Data Protection
A. Data Protection provisions for the Vitra.com website
Vitra International AG takes the protection of your personal data very seriously. The purpose of this Privacy Policy is to inform you of the type of personal data that will be collected when you use our website Vitra.com, as well as how we will process, use, and protect such data. Tshi Privacy Policy is aligned with the Swiss Data Protection Act (hereinafter “SDPA”), the European General Data Protection Regulation (hereinafter “GDPR”) and other applicable data protection regulations. Whereas GDPR, SDPA and other applicable data protection regulations may have slight differences in the definitions used, the terminology in this Privacy Policy is based on GDPR definitions, which have the same meaning in SDPA. Notwithstanding the above, please note that whether and to what extent the GDPR, SDPA or other data protection regulations apply to you depends on the individual case.
B. Data Protection Statement - Vitra International AG
1. Scope
1.1
Use of the vitra.com website is subject to the Privacy Policy set out below. This website is a service provided by Vitra International AG, Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”). Where relevant, Vitra is the controller.
1.2
Protecting your personal data is important to us, in particular, with regard to respecting your personal rights in connection with the processing and use of such data. The term “personal data” refers to information regarding the personal and/or factual circumstances of an identified or identifiable natural person. This includes, for example, the person’s name, postal address, email address and/or telephone number, as well as user data such as the IP address. We collect, process, and use your personal data in compliance with the relevant laws
2. Automated data collection and processing by your browser
2.1 General
As with every website, our server automatically collects the following information and temporarily saves it in server log files, which are transmitted by your browser – unless you have deactivated such function:
- the IP address of the computer transmitting the request
- the client’s file request
- the http response code
- the volume of data transmitted
- the website from which you access our website (referrer URL)
- the date and time of the server request
- the type, version and language of your browser
- the operating system on the computer transmitting the request
Our server log files are not evaluated based on personal use. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
2.2 Use of cookies
In order to learn about your individual preferences and adjust our offerings optimally to best meet your needs, we use so-called “cookies” on our website vitra.com. Cookies are small text files that are saved on your computer or mobile device and that your computer or mobile device can retrieve at a later time. We use the consent management service provided by Usercentrics GmbH, which helps you to understand the functionality and characteristics of cookies and to select or deactivate various tags, trackers and analytic tool used on this website. You can access all cookie information and settings by clicking the “Cookie Settings” on the bottom on this page.
3. Collection and processing of data provided voluntarily
3.1 Contact form
When you provide us with personal data by email, in our online shop or via the contact form available on our website, this is voluntary. The data is used to fulfill our contractual relationship, to process your inquiries and orders, for our own market or opinion research and, in case of existing customers, for our own advertising by post and email. In addition to the fulfillment of the contract, the legal basis for the processing is our overriding legitimate interest. In this case, the processing is necessary to inform existing customers about relevant products and services, to maintain long-term customer relationships and to obtain necessary information by means of market and opinion research as a basis for and to support economic decisions. If you are not an existing customer, your data will only be used for our own advertising by email if you have given your consent.
We delete all data that is no longer required to be stored, or we restrict its processing if there are legal obligations to retain it.
When you register in our online shop and create a customer profile, we save the customer account information you provided (in particular, your name, billing and delivery addresses, telephone number, payment information and email address) so that you do not have to re-enter your data every time you place an order. You can update or delete your profile at any time. Legal basis for processing is performance of the contract.
3.2 Newsletter
If you would like to subscribe to our newsletter, please provide your valid email address and your country of origin, and confirm that you are in agreement with the following (therefore, legal basis for such processing is your consent):
“I hereby authorize Vitra International AG and other companies of the Vitra Group to process and use the data I have provided in order to send me email newsletters about furniture and home accessories as well as current campaigns and events. I can revoke this consent at any time with future effect, e.g. by clicking on the unsubscribe link at the end of each newsletter or by sending a message to [email protected].
3.3 Social platforms
On the basis of your consent in accordance with Section 3.2, we work together with Facebook, Instagram, LinkedIn, X, Pinterest and Google AdWords for the purpose of personalized advertising in social networks. These companies will receive your email address with your consent. If we place advertisements in the respective medium, they will be shown to you. We have no influence on further processing in the social networks. You can find more information on this in the respective provider’s privacy policy. Legal basis for such processing is consent.
Information regarding the third-party provider:
Facebook:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://www.facebook.com/privacy/explanation
Google Ad Words:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, 1001; privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://de-de.facebook.com/help/instagram/519522125107875
LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; privacy policy; https://www.linkedin.com/legal/privacy-policy
Pinterest: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA; privacy policy; https://policy.pinterest.com/en/privacy-policy
X: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; privacy policy: https://x.com/en/privacy
4. Transmission to third parties
4.1 General
If you have given us personal data, this will not be passed on to third parties. Any transfer that takes place will only be
- with your consent
- as part of processing your inquiries, your orders and the use of our services to commissioned subcontractors, who only receive the necessary data for the execution of this order and use it for a specific purpose
- as part of order data processing in accordance with the statutory provisions to service providers bound by instructions
- as part of the fulfilment of legal obligations to entities entitled to receive information.
4.2 Payment
To process payments made by credit card, EPS (Electronic Payment Standard), PayPal or RatePAY (buying on account), we will transmit your data to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, the Netherlands. In addition to the data regarding your order and the shipping and payment methods you have requested, we will forward the following categories of personal data to this payment service provider:
- your name
- your gender
- your billing address
- your email address
- your IP address
- your customer ID
Responsibility regarding your data lies with the relevant payment service provider (PayPal, RatePAY etc.). The legal basis for the transfer is the execution of the contract. Please know that this provider will transmit your personal data to other parties as required to process payments, including – but not limited to – the credit institutions, banks and credit card providers involved. These parties will then also process your personal data to handle your payments. For customers based in Germany, the payment service provider will request additional information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter “SCHUFA”) and to this end will provide SCHUFA with information regarding the customer’s name, billing address and gender. Legal basis for such processing is legitimate interest credit institutions.
4.2.1 RatePAY
If you select payment on account during the course of the ordering process, please note that we will transmit your payment data for payment processing services to RatePAY GmbH, Schlüterstr. 39, 10629 Berlin, Germany.
The option for payment on account is conditional on a mathematical statistical assessment of your credit risk by RatePAY GmbH. We transmit the personal data RatePAY GmbH requires to perform this credit check. In particular, these are your first and last name, postal address, date of birth, gender, email address, IP address and telephone number, as well as the data required to process the payment on account related to your order – for example, the quantity of products, product numbers, invoiced amount and amount of tax as a percentage. RatePAY uses this data to obtain information from one or more credit reporting agencies (such as SCHUFA HOLDING AG) for the purpose of checking your identity and creditworthiness. The list of credit agencies with which RatePAY exchanges data can be viewed at https://www.ratepay.com/legal-creditagencies. The data is passed based on legitimate interests of credit institution.
Further information on the payment service offered by RatePAY and the data protection provisions can be found at https://www.ratepay.com/legal/.
You can at any time request information about the data that RatePAY GmbH has stored about you, or inform the company of changes to this data. You can find detailed information on the processing of your personal data by RatePAY GmbH, on the credit check carried out and on your rights at https://www.ratepay.com.
4.2.2 Klarna
In order to be able to offer you the payment options provided by Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter “Klarna”), we will transmit your personal data, such as contact details and order data, to Klarna. This enables Klarna to first assess whether you can use the payment options offered by Klarna and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Klarna. Klarna processes your data for payment processing as part of the execution of the contract. General information about Klarna can be foundhere. Klarna will handle your personal details in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations.
4.2.3 Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, your payment details will be passed to Apple in encrypted form for payment processing. Apple encrypts this data again with a developer-specific key before the data is passed to the payment processor of the payment card stored in Apple Pay for the purposes of carrying out the payment. The encryption ensures that only we can access the payment data. After payment has been made, Apple sends us your device account number and a transaction-specific, dynamic security code to confirm the payment. The legal basis for the transfer is the execution of the contract.
Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and approximate time, and whether the transaction was successfully completed. Anonymisation completely rules out the possibility of this data being connected with an individual. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format with which you can be identified. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deselect “Allow payments on Mac”. Further details regarding data protection with Apple Pay can be found at https://support.apple.com/en-us/HT203027
4.2.4 Google Pay
If you select the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google), the information you provide during the order process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored in Google Pay, but is created and transmitted as a unique numerical token. If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Google reserves the right to collect, store and analyse certain transaction-specific information for each transaction made via Google Pay, including the date, time and amount of the transaction, merchant location and description, the name and email address of the seller and buyer or the sender and recipient. Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services. The Google Pay terms of use can be found here. Further information on data protection at Google Pay can be found here.
4.2.5 Billie
In order to be able to offer, in the B2B area, the payment options provided by Billie GmbH, Charlottenstrasse 4, 10969 Berlin, Germany (hereinafter „Billie“), we will transmit your personal data, such as contact details and order data, to Billie. This enables Billie to first assess whether you can use the payment options offered by Billie and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Billie. Billie processes your data for payment processing as part of the execution of the contract. General information about Billie can be found here. Your personal data will be treated by Billie in accordance with the information in Billie's privacy policy.
4.2.6 SCHUFA
Please note that we transmit all data regarding extrajudicial and judicial collection measures relating to overdue and uncontested claims to SCHUFA. The legal basis for the processing is the performance of the contract and our overriding legitimate interest. In this case, the transfer is carried out for the purpose of credit assessment, risk minimization when concluding contracts and fraud prevention. Our legitimate interest lies in assessing the creditworthiness of our customers to avoid payment defaults and minimize economic risks. If SCHUFA is provided with similar data relating to other contractual relationships after we have transmitted such information, we may be informed of this too. SCHUFA’s contracting partners primarily include credit institutions, credit card providers and leasing companies. Moreover, SCHUFA releases information to retail, telecommunication and other companies that offer goods and services on credit. Data is transmitted as specified above only if this is permitted after weighing the interests of all parties involved. Along with the aforementioned information, SCHUFA can provide its contracting partners with a probability value for credit risk assessment, calculated based on data saved in SCHUFA’s systems (score procedure). You have the right to obtain information from SCHUFA regarding the saved data relating to you. SCHUFA’s address is: SCHUFA Holding AG, Verbraucherservicezentrum Hannover, Postfach 56 40, 30056 Hannover, Germany. You can find more information about SCHUFA, data processing by SCHUFA and your right to obtain information at https://www.schufa.de/en/data-privacy/.
4.3 Customer surveys
We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin to carry out customer surveys. Zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyse feedback from our customers via our online shop. This makes it possible for us to improve and align our offerings to the needs of our customers. When using the feedback tool, zenloop records the public IP address, device and browser data, as well as the website from which we use the feedback platform. Zenloop also uses cookies and other similar technology to collect aggregated data about users. In addition, zenloop collects your survey responses. We have concluded an order processing agreement with zenloop in accordance with legal processor requirements and have ensured to our satisfaction that zenloop carries out suitable technical and organisational measures in such a way that processing takes place in accordance with the requirements of the GDPR and guarantees the protection of your rights.
Information regarding the third-party provider: zenloop GmbH, Pappelallee 78/79, 10437 Berlin, Germany. For further information, please consult their privacy policy at https://www.zenloop.com/en/legal/privacy.
4.4 CRM
We store your personal data as an individual customer profile in our CRM (Customer Relationship Management) system. You provide us with personal data when you place an order through our online store or through our sales representatives, or when you enter data in your preference center at vitra.com. The legal basis for processing this data is the performance of a contract or your consent when we process your order or contact you. However, the processing of the data may also be based on our overriding legitimate interest, which is to provide you with relevant offers and content based on your previous purchases and interests.
If you have agreed to receive our newsletter, we can also link further information about your usage behavior on our website or in our newsletter with your customer profile in accordance with your cookie settings. In such case, the legal basis for this is your consent.
By linking this data, we can better understand your personal interests and thus adapt contents of our mailing to you based on your interests, invite you to relevant events and approach you selectively via our sales team. You will only be contacted by telephone or by individualized newsletter if you have given us your consent. Furthermore, we use this data for our own market research and to improve our products and services.
We use the cloud provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Straße 31, 80636 Munich, Germany, which is a daughter company of salesforce.com Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA). The CRM system is operated by Salesforce on servers in the European Union. A transfer of the data to Salesforce takes place within the scope of an order processing. In the event that salesforce.com Inc. is granted access to data in the course of providing the service, EU standard contractual clauses were concluded with Salesforce as authoirsed by the governemtnal bodies.
4.5 Vitra professionals
If you provide us with personal data when using Vitra Professionals, this is generally done on a voluntary basis. These data are used to fulfill our contractual relationship, to process your inquiries and orders, for our own market or opinion research, and, in case of existing customers, for our own advertising by post and email. In addition to the fulfillment of the contract, the legal basis for the processing is our overriding legitimate interest. In this case, the processing is necessary to inform existing customers about relevant products and services, to maintain long-term customer relationships and to obtain necessary information as a basis for and to support economic decisions by means of market and opinion research. If you are not an existing customer, your data will only be used for our own advertising by email if you have given your consent.
We delete all data that is no longer required to be stored, or we restrict its processing if there are legal obligations to retain it.
If you register as a specialist retailer with Vitra Professionals and create a profile for your company or your employees, we will save the account information you have entered (in particular the name, email address and country of origin) so that you do not have to enter it again with each operation. You can update or delete your profile(s) at any time. The legal basis is performance of the contract.
Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us is fulfilled. After completion of the contract, your data will be blocked and deleted once the tax and commercial law regulations have expired, unless you have expressly consented to the use of data beyond this. If mandatory retention periods under commercial and tax law have to be observed, the duration of the storage of certain data can be up to ten years.
5. Social Networks
5.1 Facebook
In this section, we would like to inform you about the collection, processing and use of your data via Vitra's Facebook page (https://de-de.facebook.com/vitra/).
The Facebook page is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, (hereinafter “Facebook”). It is possible that some of the information collected may also be processed outside the European Union by Meta Platforms, Inc. based in the United States.
Facebook is in principle responsible for the collection and processing of personal user data on Facebook. Please note that Facebook can collect and process certain data even if you do not have your own Facebook user account. Further information on data processing by Facebook can be found in their privacy policy (https://de-de.facebook.com/privacy/policy/).
As the operator of the Facebook page, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your user account. If you contact us on a voluntary basis via a Fan Page (for example via the comment or message function), personal data can be processed by us for purposes of interaction and communication. In this context, we would like to point out that your posts in publicly accessible areas can be viewed by both Facebook users and third parties, and we have no influence over how these users/third parties use the information available to them.
We receive aggregated “Insights” data from Facebook that does not allow any conclusions to be drawn about individual users. When you visit our fan page, Facebook uses a cookie and stores the IP address to collect specific usage data, which Facebook processes and makes available to us in various categories (e.g. number of followers, age structure, demographics) according to partially predefined criteria. These so-called “insights” are only transmitted to us in anonymized form. We use these statistics to collect information about our products and to make our posts as targeted as possible. The processing is therefore based on the overriding legitimate interest of analyzing our reach and the interactions of our posts. Facebook users can influence the extent to which their user behavior is recorded when visiting our Instagram page via the advertising settings. Further options are offered in the Facebook and Instagram settings or the form for exercising your right to object. You can also prevent the processing of your data by the cookies used by Facebook by not allowing cookies from third-party providers or Facebook in your browser settings. Vitra and Facebook are jointly responsible for the processing of Insights data. The joint controllership agreement can be found at: httpw://www.facebook.com/legal/terms/page_controller_addendum.
5.2 Instagram
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Instagram profile (https://www.instagram.com/vitra/).
The Instagram profile is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”). Please see above "Facebook".
5.3 X
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s X account (https://www.x.com/vitra/).
The X account is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. It is possible that some of the information collected may also be processed outside the European Union by X Inc. based in the United States.
X is in principle responsible for the collection and processing of personal user data on X. Please note that X can collect and process certain data even if you do not have your own X account. Further information on data processing by X can be found in their privacy policy (https://x.com/en/privacy).
As the operator of the X account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your X profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both X-users and third parties, and we have no influence over how these users/third parties use the information available to them. We do not pass on any personal data ourselves. The processing of personal data is based on our legitimate interest in interacting with you and enabling an orderly interaction of the X-Community.
We receive aggregated data from X that allows us to see the performance of our tweets and our profile. The data does not contain any personal data about individual users. The analysis of the statistics is based on our overriding legitimate interest in optimizing our content. X users can use their settings to influence the extent to which their user behaviour may be recorded. You can allow the processing of your data by the third-party cookies used by X or X. For more information, see https://x.com/en/privacy
5.4 YouTube
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s YouTube account (https://www.youtube.com/vitra/).
The YouTube account is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It is possible that some of the information collected may also be processed outside the European Union by Google, based in the United States.
YouTube is in principle responsible for the collection and processing of personal user data on YouTube. Please note that YouTube can collect and process certain data even if you do not have your own YouTube account. Further information on data processing by YouTube can be found in their privacy policy (https://policies.google.com/privacy).
As the operator of the YouTube account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your YouTube profile. If you contact us on a voluntary basis via YouTube (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you and enabling an orderly interaction of the YouTube community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both YouTube users and third parties and that we have no influence over how these users/third parties use the information available to them.
YouTube provides us with aggregated statistical data via YouTube Studio (Analytics) to analyze the performance of our channel and our videos. This data includes, for example, the number of video views, playback time and viewer retention and demographic data (provided that this is provided by YouTube in anonymized form). These statistics are processed on the basis of our legitimate interest in optimizing our channel and adapting our content to the interests of users. YouTube users can use their settings to influence the extent to which their user behaviour may be recorded. You can also object to the use of cookies for advertising purposes at Google (https://adssettings.google.com/authenticated) and prevent the processing of your data by the cookies used by YouTube and Google by not allowing third-party cookies or cookies from YouTube and Google in your browser settings.
5.5 LinkedIn
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s LinkedIn account (https://www.linkedin.com/company/vitra).
The LinkedIn profile is provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). It is possible that some of the information collected may also be processed outside the European Union by LinkedIn Inc. based in the United States.
LinkedIn is in principle responsible for the collection and processing of personal user data on LinkedIn. Please note that LinkedIn can collect and process certain data even if you do not have your own LinkedIn account. Further information on data processing by LinkedIn can be found in their privacy policy (https://de.linkedin.com./legal/privacy-policy).
As the operator of the LinkedIn profile, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your LinkedIn profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both LinkedIn users and third parties, and that we have no influence on how they use the information available to them.
LinkedIn provides us with aggregated statistical data to analyze the performance of our site and posts. This data includes, for example, the number of page views, interactions with our posts or follower growth and demographic information (if anonymized). These statistics are processed on the basis of our overriding legitimate interest in order to optimize our content and to better reach our target group. LinkedIn users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://www.linkedin.com/psettings/. You can also prevent your information from being processed by means of the cookies used by LinkedIn, by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings.
5.6 Pinterest
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Pinterest account (https://www.pinterest.com/vitra/).
The Pinterest account is provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (hereinafter “Pinterest”).
Pinterest is in principle responsible for the collection and processing of personal user data on Pinterest. Please note that Pinterest can collect and process certain data even if you do not have your own Pinterest account. Further information on data processing by Pinterest can be found in their privacy policy (https://help.pinterest.com/de/topics/privacy-safety-and-legal).
As the operator of the Pinterest account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Pinterest account. If you contact us on a voluntary basis via the Pinterest website (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you and enabling an orderly interaction of the Pinterest community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Pinterest users and third parties, and that we have no influence on how they use the information available to them.
Pinterest provides us with aggregated statistical data to analyze the performance of our pins and our company page. This data includes, for example, the number of impressions and interactions, clicks on our pins and information about our target audience (provided they have been anonymized). These statistics are processed on the basis of our overriding legitimate interest, in order to optimize our content and to better reach our target audience. Pinterest users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://policy.pinterest.com/en/cookies. You can also prevent your information from being processed by means of the cookies used by Pinterest, by not allowing cookies from third-party providers or those from Pinterest in your own browser settings.
6. Data protection provisions for the Vitra Campus app
6.1 General
When the Vitra Campus app is downloaded from the respective app store, the necessary data (e.g. user name, email address, device code) is transmitted to the app store operator. The app store operator alone is responsible for data processing. We have no influence on the type and scope of the data processed by the respective app store operator or the disclosure of this data to third parties.
6.2 Automated collection and processing of user data
Every time the Vitra Campus app is used, our server automatically and temporarily collects information in the server log files that are transmitted by the Vitra Campus app. If you want to use the Vitra Campus app, we collect the following data, which is technically necessary for us to show you our content and to ensure stability and security, legitimate basis for which is our overiding legitimate interest:
- IP address of the terminal device
- device model
- app version used
- operating software (iOS version)
There is no personalised evaluation of the server log files. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources. The processing is carried out on the basis of our overriding legitimate interest, as the data is technically necessary for us to display our content to you and to ensure stability and security.
6.3 Booking appointments
You can use the Vitra Campus app to book appointments for a consultation at the VitraHaus. When booking, besides indicating the desired time of the appointment, you can send us your name, email address, telephone number and a free text. You will thereafter receive a corresponding digital appointment. The processing of data is carried out at your request and is necessary for the implementation of pre-contractual measures.
6.4 Google Analytics
We use the Google Analytics analysis service provided by Google Ireland Ltd in our Vitra Campus app to analyse and regularly improve the use of the Vitra Campus app. The information contained in Section 2.2 of this Privacy Policy applies correspondingly.
6.5 Google Firebase
We use the Google Firebase service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service is there to provide certain functionalities, improve the app and correct errors in the app. The data collected for this purpose is made available to us in anonymised form. The information that is recorded concerns whether a crash has occurred, which line of code caused the crash and the type and operating system of the mobile device concerned. This data is used exclusively to reproduce errors in the app and to be able to correct them during future development. No personal data is transmitted. The Firebase privacy policy can be viewed here: https://firebase.google.com/terms/data-processing-terms
The processing is carried out on the basis of our overriding legitimate interest in improving the functionality and user-friendliness of our application.
7. Data processing as part of the features offered
7.1 Product scanner
IThe Vitra Campus app enables you to identify Vitra products with the product scanner. When you use the product scanner, you take a photo or transfer the image from the camera so that we can show you further information about the respective product and about complementary or comparable products.
We collect your location data in order to be able to offer you this feature. To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device. You can allow or decline recording of your location at any time in the settings of your operating system.
The legal basis of this data processing is the need to perform a contract. The photos will be deleted immediately after processing and will not be used for any purpose other than to provide the product scanner functions described.
7.2 Campus map
You have the option of using our campus map to view the surroundings on the Vitra Campus and in individual buildings accessible to visitors (e.g. VitraHaus). In order to be able to offer you this feature, we use the Apple Maps application and record your location data (GPS data). To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device.
This function cannot be performed without location recording. The Apple Maps terms of use can be found at https://www.apple.com/legal/internet-services/maps/terms-en.html. We only collect your location data to show you your current location on the campus map. Legitimate interest for such processing is performance of the contract. You can allow or decline recording of your location at any time in the settings of your operating system.
7.3 Tickets
You have the opportunity to buy tickets for the Vitra Design Museum. We use the Reservix ticket platform provided by Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany for online ticket sales. The legal basis for this is legitimate interest. Our overriding legitimate interest is to provide our visitors with a simple, secure and user-friendly way to purchase tickets online. Detailed information regarding how we process your data can be found in the Reservix privacy policy at https://www.reservix.net/datenschutz/.
7.4 Additonal information about third-party providers
Apple: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. https://www.apple.com/legal/privacy/
Google: Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. https://policies.google.com/privacy?hl=en-US
Reservix: Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
8. Visits to the Vitra Campus Weil am Rhein
8.1 General
Controller: Vitra Services GmbH, Charles-Eames-Strasse 2, 79576 Weil am Rhein. The Data Protection Officer can be contacted at: [email protected]
8.2 Video surveillance
Video surveillance is carried out for the following purposes: to exercise the right of admission, to prevent vandalism and theft, and to protect persons and property. The processing is carried out on the basis of our overriding legitimate interest, which lies in ensuring the security of persons, buildings and facilities. The following data is collected as part of the video surveillance: video recording of the monitored areas and data and time of the recording. The data is stored for 72 hours, unless longer storage is required to enforce legal claims or to preserve evidence. The data is then deleted.
8.3 Registrations
When you register for guided tours or events on the Campus, we collect the data you provide (if applicable, as the contact person for a group) in the respective registration form (name, contact details, company affiliation, if applicable, time of visit). Your data will be passed on to the relevant departments for your visit, e.g. the restaurant or the museum. The data is processed for the purpose of coordinating and carrying out your visit (contractual basis) and to safeguard our domiciliary rights (legitimate interests).
The data will be stored for two years after your visit, unless there are legal obligations to retain data or legitimate interests that require a longer storage period in individual cases.
9. Data protection information for online meetings, conference calls and webinars via Microsoft Teams
9.1 Purpose of processing
We use the “Microsoft Teams” tool to hold telephone conferences, online meetings, video conferences and/or webinars (hereinafter “online meetings”).
9.2 Data controller
Vitra International AG, Klünenfeldstrasse 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”) is responsible for data processing that is directly related to the performance of online meetings.
Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA and its affiliated companies (hereinafter collectively “Microsoft”). In order to be able to provide you with this service, Microsoft acts for us as a processor.
Please note that this data protection notice only informs you about how Vitra processes your personal data if you participate in online meetings with us. You can find more information about how Microsoft processes your personal data under https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/microsofts-commitment-privacy-security-microsoft-teams/ as well as the Microsoft Online Services Terms of Use.
Note: If you access the Microsoft Teams website, Microsoft is responsible for data processing. To use Microsoft Teams, you only need to access the website to download the software for using Microsoft Teams.
If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service is then also provided via the Microsoft Teams website.
9.3 Which data is processed?
When we use Microsoft Teams, we automatically process certain information that you transmit to us. The scope of the processed data also depends on the details of the data you provide before or while participating in an online meeting.
The following personal data is processed:
- IP address of the requesting end device
- information about the user: e.g. display name, business contact details such as email address, profile picture (optional), preferred language
- meeting metadata: e.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: You may have the option of using the chat function in an online meeting. In that case, the text entries you make are processed in order to display them in the online meeting. In order to enable video display and audio playback, the data from the microphone of your end device and any video camera on the end device is processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Microsoft Teams applications
9.4 Scope of procesingg
We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will inform you of this transparently in advance and – if necessary – ask for your consent.
If this is required for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
We do not use automated decision-making (“Profiling”).
9.5 Legal basis for data processing
If personal data is processed by employees of Vitra International AG in the context of an employment relationship, Art. 6 para. 1 lit. b GDPR in conjunction with Art. 88 GDPR forms the legal basis for data processing, insofar as this is necessary for the execution of the employment relationship. If the processing is not directly necessary for the performance of the employment relationship, but serves the general use of Microsoft Teams, the processing is carried out on the basis of our legitimate interest. Our overriding legitimate interest lies in the effective conduct of online meetings and the improvement of digital collaboration.
For external participants (e.g. business partners, customers), our legitimate interest forms the legal basis for data processing. Our overriding legitimate interest in these cases is the effective conduct of online meetings, communication and collaboration. In addition, the performance of a contract forms the legal basis for data processing when conducting online meetings if the meetings take place within the framework of contractual relationships.
9.6 Recipients/disclosure of data
If you have given us personal data, this will in principal not be passed on to third parties. A transfer only takes place
- with your consent
- on the basis of overriding legitimate interests, if the data disclosed at a meeting is to be passed on. Please note that content from online and in-person meetings is often actually used to exchange information with customers, prospects or third parties;
- within our group of companies, to the extent necessary for internal administrative purposes (such as the fulfillment of contractual obligations for joint services or customer care, the optimization of internal processes (IT support, billing, accounting) or the fulfillment of legal obligations); the legal basis is either the fulfillment of a contract or our overriding legitimate interest in ensuring an efficient business organization.
- as part of processing your concerns to commissioned subcontractors, who only receive the necessary data for the execution of this order and use this for a specific purpose;
- as part of the fulfilment of legal obligations to entities entitled to receive information.
9.7 Data processing outside the European Union
There is no data processing outside the European Union (EU), as we have limited our storage location to data centres in the European Union.
Likewise, processing by Microsoft usually takes place within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. If personal data is transmitted to the USA as part of order processing, we have agreed standard contractual clauses with Microsoft.
9.8 Right to object
You have the right to object at any time to the processing – among other reasons, based on personal data relating to you for reasons that arise from your particular situation. We will then stop processing your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
9.9 Deletion of data
We generally delete personal data if there is no requirement for further storage. A requirement may in particular exist if the data is still required for purposes of fulfilling contractual services, checking warranty and – where applicable – guarantee claims and to be able to grant or defend these. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
10. Your rights
10.1
You may receive information about the data we have stored about you and about its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage – free of charge, at any time without giving reasons.
10.2
In addition, you have the right to correct, block and delete your personal data in accordance with the statutory provisions. If you have given your consent to the use of data, you can revoke this at any time and without giving reasons. If your data is processed on the basis of legitimate interests in accordance, you have the right to object in accordance. You also have the right to data portability. You furthermore have the right to complain to a data protection supervisory authority about our processing of your personal data.
10.3
Please send your requests for information, objections to data processing and other inquiries to Vitra International AG, Klünenfeldstraße 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to the email address [email protected].
10.4
For any questions in connection with data protection, you can also contact our data protection officer, Mr. Simon Brandmeier, who can be reached at [email protected].
Last Update: 02.12.2025
Vitra International AG takes the protection of your personal data very seriously. The purpose of this Privacy Policy is to inform you of the type of personal data that will be collected when you use our website Vitra.com, as well as how we will process, use, and protect such data. Tshi Privacy Policy is aligned with the Swiss Data Protection Act (hereinafter “SDPA”), the European General Data Protection Regulation (hereinafter “GDPR”) and other applicable data protection regulations. Whereas GDPR, SDPA and other applicable data protection regulations may have slight differences in the definitions used, the terminology in this Privacy Policy is based on GDPR definitions, which have the same meaning in SDPA. Notwithstanding the above, please note that whether and to what extent the GDPR, SDPA or other data protection regulations apply to you depends on the individual case.
B. Data Protection Statement - Vitra International AG
1. Scope
1.1
Use of the vitra.com website is subject to the Privacy Policy set out below. This website is a service provided by Vitra International AG, Klünenfeldstr. 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”). Where relevant, Vitra is the controller.
1.2
Protecting your personal data is important to us, in particular, with regard to respecting your personal rights in connection with the processing and use of such data. The term “personal data” refers to information regarding the personal and/or factual circumstances of an identified or identifiable natural person. This includes, for example, the person’s name, postal address, email address and/or telephone number, as well as user data such as the IP address. We collect, process, and use your personal data in compliance with the relevant laws
2. Automated data collection and processing by your browser
2.1 General
As with every website, our server automatically collects the following information and temporarily saves it in server log files, which are transmitted by your browser – unless you have deactivated such function:
- the IP address of the computer transmitting the request
- the client’s file request
- the http response code
- the volume of data transmitted
- the website from which you access our website (referrer URL)
- the date and time of the server request
- the type, version and language of your browser
- the operating system on the computer transmitting the request
Our server log files are not evaluated based on personal use. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources.
2.2 Use of cookies
In order to learn about your individual preferences and adjust our offerings optimally to best meet your needs, we use so-called “cookies” on our website vitra.com. Cookies are small text files that are saved on your computer or mobile device and that your computer or mobile device can retrieve at a later time. We use the consent management service provided by Usercentrics GmbH, which helps you to understand the functionality and characteristics of cookies and to select or deactivate various tags, trackers and analytic tool used on this website. You can access all cookie information and settings by clicking the “Cookie Settings” on the bottom on this page.
3. Collection and processing of data provided voluntarily
3.1 Contact form
When you provide us with personal data by email, in our online shop or via the contact form available on our website, this is voluntary. The data is used to fulfill our contractual relationship, to process your inquiries and orders, for our own market or opinion research and, in case of existing customers, for our own advertising by post and email. In addition to the fulfillment of the contract, the legal basis for the processing is our overriding legitimate interest. In this case, the processing is necessary to inform existing customers about relevant products and services, to maintain long-term customer relationships and to obtain necessary information by means of market and opinion research as a basis for and to support economic decisions. If you are not an existing customer, your data will only be used for our own advertising by email if you have given your consent.
We delete all data that is no longer required to be stored, or we restrict its processing if there are legal obligations to retain it.
When you register in our online shop and create a customer profile, we save the customer account information you provided (in particular, your name, billing and delivery addresses, telephone number, payment information and email address) so that you do not have to re-enter your data every time you place an order. You can update or delete your profile at any time. Legal basis for processing is performance of the contract.
3.2 Newsletter
If you would like to subscribe to our newsletter, please provide your valid email address and your country of origin, and confirm that you are in agreement with the following (therefore, legal basis for such processing is your consent):
“I hereby authorize Vitra International AG and other companies of the Vitra Group to process and use the data I have provided in order to send me email newsletters about furniture and home accessories as well as current campaigns and events. I can revoke this consent at any time with future effect, e.g. by clicking on the unsubscribe link at the end of each newsletter or by sending a message to [email protected].
3.3 Social platforms
On the basis of your consent in accordance with Section 3.2, we work together with Facebook, Instagram, LinkedIn, X, Pinterest and Google AdWords for the purpose of personalized advertising in social networks. These companies will receive your email address with your consent. If we place advertisements in the respective medium, they will be shown to you. We have no influence on further processing in the social networks. You can find more information on this in the respective provider’s privacy policy. Legal basis for such processing is consent.
Information regarding the third-party provider:
Facebook:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://www.facebook.com/privacy/explanation
Google Ad Words:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, 1001; privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland; privacy policy; https://de-de.facebook.com/help/instagram/519522125107875
LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; privacy policy; https://www.linkedin.com/legal/privacy-policy
Pinterest: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA; privacy policy; https://policy.pinterest.com/en/privacy-policy
X: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; privacy policy: https://x.com/en/privacy
4. Transmission to third parties
4.1 General
If you have given us personal data, this will not be passed on to third parties. Any transfer that takes place will only be
- with your consent
- as part of processing your inquiries, your orders and the use of our services to commissioned subcontractors, who only receive the necessary data for the execution of this order and use it for a specific purpose
- as part of order data processing in accordance with the statutory provisions to service providers bound by instructions
- as part of the fulfilment of legal obligations to entities entitled to receive information.
4.2 Payment
To process payments made by credit card, EPS (Electronic Payment Standard), PayPal or RatePAY (buying on account), we will transmit your data to our partner Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, the Netherlands. In addition to the data regarding your order and the shipping and payment methods you have requested, we will forward the following categories of personal data to this payment service provider:
- your name
- your gender
- your billing address
- your email address
- your IP address
- your customer ID
Responsibility regarding your data lies with the relevant payment service provider (PayPal, RatePAY etc.). The legal basis for the transfer is the execution of the contract. Please know that this provider will transmit your personal data to other parties as required to process payments, including – but not limited to – the credit institutions, banks and credit card providers involved. These parties will then also process your personal data to handle your payments. For customers based in Germany, the payment service provider will request additional information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter “SCHUFA”) and to this end will provide SCHUFA with information regarding the customer’s name, billing address and gender. Legal basis for such processing is legitimate interest credit institutions.
4.2.1 RatePAY
If you select payment on account during the course of the ordering process, please note that we will transmit your payment data for payment processing services to RatePAY GmbH, Schlüterstr. 39, 10629 Berlin, Germany.
The option for payment on account is conditional on a mathematical statistical assessment of your credit risk by RatePAY GmbH. We transmit the personal data RatePAY GmbH requires to perform this credit check. In particular, these are your first and last name, postal address, date of birth, gender, email address, IP address and telephone number, as well as the data required to process the payment on account related to your order – for example, the quantity of products, product numbers, invoiced amount and amount of tax as a percentage. RatePAY uses this data to obtain information from one or more credit reporting agencies (such as SCHUFA HOLDING AG) for the purpose of checking your identity and creditworthiness. The list of credit agencies with which RatePAY exchanges data can be viewed at https://www.ratepay.com/legal-creditagencies. The data is passed based on legitimate interests of credit institution.
Further information on the payment service offered by RatePAY and the data protection provisions can be found at https://www.ratepay.com/legal/.
You can at any time request information about the data that RatePAY GmbH has stored about you, or inform the company of changes to this data. You can find detailed information on the processing of your personal data by RatePAY GmbH, on the credit check carried out and on your rights at https://www.ratepay.com.
4.2.2 Klarna
In order to be able to offer you the payment options provided by Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter “Klarna”), we will transmit your personal data, such as contact details and order data, to Klarna. This enables Klarna to first assess whether you can use the payment options offered by Klarna and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Klarna. Klarna processes your data for payment processing as part of the execution of the contract. General information about Klarna can be foundhere. Klarna will handle your personal details in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations.
4.2.3 Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, your payment details will be passed to Apple in encrypted form for payment processing. Apple encrypts this data again with a developer-specific key before the data is passed to the payment processor of the payment card stored in Apple Pay for the purposes of carrying out the payment. The encryption ensures that only we can access the payment data. After payment has been made, Apple sends us your device account number and a transaction-specific, dynamic security code to confirm the payment. The legal basis for the transfer is the execution of the contract.
Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and approximate time, and whether the transaction was successfully completed. Anonymisation completely rules out the possibility of this data being connected with an individual. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format with which you can be identified. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deselect “Allow payments on Mac”. Further details regarding data protection with Apple Pay can be found at https://support.apple.com/en-us/HT203027
4.2.4 Google Pay
If you select the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google), the information you provide during the order process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored in Google Pay, but is created and transmitted as a unique numerical token. If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Google reserves the right to collect, store and analyse certain transaction-specific information for each transaction made via Google Pay, including the date, time and amount of the transaction, merchant location and description, the name and email address of the seller and buyer or the sender and recipient. Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services. The Google Pay terms of use can be found here. Further information on data protection at Google Pay can be found here.
4.2.5 Billie
In order to be able to offer, in the B2B area, the payment options provided by Billie GmbH, Charlottenstrasse 4, 10969 Berlin, Germany (hereinafter „Billie“), we will transmit your personal data, such as contact details and order data, to Billie. This enables Billie to first assess whether you can use the payment options offered by Billie and to adapt the payment options to your needs. The legal basis for this is the legitimate interest of Billie. Billie processes your data for payment processing as part of the execution of the contract. General information about Billie can be found here. Your personal data will be treated by Billie in accordance with the information in Billie's privacy policy.
4.2.6 SCHUFA
Please note that we transmit all data regarding extrajudicial and judicial collection measures relating to overdue and uncontested claims to SCHUFA. The legal basis for the processing is the performance of the contract and our overriding legitimate interest. In this case, the transfer is carried out for the purpose of credit assessment, risk minimization when concluding contracts and fraud prevention. Our legitimate interest lies in assessing the creditworthiness of our customers to avoid payment defaults and minimize economic risks. If SCHUFA is provided with similar data relating to other contractual relationships after we have transmitted such information, we may be informed of this too. SCHUFA’s contracting partners primarily include credit institutions, credit card providers and leasing companies. Moreover, SCHUFA releases information to retail, telecommunication and other companies that offer goods and services on credit. Data is transmitted as specified above only if this is permitted after weighing the interests of all parties involved. Along with the aforementioned information, SCHUFA can provide its contracting partners with a probability value for credit risk assessment, calculated based on data saved in SCHUFA’s systems (score procedure). You have the right to obtain information from SCHUFA regarding the saved data relating to you. SCHUFA’s address is: SCHUFA Holding AG, Verbraucherservicezentrum Hannover, Postfach 56 40, 30056 Hannover, Germany. You can find more information about SCHUFA, data processing by SCHUFA and your right to obtain information at https://www.schufa.de/en/data-privacy/.
4.3 Customer surveys
We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin to carry out customer surveys. Zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyse feedback from our customers via our online shop. This makes it possible for us to improve and align our offerings to the needs of our customers. When using the feedback tool, zenloop records the public IP address, device and browser data, as well as the website from which we use the feedback platform. Zenloop also uses cookies and other similar technology to collect aggregated data about users. In addition, zenloop collects your survey responses. We have concluded an order processing agreement with zenloop in accordance with legal processor requirements and have ensured to our satisfaction that zenloop carries out suitable technical and organisational measures in such a way that processing takes place in accordance with the requirements of the GDPR and guarantees the protection of your rights.
Information regarding the third-party provider: zenloop GmbH, Pappelallee 78/79, 10437 Berlin, Germany. For further information, please consult their privacy policy at https://www.zenloop.com/en/legal/privacy.
4.4 CRM
We store your personal data as an individual customer profile in our CRM (Customer Relationship Management) system. You provide us with personal data when you place an order through our online store or through our sales representatives, or when you enter data in your preference center at vitra.com. The legal basis for processing this data is the performance of a contract or your consent when we process your order or contact you. However, the processing of the data may also be based on our overriding legitimate interest, which is to provide you with relevant offers and content based on your previous purchases and interests.
If you have agreed to receive our newsletter, we can also link further information about your usage behavior on our website or in our newsletter with your customer profile in accordance with your cookie settings. In such case, the legal basis for this is your consent.
By linking this data, we can better understand your personal interests and thus adapt contents of our mailing to you based on your interests, invite you to relevant events and approach you selectively via our sales team. You will only be contacted by telephone or by individualized newsletter if you have given us your consent. Furthermore, we use this data for our own market research and to improve our products and services.
We use the cloud provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Straße 31, 80636 Munich, Germany, which is a daughter company of salesforce.com Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA). The CRM system is operated by Salesforce on servers in the European Union. A transfer of the data to Salesforce takes place within the scope of an order processing. In the event that salesforce.com Inc. is granted access to data in the course of providing the service, EU standard contractual clauses were concluded with Salesforce as authoirsed by the governemtnal bodies.
4.5 Vitra professionals
If you provide us with personal data when using Vitra Professionals, this is generally done on a voluntary basis. These data are used to fulfill our contractual relationship, to process your inquiries and orders, for our own market or opinion research, and, in case of existing customers, for our own advertising by post and email. In addition to the fulfillment of the contract, the legal basis for the processing is our overriding legitimate interest. In this case, the processing is necessary to inform existing customers about relevant products and services, to maintain long-term customer relationships and to obtain necessary information as a basis for and to support economic decisions by means of market and opinion research. If you are not an existing customer, your data will only be used for our own advertising by email if you have given your consent.
We delete all data that is no longer required to be stored, or we restrict its processing if there are legal obligations to retain it.
If you register as a specialist retailer with Vitra Professionals and create a profile for your company or your employees, we will save the account information you have entered (in particular the name, email address and country of origin) so that you do not have to enter it again with each operation. You can update or delete your profile(s) at any time. The legal basis is performance of the contract.
Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us is fulfilled. After completion of the contract, your data will be blocked and deleted once the tax and commercial law regulations have expired, unless you have expressly consented to the use of data beyond this. If mandatory retention periods under commercial and tax law have to be observed, the duration of the storage of certain data can be up to ten years.
5. Social Networks
5.1 Facebook
In this section, we would like to inform you about the collection, processing and use of your data via Vitra's Facebook page (https://de-de.facebook.com/vitra/).
The Facebook page is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, (hereinafter “Facebook”). It is possible that some of the information collected may also be processed outside the European Union by Meta Platforms, Inc. based in the United States.
Facebook is in principle responsible for the collection and processing of personal user data on Facebook. Please note that Facebook can collect and process certain data even if you do not have your own Facebook user account. Further information on data processing by Facebook can be found in their privacy policy (https://de-de.facebook.com/privacy/policy/).
As the operator of the Facebook page, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your user account. If you contact us on a voluntary basis via a Fan Page (for example via the comment or message function), personal data can be processed by us for purposes of interaction and communication. In this context, we would like to point out that your posts in publicly accessible areas can be viewed by both Facebook users and third parties, and we have no influence over how these users/third parties use the information available to them.
We receive aggregated “Insights” data from Facebook that does not allow any conclusions to be drawn about individual users. When you visit our fan page, Facebook uses a cookie and stores the IP address to collect specific usage data, which Facebook processes and makes available to us in various categories (e.g. number of followers, age structure, demographics) according to partially predefined criteria. These so-called “insights” are only transmitted to us in anonymized form. We use these statistics to collect information about our products and to make our posts as targeted as possible. The processing is therefore based on the overriding legitimate interest of analyzing our reach and the interactions of our posts. Facebook users can influence the extent to which their user behavior is recorded when visiting our Instagram page via the advertising settings. Further options are offered in the Facebook and Instagram settings or the form for exercising your right to object. You can also prevent the processing of your data by the cookies used by Facebook by not allowing cookies from third-party providers or Facebook in your browser settings. Vitra and Facebook are jointly responsible for the processing of Insights data. The joint controllership agreement can be found at: httpw://www.facebook.com/legal/terms/page_controller_addendum.
5.2 Instagram
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Instagram profile (https://www.instagram.com/vitra/).
The Instagram profile is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook, Inc. (hereinafter “Facebook”). Please see above "Facebook".
5.3 X
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s X account (https://www.x.com/vitra/).
The X account is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. It is possible that some of the information collected may also be processed outside the European Union by X Inc. based in the United States.
X is in principle responsible for the collection and processing of personal user data on X. Please note that X can collect and process certain data even if you do not have your own X account. Further information on data processing by X can be found in their privacy policy (https://x.com/en/privacy).
As the operator of the X account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your X profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both X-users and third parties, and we have no influence over how these users/third parties use the information available to them. We do not pass on any personal data ourselves. The processing of personal data is based on our legitimate interest in interacting with you and enabling an orderly interaction of the X-Community.
We receive aggregated data from X that allows us to see the performance of our tweets and our profile. The data does not contain any personal data about individual users. The analysis of the statistics is based on our overriding legitimate interest in optimizing our content. X users can use their settings to influence the extent to which their user behaviour may be recorded. You can allow the processing of your data by the third-party cookies used by X or X. For more information, see https://x.com/en/privacy
5.4 YouTube
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s YouTube account (https://www.youtube.com/vitra/).
The YouTube account is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It is possible that some of the information collected may also be processed outside the European Union by Google, based in the United States.
YouTube is in principle responsible for the collection and processing of personal user data on YouTube. Please note that YouTube can collect and process certain data even if you do not have your own YouTube account. Further information on data processing by YouTube can be found in their privacy policy (https://policies.google.com/privacy).
As the operator of the YouTube account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your YouTube profile. If you contact us on a voluntary basis via YouTube (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you and enabling an orderly interaction of the YouTube community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both YouTube users and third parties and that we have no influence over how these users/third parties use the information available to them.
YouTube provides us with aggregated statistical data via YouTube Studio (Analytics) to analyze the performance of our channel and our videos. This data includes, for example, the number of video views, playback time and viewer retention and demographic data (provided that this is provided by YouTube in anonymized form). These statistics are processed on the basis of our legitimate interest in optimizing our channel and adapting our content to the interests of users. YouTube users can use their settings to influence the extent to which their user behaviour may be recorded. You can also object to the use of cookies for advertising purposes at Google (https://adssettings.google.com/authenticated) and prevent the processing of your data by the cookies used by YouTube and Google by not allowing third-party cookies or cookies from YouTube and Google in your browser settings.
5.5 LinkedIn
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s LinkedIn account (https://www.linkedin.com/company/vitra).
The LinkedIn profile is provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). It is possible that some of the information collected may also be processed outside the European Union by LinkedIn Inc. based in the United States.
LinkedIn is in principle responsible for the collection and processing of personal user data on LinkedIn. Please note that LinkedIn can collect and process certain data even if you do not have your own LinkedIn account. Further information on data processing by LinkedIn can be found in their privacy policy (https://de.linkedin.com./legal/privacy-policy).
As the operator of the LinkedIn profile, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your LinkedIn profile. If you contact us on a voluntary basis via a Fan Page (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both LinkedIn users and third parties, and that we have no influence on how they use the information available to them.
LinkedIn provides us with aggregated statistical data to analyze the performance of our site and posts. This data includes, for example, the number of page views, interactions with our posts or follower growth and demographic information (if anonymized). These statistics are processed on the basis of our overriding legitimate interest in order to optimize our content and to better reach our target group. LinkedIn users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://www.linkedin.com/psettings/. You can also prevent your information from being processed by means of the cookies used by LinkedIn, by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings.
5.6 Pinterest
In this section, we would like to inform you about the collection, processing and use of your data via Vitra’s Pinterest account (https://www.pinterest.com/vitra/).
The Pinterest account is provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (hereinafter “Pinterest”).
Pinterest is in principle responsible for the collection and processing of personal user data on Pinterest. Please note that Pinterest can collect and process certain data even if you do not have your own Pinterest account. Further information on data processing by Pinterest can be found in their privacy policy (https://help.pinterest.com/de/topics/privacy-safety-and-legal).
As the operator of the Pinterest account, only the public information on your profile is visible to us. The scope of this information depends on your personal settings in your Pinterest account. If you contact us on a voluntary basis via the Pinterest website (for example via the comment function), personal data can be processed by us for purposes of interaction and communication. We do not pass on any personal data ourselves. The processing of personal data is based on our overriding legitimate interest in interacting with you and enabling an orderly interaction of the Pinterest community. In this context, we would like to point out that your contributions in the publicly accessible areas can be viewed by both Pinterest users and third parties, and that we have no influence on how they use the information available to them.
Pinterest provides us with aggregated statistical data to analyze the performance of our pins and our company page. This data includes, for example, the number of impressions and interactions, clicks on our pins and information about our target audience (provided they have been anonymized). These statistics are processed on the basis of our overriding legitimate interest, in order to optimize our content and to better reach our target audience. Pinterest users can use their settings to influence the extent to which their user behaviour may be recorded. You can find more information at https://policy.pinterest.com/en/cookies. You can also prevent your information from being processed by means of the cookies used by Pinterest, by not allowing cookies from third-party providers or those from Pinterest in your own browser settings.
6. Data protection provisions for the Vitra Campus app
6.1 General
When the Vitra Campus app is downloaded from the respective app store, the necessary data (e.g. user name, email address, device code) is transmitted to the app store operator. The app store operator alone is responsible for data processing. We have no influence on the type and scope of the data processed by the respective app store operator or the disclosure of this data to third parties.
6.2 Automated collection and processing of user data
Every time the Vitra Campus app is used, our server automatically and temporarily collects information in the server log files that are transmitted by the Vitra Campus app. If you want to use the Vitra Campus app, we collect the following data, which is technically necessary for us to show you our content and to ensure stability and security, legitimate basis for which is our overiding legitimate interest:
- IP address of the terminal device
- device model
- app version used
- operating software (iOS version)
There is no personalised evaluation of the server log files. At no time can the provider allocate this data to specific persons. This data is not combined with other data sources. The processing is carried out on the basis of our overriding legitimate interest, as the data is technically necessary for us to display our content to you and to ensure stability and security.
6.3 Booking appointments
You can use the Vitra Campus app to book appointments for a consultation at the VitraHaus. When booking, besides indicating the desired time of the appointment, you can send us your name, email address, telephone number and a free text. You will thereafter receive a corresponding digital appointment. The processing of data is carried out at your request and is necessary for the implementation of pre-contractual measures.
6.4 Google Analytics
We use the Google Analytics analysis service provided by Google Ireland Ltd in our Vitra Campus app to analyse and regularly improve the use of the Vitra Campus app. The information contained in Section 2.2 of this Privacy Policy applies correspondingly.
6.5 Google Firebase
We use the Google Firebase service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service is there to provide certain functionalities, improve the app and correct errors in the app. The data collected for this purpose is made available to us in anonymised form. The information that is recorded concerns whether a crash has occurred, which line of code caused the crash and the type and operating system of the mobile device concerned. This data is used exclusively to reproduce errors in the app and to be able to correct them during future development. No personal data is transmitted. The Firebase privacy policy can be viewed here: https://firebase.google.com/terms/data-processing-terms
The processing is carried out on the basis of our overriding legitimate interest in improving the functionality and user-friendliness of our application.
7. Data processing as part of the features offered
7.1 Product scanner
IThe Vitra Campus app enables you to identify Vitra products with the product scanner. When you use the product scanner, you take a photo or transfer the image from the camera so that we can show you further information about the respective product and about complementary or comparable products.
We collect your location data in order to be able to offer you this feature. To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device. You can allow or decline recording of your location at any time in the settings of your operating system.
The legal basis of this data processing is the need to perform a contract. The photos will be deleted immediately after processing and will not be used for any purpose other than to provide the product scanner functions described.
7.2 Campus map
You have the option of using our campus map to view the surroundings on the Vitra Campus and in individual buildings accessible to visitors (e.g. VitraHaus). In order to be able to offer you this feature, we use the Apple Maps application and record your location data (GPS data). To do this, you must allow the Vitra Campus app to access your location. However, we only record the location recorded by your device if the Vitra Campus app is open. If location recording is active, this is indicated by a compass symbol on your device.
This function cannot be performed without location recording. The Apple Maps terms of use can be found at https://www.apple.com/legal/internet-services/maps/terms-en.html. We only collect your location data to show you your current location on the campus map. Legitimate interest for such processing is performance of the contract. You can allow or decline recording of your location at any time in the settings of your operating system.
7.3 Tickets
You have the opportunity to buy tickets for the Vitra Design Museum. We use the Reservix ticket platform provided by Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany for online ticket sales. The legal basis for this is legitimate interest. Our overriding legitimate interest is to provide our visitors with a simple, secure and user-friendly way to purchase tickets online. Detailed information regarding how we process your data can be found in the Reservix privacy policy at https://www.reservix.net/datenschutz/.
7.4 Additonal information about third-party providers
Apple: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. https://www.apple.com/legal/privacy/
Google: Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. https://policies.google.com/privacy?hl=en-US
Reservix: Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau, Germany. https://www.reservix.net/files/data/docs/Datenschutzerklaerung_Reservix.pdf.
8. Visits to the Vitra Campus Weil am Rhein
8.1 General
Controller: Vitra Services GmbH, Charles-Eames-Strasse 2, 79576 Weil am Rhein. The Data Protection Officer can be contacted at: [email protected]
8.2 Video surveillance
Video surveillance is carried out for the following purposes: to exercise the right of admission, to prevent vandalism and theft, and to protect persons and property. The processing is carried out on the basis of our overriding legitimate interest, which lies in ensuring the security of persons, buildings and facilities. The following data is collected as part of the video surveillance: video recording of the monitored areas and data and time of the recording. The data is stored for 72 hours, unless longer storage is required to enforce legal claims or to preserve evidence. The data is then deleted.
8.3 Registrations
When you register for guided tours or events on the Campus, we collect the data you provide (if applicable, as the contact person for a group) in the respective registration form (name, contact details, company affiliation, if applicable, time of visit). Your data will be passed on to the relevant departments for your visit, e.g. the restaurant or the museum. The data is processed for the purpose of coordinating and carrying out your visit (contractual basis) and to safeguard our domiciliary rights (legitimate interests).
The data will be stored for two years after your visit, unless there are legal obligations to retain data or legitimate interests that require a longer storage period in individual cases.
9. Data protection information for online meetings, conference calls and webinars via Microsoft Teams
9.1 Purpose of processing
We use the “Microsoft Teams” tool to hold telephone conferences, online meetings, video conferences and/or webinars (hereinafter “online meetings”).
9.2 Data controller
Vitra International AG, Klünenfeldstrasse 22, 4127 Birsfelden, Basel-Landschaft, Switzerland (hereinafter “Vitra”) is responsible for data processing that is directly related to the performance of online meetings.
Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA and its affiliated companies (hereinafter collectively “Microsoft”). In order to be able to provide you with this service, Microsoft acts for us as a processor.
Please note that this data protection notice only informs you about how Vitra processes your personal data if you participate in online meetings with us. You can find more information about how Microsoft processes your personal data under https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/microsofts-commitment-privacy-security-microsoft-teams/ as well as the Microsoft Online Services Terms of Use.
Note: If you access the Microsoft Teams website, Microsoft is responsible for data processing. To use Microsoft Teams, you only need to access the website to download the software for using Microsoft Teams.
If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service is then also provided via the Microsoft Teams website.
9.3 Which data is processed?
When we use Microsoft Teams, we automatically process certain information that you transmit to us. The scope of the processed data also depends on the details of the data you provide before or while participating in an online meeting.
The following personal data is processed:
- IP address of the requesting end device
- information about the user: e.g. display name, business contact details such as email address, profile picture (optional), preferred language
- meeting metadata: e.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: You may have the option of using the chat function in an online meeting. In that case, the text entries you make are processed in order to display them in the online meeting. In order to enable video display and audio playback, the data from the microphone of your end device and any video camera on the end device is processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Microsoft Teams applications
9.4 Scope of procesingg
We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will inform you of this transparently in advance and – if necessary – ask for your consent.
If this is required for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
We do not use automated decision-making (“Profiling”).
9.5 Legal basis for data processing
If personal data is processed by employees of Vitra International AG in the context of an employment relationship, Art. 6 para. 1 lit. b GDPR in conjunction with Art. 88 GDPR forms the legal basis for data processing, insofar as this is necessary for the execution of the employment relationship. If the processing is not directly necessary for the performance of the employment relationship, but serves the general use of Microsoft Teams, the processing is carried out on the basis of our legitimate interest. Our overriding legitimate interest lies in the effective conduct of online meetings and the improvement of digital collaboration.
For external participants (e.g. business partners, customers), our legitimate interest forms the legal basis for data processing. Our overriding legitimate interest in these cases is the effective conduct of online meetings, communication and collaboration. In addition, the performance of a contract forms the legal basis for data processing when conducting online meetings if the meetings take place within the framework of contractual relationships.
9.6 Recipients/disclosure of data
If you have given us personal data, this will in principal not be passed on to third parties. A transfer only takes place
- with your consent
- on the basis of overriding legitimate interests, if the data disclosed at a meeting is to be passed on. Please note that content from online and in-person meetings is often actually used to exchange information with customers, prospects or third parties;
- within our group of companies, to the extent necessary for internal administrative purposes (such as the fulfillment of contractual obligations for joint services or customer care, the optimization of internal processes (IT support, billing, accounting) or the fulfillment of legal obligations); the legal basis is either the fulfillment of a contract or our overriding legitimate interest in ensuring an efficient business organization.
- as part of processing your concerns to commissioned subcontractors, who only receive the necessary data for the execution of this order and use this for a specific purpose;
- as part of the fulfilment of legal obligations to entities entitled to receive information.
9.7 Data processing outside the European Union
There is no data processing outside the European Union (EU), as we have limited our storage location to data centres in the European Union.
Likewise, processing by Microsoft usually takes place within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. If personal data is transmitted to the USA as part of order processing, we have agreed standard contractual clauses with Microsoft.
9.8 Right to object
You have the right to object at any time to the processing – among other reasons, based on personal data relating to you for reasons that arise from your particular situation. We will then stop processing your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
9.9 Deletion of data
We generally delete personal data if there is no requirement for further storage. A requirement may in particular exist if the data is still required for purposes of fulfilling contractual services, checking warranty and – where applicable – guarantee claims and to be able to grant or defend these. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
10. Your rights
10.1
You may receive information about the data we have stored about you and about its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage – free of charge, at any time without giving reasons.
10.2
In addition, you have the right to correct, block and delete your personal data in accordance with the statutory provisions. If you have given your consent to the use of data, you can revoke this at any time and without giving reasons. If your data is processed on the basis of legitimate interests in accordance, you have the right to object in accordance. You also have the right to data portability. You furthermore have the right to complain to a data protection supervisory authority about our processing of your personal data.
10.3
Please send your requests for information, objections to data processing and other inquiries to Vitra International AG, Klünenfeldstraße 22, 4127 Birsfelden, Basel-Landschaft, Switzerland or to the email address [email protected].
10.4
For any questions in connection with data protection, you can also contact our data protection officer, Mr. Simon Brandmeier, who can be reached at [email protected].
Last Update: 02.12.2025