The following describes how GSK Stockmann SA, 44, Avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg, RCSL B 205 326 (hereinafter also referred to as “GSK Stockmann”, “we”, “us”) processes your (and possibly third parties’) personal data within the scope of our relationship with you as client or otherwise as regards processing your case.
We take the confidentiality and protection of your personal data very seriously. For this reason, we process your personal data exclusively insofar as it is legally admissible, in particular on the basis of the General Data Protection Regulation of the EU (“GDPR”) and the Luxembourg law dated 1 August 2018 on the organisation of the National Data Protection Commission, implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “Data Law”).
1. How we process your data
We process your personal data only if it is necessary for providing a functional website, our contents, and our services.
a) Visiting our Website
aa) The use of our website is possible without any indication of personal data. As is the case with most websites, our systems, however, do automatically register every access to or visit of our website and temporarily store this information in a “log file.” Among the data saved in this context are in particular:
• IP-address of the accessing computer
• Name and URL of the accessed file
• Date and time of the access
• Access status/HTTP status code
• Amount of data transferred for each transmission
• Browser identification data.
bb) These data do not allow us to draw any conclusions about the data subject. We also do not create personal user profiles (however, please note the below information on “analytics tools”). The above mentioned data are processed for the purpose of enabling visitors to use our website (to establish a connection) and for internal system related purposes (technical administration, system security). Log files are stored in order to ensure functionality of our website. Additionally, these data allow us to optimize the website and to ensure that our systems are secure. As far as personal data is concerned, data processing related to accessing our website is based on Article 6(1)(1)(f) GDPR (legitimate interests). The legitimate interest is based on the above mentioned purposes.
b) Contacting you via E-mail
aa) Our website offers various possibilities to get in touch with us via e-mail (in particular on our “Career” page). If you contact us via e-mail or send us an enquiry, we store the personal data you transmitted via e-mail. It is not mandatory for you to provide information; we only receive and store personal data that you send us. These data are used for processing your respective request only.
bb) The legal basis for the processing of the aforementioned personal data is: Article 6(1)(1)(f) GDPR (legitimate interests). Our legitimate interest is based on the fact that we can only perform the action the user asked for (e.g. answering an enquiry) if we process his/her personal data. If you contact us with the aim of potentially entering a client relationship or any other business relationship with us, or if you are seeking employment with us, processing your personal data is also done under the following legal basis: Article 6(1)(1)(b) GDPR (performance of a contract and steps necessary prior to entering a contract).
aa) Our website offers an option for signing up for our free Newsletter (“GSK Update”). When signing up, your e-mail address will be transmitted to us. We collect your e-mail address in this case for the purpose of sending you our Newsletter. The data will be stored until you unsubscribe. After that, the e-mail address will be blocked for Newsletter deliveries and generally deleted, if appropriate. You can unsubscribe at any time by using the opt-out link at the bottom of each Newsletter.
bb) The legal basis for the processing personal data related to Newsletter delivery is: Article 6(1)(1)(a) GDPR (data subject consent); or, in case of client or other business relationship and regarding information about at least similar services provided by us, Article 6(1)(1)(b) (performance of a contract) may also apply.
language cookies in order to recognize if a user wants to view the
English or German language version of our website. These language
cookies are automatically deleted once you leave our website.
Most browsers automatically accept cookies. You can, however, change your browser settings to not set any cookies or to always show a notice before setting a new cookie. However, if you chose to deactivate the setting of cookies altogether, not all functions of our website may be (entirely) usable.
bb) The legal basis for the processing personal data related to cookies is: Article 6(1)(1)(f) (legitimate interest). Our legitimate interest is based in the above mentioned purposes, to optimize website use and to improve your user experience.
e) Google Analytics
bb) You can prevent the setting of cookies by adjusting you browser software settings. However, we would like to point out that in this case not all functions of our website may be (entirely) usable. You can also prevent Google from collecting and processing data related to your website use that the cookie created (including your IP address) by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
cc) As an alternative to the browser plugin or for browsers on mobile devices, please use the following link to set an opt-out cookie that prevents “Google Analytics” from capturing your data during future website visits (This opt-out cookie only works in that browser and only for that website. If you delete your cookies in your browser, you will have to return to this link): http://tools.google.com/dlpage/gaoptout?hl=de
dd) Further information on “Google Analytics” may be found here: http://www.google.com/analytics/terms/de.htmlhttp://www.google.com/intl/de/analytics/learn/privacy.htmlhttp://www.google.de/intl/de/policies/privacy/
and at Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
ee) The legal basis for the processing of personal data related to the above mentioned analysis is: Article 6(1)(1)(f) GDPR (legitimate interests; Here, the legitimate interest is based on the fact that for running our website it is important to understand if and how (often) it is used).
f) Google Maps
aa) This website uses “Google Maps” by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Each time “Google Maps” is accessed, Google will set a cookie to process user settings and user data when the page that integrates “Google Maps” appears. Google does this for the purpose of assuring functionality and improving maps functions. Normally, this cookie will not be deleted when you close your browser but it expires after a certain amount of time unless you delete it manually before then. If you do not agree to this processing of your data, you may deactivate “Google Maps” and thus prevent transmitting data to Google. In order to do so, you need to deactivate the Java script function in your browser. However, we would like to point out that in this case, use of “Google Maps” will be limited or impossible.
bb) The legal basis for the processing of personal data related to the above mentioned purpose is: Article 6(1)(1)(f) GDPR (legitimate interests). Here, the legitimate interest consists in the fact that Google has a legitimate economic interest in ensuring and improving functionality of its services. Our legitimate interest consists in providing an appealing services presentation on our website and an easy way for users to find locations mentioned on our website.
g) Further information on Google
Google has pledged to comply with the U.S.-EU Privacy Shield Framework as published by the U.S. Department of Commerce on collecting, using, and storing of personal data in EU Member States. Google certified that it will adhere to pertinent Privacy Shield principles. The EU Commission assumes that the United States guaranties appropriate protection for personal data transferred in the context of the Framework from the EU to self-certified organizations in the United States. Further information can be found here: https://www.privacyshield.gov/EU-US-Framework
2. Data transmission to third parties
We may use external service providers for website operation and for the services offered there (hosting, newsletter delivery) who process your personal data for us. These service providers process your data only according to our instructions. The legal bases for such processing of personal data are: Article 6(1)(1)(b) GDPR (performance of a contract and steps necessary prior to entering a contract) and Article 28 GDPR (data processing).
3. How long we store your persona data
As far as the other stipulations of this Policy do not prescribe a certain amount of time that we need to retain your personal data, we only store personal data generated in the context of using our website for as long as is necessary to process your requests or enquiries, and after that only to the extent of and if required by statutory storage obligations. If we no longer need your personal data for the above mentioned purposes, they will only be stored for the legal retention period and they will not be processed for other purposes.
4. Your rights
You have the right to demand information from us about your stored personal data at any time. If the legal requirements are met, you also have the rights to have personal data corrected and deleted, to restrict processing of the relevant data, to object to our processing of your data, and to receive the personal data concerning yourself in a structured, commonly used, and machine-readable format. If you have given consent to the processing of your personal data, you can withdraw it at any time.
If you believe the processing of your personal data to be violating applicable data protection laws, you can lodge a complaint with the relevant supervisory authority for data privacy.
For all data privacy questions (incl. assertion of your rights as per Article 5 of this Policy), you can contact us at the address mentioned in Article 1 as well as at
firstname.lastname@example.org, T +352 2718 02-00, F +352 2718 02-11.
6. Data security
GSK Stockmann maintains current technical measures to ensure data security protection, especially to protect your personal data against risks during transmission and against third party access. These measures will be updated according to the latest technical developments.
8. Cookie consent with Borlabs cookie
Our website uses the Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/