Last Updated: July 2018
OUR COMMITMENT TO PRIVACY
WHAT INFORMATION WE COLLECT
“Personal Information” is information that identifies you as a natural person or relates to an identifiable natural person. We may collect and process the following Personal Information:
• Personal contact information such as name, address, telephone number and email address;
• Business contact information such as business address, telephone number and email address;
• Information necessary to provide services or products to you;
• Comments and opinions you provide when you contact us directly by email, telephone or mail;
• Payment and transaction information for billing purposes.
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. We may collect and process the following Other Information:
• Browser and device information;
• App usage data;
• Demographic information and other information provided by you that does not reveal your specific identity;
• Information that has been aggregated in a manner such that it no longer reveals your specific identity.
If we are required to treat Other Information as Personal Information under applicable law, then we will collect, use and disclose it for the purposes for which we collect, use and disclose Personal Information as detailed in this Policy.
HOW WE COLLECT PERSONAL AND OTHER INFORMATION
We and our service providers may collect Personal Information online in a variety of ways in connection with our services or products, including:
• Through our websites (“Websites”);
• Through the software applications made available by us for use on or through computers and mobile devices (“Apps”);
• Through social media properties (“Our Social Media”);
• Through extranet sites made available to our clients and third parties (“Extranet Sites”);
• Through services we provide to our corporate and institutional clients (“services”); and
• Through our registration process for newsletters, seminars, webinars and events.
We also may collect Personal Information offline in a variety of ways in connection with our, including
• When you participate in a contractual arrangement for services or products;
• When you provide information in conjunction with our services or products; or
• When you interact with us at an event.
We also may collect Personal Information from other sources, including:
• Publicly available databases;
• Joint marketing partners and event sponsors, when they share the information with us;
• Other entities or franchisees to which we provide products and services;
• Referral sources; and
• Social media platforms.
We and our service providers may collect Other Information in a variety of ways, including:
• Through your browser or device:
o Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the services (such as the App) you are using. We use this information to ensure that the services function properly.
• Through your use of an App
o When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
• Using cookies
• Using pixel tags and other similar technologies
o Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the services and response rates.
o You will be given the option at each website to opt-out of being tracked by cookies.
• IP Address
o Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses our systems, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other systems. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the systems. We may also derive your approximate location from your IP address.
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
HOW WE USE PERSONAL INFORMATION
We and our service providers use Personal Information for legitimate business purposes, including:
• Providing Products and Services.
o To contact individuals (including employees of institutional clients) in connection with providing products and services.
o To respond to inquiries and fulfill requests from our clients and others, administer their file(s), provide products and services and manage our relationships.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
• Providing you with our marketing materials and facilitating social sharing
o To send you our offers, newsletters, publications, updates, and mailings related to our products or services that we think may be of interest to you.
o To fulfill your event or accommodation registration requests and provide goods and services and resort services.
o To send you information about our products and services and other news about products or services which we have reason to believe will be of interest to you.
We will engage in this activity with your consent or where we have a legitimate interest.
• Providing the functionality of our Products and Services and fulfilling your requests
o To provide our products and services functionality to you, such as arranging access to your registered account, and providing you with related goods and services.
o To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions, suggestions, compliments or complaints, or when you request other information about our products or services).
o To send administrative information to you, such as information regarding our products and services, guarantees and warranties and changes to our terms, conditions and policies.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
• Accomplishing our business purposes
o For data analysis, for example, to improve the efficiency of our goods and services and quality of our products.
o For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements.
o For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
o To meet our legal and regulatory obligations.
o For enhancing, improving, or modifying our current products and services.
o For identifying usage trends, for example, understanding which parts of our products and services are of most interest to customers.
o For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our customers.
o For operating and expanding our business activities, for example, understanding which parts of our services or products are of most interest to our customers so we can focus our energies on meeting our customers’ interests.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
HOW WE DISCLOSE PERSONAL INFORMATION
We disclose Personal Information:
o [Kohler Co.] is the party responsible for the management of the jointly-used Personal Information.
• To our third-party service providers, to facilitate services they provide to us
o These can include providers of services such as website hosting, services-related consulting and monitoring, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
• By using our Services, you may elect to disclose Personal Information
o On message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the systems. Please note that any information you post or disclose through these systems will become public and may be available to other users and the general public.
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
• To comply with applicable law and regulations including laws outside your country of residence.
• To cooperate with public and government authorities, including authorities outside your country of residence.
• To cooperate with law enforcement.
• For other legal reason such as to enforce our terms and conditions and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
• In connection with a sale, merger or business transaction.
HOW LONG WE RETAIN PERSONAL INFORMATION
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
• The length of time we have an ongoing relationship with you and provide our products and services to you (for example, for as long as you have an account with us or keep using our products and services);
• The length of time we have an ongoing relationship with you as our client and provide you with products and services;
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions or communications for a certain period of time before we can delete them); or
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
WHAT SECURITY MEASURES WE USE
We have implemented internal policies and technical measures to protect Personal Information from loss, accidental destruction, misuse or disclosure. Such internal policies and technical measures include:
• The use of pseudonymization and encryption of personal data where appropriate;
• Procedures and controls to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• Procedures and controls to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• Procedures for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and
• Procedures to ensure that data is not accessed, except by individuals in the proper performance of their duties.
WHAT CHOICES YOU HAVE
You have choices regarding marketing-related communications. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by contacting us by email at KohlerGlobalDataPrivacy@kohler.com. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
PRIVACY RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA
If you are resident in the European Economic Area, under European law you have the following rights in respect of your personal information that we hold:
• Right of access. You have the right to obtain confirmation of whether, and where, we are processing your personal information; information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your personal information; and a copy of the personal information we hold about you.
• Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
• Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
• Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
• Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
• Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
• If you are resident in France, you also have the right to set guidelines for the retention and communication of your personal information after your death.
If you wish to exercise one of these rights, please contact us at KohlerGlobalDataPrivacy@kohler.com.
You also have the right to lodge a complaint to your local data protection authority.
Residents in other jurisdictions may also have similar rights to the above. Please contact us at KohlerGlobalDataPrivacy@kohler.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
THIRD PARTY SERVICES
This includes any third party operating any website or service to which our websites may link. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.
USE OF OUR SERVICES BY MINORS
The goods and services we provide are not directed to individuals under the age of [sixteen (16)], and we do not knowingly collect Personal Information from individuals under .
Your Personal Information may be stored and processed in any country where we have affiliates, outlets and facilities or in which we engage service providers. By using our services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission, to protect your Personal Information. You may obtain more information by reaching out to us at KohlerGlobalDataPrivacy@kohler.com.
HOW TO CONTACT US