ProductsChairsOffice chairsLounge chairsDining tablesCafé tablesDesksOffice furniture systemsCoffee & side tablesSofasMicro architectureAccessoriesLightingLiving roomDining roomHome officeChildren's roomOutdoorFocusWorkspaceMeetingWorkshopAlexander Girard Antonio CitterioCharles & Ray Eames Barber OsgerbyGeorge NelsonIsamu NoguchiJasper MorrisonJean ProuvéKonstantin GrcicRonan & Erwan BouroullecVerner PantonCare & repairSpare partsCare productsManufacturer warrantyNewBestsellerQuickly availableGift finderOffice chair finderLounge chair finderColour & materialMikadoColour Frame MirrorsInspirations Inspirations for homesEames Shell ChairsJean Prouvé CollectionStandard Chair & Chaise Tout BoisAn open house Making a home by collecting memoriesHigh comfort of low energyFurniture as part of the familyThe Art of indoor greeneryLiving with EamesCollecting vintage furniture & artLiving & working in an urban oasisA new life for a gropius houseTheir ideal home in touch with natureMagazineStoriesConversationsExhibitionsDesignerProject VitraShaping the future of energyFrom a toy to an objectWhat would nature doWhy design classics remain relevant, even in the officeA studio visit with Tsuyoshi TaneThe Eames Collection at the Vitra Design MuseumMoments in architectureAbout the partnership between Eames and VitraThe Eames La ChaiseSaul SteinbergTane Garden HouseWhat would Charles and Ray say?The Maison Jean ProuvéDesign is a highly political professionPhilosophy of select and arrangeThe OriginalHistory of communal workspacesVitra CampusExhibitionsGuided tours & workshopsFood and drinkShoppingArchitectureEventsNewsPlan your visitVitra Campus appVitraHausVitra Design MuseumVitra SchaudepotVitra Circle Store CampusOudolf GartenAbout VitraSustainabilityJobs & CareersDesign processThe Original is by VitraHistory - Project VitraProfessionalsClub OfficeCitizen OfficeDynamic SpacesAirports HospitalityHealthcareDownloadsColour & materialpConPlanning examplesCertificatesCare & maintenanceOur ClientsOffice chairsDancing OfficeA case for classicsConsulting & Planning StudioTo the dealer loginPassenger Terminal Expo 2024MikadoTyde 2 on castorsACXOur ClientsJoyn 2Abalon
Data Protection
A. Data Protection provisions for the Vitra.com website
Vitra International AG takes the protection of your personal data very seriously. The purpose of this Privacy Policy is to inform you of the type of personal data that will be collected when you use our website Vitra.com, as well as how we will process, use, and protect such data. Tshi Privacy Policy is aligned with the Swiss Data Protection Act (hereinafter “SDPA”), the European General Data Protection Regulation (hereinafter “GDPR”) and other applicable data protection regulations. Whereas GDPR, SDPA and other applicable data protection regulations may have slight differences in the definitions used, the terminology in this Privacy Policy is based on GDPR definitions, which have the same meaning in SDPA. Notwithstanding the above, please note that whether and to what extent the GDPR, SDPA or other data protection regulations apply to you depends on the individual case.
B. Data Protection Statement - Vitra International AG
1. Scope
1.1
Use of the vitra.com website is subject to the Privacy Policy set out below. This website is a service provided by Vitra International AG, Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”). Where relevant, Vitra is the controller.
1.2
Protecting your personal data is important to us, in particular, with regard to respecting your personal rights in connection with the processing and use of such data. The term “personal data” refers to information regarding the personal and/or factual circumstances of an identified or identifiable natural person. This includes, for example, the person’s name, postal address, email address and/or telephone number, as well as user data such as the IP address. We collect, process, and use your personal data in compliance with the relevant laws
2. Automated data collection and processing by your browser
2.1 General
As with every website, our server automatically collects the following information and temporarily saves it in server log files, which are transmitted by your browser – unless you have deactivated such function:
- the IP address of the computer transmitting the request
- the client’s file request
- the http response code
- the volume of data transmitted
- the website from which you access our website (referrer URL)
- the date and time of the server request
- the type, version and language of your browser
- the operating system on the computer transmitting the request
Our server log files are not evaluated based on personal use. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
2.2 Use of cookies
In order to learn about your individual preferences and adjust our offerings optimally to best meet your needs, we use so-called “cookies” on our website vitra.com. Cookies are small text files that are saved on your computer or mobile device and that your computer or mobile device can retrieve at a later time. We use the consent management service provided by Usercentrics GmbH, which helps you to understand the functionality and characteristics of cookies and to select or deactivate various tags, trackers and analytic tool used on this website. You can access all cookie information and settings by clicking the “Cookie Settings” on the bottom on this page.
3. Collection and processing of data provided voluntarily
3.1 Contact form
When you provide us with personal data by email, in our online shop or via the contact form available on our website, this is voluntary. This data is used to fulfil our contractual relationship, to process your inquiries and orders, for our own market or opinion research and for our own advertising by postal mail. Your data will be used for our own advertising by email only if you have given us consent to do so. We delete the data that arises in this context after its storage is no longer required, or we limit processing if there are statutory retention requirements. Legal basis for processing is performance of the contract and our legitimate interest.
When you register in our online shop and create a customer profile, we save the customer account information you provided (in particular, your name, billing and delivery addresses, telephone number, payment information and email address) so that you do not have to re-enter your data every time you place an order. You can update or delete your profile at any time. Legal basis for processing is performance of the contract.
3.2 Newsletter
If you would like to subscribe to our newsletter, please provide your valid email address and your country of origin, and confirm that you are in agreement with the following (therefore, legal basis for such processing is your consent):
“I agree that Vitra International AG and the companies linked below may process and use the data I have entered to send me an email newsletter to inform me about furniture and home accessories, as well as ongoing company promotions and events. I also agree that Vitra International AG and the companies linked below may transmit my email address to selected social networks (Facebook, Instagram, LinkedIn, Twitter, Pinterest and Google AdWords) in order to show me personalised advertising. I can find a list of the companies in questionhere. I can revoke this agreement at any time by sending written notification to Vitra International AG at Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to [email protected]. In the event that I revoke consent, the data I have entered will be deleted at all the companies in question and will no longer be used for sending the newsletter.
3.3 Social platforms
On the basis of your consent in accordance with Section 3.2, we work together with Facebook, Instagram, LinkedIn, Twitter, Pinterest and Google AdWords for the purpose of personalized advertising in social networks. These companies will receive your email address with your consent. If we place advertisements in the respective medium, they will be shown to you. We have no influence on further processing in the social networks. You can find more information on this in the respective provider’s privacy policy. Legal basis for such processing is consent.
Information regarding the third-party provider:
Facebook:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://www.facebook.com/privacy/explanation
Google Ad Words:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, 1001; privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://de-de.facebook.com/help/instagram/519522125107875
LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; privacy policy; https://www.linkedin.com/legal/privacy-policy
Pinterest: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA; privacy policy; https://policy.pinterest.com/en/privacy-policy
Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; privacy policy: https://twitter.com/en/privacy
4. Transmission to third parties
4.1 General
If you have given us personal data, this will not be passed on to third parties. Any transfer that takes place will only be
- with your consent
- as part of processing your inquiries, your orders and the use of our services to commissioned subcontractors, who only receive the necessary data for the execution of this order and use it for a specific purpose
- as part of order data processing in accordance with the statutory provisions to service providers bound by instructions
- as part of the fulfilment of legal obligations to entities entitled to receive information.
4.2 Payment
To process payments made by credit card, EPS (Electronic Payment Standard), PayPal or RatePAY (buying on account), we will transmit your data to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, the Netherlands. In addition to the data regarding your order and the shipping and payment methods you have requested, we will forward the following categories of personal data to this payment service provider:
- your name
- your gender
- your billing address
- your email address
- your IP address
- your customer ID
Responsibility regarding your data lies with the relevant payment service provider (PayPal, RatePAY etc.). The legal basis for the transfer is the execution of the contract. Please know that this provider will transmit your personal data to other parties as required to process payments, including – but not limited to – the credit institutions, banks and credit card providers involved. These parties will then also process your personal data to handle your payments. For customers based in Germany, the payment service provider will request additional information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter “SCHUFA”) and to this end will provide SCHUFA with information regarding the customer’s name, billing address and gender. Legal basis for such processing is legitimate interest credit institutions.
4.2.1 RatePAY
If you select payment on account during the course of the ordering process, please note that we will transmit your payment data for payment processing services to RatePAY GmbH, Schlüterstr. 39, 10629 Berlin, Germany.
The option for payment on account is conditional on a mathematical statistical assessment of your credit risk by RatePAY GmbH. We transmit the personal data RatePAY GmbH requires to perform this credit check. In particular, these are your first and last name, postal address, date of birth, gender, email address, IP address and telephone number, as well as the data required to process the payment on account related to your order – for example, the quantity of products, product numbers, invoiced amount and amount of tax as a percentage. RatePAY uses this data to obtain information from one or more credit reporting agencies (such as SCHUFA HOLDING AG) for the purpose of checking your identity and creditworthiness. The list of credit agencies with which RatePAY exchanges data can be viewed athttps://www.ratepay.com/legal-creditagencies. The data is passed based on legitimate interests of credit institution.
Further information on the payment service offered by RatePAY and the data protection provisions can be found athttps://www.ratepay.com/legal/.
You can at any time request information about the data that RatePAY GmbH has stored about you, or inform the company of changes to this data. You can find detailed information on the processing of your personal data by RatePAY GmbH, on the credit check carried out and on your rights athttps://www.ratepay.com.
4.2.2 Klarna
In order to be able to offer you the payment options provided by Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter “Klarna”), we will transmit your personal data, such as contact details and order data, to Klarna. This enables Klarna to first assess whether you can use the payment options offered by Klarna and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Klarna. Klarna processes your data for payment processing as part of the execution of the contract. General information about Klarna can be foundhere. Klarna will handle your personal details in accordance with the applicable data protection regulations and in accordance with the information inKlarna's data protection regulations.
4.2.3 Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, your payment details will be passed to Apple in encrypted form for payment processing. Apple encrypts this data again with a developer-specific key before the data is passed to the payment processor of the payment card stored in Apple Pay for the purposes of carrying out the payment. The encryption ensures that only we can access the payment data. After payment has been made, Apple sends us your device account number and a transaction-specific, dynamic security code to confirm the payment. The legal basis for the transfer is the execution of the contract.
Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and approximate time, and whether the transaction was successfully completed. Anonymisation completely rules out the possibility of this data being connected with an individual. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format with which you can be identified. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deselect “Allow payments on Mac”. Further details regarding data protection with Apple Pay can be found athttps://support.apple.com/en-us/HT203027
4.2.2 SCHUFA
Please note that we transmit all data regarding extrajudicial and judicial collection measures relating to overdue and uncontested claims to SCHUFA. Legal basis for processing is the execution of the contract as well as our legitimate interest. If SCHUFA is provided with similar data relating to other contractual relationships after we have transmitted such information, we may be informed of this too. SCHUFA’s contracting partners primarily include credit institutions, credit card providers and leasing companies. Moreover, SCHUFA releases information to retail, telecommunication and other companies that offer goods and services on credit. Data is transmitted as specified above only if this is permitted after weighing the interests of all parties involved. Along with the aforementioned information, SCHUFA can provide its contracting partners with a probability value for credit risk assessment, calculated based on data saved in SCHUFA’s systems (score procedure). You have the right to obtain information from SCHUFA regarding the saved data relating to you. SCHUFA’s address is: SCHUFA Holding AG, Verbraucherservicezentrum Hannover, Postfach 56 40, 30056 Hannover, Germany. You can find more information about SCHUFA, data processing by SCHUFA and your right to obtain information athttps://www.schufa.de/en/data-privacy/.
4.3 Customer surveys
We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin to carry out customer surveys. Zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyse feedback from our customers via our online shop. This makes it possible for us to improve and align our offerings to the needs of our customers. When using the feedback tool, zenloop records the public IP address, device and browser data, as well as the website from which we use the feedback platform. Zenloop also uses cookies and other similar technology to collect aggregated data about users. In addition, zenloop collects your survey responses. We have concluded an order processing agreement with zenloop in accordance with legal processor requirements and have ensured to our satisfaction that zenloop carries out suitable technical and organisational measures in such a way that processing takes place in accordance with the requirements of the GDPR and guarantees the protection of your rights.
Information regarding the third-party provider: zenloop GmbH, Pappelallee 78/79, 10437 Berlin, Germany. For further information, please consult their privacy policy at
https://www.zenloop.com/en/legal/privacy
4.3 CRM
We store your personal data as an individual customer profile in our CRM system. You provide us with such personal data by making a purchase order via our online shop, via our sales staff or when you enter data in your preference center on vitra.com. Processing of such data is based on a legitimate interest in accordance to remain in contact with you and to provide you with relevant offers and content based on your previous purchases and interests. If you have consented to receiving our newsletter and depending on your cookie settings, we may also link further information about your usage behavior on our website or newsletter to your customer profile. Legal basis for this is your consent.
By linking this data, we can better understand your personal interests and thus adapt contents of our mailing to you based on your interests, invite you to relevant events and approach you selectively via our sales team. You will only be contacted by telephone or by individualized newsletter if you have given us your consent. Furthermore, we use this data for our own market research and to improve our products and services.
We use the cloud provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Straße 31, 80636 Munich, Germany, which is a daughter company of salesforce.com Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA). The CRM system is operated by Salesforce on servers in the European Union. A transfer of the data to Salesforce takes place within the scope of an order processing. In the event that salesforce.com Inc. is granted access to data in the course of providing the service, EU standard contractual clauses were concluded with Salesforce as authoirsed by the governemtnal bodies.
4.3 Vitra professionals
If you provide us with personal data when using Vitra Professionals, this is generally done on a voluntary basis. This data is used to fulfil our contractual relationship, to process your inquiries and orders, for our own market or opinion research and for our own advertising by postal mail. Your data will be used for our own advertising by email only if you have given us consent to do so. We delete the data that arises in this context after its storage is no longer required, or we limit processing if there are statutory retention requirements. The legal basis for this is performance of the contract as well as our legitimate interest.
If you register as a specialist retailer with Vitra Professionals and create a profile for your company or your employees, we will save the account information you have entered (in particular the name, email address and country of origin) so that you do not have to enter it again with each operation. You can update or delete your profile(s) at any time. The legal basis is performance of the contract.
Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us is fulfilled. After completion of the contract, your data will be blocked and deleted once the tax and commercial law regulations have expired, unless you have expressly consented to the use of data beyond this. If mandatory retention periods under commercial and tax law have to be observed, the duration of the storage of certain data can be up to ten years.
5. Social Networks
5.1 Facebook
In this section, we would like to inform you about the collection, processing and use of your data via Vitra's Facebook page (https://de-de.facebook.com/vitra/).
The Facebook page is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”).
Facebook is in principle responsible for the collection and processing of personal user data on Facebook. Please note that Facebook can collect and process certain data even if you do not have your own Facebook user account. Further information on data processing by Facebook can be found in their privacy policy.
As the operator of the Facebook page, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your user account. If you contact us on a voluntary basis via a Fan Page (for example via the comment or message function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Meta Platforms Inc. based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on a legal basis, since we have an overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Facebook users and third parties, and that we have no influence on how they use the information available to them.
Facebook users can use the settings for advertising preferences to influence the extent to which their user behaviour may be recorded when visiting our Instagram page. The Facebook and Instagram settings or the form to exercise your right of objection offer further options.
You can also prevent your information from being processed by means of the cookies used by Facebook, by not allowing cookies from third-party providers or those from Facebook in your own browser settings.
When you visit our Fan Page, Facebook collects specific usage data by setting a cookie and storing the IP address, which Facebook processes according to partially pre-set criteria for statistical information in different categories (e.g. number of followers, age structure, demographics) and provides to us. These so-called “insights” are only transmitted to us in anonymised form. We use these statistics to collect information about our products and to make our contributions as targeted as possible. The processing is therefore based on a legitimate interest.
In principle, we and Facebook are responsible for processing the data from these insights. However, Facebook has given us a commitment to assume primary responsibility for processing the insights and, in particular, to fulfil all obligations under the GDPR to protect the rights of the data subjects. You can view the agreement on which this obligation is based (“Page Insights Supplement”) here.
5.2 Instagram
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Instagram profile (https://www.instagram.com/vitra/).
The Instagram profile is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”). Please see above "Facebook".
5.3 Twitter
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Twitter account (https://www.twitter.com/vitra/).
The Twitter account is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, a subsidiary of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA (hereinafter “Twitter”).
Twitter is in principle responsible for the collection and processing of personal user data on Twitter. Please note that Twitter can collect and process certain data even if you do not have your own Twitter account. Further information on data processing by Twitter can be found in their privacy policy.
As the operator of the Twitter account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Twitter profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Twitter Inc. based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the Twitter community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Twitter users and third parties, and that we have no influence on how they use the information available to them.
Twitter users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://twitter.com/en/privacy.
You can also prevent your information from being processed by means of the cookies used by Twitter, by not allowing cookies from third-party providers or those from Twitter in your own browser settings.
5.4 YouTube
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s YouTube account (https://www.youtube.com/vitra/).
The YouTube account is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC (hereinafter “YouTube”) is a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
YouTube is in principle responsible for the collection and processing of personal user data on YouTube. Please note that YouTube can collect and process certain data even if you do not have your own YouTube account. Further information on data processing by YouTube can be found in their privacy policy.
As the operator of the YouTube account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your YouTube profile. If you contact us on a voluntary basis via YouTube (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by YouTube and Google based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the YouTube community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both YouTube users and third parties, and that we have no influence on how they use the information available to them.
YouTube users can use their settings to influence the extent to which their user behaviour may be recorded. You can object to the use for advertising purposes here: https://adssettings.google.com/authenticated.
You can also prevent your information from being processed by means of the cookies used by YouTube and Google, by not allowing cookies from third-party providers or those from YouTube and Google in your own browser settings.
5.5 LinkedIn
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s LinkedIn account (https://www.linkedin.com/company/vitra).
The LinkedIn profile is provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Inc., U.S.A. (hereinafter “LinkedIn”).
LinkedIn is in principle responsible for the collection and processing of personal user data on LinkedIn. Please note that LinkedIn can collect and process certain data even if you do not have your own LinkedIn account. Further information on data processing by LinkedIn can be found in their privacy policy.
As the operator of the LinkedIn profile, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your LinkedIn profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by LinkedIn Inc. based in the USA. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary for the development, operation and maintenance of the services takes place in a lawful manner.
We do not pass on any personal data ourselves. The personal data is processed by us on a legal basis, since we have an overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both LinkedIn users and third parties, and that we have no influence on how they use the information available to them.
LinkedIn users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://www.linkedin.com/psettings/.
You can also prevent your information from being processed by means of the cookies used by LinkedIn, by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings.
5.6 Pinterest
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Pinterest account (https://www.pinterest.com/vitra/).
The Pinterest account is provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (hereinafter “Pinterest”).
Pinterest is in principle responsible for the collection and processing of personal user data on Pinterest. Please note that Pinterest can collect and process certain data even if you do not have your own Pinterest account. Further information on data processing by Pinterest can be found in their privacy policy.
As the operator of the Pinterest account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Pinterest account. If you contact us on a voluntary basis via the Pinterest website (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Pinterest Inc. based in the USA. If Pinterest transfers personal data from the EEA to a country that does not have adequate protection regulations, Pinterest takes appropriate measures to protect your data (e.g. through standard contractual clauses).
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the Pinterest community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Pinterest users and third parties, and that we have no influence on how they use the information available to them.
Pinterest users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://policy.pinterest.com/en/cookies.
You can also prevent your information from being processed by means of the cookies used by Pinterest, by not allowing cookies from third-party providers or those from Pinterest in your own browser settings.
6. Data protection provisions for the Vitra Campus app
6.1 General
When the Vitra Campus app is downloaded from the respective app store, the necessary data (e.g. user name, email address, device code) is transmitted to the app store operator. The app store operator alone is responsible for data processing. We have no influence on the type and scope of the data processed by the respective app store operator or the disclosure of this data to third parties.
6.2 Automated collection and processing of user data
Every time the Vitra Campus app is used, our server automatically and temporarily collects information in the server log files that are transmitted by the Vitra Campus app. If you want to use the Vitra Campus app, we collect the following data, which is technically necessary for us to show you our content and to ensure stability and security, legitimate basis for which is our overiding legitimate interest:
- IP address of the terminal device
- device model
- app version used
- operating software (iOS version)
There is no personalised evaluation of the server log files. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
6.3 Google Analytics
We use the Google Analytics analysis service provided by Google Ireland Ltd in our Vitra Campus app to analyse and regularly improve the use of the Vitra Campus app. The information contained in Section 2.2 of this Privacy Policy applies correspondingly.
6.4 Google Firebase
We use the Google Firebase service provided by Google. This service is there to provide certain functionalities, improve the app and correct errors in the app. The data collected for this purpose is made available to us in anonymised form. The information that is recorded concerns whether a crash has occurred, which line of code caused the crash and the type and operating system of the mobile device concerned. This data is used exclusively to reproduce errors in the app and to be able to correct them during future development. No personal data is transmitted. The Firebase privacy policy can be viewed here: https://firebase.google.com/terms/data-processing-terms
The processing is based on our legitimate interest.
7. Data processing as part of the features offered
7.1 Product scanner
IThe Vitra Campus app enables you to identify Vitra products with the product scanner. When you use the product scanner, you take a photo or transfer the image from the camera so that we can show you further information about the respective product and about complementary or comparable products.
We collect your location data in order to be able to offer you this feature. To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device. You can allow or decline recording of your location at any time in the settings of your operating system.
The legal basis of this data processing is the need to perform a contract. The photos will be deleted immediately after processing and will not be used for any purpose other than to provide the product scanner functions described.
7.2 Campus map
You have the option of using our campus map to view the surroundings on the Vitra Campus and in individual buildings accessible to visitors (e.g. VitraHaus). In order to be able to offer you this feature, we use the Apple Maps application and record your location data (GPS data). To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device.
This function cannot be performed without location recording. The Apple Maps terms of use can be found at https://www.apple.com/legal/internet-services/maps/terms-en.html. We only collect your location data to show you your current location on the campus map. Legitimate interest for such processing is performance of the contract. You can allow or decline recording of your location at any time in the settings of your operating system.
7.3 Tickets
You have the opportunity to buy tickets for the Vitra Design Museum. We use the Reservix ticket platform provided by Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany for online ticket sales. The legal basis for this is legitimate interest. Our legitimate interest lies in offering a simple, safe and user-friendly way for our visitors to buy tickets online. Detailed information regarding how we process your data can be found in the Reservix privacy policy at https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
7.4 Additonal information about third-party providers
Apple: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. https://www.apple.com/legal/privacy/
Google: Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. https://policies.google.com/privacy?hl=en-US
Reservix: Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
8. Visits to the Vitra Campus Weil am Rhein
8.1 General
Controller: Vitra Services GmbH, Charles-Eames-Strasse 2, 79576 Weil am Rhein. The Data Protection Officer can be contacted at: [email protected]
8.2 Video surveillance
Purposes and legal bases of data processing: Prevention of vandalism and theft; the right to allow or deny access to premises. Processing is based on our legitimate interest.
The legitimate interests pursued are: Protection of property.
Duration of storage: 72 h
8.3 Registrations
When you register for guided tours or events on the Campus, we collect the data you provide (if applicable, as the contact person for a group) in the respective registration form (name, contact details, company affiliation, if applicable, time of visit). Your data will be passed on to the relevant departments for your visit, e.g. the restaurant or the museum.
The data is processed for the purpose of coordinating and carrying out your visit (contractual basis) and to safeguard our domiciliary rights (legitimate interests).
Duration of storage: Two years after your visit, unless there are statutory retention obligations or legitimate interests that require longer storage in individual cases.
9. Data protection information for online meetings, conference calls and webinars via Microsoft Teams
9.1 Purpose of processing
We use the “Microsoft Teams” tool to hold telephone conferences, online meetings, video conferences and/or webinars (hereinafter “online meetings”).
9.2 Data controller
Vitra International AG, Klünenfeldstrasse 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”) is responsible for data processing that is directly related to the performance of online meetings.
Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA and its affiliated companies (hereinafter collectively “Microsoft”). In order to be able to provide you with this service, Microsoft acts for us as a processor.
Please note that this data protection notice only informs you about how Vitra processes your personal data if you participate in online meetings with us. You can find more information about how Microsoft processes your personal data under https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/microsofts-commitment-privacy-security-microsoft-teams/ as well as the Microsoft Online Services Terms of Use.
Note: If you access the Microsoft Teams website, Microsoft is responsible for data processing. To use Microsoft Teams, you only need to access the website to download the software for using Microsoft Teams.
If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service is then also provided via the Microsoft Teams website.
9.3 Which data is processed?
When we use Microsoft Teams, we automatically process certain information that you transmit to us. The scope of the processed data also depends on the details of the data you provide before or while participating in an online meeting.
The following personal data is processed:
- IP address of the requesting end device
- information about the user: e.g. display name, business contact details such as email address, profile picture (optional), preferred language
- meeting metadata: e.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: You may have the option of using the chat function in an online meeting. In that case, the text entries you make are processed in order to display them in the online meeting. In order to enable video display and audio playback, the data from the microphone of your end device and any video camera on the end device is processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Microsoft Teams applications
9.4 Scope of procesingg
We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will inform you of this transparently in advance and – if necessary – ask for your consent.
If this is required for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
We do not use automated decision-making (“Profiling”).
9.5 Legal basis for data processing
If personal data is processed by employees of Vitra International AG within the employment context, Section 26 Para. 1 BDSG (the German Federal Data Protection Act) is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for establishment, implementation or termination of the employment relationship, but is an elementary component in the use of Microsoft Teams, Art. 6 Para. 1 lit. f) GDPR is the legal basis for data processing. Our interest in these cases is in the effective implementation of online meetings.
In all other respects, the legal basis for data processing when conducting online meetings is execution of the contract, if as the meetings are held in the context of contractual relationships.
If there is no contractual relationship, the legal basis is our legitimate ineterst. Here, too, we are interested in the effective implementation of online meetings.
9.6 Recipients/disclosure of data
If you have given us personal data, this will in principal not be passed on to third parties. A transfer only takes place
- with your consent
- in the context of a legitimate interest, if the data disclosed during a meeting is intended to be passed on. Please note that content from online meetings as well as from physical meetings is often in fact used to share information with customers, interested parties or third parties;
- as part of order data processing, in accordance with the statutory provisions, to Microsoft as a service provider bound by instructions;
- in the context of a legitimate interest within our group of companies for internal administrative purposes, including joint customer service, if necessary;
- as part of processing your concerns to commissioned subcontractors, who only receive the necessary data for the execution of this order and use this for a specific purpose;
- as part of the fulfilment of legal obligations to entities entitled to receive information.
9.7 Data processing outside the European Union
There is no data processing outside the European Union (EU), as we have limited our storage location to data centres in the European Union.
Likewise, processing by Microsoft usually takes place within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. If personal data is transmitted to the USA as part of order processing, we have agreed standard contractual clauses with Microsoft.
9.8 Right to object
You have the right to object at any time to the processing – among other reasons, based on personal data relating to you for reasons that arise from your particular situation. We will then stop processing your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
9.9 Deletion of data
We generally delete personal data if there is no requirement for further storage. A requirement may in particular exist if the data is still required for purposes of fulfilling contractual services, checking warranty and – where applicable – guarantee claims and to be able to grant or defend these. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
10. Your rights
10.1
You may receive information about the data we have stored about you and about its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage – free of charge, at any time without giving reasons.
10.2
In addition, you have the right to correct, block and delete your personal data in accordance with the statutory provisions. If you have given your consent to the use of data, you can revoke this at any time and without giving reasons. If your data is processed on the basis of legitimate interests in accordance, you have the right to object in accordance. You also have the right to data portability. You furthermore have the right to complain to a data protection supervisory authority about our processing of your personal data.
10.3
Please send your requests for information, objections to data processing and other inquiries to Vitra International AG, Klünenfeldstraße 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to the email address [email protected].
10.4
For any questions in connection with data protection, you can also contact our data protection officer, Mr. Simon Brandmeier, who can be reached at [email protected].
Last Update: 18.07.2023
Vitra International AG takes the protection of your personal data very seriously. The purpose of this Privacy Policy is to inform you of the type of personal data that will be collected when you use our website Vitra.com, as well as how we will process, use, and protect such data. Tshi Privacy Policy is aligned with the Swiss Data Protection Act (hereinafter “SDPA”), the European General Data Protection Regulation (hereinafter “GDPR”) and other applicable data protection regulations. Whereas GDPR, SDPA and other applicable data protection regulations may have slight differences in the definitions used, the terminology in this Privacy Policy is based on GDPR definitions, which have the same meaning in SDPA. Notwithstanding the above, please note that whether and to what extent the GDPR, SDPA or other data protection regulations apply to you depends on the individual case.
B. Data Protection Statement - Vitra International AG
1. Scope
1.1
Use of the vitra.com website is subject to the Privacy Policy set out below. This website is a service provided by Vitra International AG, Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”). Where relevant, Vitra is the controller.
1.2
Protecting your personal data is important to us, in particular, with regard to respecting your personal rights in connection with the processing and use of such data. The term “personal data” refers to information regarding the personal and/or factual circumstances of an identified or identifiable natural person. This includes, for example, the person’s name, postal address, email address and/or telephone number, as well as user data such as the IP address. We collect, process, and use your personal data in compliance with the relevant laws
2. Automated data collection and processing by your browser
2.1 General
As with every website, our server automatically collects the following information and temporarily saves it in server log files, which are transmitted by your browser – unless you have deactivated such function:
- the IP address of the computer transmitting the request
- the client’s file request
- the http response code
- the volume of data transmitted
- the website from which you access our website (referrer URL)
- the date and time of the server request
- the type, version and language of your browser
- the operating system on the computer transmitting the request
Our server log files are not evaluated based on personal use. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
2.2 Use of cookies
In order to learn about your individual preferences and adjust our offerings optimally to best meet your needs, we use so-called “cookies” on our website vitra.com. Cookies are small text files that are saved on your computer or mobile device and that your computer or mobile device can retrieve at a later time. We use the consent management service provided by Usercentrics GmbH, which helps you to understand the functionality and characteristics of cookies and to select or deactivate various tags, trackers and analytic tool used on this website. You can access all cookie information and settings by clicking the “Cookie Settings” on the bottom on this page.
3. Collection and processing of data provided voluntarily
3.1 Contact form
When you provide us with personal data by email, in our online shop or via the contact form available on our website, this is voluntary. This data is used to fulfil our contractual relationship, to process your inquiries and orders, for our own market or opinion research and for our own advertising by postal mail. Your data will be used for our own advertising by email only if you have given us consent to do so. We delete the data that arises in this context after its storage is no longer required, or we limit processing if there are statutory retention requirements. Legal basis for processing is performance of the contract and our legitimate interest.
When you register in our online shop and create a customer profile, we save the customer account information you provided (in particular, your name, billing and delivery addresses, telephone number, payment information and email address) so that you do not have to re-enter your data every time you place an order. You can update or delete your profile at any time. Legal basis for processing is performance of the contract.
3.2 Newsletter
If you would like to subscribe to our newsletter, please provide your valid email address and your country of origin, and confirm that you are in agreement with the following (therefore, legal basis for such processing is your consent):
“I agree that Vitra International AG and the companies linked below may process and use the data I have entered to send me an email newsletter to inform me about furniture and home accessories, as well as ongoing company promotions and events. I also agree that Vitra International AG and the companies linked below may transmit my email address to selected social networks (Facebook, Instagram, LinkedIn, Twitter, Pinterest and Google AdWords) in order to show me personalised advertising. I can find a list of the companies in questionhere. I can revoke this agreement at any time by sending written notification to Vitra International AG at Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to [email protected]. In the event that I revoke consent, the data I have entered will be deleted at all the companies in question and will no longer be used for sending the newsletter.
3.3 Social platforms
On the basis of your consent in accordance with Section 3.2, we work together with Facebook, Instagram, LinkedIn, Twitter, Pinterest and Google AdWords for the purpose of personalized advertising in social networks. These companies will receive your email address with your consent. If we place advertisements in the respective medium, they will be shown to you. We have no influence on further processing in the social networks. You can find more information on this in the respective provider’s privacy policy. Legal basis for such processing is consent.
Information regarding the third-party provider:
Facebook:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://www.facebook.com/privacy/explanation
Google Ad Words:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, 1001; privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://de-de.facebook.com/help/instagram/519522125107875
LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; privacy policy; https://www.linkedin.com/legal/privacy-policy
Pinterest: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA; privacy policy; https://policy.pinterest.com/en/privacy-policy
Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; privacy policy: https://twitter.com/en/privacy
4. Transmission to third parties
4.1 General
If you have given us personal data, this will not be passed on to third parties. Any transfer that takes place will only be
- with your consent
- as part of processing your inquiries, your orders and the use of our services to commissioned subcontractors, who only receive the necessary data for the execution of this order and use it for a specific purpose
- as part of order data processing in accordance with the statutory provisions to service providers bound by instructions
- as part of the fulfilment of legal obligations to entities entitled to receive information.
4.2 Payment
To process payments made by credit card, EPS (Electronic Payment Standard), PayPal or RatePAY (buying on account), we will transmit your data to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, the Netherlands. In addition to the data regarding your order and the shipping and payment methods you have requested, we will forward the following categories of personal data to this payment service provider:
- your name
- your gender
- your billing address
- your email address
- your IP address
- your customer ID
Responsibility regarding your data lies with the relevant payment service provider (PayPal, RatePAY etc.). The legal basis for the transfer is the execution of the contract. Please know that this provider will transmit your personal data to other parties as required to process payments, including – but not limited to – the credit institutions, banks and credit card providers involved. These parties will then also process your personal data to handle your payments. For customers based in Germany, the payment service provider will request additional information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter “SCHUFA”) and to this end will provide SCHUFA with information regarding the customer’s name, billing address and gender. Legal basis for such processing is legitimate interest credit institutions.
4.2.1 RatePAY
If you select payment on account during the course of the ordering process, please note that we will transmit your payment data for payment processing services to RatePAY GmbH, Schlüterstr. 39, 10629 Berlin, Germany.
The option for payment on account is conditional on a mathematical statistical assessment of your credit risk by RatePAY GmbH. We transmit the personal data RatePAY GmbH requires to perform this credit check. In particular, these are your first and last name, postal address, date of birth, gender, email address, IP address and telephone number, as well as the data required to process the payment on account related to your order – for example, the quantity of products, product numbers, invoiced amount and amount of tax as a percentage. RatePAY uses this data to obtain information from one or more credit reporting agencies (such as SCHUFA HOLDING AG) for the purpose of checking your identity and creditworthiness. The list of credit agencies with which RatePAY exchanges data can be viewed athttps://www.ratepay.com/legal-creditagencies. The data is passed based on legitimate interests of credit institution.
Further information on the payment service offered by RatePAY and the data protection provisions can be found athttps://www.ratepay.com/legal/.
You can at any time request information about the data that RatePAY GmbH has stored about you, or inform the company of changes to this data. You can find detailed information on the processing of your personal data by RatePAY GmbH, on the credit check carried out and on your rights athttps://www.ratepay.com.
4.2.2 Klarna
In order to be able to offer you the payment options provided by Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter “Klarna”), we will transmit your personal data, such as contact details and order data, to Klarna. This enables Klarna to first assess whether you can use the payment options offered by Klarna and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Klarna. Klarna processes your data for payment processing as part of the execution of the contract. General information about Klarna can be foundhere. Klarna will handle your personal details in accordance with the applicable data protection regulations and in accordance with the information inKlarna's data protection regulations.
4.2.3 Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, your payment details will be passed to Apple in encrypted form for payment processing. Apple encrypts this data again with a developer-specific key before the data is passed to the payment processor of the payment card stored in Apple Pay for the purposes of carrying out the payment. The encryption ensures that only we can access the payment data. After payment has been made, Apple sends us your device account number and a transaction-specific, dynamic security code to confirm the payment. The legal basis for the transfer is the execution of the contract.
Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and approximate time, and whether the transaction was successfully completed. Anonymisation completely rules out the possibility of this data being connected with an individual. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format with which you can be identified. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deselect “Allow payments on Mac”. Further details regarding data protection with Apple Pay can be found athttps://support.apple.com/en-us/HT203027
4.2.2 SCHUFA
Please note that we transmit all data regarding extrajudicial and judicial collection measures relating to overdue and uncontested claims to SCHUFA. Legal basis for processing is the execution of the contract as well as our legitimate interest. If SCHUFA is provided with similar data relating to other contractual relationships after we have transmitted such information, we may be informed of this too. SCHUFA’s contracting partners primarily include credit institutions, credit card providers and leasing companies. Moreover, SCHUFA releases information to retail, telecommunication and other companies that offer goods and services on credit. Data is transmitted as specified above only if this is permitted after weighing the interests of all parties involved. Along with the aforementioned information, SCHUFA can provide its contracting partners with a probability value for credit risk assessment, calculated based on data saved in SCHUFA’s systems (score procedure). You have the right to obtain information from SCHUFA regarding the saved data relating to you. SCHUFA’s address is: SCHUFA Holding AG, Verbraucherservicezentrum Hannover, Postfach 56 40, 30056 Hannover, Germany. You can find more information about SCHUFA, data processing by SCHUFA and your right to obtain information athttps://www.schufa.de/en/data-privacy/.
4.3 Customer surveys
We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin to carry out customer surveys. Zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyse feedback from our customers via our online shop. This makes it possible for us to improve and align our offerings to the needs of our customers. When using the feedback tool, zenloop records the public IP address, device and browser data, as well as the website from which we use the feedback platform. Zenloop also uses cookies and other similar technology to collect aggregated data about users. In addition, zenloop collects your survey responses. We have concluded an order processing agreement with zenloop in accordance with legal processor requirements and have ensured to our satisfaction that zenloop carries out suitable technical and organisational measures in such a way that processing takes place in accordance with the requirements of the GDPR and guarantees the protection of your rights.
Information regarding the third-party provider: zenloop GmbH, Pappelallee 78/79, 10437 Berlin, Germany. For further information, please consult their privacy policy at
https://www.zenloop.com/en/legal/privacy
4.3 CRM
We store your personal data as an individual customer profile in our CRM system. You provide us with such personal data by making a purchase order via our online shop, via our sales staff or when you enter data in your preference center on vitra.com. Processing of such data is based on a legitimate interest in accordance to remain in contact with you and to provide you with relevant offers and content based on your previous purchases and interests. If you have consented to receiving our newsletter and depending on your cookie settings, we may also link further information about your usage behavior on our website or newsletter to your customer profile. Legal basis for this is your consent.
By linking this data, we can better understand your personal interests and thus adapt contents of our mailing to you based on your interests, invite you to relevant events and approach you selectively via our sales team. You will only be contacted by telephone or by individualized newsletter if you have given us your consent. Furthermore, we use this data for our own market research and to improve our products and services.
We use the cloud provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Straße 31, 80636 Munich, Germany, which is a daughter company of salesforce.com Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA). The CRM system is operated by Salesforce on servers in the European Union. A transfer of the data to Salesforce takes place within the scope of an order processing. In the event that salesforce.com Inc. is granted access to data in the course of providing the service, EU standard contractual clauses were concluded with Salesforce as authoirsed by the governemtnal bodies.
4.3 Vitra professionals
If you provide us with personal data when using Vitra Professionals, this is generally done on a voluntary basis. This data is used to fulfil our contractual relationship, to process your inquiries and orders, for our own market or opinion research and for our own advertising by postal mail. Your data will be used for our own advertising by email only if you have given us consent to do so. We delete the data that arises in this context after its storage is no longer required, or we limit processing if there are statutory retention requirements. The legal basis for this is performance of the contract as well as our legitimate interest.
If you register as a specialist retailer with Vitra Professionals and create a profile for your company or your employees, we will save the account information you have entered (in particular the name, email address and country of origin) so that you do not have to enter it again with each operation. You can update or delete your profile(s) at any time. The legal basis is performance of the contract.
Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us is fulfilled. After completion of the contract, your data will be blocked and deleted once the tax and commercial law regulations have expired, unless you have expressly consented to the use of data beyond this. If mandatory retention periods under commercial and tax law have to be observed, the duration of the storage of certain data can be up to ten years.
5. Social Networks
5.1 Facebook
In this section, we would like to inform you about the collection, processing and use of your data via Vitra's Facebook page (https://de-de.facebook.com/vitra/).
The Facebook page is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”).
Facebook is in principle responsible for the collection and processing of personal user data on Facebook. Please note that Facebook can collect and process certain data even if you do not have your own Facebook user account. Further information on data processing by Facebook can be found in their privacy policy.
As the operator of the Facebook page, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your user account. If you contact us on a voluntary basis via a Fan Page (for example via the comment or message function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Meta Platforms Inc. based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on a legal basis, since we have an overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Facebook users and third parties, and that we have no influence on how they use the information available to them.
Facebook users can use the settings for advertising preferences to influence the extent to which their user behaviour may be recorded when visiting our Instagram page. The Facebook and Instagram settings or the form to exercise your right of objection offer further options.
You can also prevent your information from being processed by means of the cookies used by Facebook, by not allowing cookies from third-party providers or those from Facebook in your own browser settings.
When you visit our Fan Page, Facebook collects specific usage data by setting a cookie and storing the IP address, which Facebook processes according to partially pre-set criteria for statistical information in different categories (e.g. number of followers, age structure, demographics) and provides to us. These so-called “insights” are only transmitted to us in anonymised form. We use these statistics to collect information about our products and to make our contributions as targeted as possible. The processing is therefore based on a legitimate interest.
In principle, we and Facebook are responsible for processing the data from these insights. However, Facebook has given us a commitment to assume primary responsibility for processing the insights and, in particular, to fulfil all obligations under the GDPR to protect the rights of the data subjects. You can view the agreement on which this obligation is based (“Page Insights Supplement”) here.
5.2 Instagram
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Instagram profile (https://www.instagram.com/vitra/).
The Instagram profile is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”). Please see above "Facebook".
5.3 Twitter
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Twitter account (https://www.twitter.com/vitra/).
The Twitter account is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, a subsidiary of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA (hereinafter “Twitter”).
Twitter is in principle responsible for the collection and processing of personal user data on Twitter. Please note that Twitter can collect and process certain data even if you do not have your own Twitter account. Further information on data processing by Twitter can be found in their privacy policy.
As the operator of the Twitter account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Twitter profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Twitter Inc. based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the Twitter community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Twitter users and third parties, and that we have no influence on how they use the information available to them.
Twitter users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://twitter.com/en/privacy.
You can also prevent your information from being processed by means of the cookies used by Twitter, by not allowing cookies from third-party providers or those from Twitter in your own browser settings.
5.4 YouTube
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s YouTube account (https://www.youtube.com/vitra/).
The YouTube account is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC (hereinafter “YouTube”) is a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
YouTube is in principle responsible for the collection and processing of personal user data on YouTube. Please note that YouTube can collect and process certain data even if you do not have your own YouTube account. Further information on data processing by YouTube can be found in their privacy policy.
As the operator of the YouTube account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your YouTube profile. If you contact us on a voluntary basis via YouTube (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by YouTube and Google based in the USA.
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the YouTube community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both YouTube users and third parties, and that we have no influence on how they use the information available to them.
YouTube users can use their settings to influence the extent to which their user behaviour may be recorded. You can object to the use for advertising purposes here: https://adssettings.google.com/authenticated.
You can also prevent your information from being processed by means of the cookies used by YouTube and Google, by not allowing cookies from third-party providers or those from YouTube and Google in your own browser settings.
5.5 LinkedIn
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s LinkedIn account (https://www.linkedin.com/company/vitra).
The LinkedIn profile is provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Inc., U.S.A. (hereinafter “LinkedIn”).
LinkedIn is in principle responsible for the collection and processing of personal user data on LinkedIn. Please note that LinkedIn can collect and process certain data even if you do not have your own LinkedIn account. Further information on data processing by LinkedIn can be found in their privacy policy.
As the operator of the LinkedIn profile, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your LinkedIn profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by LinkedIn Inc. based in the USA. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary for the development, operation and maintenance of the services takes place in a lawful manner.
We do not pass on any personal data ourselves. The personal data is processed by us on a legal basis, since we have an overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both LinkedIn users and third parties, and that we have no influence on how they use the information available to them.
LinkedIn users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://www.linkedin.com/psettings/.
You can also prevent your information from being processed by means of the cookies used by LinkedIn, by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings.
5.6 Pinterest
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Pinterest account (https://www.pinterest.com/vitra/).
The Pinterest account is provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (hereinafter “Pinterest”).
Pinterest is in principle responsible for the collection and processing of personal user data on Pinterest. Please note that Pinterest can collect and process certain data even if you do not have your own Pinterest account. Further information on data processing by Pinterest can be found in their privacy policy.
As the operator of the Pinterest account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Pinterest account. If you contact us on a voluntary basis via the Pinterest website (for example via the comment function), personal data can be processed by us for purposes of interaction and communication.
It is conceivable that some of the information collected will also be processed outside the European Union by Pinterest Inc. based in the USA. If Pinterest transfers personal data from the EEA to a country that does not have adequate protection regulations, Pinterest takes appropriate measures to protect your data (e.g. through standard contractual clauses).
We do not pass on any personal data ourselves. The personal data is processed by us on the basis of legal principles, since we have an overriding legitimate interest in interacting with you and enabling an orderly interaction of the Pinterest community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Pinterest users and third parties, and that we have no influence on how they use the information available to them.
Pinterest users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://policy.pinterest.com/en/cookies.
You can also prevent your information from being processed by means of the cookies used by Pinterest, by not allowing cookies from third-party providers or those from Pinterest in your own browser settings.
6. Data protection provisions for the Vitra Campus app
6.1 General
When the Vitra Campus app is downloaded from the respective app store, the necessary data (e.g. user name, email address, device code) is transmitted to the app store operator. The app store operator alone is responsible for data processing. We have no influence on the type and scope of the data processed by the respective app store operator or the disclosure of this data to third parties.
6.2 Automated collection and processing of user data
Every time the Vitra Campus app is used, our server automatically and temporarily collects information in the server log files that are transmitted by the Vitra Campus app. If you want to use the Vitra Campus app, we collect the following data, which is technically necessary for us to show you our content and to ensure stability and security, legitimate basis for which is our overiding legitimate interest:
- IP address of the terminal device
- device model
- app version used
- operating software (iOS version)
There is no personalised evaluation of the server log files. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
6.3 Google Analytics
We use the Google Analytics analysis service provided by Google Ireland Ltd in our Vitra Campus app to analyse and regularly improve the use of the Vitra Campus app. The information contained in Section 2.2 of this Privacy Policy applies correspondingly.
6.4 Google Firebase
We use the Google Firebase service provided by Google. This service is there to provide certain functionalities, improve the app and correct errors in the app. The data collected for this purpose is made available to us in anonymised form. The information that is recorded concerns whether a crash has occurred, which line of code caused the crash and the type and operating system of the mobile device concerned. This data is used exclusively to reproduce errors in the app and to be able to correct them during future development. No personal data is transmitted. The Firebase privacy policy can be viewed here: https://firebase.google.com/terms/data-processing-terms
The processing is based on our legitimate interest.
7. Data processing as part of the features offered
7.1 Product scanner
IThe Vitra Campus app enables you to identify Vitra products with the product scanner. When you use the product scanner, you take a photo or transfer the image from the camera so that we can show you further information about the respective product and about complementary or comparable products.
We collect your location data in order to be able to offer you this feature. To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device. You can allow or decline recording of your location at any time in the settings of your operating system.
The legal basis of this data processing is the need to perform a contract. The photos will be deleted immediately after processing and will not be used for any purpose other than to provide the product scanner functions described.
7.2 Campus map
You have the option of using our campus map to view the surroundings on the Vitra Campus and in individual buildings accessible to visitors (e.g. VitraHaus). In order to be able to offer you this feature, we use the Apple Maps application and record your location data (GPS data). To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device.
This function cannot be performed without location recording. The Apple Maps terms of use can be found at https://www.apple.com/legal/internet-services/maps/terms-en.html. We only collect your location data to show you your current location on the campus map. Legitimate interest for such processing is performance of the contract. You can allow or decline recording of your location at any time in the settings of your operating system.
7.3 Tickets
You have the opportunity to buy tickets for the Vitra Design Museum. We use the Reservix ticket platform provided by Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany for online ticket sales. The legal basis for this is legitimate interest. Our legitimate interest lies in offering a simple, safe and user-friendly way for our visitors to buy tickets online. Detailed information regarding how we process your data can be found in the Reservix privacy policy at https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
7.4 Additonal information about third-party providers
Apple: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. https://www.apple.com/legal/privacy/
Google: Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. https://policies.google.com/privacy?hl=en-US
Reservix: Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
8. Visits to the Vitra Campus Weil am Rhein
8.1 General
Controller: Vitra Services GmbH, Charles-Eames-Strasse 2, 79576 Weil am Rhein. The Data Protection Officer can be contacted at: [email protected]
8.2 Video surveillance
Purposes and legal bases of data processing: Prevention of vandalism and theft; the right to allow or deny access to premises. Processing is based on our legitimate interest.
The legitimate interests pursued are: Protection of property.
Duration of storage: 72 h
8.3 Registrations
When you register for guided tours or events on the Campus, we collect the data you provide (if applicable, as the contact person for a group) in the respective registration form (name, contact details, company affiliation, if applicable, time of visit). Your data will be passed on to the relevant departments for your visit, e.g. the restaurant or the museum.
The data is processed for the purpose of coordinating and carrying out your visit (contractual basis) and to safeguard our domiciliary rights (legitimate interests).
Duration of storage: Two years after your visit, unless there are statutory retention obligations or legitimate interests that require longer storage in individual cases.
9. Data protection information for online meetings, conference calls and webinars via Microsoft Teams
9.1 Purpose of processing
We use the “Microsoft Teams” tool to hold telephone conferences, online meetings, video conferences and/or webinars (hereinafter “online meetings”).
9.2 Data controller
Vitra International AG, Klünenfeldstrasse 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”) is responsible for data processing that is directly related to the performance of online meetings.
Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA and its affiliated companies (hereinafter collectively “Microsoft”). In order to be able to provide you with this service, Microsoft acts for us as a processor.
Please note that this data protection notice only informs you about how Vitra processes your personal data if you participate in online meetings with us. You can find more information about how Microsoft processes your personal data under https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/microsofts-commitment-privacy-security-microsoft-teams/ as well as the Microsoft Online Services Terms of Use.
Note: If you access the Microsoft Teams website, Microsoft is responsible for data processing. To use Microsoft Teams, you only need to access the website to download the software for using Microsoft Teams.
If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service is then also provided via the Microsoft Teams website.
9.3 Which data is processed?
When we use Microsoft Teams, we automatically process certain information that you transmit to us. The scope of the processed data also depends on the details of the data you provide before or while participating in an online meeting.
The following personal data is processed:
- IP address of the requesting end device
- information about the user: e.g. display name, business contact details such as email address, profile picture (optional), preferred language
- meeting metadata: e.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: You may have the option of using the chat function in an online meeting. In that case, the text entries you make are processed in order to display them in the online meeting. In order to enable video display and audio playback, the data from the microphone of your end device and any video camera on the end device is processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Microsoft Teams applications
9.4 Scope of procesingg
We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will inform you of this transparently in advance and – if necessary – ask for your consent.
If this is required for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
We do not use automated decision-making (“Profiling”).
9.5 Legal basis for data processing
If personal data is processed by employees of Vitra International AG within the employment context, Section 26 Para. 1 BDSG (the German Federal Data Protection Act) is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for establishment, implementation or termination of the employment relationship, but is an elementary component in the use of Microsoft Teams, Art. 6 Para. 1 lit. f) GDPR is the legal basis for data processing. Our interest in these cases is in the effective implementation of online meetings.
In all other respects, the legal basis for data processing when conducting online meetings is execution of the contract, if as the meetings are held in the context of contractual relationships.
If there is no contractual relationship, the legal basis is our legitimate ineterst. Here, too, we are interested in the effective implementation of online meetings.
9.6 Recipients/disclosure of data
If you have given us personal data, this will in principal not be passed on to third parties. A transfer only takes place
- with your consent
- in the context of a legitimate interest, if the data disclosed during a meeting is intended to be passed on. Please note that content from online meetings as well as from physical meetings is often in fact used to share information with customers, interested parties or third parties;
- as part of order data processing, in accordance with the statutory provisions, to Microsoft as a service provider bound by instructions;
- in the context of a legitimate interest within our group of companies for internal administrative purposes, including joint customer service, if necessary;
- as part of processing your concerns to commissioned subcontractors, who only receive the necessary data for the execution of this order and use this for a specific purpose;
- as part of the fulfilment of legal obligations to entities entitled to receive information.
9.7 Data processing outside the European Union
There is no data processing outside the European Union (EU), as we have limited our storage location to data centres in the European Union.
Likewise, processing by Microsoft usually takes place within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. If personal data is transmitted to the USA as part of order processing, we have agreed standard contractual clauses with Microsoft.
9.8 Right to object
You have the right to object at any time to the processing – among other reasons, based on personal data relating to you for reasons that arise from your particular situation. We will then stop processing your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
9.9 Deletion of data
We generally delete personal data if there is no requirement for further storage. A requirement may in particular exist if the data is still required for purposes of fulfilling contractual services, checking warranty and – where applicable – guarantee claims and to be able to grant or defend these. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
10. Your rights
10.1
You may receive information about the data we have stored about you and about its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage – free of charge, at any time without giving reasons.
10.2
In addition, you have the right to correct, block and delete your personal data in accordance with the statutory provisions. If you have given your consent to the use of data, you can revoke this at any time and without giving reasons. If your data is processed on the basis of legitimate interests in accordance, you have the right to object in accordance. You also have the right to data portability. You furthermore have the right to complain to a data protection supervisory authority about our processing of your personal data.
10.3
Please send your requests for information, objections to data processing and other inquiries to Vitra International AG, Klünenfeldstraße 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to the email address [email protected].
10.4
For any questions in connection with data protection, you can also contact our data protection officer, Mr. Simon Brandmeier, who can be reached at [email protected].
Last Update: 18.07.2023