHAT ARE OUR LEGAL GROUNDS FOR PROCESSING PERSONAL DATA?
We process your personal data for the following purposes and based on the following legal basis:
Personal data processed
Purpose |
Legal basis |
Term of processing | |
Our potential, current and former customers, suppliers, and business partners |
|||
To communicate with you |
Name, surname, position, represented legal person, address, email address, phone number, information contained within your communications with us, such as the contents of emails, messages provided via website’s contact form. |
Performance of our contract with you or your employer or for our legitimate interest in effective communication. | Up to 10 years from the last contact (further storage can take place in individual cases if this is legally stipulated). |
To market our products and services | Name, surname, address, email address, phone number will be used to send newsletters, emails with information about our products, services or events. | This processing is based on our legitimate interest in being able to market our products and services to our existing customers or the processing is based on your consent, as you have shown an interest in our products and services. |
If you are an existing customer, we will process your personal data until you let us know that you no longer want to get direct marketing from us and/or will unsubscribe from this.
For those who have issued us a consent for direct marketing – we will process personal data for 3 years (further storage can take place in individual cases if this is legally stipulated) unless you withdraw your consent. At the end of the 3-year period, we’ll remind you about the expiration of your consent.
If you no longer want direct marketing from us, please feel free to follow the unsubscribe instructions contained in the email received from us or contact us directly. |
To identify you, conclude and perform the contract |
If you are a sole trader natural person, we will process your name, surname, position, customer/supplier ID, address, email address, phone number, personal identification number or date of birth, bank and bank account details (including credit card details when requires), signature.
If you are not a sole trader and represent your employer but contact us in the role of representative of a company, we process your name, surname, email address, phone number, company name, position, workplace and sometimes information regarding your right to represent your company, customer/supplier ID signature. |
To conclude and perform contract with you or your employer. | 10 years (further storage can take place in individual cases if this is legally stipulated) |
To fulfil our legal obligations, e.g., related to bookkeeping |
If you are a sole trader, natural person, we will process your name, surname, position, customer ID, address, email address, phone number, personal identification number, bank and bank account details, signature.
If you are not a sole trader and represent your employer but contact us in the role of representative of a company, we process your name, surname, email address, phone number, company name, position, workplace, address and sometimes information regarding your right to represent your company, customer/supplier ID, signature. |
Legal obligations for bookkeeping, archiving of documents. | Up to 10 years (further storage can take place in individual cases if this is legally stipulated). |
To protect our legal rights and interests |
Examples of personal data processed for this purpose is your communication with us, invoices, and agreements (personal data are used in aforementioned sources, i.e. name, surname, email address, phone number, company name, position, workplace, address and other data provided by you). |
Legitimate interest to protect and enforce our legal rights and interests, e.g. in connection with legal claims, compliance, regulatory and audit functions. | 10 years (further storage can take place in individual cases if this is legally stipulated). |
In connection with a merger or acquisition | In connection with, due to strategical or business-oriented reasons, a potential merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, the personal data we retain about you (name, surname, email address, phone number, company name, position, workplace, address) may be processed, shared, or transferred, to parties involved in the process. | Legitimate interest in being able to develop our business. | Up to 10 years (Further storage can take place in individual cases if this is legally stipulated). |
In connection with app “My room” |
Images of your room you upload to our app from which we may have a theoretical possibility to identify you. |
Consent |
30 days
After 30 days of non-usage, the images are typically deleted. It is possible that we store individual images for a limited amount of time in order to train and improve our recognition algorithm. Thus, if you do not agree to this, please delete your uploaded pictures in our application immediately after usage or contact us for assistance. |
In connection with app “Roomvo” |
Their online activity, including the functions, features, and resources that are used, the dates and times of usage, details about how Consumer's access Roomvo such as IP address, operating system, and browser version. Products that you share or identify as favorites, images and names of rooms, email addresses with whom you share your rooms. |
Consent |
Up to 45 days Any other personal information is kept in anonymized form for statistical purposes and will no longer refer to you. |
We would like to point out that this is not the exhaustive list of data processing operations that we carry out in the course of our business, and you will be informed about the specific operation related to your personal data processing as required by the applicable regulation. Furthermore, as it has been already mentioned, the relevant data processing operations carried out in the companies of Bauwerk Group may differ (depending on the specifics of the company’s activities) in purpose, content, nature, retention period, etc., therefore if you fall within the scope of these operations, you will be notified by additional notice (if required according to the regulation).
4. FROM WHERE DO WE RECEIVE DATA?
Most of the personal data we process about you is received from you directly. You may directly or indirectly give us information about yourself in different ways, for example when you visit our showrooms or fill in forms on our websites. You can always choose not to provide us with certain information. However, some personal data is necessary for us to provide you with our products and/or services. Not providing such personal data may prevent us from providing the products and/or performing the services you expect from us.
We may also obtain personal data about you from your employer, the website of your employer or other external public sources.
5. TO WHOM DO WE DISCLOSE DATA, AND DO WE TRANSFER DATA OUTSIDE THE EU OR EEA?
Your personal information is shared with:
Our employees and business partners |
Your personal data will be shared with some of our employees (including employees across Bauwerk Group where necessary) and business partners. However, we will restrict access to those employees and business partners who need it to perform their jobs. Our employees and business partners are subject to strict confidentiality.
|
Our service providers |
We transfer to or share your personal data with our suppliers who help us to provide our products and/or service to you, which require them to process personal data (e.g., IT service providers, cloud service providers, couriers, insurance, credit agencies etc.).
|
Public authorities |
Sometimes legal obligations may require us to share information about you, e.g., to respond to lawful requests from law enforcement agencies, regulatory agencies, and other public and government authorities. We may also disclose information if needed in connection with a legal process, e.g., to enforce our agreements or to protect our rights, you or others.
|
Parties involved in mergers and acquisitions |
We may share or transfer your personal data in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, to the counter party and advisors involved in the process.
|
Bauwerk group companies have offices, facilities, and a distribution network all over the world. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission and the use of binding corporate rules.
The hosting facilities for our websites are situated in Switzerland, Germany, and Norway. The European Commission has made an "adequacy decision" with respect to the data protection laws of this country.
Here is a list of some of our service providers:
Google Analytics |
Google LLC (Wordwide) |
We have integrated Google Universal Analytics (UA) and Google Analtytics 4 (GA4) on our website.
|
https://policies.google.com/privacy?hl=en |
Google Ads |
Google LLC (Wordwide) |
We run advertisements on the Google search network. For this purpose, we use the "Google Ads" service and have connected it with our Google Analytics instances (conversion tracking). |
https://policies.google.com/privacy?hl=en |
Google Tag Manager |
Google LLC (Wordwide)
|
We use Google Tag Manager to embed various code snippets on our website. |
https://policies.google.com/privacy?hl=en |
YouTube |
Google LLC (Wordwide) |
We use the video platform "YouTube" to embed videos on our website. |
https://policies.google.com/privacy?hl=en |
Facebook & Facebook Pixel |
Meta Platforms Inc. (Worldwide)
|
We use the "Facebook Pixel" on our website. For this purpose, we have implemented a JavaScript code snippet on our website. |
|
|
Meta Platforms Inc. (Worldwide)
|
We use the social network "Instagram" to inform users about our products and activities. |
https://help.instagram.com/519522125107875
|
|
LinkedIn Corporation (Worldwide)
|
We use the social network "LinkedIn" to inform users about our products and activities. |
https://www.linkedin.com/legal/privacy-policy |
|
Pinterest Inc. (Worldwide) |
We use the social network "Pinterest" to inform users about our products and activities. |
https://policy.pinterest.com/en/privacy-policy |
Mailchimp |
The Rocket Science Group, LLC |
We use Mailchimp from The Rocket Science Group, LLC, to send our newsletters.
|
https://www.intuit.com/privacy/statement/#3._Privacy_for_Contacts |
Customer Relationship Management (CRM) |
Salesforce, Inc. (Worldwide) |
Cloud-based enterprise platform used as CRM tool for Bauwerk Group in the following markets (countries): US, UK, IT, LT, DE, AT, LT, CH, FR. |
|
Content Management System (CMS) |
Umbraco US office: |
We use the open-source content application platform "Umbraco" as our content management system. Basically, anyone can participate in further development (open source). Within the project, the Umbraco team takes care of the further development. For the development of the service Github is used. We do not transmit any data to Github or the Umbraco team. |
https://umbraco.com/trust-center/privacy-and-umbraco/privacy-statement/#:~:text=All%20our%20suppliers%20are%20GDPR,We%20don't%20share%20data. |
Web agency |
Netlab AS Kartheia 5 4626 Kristiansan |
"Netlab" is our web agency and responsible for maintaining, observing and the technical development of our branded website. |
https://netlab.no/personvern |
Matterport |
Matterport, Inc
352 E Java Dr, Sunnyvale, CA 94089, United States |
We have a virtual showroom, where Materport collects users' engagement data on the tool. |
https://matterport.com/de/privacy-policy |
Issuu |
Issuu Inc
131 Lytton Ave Palo Alto, CA 94301, United States |
Issuu.com is a digital publishing platform that allows creators to share, discover, and monetize digital magazines, catalogs, and other publications with a global audience. Issuu.com provide engagement data of users. |
https://issuu.com/legal/privacy |
VEEUZE |
VEEUZE GMBH
Warmbuchenstr. 17, Hannover, Germany |
InteriorStudio tool allow to present Boen products in a natural room environment. Web users can upload their room pictures, and we can see the main analytical data which floor, color they selected. |
https://veeuze.com/en/privacy-policy/ |
Crazy Egg |
Crazy Egg, Inc.
Headquarters 16220 E Ridgeview Ln, La Mirada, California, 90638, United States |
Crazy Egg is an online analytics application that provides heatmaps based on where people clicked on our website, record sessions of users, allow publish surveys on website. |
https://www.crazyegg.com/privacy
|
Web Hosting |
Netlab AS (through Azure)
Kartheia 5 4626 Kristiansan
|
"Netlab" is our web agency and responsible for maintaining, observing and the technical development of our branded website. Webpage is being hosted on their Azure tenant |
https://azure.microsoft.com/en-us/explore/trusted-cloud/privacy#:~:text=You%20control%20your%20data&text=We%20do%20not%20share%20your,the%20services%20you%20have%20chosen. |
We maintain online presences on the following social networks: LinkedIn, Xing, Twitter, Instagram, Facebook, YouTube, Pinterest. When you visit these platforms, their privacy policies apply. For information about social networking privacy policies and practices, please visit the following links:
- https://www.linkedin.com/legal/privacy-policy
- https://privacy.xing.com/
- https://twitter.com/privacy
- https://www.facebook.com/policy.php
- https://help.instagram.com/519522125107875
- https://policies.google.com/privacy
- https://policy.pinterest.com/en/privacy-policy
5. HOW DO WE USE COOKIES ON OUR WEBSITE?
This website uses cookies. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use cookies for the following purposes:
Mandatory cookies are used to support the navigation. Without these cookies, the website cannot be operated. These cookies do not collect any personal information that can be used for marketing purposes or to track your access to different websites. We use them to:
- increase the page speed of our website
- remember your cookie settings
- save your basket
- process online payments
- protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
Functional cookies are used to provide website services and to remember your preferences. We use them to:
- remember settings you have applied such as layout, language, or cookie preferences.
- send information to third parties to enable services on our website (such as playing videos, registering, or displaying maps). The shared information is solely used for providing the requested service and is never used for any other purpose.
Performance cookies (Audience Measurement) are used to collect information about your website usage. All data is stored anonymously. We use them to:
- provide statistics on how our website is used
- see how effective our adverts are
- detect any errors that may occur
- test different designs of our website
Targeting/Marketing/Personalization cookies are linked to services provided by third parties, such as 'Like' buttons and 'Share' buttons. We use them to
- link to social networks like Facebook, which may subsequently use information about your visit to target advertising to you on other websites.
- provide advertising agencies with information on your visit so that they can present you with adverts that you may be interested in
- measure the performance of our advertising campaigns.
We use the fallowing cookies on our Boen.com:
Cookie |
Provider |
Description |
Duration |
Type |
ai_session |
Boen.com |
Preserves users' states across page requests.
|
1 day |
Performance cookies |
cetabid |
script.crazyegg.com |
Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.
|
Session |
Performance cookies |
_ga |
Boen.com esignserver2.com boen.esignserver2.com |
Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
2 years |
Performance cookies |
_ga_# |
Boen.com boen.esignserver2.com |
Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. |
2 years |
Performance cookies |
_ce.clock_event _ce.clock_data |
Boen.com |
Collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner. |
1 day |
Performance cookies |
NID |
Google.com |
The NID cookie is a Google cookie that stores user preferences and information such as language, location, and search settings. It is used to personalize ads and improve user experience on Google services. As a web developer, it is important to inform users about the use of this cookie and provide them with the option to opt-out if necessary. |
6 months |
Functional |
ads/ga-audiences |
Boen.com |
Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
|
Session |
Marketing |
_gid |
Boen.com |
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
|
1 day |
Performance |
_dc_gtm_UA-# |
Boen.com |
Used by Google Tag Manager to control the loading of a Google Analytics script tag.
|
1 day |
Performance |
collect |
google-analytics.com |
Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.
|
Session |
Performance |
AEC |
Google.com |
This cookie is set by the provider Google. It ensures that requests within a browsing session are made by the user, and not by other sites.
|
3 months |
Functional |
_fbp |
Boen.com boen.esignserver2.com esignserver2.com |
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
|
3 months |
Marketing |
Cebs |
Boen.com |
Tracks the individual sessions on the website, allowing the website to compile statistical data from multiple visits. This data can also be used to create leads for marketing purposes.
|
Session |
Performance |
_gid |
Boen.com |
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
|
1 day |
Performance cookies |
ai_user |
Boen.com |
Detects how many people used the app and its features. Users are counted using anonymous IDs.
|
1 year |
Performance cookies |
boen-locale |
Boen.com |
The "boen-locale" cookie is used by the Boen framework to store the user's selected language preference. This cookie enables the framework to display content in the user's preferred language across multiple pages or visits to the website.
|
Session |
Mandatory |
.AspNetCore.Antiforgery.# |
Boen.com |
Helps prevent Cross-Site Request Forgery (CSRF) attacks.
|
Session |
Mandatory
|
AI_sentBuffer |
js.monitor.azure.com |
Used in context with the AI_buffer in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.
|
Session
|
Mandatory
|
AI_buffer |
js.monitor.azure.com |
Used in context with the AI_sentBuffer in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates. |
Session
|
Mandatory
|
visitor_id#-hash |
campaign.boen.com pardot.com boen.com |
Used to encrypt and contain visitor data. This is necessary for the security of the user data. |
10 years |
Mandatory
|
visitor_id# |
campaign.boen.com pardot.com |
Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes. |
400 days |
Marketing |
pardot |
campaign.boen.com |
Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes. |
Session |
Marketing |
7. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
You have the following rights:
Right to access your data
|
You have the right to request a transcript of personal data processed by us, and additional information on how the data has been collected, processed, shared, etc. The first transcript may be requested free of charge, however if you make repeated and unreasonable requests, we might charge you an administrative fee.
|
Right to rectification
|
You have the right to correct inaccurate or incomplete information about yourself.
|
Right to erasure (‘right to be forgotten’)
|
You have the right to request that we delete personal data about you, e.g., if the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if there is no legal basis for processing the data.
|
Right to object
|
You have the right to object to processing based on legitimate interest. This means that we may no longer process personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests. You can always contact us for more information on the balance test that has been done. You may also object to your personal data being processed for direct marketing purposes.
|
Right to transfer your data
|
You have the right to transfer your personal data to another controller under certain conditions.
|
Right to restriction
|
You are entitled to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you has been handled.
|
Right to withdraw your consent
|
You may at any time withdraw any consent you have given us. However, please note that it will not affect any processing that has already taken place.
|
Right to complain
|
You have the right to lodge a complaint to the Supervisory Authority in the country you live or work in, if you believe that we have not complied with our obligations regarding your personal data.
|
8. HOW DO WE PROTECT PERSONAL DATA?
To protect personal data, we apply the following organizational and technical data security measures:
- We apply access control measures.
- We ensure proper management of hardware and software we use.
- We track personal data security breaches and security incidents.
- We train our staff in training on personal data protection and cybersecurity threats.
- We ensure the protection of the workplace.
- We ensure security of network and communication.
- We take care of backups.
- We take care of the protection of mobile devices.
- We maintain the procedure for proper destruction and deletion of data.
- We also take care of physical security.
9. CHANGES IN PERSONAL DATA PROCESSING RELATED TO THE NEW SWISS FEDERAL ACT ON DATA PROTECTION (FADP)
Since before the entry into force of FADP (Swiss Federal Act on Data Protection), we processed your personal data in accordance with a provision of GDPR, that are very similar in terms of data subjects’ rights, legal basis for data processing and other requirements related to data processing, therefore the changes in FADP does not change our Privacy policy in essence. If in the course of processing, we face the situation where FADP requires substantially different way of data processing we’ll update our Privacy policy accordingly, for example, we’ll inform you and ask for your consent in case we process sensitive data relating to religious, ideological, political or trade union-related views or activities; health, one's intimate life or racial origin; social security measures; administrative or criminal proceedings and sanctions.
10. CHANGES IN THIS PRIVACY POLICY
In the light of continuous development of our business processes (digitalization and other areas) it‘s inevitably that data processing operations will be the subject to change from time to time, accordingly our privacy policy will be changed. Should we make amendments to this privacy policy, we will place the amended policy on our websites, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy policy from time to time to ensure you are aware of any amendments made.
Updated: 2023-09-01