Back to the top

Privacy Statement for vitra.com

Vitra International AG takes the protection of your personal data very seriously. The purpose of this Privacy Statement is to inform you about the type of personal data that will be collected when you use our website, vitra.com, and how we will process, use, and protect such data.

1. Scope

1.1
Use of the vitra.com website is subject to the Privacy Statement set out below. The vitra.com website is a service provided by Vitra International AG, Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter, “Vitra”). Where relevant, Vitra is the controller pursuant to Article 4 of the EU General Data Protection Regulation (hereinafter, “GDPR”).

1.2
Protecting your personal data is important to us, in particular, where respecting your personal rights in connection with the processing and use of such data is concerned. The term personal data refers to information regarding the personal and/or factual circumstances of an identified or identifiable natural person including the person’s name, postal address, e-mail address and/or telephone number and user data such as the IP address. We collect, process, and use your personal data in compliance with the relevant laws.

2. Automated Data Collection and Processing by Your Browser

2.1
As with every website, our server automatically collects the following information and temporarily saves it in server log files which are transmitted by your browser unless you have deactivated such function:

- the IP address of the computer transmitting the request;
- the client’s file request;
- the http response code;
- the volume of data transmitted;
- the website from which you access our website (referrer URL);
- the date and time of the server request;
- the type, version and language of your browser; and
- the operating system on the computer transmitting the request.

Our server log files are not evaluated based on personal use. We cannot allocate this data to specific persons at any time. Also, we do not merge this data with data from other sources.

2.2
Our website uses Google Analytics, a web analytics service offered by Google Inc. (hereinafter, “Google”). Google Analytics uses text files called cookies which are saved on your computer to facilitate analysis of your website use. The information collected relates to your operating system, browser and IP address, the website you accessed previously (referrer URL), and the date and time of your visit to our website. The information generated by cookies regarding your use of our website typically is transmitted to and saved on a Google server in the United States. If and when IP anonymization is activated on this website, Google will truncate your IP address for transmission among member states of the European Union or to other member states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and then truncated. At the request of the operator of this website, Google will use this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services relating to website activity and Internet use. The IP address transmitted from your browser as part of Google Analytics will not be merged with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser software; however, please note that in this case you may not be able to use the full functionality of our website. In addition, you can object to Google’s collection of data generated by cookies relating to your use of our website (including your IP address) as well as to its dissemination of the data. To do so, download and install the browser plug-in available at http://tools.google.com.

We use Google Analytics to analyze and enhance the use of our website regularly. The resulting statistics allow us to improve our offerings and make them more interesting for you, the user. In exceptional cases in which personal data is transmitted to the United States, Google is bound by the EU-US Privacy Shield. The legal basis for our use of Google Analytics is Article 6 (1) p. 1 f) of the GDPR.

Information regarding the third-party provider is as follows: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001; terms of use; overview of data protection; privacy statement.

2.3
Retargeting: We use retargeting technology on our website to enhance its appeal to you. Retargeting enables us to address Internet users who have shown interest in our shop and/or our products in the past through targeted advertising on our partners’ websites. We believe personalized and interest-oriented advertising tends to be more interesting to Internet users than non-targeted advertising. These targeted ads are displayed on our respective partners’ websites based on cookie technology and an analysis of visitors’ prior use of the Internet. This form of advertising is entirely pseudonymous. No usage profiles will be consolidated with your personal data. By using our website you consent to cookies being used to capture, save, and use your user-related data. Your data will be saved in cookies beyond the end of your browser session so that it can be retrieved, for example, when you return to the website. You can revoke your consent at any time effectively immediately by setting your browser so that cookies no longer are accepted. The legal basis for our use of retargeting technology is Art. 6 (1) p. 1 f) of the GDPR.

2.4
DoubleClick by Google is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. (hereinafter, “Google”). DoubleClick by Google uses cookies to present you with ads that are relevant to you. To this end, your browser is allocated a pseudonymous identification number (ID) which is used to verify which ads were displayed in your browser and which of them were clicked. These cookies do not contain any personal information. Google and its partner websites use DoubleClick cookies only to run ads based on prior visits to our or other websites. Google transmits the information generated by cookies to a server located in the U.S.A. where it is saved and analyzed. Google transmits such data to third parties only if required by law or in the context of contract-related data processing. In any case, your data will not be consolidated with other data captured by Google. By using this website you consent to your personal data being processed by Google and to the aforementioned nature and purpose of data processing. You may refuse the use of cookies by selecting the appropriate settings in your browser software; however, please note that in this case you may not be able to use the full functionality of our website. In addition, you can object to Google’s collection of data generated by cookies as it relates to your use of our website and to Google’s processing of this data. To do so, please open this link and download and install the browser plug-in from the DoubleClick Deactivation Add-On section. Alternatively, you can deactivate DoubleClick cookies on Digital Advertising Alliance’s website. The legal basis for our processing of your personal data is Article 6 (1) p. 1 f) of the GDPR. For more information on DoubleClick by Google, please refer to https://www.google.de/doubleclick and http://support.google.com/adsense.

2.5
Google Forms: We use the Google Forms service from Google to carry out surveys or for online forms. Google Forms makes it possible to design and evaluate surveys and online forms. In addition to the respective personal data that you enter in the respective forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address are recorded. Your personal data will be processed by Google on our behalf. The legal basis for the processing of data by Google is Art. 28 GDPR.

Processing takes place regularly within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Insofar as personal data is transferred to the USA as part of order processing, we have agreed standard contract clauses with Google. In addition, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Privacy Policy: http://www.google.de/intl/de/policies/privacy

2.6
Google Maps: We use on this website Google Maps from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for the use of Google Maps is Art. 6 (1) (1) (f) of the GDPR.

When you visit the website, Google is informed that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 2.1 of this declaration will be transmitted. This takes place regardless of whether Google provides a user account that you are logged into or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not want your profile to be assigned to Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and / or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, but you must contact Google to exercise them.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy statements. You will also find there further information on your rights and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

2.7
Flowbox: We use the flowbox service provided by Flowbox AB, Riddargatan 17D, 114 57 Stockholm, Sweden (hereinafter referred to as “Flowbox”) to display social media content. User names on the respective social media platforms (e.g. Instagram) and content (photos in particular) are processed by Flowbox and displayed on the websites into which Flowbox is integrated. The legal basis is the legitimate interest of Vitra and Flowbox (Art. 6 (1) (f) of the GDPR). Flowbox also analyses the use of the content displayed. Flowbox also uses cookies as part of this analysis. The legal basis is your consent in the context of consent to cookies (Art. 6 (1) (a) of the GDPR). Further information regarding data processing undertaken by Flowbox can be accessed at https://getflowbox.com/privacy .


3. Collection and Processing of Data Provided Voluntarily

3.1
Your provision of personal data to us by e-mail, in our online shop, or via the contact form available on our website is voluntary. We use this data to process our contractual relationship with you and/or your inquiries or orders, to conduct market research or opinion polls, or for mailing our advertisements to you. We only use your data for e-mail advertising purposes with your consent. We will erase the data so generated as soon as it no longer needs to be saved; if statutory retention periods apply, we will restrict the processing of such data. The legal basis is Article 6 (1) b) of the GDPR or Article 6 (1) f) of the GDPR.

3.2
When you register for our online shop and create a customer profile, we save the customer account information you provided (including, but not limited to, your name, billing and delivery addresses, telephone number, payment information and e-mail address) so you will not have to re-enter your data every time you place an order. You can update or delete your customer profile at any time. The legal basis is Article 6 (1) p. 1 b) of the GDPR.

3.3
If you want to subscribe to our newsletter, please provide your valid e-mail address and your country of origin and confirm that you are in agreement with the following (the legal basis is Art. 6 (1) p. 1 a) of the GDPR):

I agree that Vitra International AG and the companies linked below process can use the data I have entered to send me an email newsletter to inform me about furniture and home accessories as well as current company promotions and events. A list of companies is available here.

I can revoke this agreement at any time by sending written notice to Vitra International AG at Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to
privacy@vitra.com. In the event that I revoke consent, the data I have entered will be deleted at all the companies in question and will no longer be used for newsletter delivery.

3.4
Personal data provided to us via our website will be saved only for the time it takes us to meet the purpose for which you provided such data. When your contract has been fulfilled completely, your data will be blocked and then deleted in accordance with the relevant tax and trade regulations unless you have given your express consent to such data being used for other purposes. To the extent mandatory trade and tax retention periods need to be observed, the retention period for some types of data can be up to ten years.

4. Transmission to Third Parties

4.1
We will not transmit any personal data you provide to us to any third parties. Personal data will be transmitted only

- if you have given prior consent;
- to sub-contractors who need to receive and use such data for the purpose of fulfilling specific orders if required to process your inquiries, orders and use of our services;
- to service providers bound by instructions if required to process your order data in accordance with the law; and
- to parties entitled to obtain such data if required to comply with statutory obligations.

4.2
As part of the handling of the payment method you selected in our online shop, your data will be transmitted to third parties as follows:

a) To process payments made by credit card, Electronic Payment Standard (EPS), PayPal, or on account we will transmit your data to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, Netherlands. In addition to the data regarding your order and the shipping and payment methods you have requested, we will forward the following categories of personal data to this payment services provider:

- name,
- gender,
- billing address,
- e-mail address,
- IP address, and
- customer ID.

Responsibility regarding your data lies with the payment services provider. The legal basis for such transmission is the fulfillment of the contract (Article 6 (1) p. 1 b) of the GDPR). Please know that this provider will transmit your personal data to other parties as required to process payments including, but not limited to, the credit institutions, banks, and credit card providers involved. These parties also will process your personal data to handle your payments. For customers based in Germany, the payment services provider will request additional information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter, “SCHUFA”) and to this end will provide SCHUFA with information regarding the customer’s name, billing address, and gender. The legal basis is Article 6 (1) f) of the GDPR.

b) If over the course of the ordering process you select payment (RatePAY) on account, please note that we use payment processing services provided by RatePAY GmbH, Schlüterstr. 39, 10629 Berlin, Germany.

Payment on account is conditional on RatePAY GmbH’s mathematical-statistical assessment of your credit risk. To enable RatePAY GmbH to conduct this assessment, we transmit the personal data RatePAY GmbH requires to assess your credit rating including your first and last name, postal address, date of birth, gender, e-mail address, IP address, and telephone number as well as the data required to process the payment on account related to your order, for example, the quantity of the products, product numbers, amount of the invoice, and amount of tax as a percentage. RatePAY GmbH uses this data to obtain information from any of the credit agencies listed below for purposes of carrying out identity and credit checks:

Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany;
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany;
- Infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany;
- Bürgel Wirtschaftsinformationen GmbH & Co. KG, Postfach 500166, 22701 Hamburg, Germany;
- CRIF GmbH, Dessauerstr. 9, 80992 Munich, Germany;
- CRIF AG, Hagenholzstr. 81, 8050 Zurich, Switzerland;
- CRIF GmbH, Diefenbachgasse 35, 1150 Vienna, Austria.

The transmission of data to RatePAY GmbH requires you to sign a separate consent form of which you will be informed explicitly over the course of the ordering process (Article 6 (1) p. 1 a) of the GDPR). By signing this consent form you are confirming your approval of RatePAY GmbH’s data protection regulations which you can view at https://www.ratepay.com. Your consent indicates you agree as follows:

- Vitra will transmit your customer data to RatePAY GmbH and RatePAY GmbH will transmit your customer data, to the extent such data concerns your application for, entrance into, and termination of a contract between you and Vitra, to any of the aforementioned credit agencies and will obtain information concerning you from such credit agencies. Such information can include information regarding your credit rating collected based on mathematical-statistical processes that include your address data (hereinafter, “Score Values”).

- Based on the information and other customer data RatePAY GmbH will determine its own Score Values and other parameters (e.g., risk categories) and will use such information and other customer data to make decisions regarding the provision of the payment method you requested for your current and future orders placed in the Händler-Onlineshop (merchant online shop / merchant’s online shop / online shop for merchants / in Vitra’s online shop) and RatePAY GmbH will share such decisions with the merchant and if receivables are assigned, to the respective recipients of such assigned receivables. In addition, the Händler (the merchant / Vitra) will use address data to calculate the risk of payment default in individual cases.

- RatePAY GmbH also will conduct such risk assessments on behalf of operators of other online shops. In this case, your customer data will be processed and used only if you intend to place an order in one of the online shops cooperating with RatePAY GmbH and if you want to use any of the payment methods offered by RatePAY GmbH.

- As part of the assignment of receivables from you, Vitra will transmit your customer data to the respective recipients of such receivables and such recipients and, if applicable, any third parties involved in the factoring process will process and use your customer data to the extent required to assert and enforce the receivables so assigned.

- Vitra and RatePAY GmbH and the service providers contracted to fulfill the contract (e.g., SCHUFA) will process and use your customer data to fulfill the contract. In particular, you agree to the aforementioned parties contacting you at the e-mail address you provided for the purpose of fulfilling the contract (e.g., to send the invoice to you).

- RatePAY GmbH will contact and obtain a risk assessment from Risk.Ident GmbH, which risk assessment shall be based on, among other things, the following information:

(a) whether your device is communicating or has communicated via a proxy connection;
(b) whether your device recently used different Internet service providers to dial in;
(c) whether your device shows or has shown frequently changing geo references;
(d) the number of Internet transactions recently made through your device (however, the nature of such transactions cannot be identified); and
(e) the likelihood of the device saved in Risk.Ident GmbH’s database being the device you used.

You will not be able to pay on account unless you have signed the aforementioned consent form. You can withdraw your consent at any time to be effective going forward by writing to Vitra International AG at Klünenfeldstr. 2, 4127 Birsfelden, Basel-Landschaft, Switzerland or by sending an e-mail to privacy@vitra.com. Please note that RatePAY GmbH still may have the right to process, use, and transmit your personal data if and when such processing, use, and transmission are required for RatePay GmbH to process payments as agreed upon in the contract, are required by law, or have been ordered by a court of law or a government authority.

At any time, you can request information regarding your personal data stored by RatePAY GmbH and you can communicate changes to such data, if any. You can find detailed information on the processing of your personal data by RatePAY GmbH, the assessment of your credit rating, and your rights at https://www.ratepay.com.

c) Billpay’s/Klarna’s payment options In order to be able to offer you Klarna’s payment options and to assess whether you qualify for their payment options and to tailor the payment options for you, we will pass to Klarna certain aspects of your personal information. General information on Klarna you can find here and on BillPay here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s and BillPay’s privacy notices.

d) Please note that we transmit to SCHUFA all data regarding extrajudicial and judicial collection measures as it relates to past-due and uncontested receivables (Article 6 (1) p. 1 f) of the GDPR). If SCHUFA is provided with similar data relating to other contractual relationships after we have transmitted such information, we may be informed as well. SCHUFA’s contracting partners primarily include credit institutions, credit card providers and leasing companies. Moreover, SCHUFA releases information to retail, telecommunication and other companies that offer services and deliveries on credit. Data is transmitted as specified above only if permitted after weighing the interests of all parties involved. Along with the aforementioned information, SCHUFA can provide its contracting partners with a probability value for credit risk assessment calculated based on data saved in SCHUFA’s systems (score procedure). You have the right to obtain information from SCHUFA regarding the saved data relating to you. SCHUFA’s address is SCHUFA Holding AG, Verbraucherservicezentrum Hannover, Postfach 56 40, 30056 Hannover, Germany. For more information about SCHUFA, data processing by SCHUFA, and your right to obtain information please go to www.schufa.de.

d) If you choose the "Apple Pay" payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, your payment details will be passed to Apple in encrypted form for payment processing. Apple encrypts this data again with a developer-specific key before the data is passed to the payment processor of the payment card stored in Apple Pay for the purposes of carrying out the payment. The encryption ensures that only we can access the payment data. After payment has been made, Apple sends us your device account number and a transaction-specific, dynamic security code to confirm the payment. The legal basis for the disclosure is the execution of the contract (Art. 6 (1) (1b) of the GDPR).

Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymisation completely rules out the possibility of this data being connected with an individual. Apple uses the anonymised data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and deselect "Allow payments on Mac". Further details regarding data protection with Apple Pay can be found at https://support.apple.com/de-de/HT203027.


5. Cookies

5.1
To learn about your individual preferences and adjust our offerings optimally to best meet your needs, our website uses cookies – small text files saved on your computer or mobile device that your computer or mobile device can retrieve when you access our website at a later time. Cookies do not contain any personal data and we do not merge the data in cookies with data from other sources.

5.2
Cookies do not harm your computer or mobile device and do not contain any viruses. If you do not want cookies saved on your computer, please adjust your browser settings so saving cookies is impossible or you are asked for express consent before any cookies are saved. Please note that you may have to change the settings in each browser you use to access this website and that not all functions of this website may be available to you if you object to the use of cookies.

6. Vitra Professionals
If you provide us with personal data when using Vitra Professionals, this is generally done on a voluntary basis. This data is used to fulfil our contractual relationship, to process your inquiries and orders, for our own market or opinion research, and for our own advertising by mail. Your data will be used for our own advertising by email only if you have given us consent to do so. We delete the data that arises in this context after its storage is no longer required, or we limit processing if there are statutory retention requirements. The legal basis for this is Art. 6 (1) (b) of the GDPR or Art. 6 (1) (f) of the GDPR.
If you register as a specialist retailer with Vitra Professionals and create a profile for your company or your employees, we will save the account information you have entered (in particular name, email address, country of origin) so that you do not have to enter it again with each operation. You can update or delete your profile(s) at any time. The legal basis for this is Art. 6 (1) (1) (b) of the GDPR.
Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us is fulfilled. After completion of the contract, your data will be blocked and deleted after the tax and commercial law regulations have expired, unless you have expressly consented to the use of data beyond this. Insofar as mandatory retention periods under commercial and tax law have to be observed, the duration of the storage of certain data can be up to ten years.

7. Your Rights

7.1
At any time, at no cost to you and without providing any reason you can request information regarding the data relating to you which is saved in our systems as well as information regarding the origin, recipients or categories of recipients to whom such data has been transmitted and why such data has been saved.

7.2
In addition, legally you are entitled to have your personal data rectified, blocked or erased. Also, you can withdraw your consent to the use of your data at any time and without having to provide a reason. If we process your personal data to pursue our legitimate interests pursuant to Article 6 (1) f) of the GDPR, pursuant to Article 21 of the GDPR you have the right to object. In addition, you have the right to portability of your data and the right to lodge a complaint with a data protection supervisory authority if you are not satisfied with our processing of your personal data.

7.3
Please address any requests for information, inquiries, objections to the processing of your data, and any questions you may have to Vitra International AG, Klünenfeldstr.22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to privacy@vitra.com.

7.4
If you have any questions concerning data protection, please feel free to contact our Data Protection Officer, Mr. Simon Brandmeier, at dsb@vitra.com.


8. Vitra Campus app

In the following we would like to inform you about the collection, processing and use of your data via the Vitra Campus app.

8.1 Download the app
When the Vitra Campus app is downloaded from the respective app store, the necessary data (e.g. user name, email address, device code) are transmitted to the app store operator. The app store operator is only responsible for data processing. We have no influence on the type and scope of the data processed by the respective app store operator or the disclosure of this data to third parties.

8.2. Automated collection and processing of user data

8.2.1
Every time the Vitra Campus app is used, our server automatically and temporarily collects information in the server log files that are transmitted by the Vitra Campus app. If you want to use the Vitra Campus app, we collect the following data, which is technically necessary for us to show you our content and to ensure stability and security (the legal basis is Art. 6 (1) (1) (f) of the GDPR ):

- IP address of the terminal device - Device model - The app version used - The operating software (iOS version)
There is no personalised evaluation of the server log files. At no time can the provider assign this data to specific persons. This data is not merged with other data sources.

8.2.2
We use the Google Analytics analysis service provided by Google Ireland Ltd in our Vitra Campus app to analyse and regularly improve the use of the Vitra Campus app. The information contained in Clause 2.2 of this privacy statement applies correspondingly.

8.2.3
We use the Google Firebase service provided by Google. This service serves to provide certain functionalities, to improve the app and to correct errors in the app. The data collected for this purpose is made available to us in anonymised form. It is recorded whether a crash has occurred, which line of code caused the crash and the type and operating system of the mobile device concerned. This data is used exclusively to reproduce errors in the app and to be able to correct them in the course of future development. No personal data is transmitted. Firebase's privacy policy can be viewed here: https://firebase.google.com/terms/data-processing-terms

8.3 Data processing as part of the features offered

8.3.1 Product scanner
The Vitra Campus app enables you to identify Vitra products with the product scanner. If you use the product scanner, take a photo or transfer the image from the camera so that we can show you further information about the respective product and about complementary or comparable products.

We collect your location data in order to be able to offer you this feature. To do this, you must allow the Vitra Campus app to access the location. However, we only record the location determined by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device. You can allow or decline the recording of the location at any time in the settings of your operating system.

The legal basis of this data processing is Art. 6 (1) (1) (b) of the GDPR. The photos will be deleted immediately after processing and will not be used for any purpose other than to provide the product scanner functions described.

8.3.2 Consultations
Using the Vitra Campus app, you can get in touch with one of our Vitra product experts and arrange an individual consultation appointment. If you make use of this option, the data entered in the contact form will be transmitted to us and processed accordingly. The personal data you provide (first and last name, email address, [•]) will only be processed to deal with your request. Further processing (e.g. use for advertising by email, analysis of your interests for advertising purposes, disclosure to third parties) will only take place if you have given us your consent. We delete the data arising in this context after storage is no longer necessary, or restrict the processing if there are statutory retention requirements. The legal basis is Art. 6 (1) (b) of the GDPR or Art. 6 (1) (a) of the GDPR.

8.3.3 Campus map
You have the option of using our campus map to view the surroundings on the Vitra Campus and in individual buildings accessible to visitors (e.g. the VitraHaus). In order to be able to offer you this feature, we use the Apple Maps application and record your location data (GPS data). To do this, you must allow the Vitra Campus app to access the location. However, we only record the location determined by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device.

This function cannot be performed without location recording. The terms of use for Apple Maps can be found at https://www.apple.com/legal/internet-services/maps/terms-de.html. We only collect your location data to show you your current location on the campus map (Art. 6 (1) )b) of the GDPR). You can allow or decline the recording of the location at any time in the settings of your operating system.

8.3.4 Tickets
You have the opportunity to buy tickets for the Vitra Design Museum. For online ticket sales, we use the Reservix ticket platform provided by Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. The legal basis for this is Art. 6 (1) (f) of the GDPR. Our legitimate interest lies in offering a simple, safe and user-friendly way to buy tickets online for our visitors. Detailed information regarding how we process your data can be found in Reservix’s privacy policy at https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.

8.3.4 Tickets
Apple: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. https://www.apple.com/de/privacy

Google: Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. https://policies.google.com/privacy?hl=de&gl=de

Reservix: Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.


9. Video Surveillance, Vitra Campus Weil am Rhein

Controller: Vitra Services GmbH, Charles-Eames-Strasse 2, 79576 Weil am Rhein. The Data Protection Officer can be contacted at dsb@vitra.com.
Purposes and legal bases of the data processing: Prevention of vandalism and theft, domiciliary right, Art. 6 (1)(f) GDPR
The legitimate interests pursued are: Protection of property, Art. 13 (1)(d) GDPR
Duration of storage: 72 h

Information about the rights of data subjects
The data subject has the right to demand a confirmation from the controller about whether it will process the personal data concerned; if this is the case, he or she has the right to access this personal data and to the information listed in detail in Art. 15 GDPR.

The data subject has the right to demand from the controller that incorrect personal data concerning him or her be rectified immediately and, where applicable, that incomplete personal data be completed (Art. 16 GDPR).

The data subject has the right to demand from the controller that the personal data concerning him or her shall be erased immediately if one of the reasons listed in detail in Art. 17 GDPR are met, e.g. if the data are no longer required for the purposes pursued (right to erasure).

The data subject has the right to demand from the controller that the processing be restricted if one of the conditions listed in Art. 18 GDPR are met, e.g. if the data subject has lodged an objection to the processing for the duration of the review by the controller.

The data subject has the right to object to the processing of the personal data concerning him or her at any time for reasons which result from his or her particular situation. The controller shall then no longer process the personal data, unless it can prove compelling and legitimate reasons for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to claim, exercise or defend legal claims (Art. 21 GDPR).

Irrespective of any other legal remedy under administrative law or judicially, each data subject has the right to lodge a complaint to a supervisory authority if the data subject believes that the processing of personal data concerning him or her violates the GDPR (Art. 77 GDPR). The data subject can assert his or her right with a supervisory authority in the Member State in where he or she is resident, where he or she has his or her workplace or the place of the suspected violation.