DATA PROTECTION POLICY
We appreciate your interest in our website and the offers on our web pages.
The protection of your personal data (hereinafter "data") is a very important concern to us. Following, we would therefore like to inform you in detail about the type of data collected when visiting our website and taking advantage of our online offers and how we subsequently process or use this data. We would also like to inform you about the accompanying technical and organizational protections we have taken.
A. General Information
Joint controllers are Weber-Stephen Products UK Ltd. 10th Floor Metro Building 1 Butterwick, London W6 8DL (United Kingdom), Weber-Stephen Products (EMEA) GmbH, Franklinstr. 28/29, 10587 Berlin (Germany) and Weber-Stephen Products LLC, 200 E, Daniels Road, Palatine, IL60, Illinois (USA), Article 4 N° 7, Article 26 GDPR. The aforementioned controllers shall jointly determine the purpose and means of processing as described below. When we hereinafter use the name "Weber", this refers to the joint controllers collectively, unless one or more entities are expressly mentioned. All data transmission to the United States of America within the Weber-Stephen Group is based on the EU Standard Contractual Clauses. In particular, the respective controllers perform the functions listed as follows.
Weber-Stephen Products LLC is responsible for the acquisition and administration of software and services for data processing for the whole company group and thus handles the conclusion and administration of service contracts (including Data Processing Agreements) with any third party service providers unless the services are only used in Europe in which case Weber-Stephen Products (EMEA) GmbH shall be responsible. The Weber-Stephen Products LLC usually has administrative access to the administered software in use within the group.
The responsibility for the technical operation of this website, corresponding IT-infrastructure and for the administration of Weber-ID accounts lies with Weber-Stephen Products LLC and Weber-Stephen Products (EMEA) GmbH. Weber-Stephen Products UK Ltd., Weber-Stephen Products LLC and Weber-Stephen Products (EMEA) GmbH have access to all analysis data and log files collected on the Website and will jointly decide on marketing measures and improvement of Weber-Stephen´s offers.
The technical and commercial handling as well as the operation of the shop and booking system for the Weber Grill Academy on this website are the responsibility of Weber-Stephen Products UK Ltd.. This includes handling of payments, returns and other order related processing of data.
Weber-Stephen Products (EMEA) GmbH is responsible for operating of the rating system on weber.com in Europe. Both Weber-Stephen Products LLC and Weber-Stephen Products UK Ltd. have access to this data.
Weber-Stephen Products UK Ltd. and Weber-Stephen Products (EMEA) GmbH are jointly responsible for the fulfilment of information obligations according to Article 13 GDPR on the website and in connection with personal data obtained there. Additionally, Weber-Stephen Products (EMEA) GmbH and Weber-Stephen Products LLC are responsible for the implementation of general data protection principles in accordance with Article 5 GDPR, as well as data security in accordance with Article 32 GDPR to safeguard your data.
For the assertion of claims in accordance with the GDPR, please contact the data protection officer of Weber-Stephen Products (EMEA) GmbH at email@example.com. However, you can of course also assert your rights against the individual joint controllers via the "Contact" section.
Weber-Stephen Products LLC, Weber-Stephen Products UK Ltd. and Weber-Stephen Products (EMEA) GmbH are jointly responsible for processing general inquiries about Weber products and services and jointly with Weber-Stephen Products LLC as warrantor for inquiries related to the Weber Warranty. Weber-Stephen Products UK Ltd. and Weber-Stephen Products (EMEA) GmbH are jointly responsible for the processing of inquiries in connection with statutory warranty claims if the product under complaint was purchased at weber.com.
The Weber-Stephen Products UK Ltd. is responsible for all other obligations under the GDPR.
2. Contact details Data Protection Officer
If you have any questions or comments about processing of your data, or if you have been invited to contact us in this policy, please contact the Privacy Officer of the Weber-Stephen Products (EMEA) GmbH and Weber-Stephen Deutschland GmbH, handling European data protection requests at firstname.lastname@example.org. The Data Protection Officer at this e-mail address will then forward all inquiries to the relevant office, if necessary. When contacting us by mail, please address inquiries to the attention of the Data Protection Officer. Otherwise, please refer to our information in [https://www.weber.com/GB/en/meta/legal-notice/nav41.html].
Because we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post. You will receive the postal address by e-mail upon request.
3. Legal Bases of Processing
We process your personal data in accordance with the statutory provisions only if a legal basis permits this.
- If we obtain consent of the data subject for processing personal data, the legal basis is Article 6 (1) (a), Article 7 GDPR.
- When processing personal data, necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing procedures that are necessary to carry out pre-contractual arrangements.
- If the processing of personal data is required to fulfill a legal obligation governing our company, Article 6 (1) (c) GDPR serves as the legal basis.
- If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, then Article 6 (1) (f) GDPR serves as the legal basis for processing.
This online offer is not meant for children under 16 years of age.
5. Retention Periods
3. Your Rights
You may have the following rights in regard to the data controller in accordance with legal requirements:
- Right of access by the data subject (Article 15 GDPR);
- Right to rectification and erasure (Article 16 and Article 17 GDPR);
- Right to restriction of processing (Article 18 GDPR);
- Right to data portability (Article 20 GDPR);
- Right to object (Article 21 GDPR).
If the processing is based on our legitimate interests or those of third parties, you also have a right to object, Article 21 GDPR.
For the assertion of claims in accordance with the GDPR, please contact the data protection officer of Weber-Stephen Products (EMEA) GmbH at email@example.com. However, you can of course also assert your rights against the individual joint controllers via the "Contact" section.
You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by the data controller.
4. Links to Third-Party Websites
B. Collection and Processing of Personal Data
In the following we would like to inform you about how Weber processes your personal data when you visit this website and when you make a purchase in our store. Please note that under C we provide separate information on processing in connection with the generation of statistics, cross-platform advertising, tracking, retargeting and the use of plug-ins offered by Weber's partners.
1. Provision of weber.com for Informational Use (log files)
For the informational use of our website you generally do not need to actively provide personal data. Each time you use the internet, your browser is transmitting certain information which we store in so-called log files, such as:
Date and time of retrieval of one of our web pages;
- your browser type;
- the browser settings;
- the operating system used;
- the last page you visited;
- the transmitted amount of data and the access status (file transmission, file not found etc.);
- your IP address.
We collect and use this data exclusively in non-identifiable form when using our website for information purposes. This is done to enable the use of the web pages you have retrieved and to improve our website. We will only store your IP address for the duration of your visit, in order to retrieve and use the web page for information purposes. A further analysis is only performed according to the following provisions based on your consent.
Processing of the above mentioned data is absolutely necessary for web page performance in accordance with Article 6 (1) (f) GDPR in order to display our web page correctly and to guarantee stability and security.
Weber-Stephen Products LLC has access to data from the data processing procedures described in this section.
To operate this website, we use a hosting provider to process meta and communication data of our website users, on our behalf and based on our legitimate interests in an efficient and secure provision of this website pursuant to Article 6 (1) (f), Article 28 GDPR.
On our web page you can create a Weber-ID. The Weber-ID features a central customer account where all your data is collected in one place in order to constantly improve your experience of the Weber world and to tailor it to your specific interests. This will give you access to exclusive contents of the website (recipes, tips and tricks, etc.), you can register your grill/grills, receive all important information (warranty periods, operating instructions, etc.) and have central access to all data and services Weber-Stephen has on offer for you. You can also easily log into our shop at any time to check your order status or place additional orders without having to register again. A Weber-ID will also allow you to use features such as notepad and wish list. If you also use a Weber App (Weber App, Weber Connect or Weber iGrill) you can connect the data stored for this device with your Weber-ID and have all information accessible in one place.
In addition, the Weber-ID is used to provide registered users with a personalized and customized web page experience. Accordingly, the user behavior of registered users is collected and analyzed based on tracking and analysis tools as described in section C of this policy. Based on the information we have on a Weber-ID user, in particular regarding their interests we put customers into segments to provide only marketing content to users that fits their specific interests and analyze our customer group (see below for details) The following additional data is collected, stored and analyzed:
- E-mail address*;
- First and last name*;
- Date of birth;
- Household size;
- Household type;
- Number of children;
- Registered grills;
- Orders placed;
- Additional data when placing an order:
Telephone number **, delivery address ***, billing address ***, payment details ***
* Information must be provided when registering the Weber-ID
** Only mandatory if goods are to be delivered by a forwarding agent or if a Grill Academy booking is made.
*** Only mandatory if an order is to be placed under the Weber-ID
The analysis of your data and the use of our systems is necessary to enable us to provide you with a personalized and tailored digital experience. Therefore, your data will be processed within the Weber-ID framework on basis of Article 6 (1) (b) GDPR enabling us to provide you with the Weber-ID service. Weber-Stephen Products LLC and Weber-Stephen Products (EMEA) GmbH will have access to data from data processing procedures described in this section.
You can register your Weber-ID on our website by entering the above data and choosing a password. With registration you can use your Weber-ID immediately. Once you have registered a Weber-ID, an e-mail will be sent to the e-mail address you provided, in which you will find a link to set up and configure your Weber-ID. The information you provide when setting up your Weber-ID is optional. In addition, we are entitled to retain your IP addresses and registration date to be able to prove your registration and to clarify any possible misuse of your personal data. The legal basis for this is Article 6 (1) (c) & (f) GDPR. If you wish to delete your Weber-ID or change the e-mail address you used for registration, please contact us at firstname.lastname@example.org. Please use the e-mail address you have used during registration to contact us, if possible as this makes it easier for us to identify you.
If you register a Weber ID, your data will be processed on our behalf at the processor Salesforce Commerce Cloud, Salesforce Tower 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. When registering your grill, data will be processed on our behalf at the processor Mize Inc., 12802 Tampa Oaks Blvd, Suite #320, Temple Terrace, FL 33637, USA.
As technical administrator Weber-Stephen Products LLC has access to data from the data processing procedures described in this section.
3. Shopping at Weber-Stephen, Grill Academy
We will only collect personal data if it is voluntarily provided to us during the ordering process or when registering a Weber-ID. After contract completion, your data will be blocked and deleted after expiration of legal, particularly tax and commercial law regulations, unless you have explicitly consented to further use of data or a further processing is lawful and legitimate.
If you would like to purchase something in our shop, you will need to specify your data required for processing of your order which is necessary for the conclusion and implementation of the contract. Required information for contract processing are marked separately, further information is optional. For processing the address details are disclosed to the assigned forwarding agent or shipping company. We will provide the shipping company with your telephone number for the purpose of arranging a delivery date. In addition, we transmit your e-mail address so that the shipping company can inform you about the status of the delivery. We use PVS DVG Vertriebsgesellschaft GmbH Birkenmaarstr. 8, 53340 Meckenheim for structured processing and transmission of delivery data. When you shop in our store, your information is processed on our behalf at our processor Salesforce Commerce Cloud, Salesforce Tower 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. The legal basis for contract processing is Article 6 (1) (b) GDPR.
The following data will be processed:
- Name, delivery address, billing address, payment details, e-mail address;
- Telephone number, in the case of delivery by a forwarding agent;
a) Guest Order
For order processing we will process the data provided by you. For this purpose we may disclose your payment details to our house bank or other payment service providers. The legal basis for this is Article 6 (1) (b) GDPR. With the exception of the data to be stored due to statutory retention obligations, we will not store any data about you. In addition, we use SAP from our processor SAP America, Inc., 3999 West Chester Pike, Newton Square, PA 19073, USA for the purpose of supply chain management in order to, for example, make incoming and outgoing goods processing as effective as possible in the context of your order and to better coordinate goods movements, whereby this resembles our legitimate interest in optimizing the goods processing. The legal basis for our legitimate interest is Article 6 (1) (f) GDPR.
b) Order via Weber-ID
c) Order via Customer Support
In countries where Weber offers repair services you can contact our customer support by phone, e-mail, contact form or social media channels to order spare parts or to request a repair. If it is not covered by the Weber warranty or statutory warranty, we will process payment and invoice data. For fulfillment and payment, you must provide us with your billing address, e-mail address and, if delivery is required, a telephone number and your delivery address. We will transfer your contact data (telephone number and/or e-mail address for the purpose of arranging delivery dates) and your delivery address to a shipping company.
The legal basis is Article 6 (1) (b) GDPR. With the exception of the data to be stored due to statutory retention obligations, we will not store any data about you.
d) Grill Academy Registration
Booking information on Weber Grill Academies will be disclosed to authorize Weber Grill Academy providers for contract processing. For registration at the Grill Academies we use the plugin bookingkit from bookingkit GmbH, Sonnenallee 223, 12059 Berlin, Germany. If one of our pages with bookingkit functions is accessed, a connection to bookingkit servers is established. Further information on the bookingkit data protection can be found at https://bookingkit.net/de/datenschutzerklaerung/. The legal basis for this is Article 6 (1) (b), Article 28 GDPR.
e) Product Ratings
You have the possibility to rate our products. You may rate products after the purchase at weber.com or when visiting our website or in your Weber-ID.
After purchasing a product from Weber, we will send you an e-mail to the e-mail address you entered in your order based on our legitimate interest in direct marketing according to Article 6 (1) (f) GDPR. In that e-mail you can immediately rate your purchase. You can object to this use of your personal data at any time.
If you wish to submit a rating either after a purchase or while on weber.com, we will collect the data that you have entered into the rating mask and transferred to us. Your review and the first name and the first letter of the last name you have entered into the form will be published on our website or any subpages of Weber´s global entities as a review related to the product. Your e-mail address will not be published with the rating.
For the rating system we use the service provider Yotpo ltd. 33 West 19th Street New York, NY 10011 United States, which acts for us as processor in accordance with Article 28 GDPR. You can find further information at https://www.yotpo.com/privacy-policy/.
When submitting a rating you accept and consent into the above described processing of your personal data. You can withdraw your consent at any time by e-mail to email@example.com. If you send us an e-mail, please let us know what your withdrawal should refer to so that we can assign your request. The legal basis for the processing is Article 6 (1) (a), Article 7 GDPR.
f) Restock Alert
If products in our shop are sold out, we offer you a notification service. As soon as the desired product is back in stock and deliverable, you will receive a notification by e-mail.
In order to provide this service, it is necessary to process your e-mail address in connection with the desired product. The processing is performed by the processor Salesforce in a data center in Frankfurt am Main (Germany). The legal basis is your consent, Article 6 (1) (a), Article 7 GDPR. You give your consent by clicking on a confirmation link which is sent to you by e-mail. You can withdraw your consent at any time by sending an e-mail to firstname.lastname@example.org so that you will not receive any further e-mails. Please indicate which service you wish to unsubscribe from.
Your data will be automatically deleted from our database when the product is back in stock and you have been notified.
We use various payment methods from third party payment providers. If you choose one of these payment methods, your payment data will be forwarded to the respective payment service provider for payment processing. These third party providers process your personal data as an independent controller according to their privacy terms. The transfer is based on the fulfilment of the contract in accordance with Article 6 (1) (b) GDPR and on our legitimate interests in secure payment processing and fraud prevention in accordance with Article 6 (1) (f) GDPR.
If you pay by “Klarna”, your data will be processed by Klarna Bank AB (publ) Sveavägen 46, 111 34 Stockholm, Sweden. The following personal data will be processed by Klarna Bank AB as a controller: Entered payment data, first and last name, address, telephone number(s), e-mail address, IP address and if necessary, further data required for payment processing.
When selecting the payment methods purchase on account and instalment purchase, in particular the following personal data is processed by Klarna as a controller for the purpose of payment processing and in this context for identity and credit checks:
· Contact and identification information: name, date of birth, national identification number, title, billing and delivery address, e-mail address, mobile phone number; nationality, salary, etc.
· payment information: debit and credit card data (card number, expiry date and the CVV check digit), account number, etc.
· Information about the processing of the order, such as product type, product number, price, etc.;
· In the event that the payment method "purchase on account" or "instalment purchase" is selected, Klarna collects and uses personal data and information about the user's previous payment history as well as probability values for the user's payment history in the future (so-called scoring) in order to decide whether the payment method can be offered to the user. The scoring is calculated on the basis of scientifically recognised mathematical-statistical methods.
Further information and details on payment by instant bank transfer can be found here and on Klarna's website at https://www.klarna.com/international/privacy-policy/.
We use Ingenico when you pay by credit card. Ingenico as Data Processor acts as a technical intermediary between Weber, the customers of Weber, the financial institutions and any other party to which the data needs to be sent in order to process the payment for the processing, settlement and management of card-not-present-payments in a secure environment. This includes the data: First name and last name, Address, Telephone number, E-Mail Address, Payment method, Bank card details, Customer number, Consumption data (type of goods purchased, frequency of purchases of goods, purchasing value, date of purchase, use of vouchers), Data on the likelihood of fraud/prevention. Further information can be found at https://www.ingenico.com/privacy-policy.
h) Order Tracking
We offer you the possibility on our website and via Weber ID to track the shipment of the products you have ordered and to view the estimated time of delivery. To enable you to track the shipment, we process your e-mail address, order number and the postcode of the invoice recipient. After entering the aforementioned data for the purpose of identity verification, you will receive the current status of the shipment as well as further information about your order (e.g. date of the order, status of the order, name of the order, delivery and billing address, delivery and payment method, list of ordered products, shipping service provider, shipment number, shipment history). Furthermore, we offer you the option of live tracking within the scope of shipment tracking after calling up the shipment status. Live tracking allows you to follow the delivery live on a map. We use parcelLab GmbH, Kapellenweg 6, 81371 Munich, Germany as a processor to provide you with the aforementioned functions. The legal basis for the processing is our legitimate interest in the most customer-friendly handling and presentation of the ordering and shipping process possible in accordance with Article 6 (1) (f) DS-GVO.
We use the Google Maps service to display the map for tracking shipments. For more information on the use of Google Maps, please see section C, No. 3, letter a).
4. Newsletter, Use of Data for Promotional Use
We use your personal data to send you our newsletters and to inform you about Weber news, new products and events tailored to your interests. This includes information on current or future range of products (e.g. grills, attachments, accessories, consumables, lifestyle) as well as functions and events with participation of Weber-Stephen (e.g. Grill Academy, seminars, trade fairs, one-off functions). To get to know you better within the scope of our newsletter we might also send you surveys with questions on your interests and preferences, for example, regarding their way of grilling (for many people, preferably with briquettes, etc.). When answering to the surveys you consent into us analyzing and processing your data for future marketing campaigns and to improve our newsletter and marketing strategy. To send you the newsletter, we need your e-mail address. In case you also provide us with your date of birth when subscribing to the newsletter, we might send you a special marketing e-mail to your birthday.
Additionally, we analyze the user’s interaction with our newsletters with tracking tools, see below for more details. The legal basis for the processing is your consent according to Article 6 (1) a GDPR. After registration of your e-mail address, you will receive an e-mail from us asking you to confirm that you wish to receive the newsletter by clicking a link. If the confirmation by hyperlink is not given within a period of 3 days, your information will be blocked and deleted after a month. We are also entitled to keep your IP addresses, and times of registration and confirmation times to verify your registration and to appropriately clarify any possible misuse of your personal data. The legal basis for this is Article 6 (1) (a) & (c), Article 7 GDPR.
Your data will be stored in an electronic newsletter system for the duration of your subscription. For this purpose and for sending the newsletter, we use the processor Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin, Germany, which processes data on our instructions.
Since we base our processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. If you do so, we will immediately remove you from our newsletter distribution list to comply with your request. You can withdraw your consent at any time by sending an e-mail to privacy.emea@Weberstephen.com, by following the instructions at the end of a promotional/newsletter e-mail or, when you have a Weber ID, by saving the setting “Unsubscribe from emails” your account settings. If you send us an e-mail, please let us know what your withdrawal should refer to so that we can assign your request.
b) Direct Marketing
We have a legitimate interest (direct advertising, recital 47 GDPR) within the meaning of Article 6 (1) (f) GDPR in advertising customers (persons with whom we have had a business relationship) by e-mail or post. In particular, we may send you news from Weber, information on events and invitations to review our products. Based on this, we send our e-mails to our customers after a purchase asking whether they want to subscribe to our newsletter. For details on the newsletter, please refer to section 4 a).
For this purpose and for sending the newsletter, we use the processor Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin, Germany, which processes data on our instructions. We also use Yotpo (Yotpo ltd. 33 West 19th Street New York, NY 10011 United States) when sending invitations to evaluate our products. You can find further information at https://www.yotpo.com/privacy-policy/.
To send you advertising by post, we use a post service partner.
You can object to the sending of advertising at any time by sending an e-mail to privacy.emea@Weberstephen.com or by following the instructions at the end of a promotional e-mail. If possible, please send your e-mail from the same e-mail address you used for registration, so that we can assign you more easily.
c) Segmentation and E-Mail Tracking
With your consent we apply filters to all contacts in our newsletter database and create segments of subscribers also using other available data, e.g. information about orders you have made or responsiveness to our newsletter (see below). This way we define target groups based on their characteristics (e.g. interests, place of residence, demographic data, etc.) or their behaviour (how they react to your e-mails). These segments can be used for precise targeting in future marketing campaigns, so we can send subscribers marketing e-mails that are tailored to their interests.
Additionally, we analyze the interaction with our newsletter, i.e. when and how many users opened the newsletter, how often have certain parts of the newsletter been clicked. This is conducted based on a tracking pixel included in every newsletter. A tracking pixel is a graphic with dimensions of 1x1 pixels that is loaded when a user opens an e-mail. We add the tracking pixel using a code that contains an external link to the pixel server. If a user opens an e-mail and interacts with it, the HTML code is processed by the client which follows the link and opens the (invisible) graphic. This is registered and noted in the server’s log files. In addition, various information about the user is also transmitted using this method.
The following data can be acquired and analyzed with a tracking pixel
- Operating system used (gives information on the use of mobile devices)
- Type of client used, for example a browser or mail program.
- Client’s screen resolution
- Time the e-mail was opened
- IP address (gives information on the Internet Service Provider and location)
This is done to improve our newsletters and offers to the interests of our customers. We also use the system Emarsys for this purpose.
5. Contact Form, E-Mail Inquiries, Applications
a) Our contact form is designed so you can easily contact us. We will need your name and e-mail address to process and assign your inquiries. Depending on the content of your inquiry, the data provided in the contact form will be processed based on your (presumed) consent pursuant to Article 6 (1) (a), Article 7 GDPR or pursuant to Article 6 (1) (b) GDPR, for existing contractual performance obligations or the implementation of pre-contractual measures. For the processing of complaints about our products your e-mail address, first and last name, your postal address, country and grill product type can be needed.
b) You can also contact us by e-mail. Depending on the content of your inquiry, the data provided by e-mail will be processed based on your consent pursuant to Article 6 (1) (a), Article 7 GDPR or pursuant to Article 6 (1) (b) GDPR, for existing contractual performance obligations or the implementation of pre-contractual measures.
c) After answering your inquiry we will archive your request immediately. Access is only possible to a very limited extent. Solely informative inquiries, i.e. which do not result in a contract or do not contain any other content that needs to be retained, will be deleted at the end of the year in which the request was made. See "Retention periods" for more information.
d) Weber-Stephen Products UK Ltd. and Weber-Stephen Products (EMEA) GmbH are jointly responsible for processing general inquiries about Weber products and services and jointly with Weber-Stephen Products LLC as warrantor for inquiries related to the Weber Warranty. Weber-Stephen Products UK Ltd. and Weber-Stephen Products (EMEA) GmbH are jointly responsible for the processing of inquiries in connection with statutory warranty claims if the product under complaint was purchased at weber.com.
We use the Zendesk ticket system, a platform of Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, using a data center located in the EU, to process customer claims and inquiries by e-mail and via the contact forms. Further information can be found at https://www.zendesk.com/company/customers-partners/eu-data-protection/
Because we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post.
e) Information on data processing in connection with the application for jobs at Weber can be found on our site close to the job offers.
6. Recipients of Data, Transfer of Personal Data to Third Countries
To be able to offer you the best possible service, we work together with several partners. These partners process personal data either as controllers or on our behalf as processors.
For transfers of Personal Data to countries outside of the European Union/ European Economic Area without an adequate level of data protection according to an adequacy decision by the European Commission, we have concluded Standard Contractual Clauses as issued by the European Commission accompanied by additional guarantees by the contractual partner to further ensure safety of the data and compliance with GDPR standards and requirements. This concerns the transfer of data to external service providers as well as between different Weber entities.
In some cases, we use external service providers for data processing; all these are bound by our instructions. We have carefully selected and commissioned our processors and regularly audit them.
We use processors for the following categories: Host and cloud service providers, e-mail providers, technical service providers for the support and maintenance of our IT systems, backup providers, service providers for the removal of data carriers and agencies for the support of websites and social media accounts.
Processing in the sense of Article 4 N° 8 GDPR is based on data processing agreements in accordance with Article 28 GDPR so that processors provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing complies with the standards of European data protection law. The processors will not independently process any data for their own purposes.
b) Third parties
We also disclose personal data to partners who are controllers within the meaning of Article 4 N° 7 GDPR to which we need to transfer personal information e.g. in order to ship products, receive payments, conduct Grill Academies and have repairs done. Further information on the recipients can be found in the table below and under the individually described processes.
b) Overview of Recipients for the Operation of this Website
For the operation of this website it is necessary that the following recipients have access to personal data.
Demandware/Salesforce Commerce Cloud
415 Mission Street, 3rd Floor
San Francisco, CA 94105, USA
Cloud based Database for customer data, Customer Management System
12802 Tampa Oaks Blvd, Suite #320, Temple Terrace, FL 33637, USA
Data base for product registration
Yotpo Inc. 33 West 19th Street New York, NY 10011, USA
Product rating reviews
Social media content integration
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Irland
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google Marketing Platform (Display & Video 360)
PVS DVG Vertriebsgesellschaft GmbH Birkenmaarstr. 8, 53340 Meckenheim, Germany
Order and finance fulfilment
Emarsys Interactive Services GmbH
Stralauer Allee 6, 10245 Berlin, Germany
Database for newsletter data
Segmentation and analysis of subscribers
1019 Market Street, San Francisco, CA 94103, USA
Ticket system for customer and partner inquiries
Vimeo 555 West 18th Street
New York, New York 10011, USA
Plugin to embed Videos
423 Tehama St, San Francisco, CA 94103, USA
Used for responsive design
Dynamic Yield Ltd.
8 Kaplan Street, Tel Aviv, 6473409, Israel
Website use analysis
Sonnenallee 223, 12059 Berlin, Germany
Booking of Grill Academy courses
Amazon Web Services (AWS) 410 Terry Avenue North
Seattle WA 98109
Cloud storage provider
SAP America, Inc.
3999 West Chester Pike Newton Square, PA 19073
Logistics, Supply Chain Management
1601 S. California Ave., Palo Alto, CA 94304, USA
Level 2, St. Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta
Behavioral analysis (Heatmaps etc)
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Ingenico e-Commerce Solutions GmbH, Ginnheimer Str. 4, 65760 Eschborn
Card-not-present service provider
parcelLab GmbH, Kapellenweg 6, 81371 Munich, Germany
To determine which content from our website is most interesting for you we continuously measure the number of visitors and the most viewed content. We would like to show you - also on the websites of our advertising partners - only advertising that really interests you. Therefore we use so-called retargeting on our website for advertising that is tailored to your interests. The cookies temporarily stored for this purpose enable our retargeting partners to recognize visitors to our website under a pseudonym and to display only products that are likely to interest you.
We use the data collected for statistical and advertising purposes,
- to record the number of visitors of our websites,
- to record the respective visiting times of our website visitors,
- to record the sequence of visits to different websites and product sites to optimize our website,
- for targeted advertising, also via advertising networks in cooperation with partners,
- to measure the success and billing of advertising measures between advertising partners and us,
- to keep track of what ads you have already seen to prevent you from seeing the same one again and
- to assess which parts of our website need to be optimized.
Unless otherwise stated, we use the following services as processors and contractually oblige them to process data only on our behalf.
1. Statistics, Advertising, Tracking and Retargeting
A) google services(1) Google Analytics
This website uses Google Analytics, a web analytics service by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). The analytics data is used to optimize our website and advertising measures. Google processes the data for website use on our behalf and is contractually obliged to take measures to ensure the confidentiality of the data processed. The following categories of data is processed by Google:
- Accessed websites
- Your behavior on the pages (for example clicks, scrolling behavior and time spent)
- Your approximate location (country and city)
- Your IP address (in abbreviated form, so that no clear assignment is possible)
- Technical information such as browser, Internet provider, device used and screen resolution
- Source of your visit (i.e. which website or advertising medium brought you to us)
Please note: on this web page Google Analytics uses the extension code "anonymizeIp" to ensure an anonymous collection of IP addresses (so-called IP-masking). By activating IP anonymization on our web page, your IP address will be priorly abridged by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (EEA). The logged data is stored at Google together with the randomly generated user ID, which is stored in a cookie on your device, which allows the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form for an unlimited period of time. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
(2) Google Remarketing Tags
This web page utilizes Google remarketing tags, a service by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Therefore, cookies are stored on the user's computer. If you later use Google pages, banners and text ads will be presented to the user according to their previous behavior. Data is also recorded anonymously, so that it is impossible to draw any conclusions about the user’s identity. This enables us to display personalized advertising on suitable advertising spaces on other websites based on the interests you have shown on our website.
(3) Google DoubleClick
For more detailed information on the terms and conditions of use and data protection, please visit: https://www.google.com/analytics/terms/de.html or https://www.google.com/intl/de/analytics/privacyoverview.html.
(4) Google Ads
We use Google Ads, an ad service by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), and also conversion tracking as part of Google Ads. Google Ads stores a conversion tracking cookie on your computer's hard drive ("conversion cookie") when you click on an advertisement placed by Google. If you visit certain pages of our website, Google and Weber can recognize that you have clicked on the advertisement and were referred to this web page.
The information obtained using conversion cookies is used to generate statistics for Ads customers who use conversion tracking. These statistics show us the total number of users who clicked on the Google advertisement and viewed a web page with a conversion tracking tag.
(5) Google Display & Video 360
b) Salesforce Commerce Cloud (Analytics)
We use the tool salesforce commerce cloud, Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. Cookies, web beacons or similar technologies are used. The data collection takes place via a cookie ID, which is stored as a pseudonym. This pseudonym is assigned information about user activities on our websites, services and applications. A personal identification of the user is excluded by an aggregation of the data records. In order to ensure the functionality, IP addresses are stored for a short time and shortened before each processing. The complete IP addresses are not stored or processed.
For more information about salesforce, please visit: https://www.salesforce.com/de/company/privacy/full_privacy.jsp
c) Dynamic Yield
We use the Dynamic Yield web analytics service from Dynamic Yield Ltd. 8 Kaplan Street, Tel Aviv, 6473409, Israel. Dynamic Yield helps us understand how our website is being used so that we can continually improve it. The tool is designed to show you dynamic elements as needed, such as newsletter popups, product sliders and notifications. It also allows us to implement A/B tests into the website. On the basis of the page content you have previously accessed, we want to offer you equivalent or similar products or other content relevant to you. For this purpose Dynamic Yield uses so-called cookies, which only store pseudonymous information. Conclusions about your person are not possible. More information at https://www.dynamicyield.com/gdpr-and-privacy/.
d) Facebook Pixel
Facebook Pixel is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The service enables us to determine target groups for advertisements on Facebook, so-called "Facebook Ads", based on website visits and surfing behavior. We also use this pixel to measure the effectiveness of online marketing measures. In this way, we can track the actions of users after they have seen a Facebook Ad and/or clicked and then placed an order. When you visit a website, the pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or are already logged in to Facebook, your visit to this site will be logged in your profile. The collected user data is anonymous for us and therefore does not allow us to draw any conclusions about your identity. However, this data is stored and processed by Facebook so that it is possible to draw conclusions about the respective user profile. Data processing by Facebook is carried out according to the Facebook data usage guidelines. For this purpose we have concluded a joint controller arrangement with Facebook. For more information about Facebook's data processing, please visit: https://www.facebook.com/about/privacy/
e) Refined Ads
To evaluate and optimize our web page and to generate more relevant advertising for you, we also use the tracking tool “Refined Ads”, a service offered by Refined Labs GmbH, Residenzstr. 7, 80333 Munich. Usage data is collected by cookies and summarized in anonymous user profiles. The data is not assigned to the user's real data.
More information on data protection can be found at https://www.refinedlabs.com/datenschutz-refined-ads
Our web page also utilizes the analysis software “Hotjar” by Hotjar Ltd., Level 2, St. Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta.
Hotjar enables you to measure and analyze your web page usage (clicks, mouse movement, scroll depth, etc.). The collected data is transmitted to a Hotjar server in Ireland and stored there. The following data is collected by Hotjar on our behalf:
- IP address - prior to storage your IP address is anonymized by setting the last octet to zero to prevent personal identification. The first three octets of the IP address will only reveal the user’s country/geographical region;
- Your e-mail address, including your first and last name, if you have made it available to us via our web page;
- Screen size of your device;
- Device type and browser information;
- The preferred language to display our web page.
- Referrer domain;
- Visited web pages;
- Date and time of web page access.
Hotjar uses this information to analyze your use of our web page, to create reports on its use and to provide other internet analysis services.
Learn more at https://www.hotjar.com/privacy/.
g) LinkedIn Insights Tag
We are using the LinkedIn Insights Tag, a Service from LinkedIn Corporation as a tool to analyse your behaviour on our website enabling us to provide you with interest based and behavioural marketing. Additionally, this includes conversion measurement to increase the effectiveness of our marketing activities. This is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, https://www.linkedin.com. More Information can be found at https://www.linkedin.com/legal/privacy-policy.
The Insight Tag will collect and transfer to LinkedIn the following information about you: URL; Referrer URL, IP address, Device- and Browser data (User Agent) and a timestamp. Exceptionally, profile data may be processed together with the above data categories. This is the case if you are a member of LinkedIn. In this regard, we would like to refer you to the setting possibilities within your LinkedIn profile.
LinkedIn will provide us with an analysis of the use of our website in aggregated form, so we are enabled to improve our website and content for our users. Also, this data is used for targeting measures for advertisements in the LinkedIn platform.
We are joint controllers with LinkedIn Corp. for the collection and the transfer of data to LinkedIn; however, any processing of personal data after the transfer lies in the sole responsibility of LinkedIn.
The Insight Tag will only be collecting and transferring data after your explicit consent in the Cookie-Banner presented to you when accessing our website.
LinkedIn will encrypt your data, the IP addresses will be truncated, and direct identifiers will be removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data will then be deleted within 90 days.
Legal basis for this process is your consent, Article 6 (1) (a), Article 7 GDPR. You can find more information at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
2. Social Media Plug-Ins
Unless otherwise stated, we process your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR in order to improve content and to make it more convenient for you to use. The purposes described coincide with our legitimate interests.
a) Videos by YouTube
On our website we embed YouTube videos. This feature is operated by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Irland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The YouTube videos are stored on https://www.youtube.com and can be played directly from our web page. The advanced privacy settings option enable video embedding. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer and may transmit data to Google.
When playing videos stored on YouTube/Google, at least the following data is transmitted to Google as YouTube operator and operator of the DoubleClick network: IP address and cookie, the specific address of the web page visited, system date and time of loading, your browser ID. This information is transmitted regardless of whether or not you have a Google Account that you are logged into. Once you are signed in, Google may associate this information directly with your account. If you do not wish to be associated with your profile, you must log out before activating the play button for the video.
Google will store this data as user profiles and may use it for advertising purposes, market research and/or custom design of their web pages. Such an analysis (also for non-registered users) is performed particularly to provide customized advertising and to inform other users about your activities on our web page. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google, the operator of YouTube.
b) Videos by Vimeo.com
We embed videos from the platform "Vimeo" of the provider Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. When you visit a page on our website where a Vimeo video is embedded, a connection to the Vimeo servers is established and the plugin is executed in your browser. The Vimeo server receives information about which of our pages you have visited. If you are logged in to your Vimeo account, Vimeo will associate the information with your user account. If you activate a plugin on our website, e.g. by clicking the start button of a video or leaving a comment, this information is transmitted to Vimeo. You can find the data protection policy at https://vimeo.com/privacy.
Unless otherwise stated, we process your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR in order to improve our website, make it more secure and convenient for you to use. The purposes described coincide with our legitimate interests.
a) Google Maps
We use Google Maps on our website. This service is provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The offer allows you to view interactive maps directly on our website.
We use imgix, a service for optimizing images in real time. Your IP address will be transmitted to imgix (imgix Inc., 423 Tehama St, San Francisco, CA 94103, USA) to load the image in the correct size from the server.
c) Google reCAPTCHA
This website uses Google reCAPTCHA in certain cases to prevent automatic programs/bots from using text fields. This increases the security of our website and avoids SPAM. This is also our legitimate interest and fulfills our legal obligation (Article 6 (1) (c) GDPR).
The collected data is hardware and software information, e.g. device and application data as well as the results of security checks. This data is transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data will not be used for personalized advertising.
D. Data Security
We also apply technical and organizational security measures to protect personal data that is collected, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons. Our security measures are continuously improved in line with technological developments. Within the Weber Group, Weber-Stephen Products (EMEA) GmbH and Weber-Stephen Products LLC are responsible for the technical and organizational measures for data security on this website.v