SODASTREAM – PRIVACY STATEMENT
Notice last updated:22.5.2018
1. Our Commitment To Privacy
Your privacy is very important to us at SodaStream and its affiliates, hereinafter also “we” and/or “us” and/or “SodaStream”. To better protect your privacy we provide this notice (“Privacy Notice”) explaining our information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personal data may be requested.
1.1 We strongly urge you to read this notice and make sure you fully understand our practices in relation to personal data before you access or use any of our services. If you read and fully understand this Privacy Notice, but remain opposed to our practices, you must immediately leave our website and avoid or discontinue all use of any of our services. Where you have read this notice but would like further clarification, please contact us at email@example.com.
2. Important information
2.1 The purpose of this Privacy Notice is to provide you with a clear explanation of what personal data we collect, when, why and how we collect, use and share your personal data and it explains your statutory rights. This Privacy Notice is not intended to override the terms of any contract you have with us, nor any rights you might have under applicable data privacy laws.
2.2 Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information on our website or offline from those we actually know are under 13, and no part of our website is structured to attract anyone under 13. Parents and guardians should supervise their children’s activities at all times. If we learn we have collected or received personal data from a person under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a person under 13, please contact us at firstname.lastname@example.org.
2.3 Note that our website contains links to third-party websites that we are not responsible for. Please review the privacy policies of such third-party websites should you visit these websites. This Privacy Notice does not address the privacy or information practices of any third parties.
3. What information do we collect and how do we collect it?
3.1.1 If you register or contact us as an individual, we will collect your name, email address, telephone number, address information (together, “identification data”); information about your household (“household composition data”), the consumption habits of you and members of your household (“consumption data”), information about the device you use to access our website or online services (“device data”), payment and credit card information (“payment data”), information to set up and access your SodaStream account (“login data”); or
3.1.2 If you register or contact us on behalf of a company, we will collect company identification data, identification data from the company representative, company composition and consumption data, device data, payment data, and login data.
3.2 If you contact us by other offline methods in order to buy our products or services or by using one or more of the contact means provided offline, we will collect identification and payment data as relevant for the sale and delivery of the goods and services or to respond to your query or complaint and, as far as necessary, for the handling and fulfilment of the order and ongoing provision of our services.
3.4 If you apply to one of our open positions published in our careers sites, by sending us to contact details and CV (“applicants personal data”) via the relevant application on our website, or through any other means provided by us (e.g. social media), we will collect such applicants personal data in order to process your application.
4. How do we use your personal data?
4.1 To provide our products and services
We collect personal data in order to offer our products and/or services and their functions. We may use the information collected in order to validate your order or subscription, to process your payment (for instance of a monthly fee in the case of a subscription) and to provide the products and services that you requested, ordered or to which you subscribed. We will also use your personal data as far as necessary for the handling and fulfillment of your order as well as to provide customer support.
We also use this information for customer management purposes, to maintain our relationship with you, with a view to providing stellar customer experience.
4.2 To verify your identity
We may use the information collected from you to verify your identity. We may also use this information to establish and set up your account, verify or re-issue a password, log your activity and contact you from time to time;
4.3 For internal business purposes such as:
4.3.1 to improve our products in order to make them fit for our customers’ needs and to draw insights in relation to possible improvements;
4.3.2 to improve our services to you and customize your browsing experience. Some of the information (particularly the information collected by cookies and other tracking technology) helps us improve our website; and
4.3.3 to track any fraudulent activities and other inappropriate activities and monitor content integrity on our website.
4.4 To process job applications
We collect applicant’s personal data solely for SodaStream’s internal recruitment purposes including for identifying applicants, evaluating their applications, making hiring and employment decisions, and contacting applicants by phone or in writing.
4.5 To communicate with you
We use your personal data to respond to your queries and/or complaints about our products or services and to provide you important information about your account and your products e.g. to inform you that your payment has been accepted or your order has been processed.
5. Carrying out Direct Marketing:
We may use your personal data, including information related to your order, such as your address for direct marketing purposes. We may, for example, send you emails to inform you of news and updates about our products and services. This may be in the form of email, post, SMS, telephone or targeted online advertisements. Where required by law, we will obtain your consent prior to sending you such marketing information.
5.1 To protect your privacy and ensure you have control over the use of your personal data, we will always give you the opportunity to “opt-out” of direct marketing when you contact us in relation to a product or service or you receive an email, text or other direct marketing communication.
5.2 You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out link attached to each communication, by changing privacy settings within your SodaStream account or by sending an email to email@example.com. If you want to review or update the information you have provided us, you can click “my profile” at our website’s home page, and edit the information. If you have not been asked already to provide your email address and a password, we will ask you to do it before changes are made, so as to prevent others from accessing and altering your personal data.
5.3 Based on the information we have about you, we take steps to limit direct marketing to a reasonable and proportionate level and to send you communications that we believe may be of interest or relevance to you, based on the information we have about you.
6. Legal basis for processing personal data:
6.1 We will only collect, use or share your personal data for the purposes set out in this Privacy Notice where we are satisfied that:
6.1.1 our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you. For example, in order to provide our product and our services, it will be necessary for us to process certain personal data such as your address, phone number, identification data, and payment data to create your user account or fulfill your order. Also, we carry out this processing for the purpose of knowing our customer and maintaining our relationship with you, with a view to providing a stellar customer experience; or
6.1.2 our use of your personal data is necessary to support legitimate interests that we have as a business to provide products and services to our customers, provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights. For example, we strive to always improve our products and services in order to make them fit our customers’ needs. For this reason, we process personal data such as consumption habits, device information, and household composition and draw insights in relation to possible improvements; or
6.1.3 our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have. For example, to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law; or
6.1.4 you have provided your consent to us using your personal data for that purpose (e.g. where you provide us with marketing consents or opt into additional services).
Where the basis of the processing is your consent, you have the right to withdraw your consent, and therefore prevent that processing, at any time.
7. How we protect and store your personal data
7.1 Data Security
7.1.1 To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Some of the steps we take are: placing confidentiality requirements on our staff and service providers; destroying or permanently anonymizing personal data if it is no longer needed for the purposes for which it was collected. Sodastream will comply with applicable laws in the event of any breach of the security, confidentiality or integrity of your personal data and, where we consider appropriate or where required by applicable law, notify you via email, text or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, in so far as it is consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
7.1.2 However, the security of personal data depends in part on the security of the device used to communicate with us, the security you use to protect your login information, and the security provided by your internet access service provider. We make commercially reasonable efforts to make the collection and security of information consistent with this Privacy Notice and all applicable laws and regulations. Where you have a SodaStream username, login or password, you are responsible for keeping this information confidential. We ask you not to share a username, login or password with anyone.
7.2 Data Retention
7.2.1 We may retain your data as long as necessary to provide our products and services, and beyond such time to the extent legally permitted and based on our legal obligations (e.g. in relation to invoice retention) or legitimate interests (eg in retaining data for the purposes of responding to possible disputes or complaints or for possible reactivation of subscriptions).
7.2.2 In addition, we maintain a data retention policy that we apply to information in our care. Where your data is no longer required we will ensure it is securely deleted or anonymized.
7.2.3 Please note that SodaStream may retain applicants personal data submitted to it for no longer than two years after the applied position has been filled or closed. This is done so we could re-consider applicants for other positions and opportunities at SodaStream; so we could use their information as a reference for future applications submitted by them; and in case the applicant is hired, for additional employment and business purposes related to his/her work at SodaStream. If you previously submitted applicants personal data to SodaStream, and now wish to access it, update it or have it deleted from SodaStream’s systems, please contact us at firstname.lastname@example.org.
8. We may share your personal data
SodaStream may share your personal data with third parties (or otherwise allow them access to it) only in the following manners and instances:
8.1 to other SodaStream affiliates for the purposes mentioned in this Privacy Notice.
8.2 with any third parties to whom the relevant SodaStream entity subcontracts all or part of this processing. The purpose of this transfer will be to help manage our business and deliver services. For instance, we may transfer your personal data to a service provider to the extent necessary to complete an order and deliver your product. Other instances may include transfers to e-marketing service providers, hosting providers and any other relevant roles. Note that we will never sell your personal data to a third party. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
8.3 where permitted by local data protection laws, SodaStream may disclose or otherwise allow others access to your personal data pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you. If warranted, we may also allow access to this information in special emergencies where physical safety is at risk.
8.4 we may disclose any personal data or other information obtained from or about you, to third parties in connection with a merger, acquisition, bankruptcy or sale of all or substantially all of our assets, to the extent that this is necessary for the process.
9. Transferring personal data globally
9.1 Your personal data may be transferred and stored outside your place of residence, that are subject to different standards of data protection. In particular, if you live in the EU, you should be aware that your personal data may be shared with, and transferred to, SodaStream affiliates and third-party service providers who are located outside the EU. We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
9.1.1 we will ensure that transfers within SodaStream and its affiliates will be covered by an agreement entered into by members of SodaStream Group (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the Group;
9.1.2 where we transfer your personal data outside SodaStream or to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your personal data. Some of these assurances are well-recognized certification schemes like the EU – US Privacy Shield for the protection of personal data transferred from within the EU to the United States; or
9.1.3 where we receive requests for information from law enforcement or regulators, we will carefully validate these requests before personal data is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above.
SodaStream uses certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts). These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our customers with a better experience. For example, thanks to these technologies, we are able to maintain and keep track of our customers’ preferences and authenticated sessions, to better secure our services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our services.
Please note that third party services placing cookies or utilizing other tracking technologies through our services may have their own policies regarding how they collect and store information. Such practices are not covered by our Privacy Notice and we do not have any control over them.
10.2 We use the following cookies on our website:
10.2.1.1 necessary cookies
Necessary cookies are essential and help you navigate our website. This helps to support security and basic functionality and is necessary for the proper operation of our website, so if you block these cookies we can’t guarantee your use or the security during your visit.
10.2.1.2 functionality cookies
10.2.1.3 performance cookies
Performance cookies help us to understand the behavior of users of our website. This allows us to continuously improve our website to provide the best information in support of our project aims. These cookies are also used to help us understand how effective our website is. For instance these cookies tell us which pages visitors go to most often and if they get error messages from web pages.
10.2.1.4 All of the Cookies are managed by third parties, and you may refer to the third parties’ own website privacy notifications for further information. In particular, we use Google Analytics, which allow us to assess how you and other web users use our website, and this information is essential in helping us to continuously improve our website’s functionality. They can be preserved from 30 minutes to two years. The information generated by these cookies about your use of our website (including your IP address) will be transmitted to and stored by Google Inc on servers in the United States.
10.3 Control your cookie settings:
11. Your rights in relation to your personal data
11.1 Subject to paragraph 11.2, certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have the following rights in this paragraph:
11.1.1 to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of; (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entity to whom your personal data may be transferred;
11.1.2 to request that we cease processing your personal data, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent;
11.1.3 to request that we restrict the processing of your personal data where: (a) the accuracy of the personal data is contested; (b) the processing is lawful but you object to the processing of the personal data; (c) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim;
11.1.4 to request that we erase your personal data in limited circumstances where it is no longer necessary in relation to the purpose(s) for which it was collected or processed;
11.1.5 to challenge processing which we have justified on the basis of a legitimate interest;
11.1.6 to request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes;
11.1.7 to request that we change the manner in which we contact you for marketing purposes;
11.1.8 to request that we correct any errors in your personal data;
11.1.9 to request that we update your personal data as required. Note that you may also correct, update or remove certain parts of such personal data by yourself, or completely deactivate your SodaStream account, through your account settings;
11.1.10 to obtain a copy of the safeguards under which your personal data is transferred outside the EU; and
11.1.11 to lodge a complaint with your local supervisory authority for data protection.
11.2 We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
12. Changes to this Privacy Notice
We may update and change this privacy statement from time to time, to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this Privacy Notice.
13. Contact information
13.1 If you have any questions about this Privacy Notice or wish to exercise any of your rights as described in paragraph 11, you can contact us at:
email address: email@example.com
We will attempt to resolve any complaints regarding the use of your Personal data in accordance with this Privacy Notice.
13.2 For EU Member State residents, you also have a right to lodge a complaint with your national data protection supervisory authority at any time. However, we encourage you to first contact us.