Privacy Policyfor Geberit Mobile Apps

1.1 This Privacy Policy applies to the use of the Geberit mobile apps (“Mobile App(s)”). When using Mobile Apps, personal data can be processed.

1.2 Personal data is any information relating to an identified or identifiable natural person.

1.3 This Privacy Policy refers to the Swiss Federal Act of Data Protection (Bundesgesetz über den Datenschutz (“DSG”)) as per 01.03.2019. The articles according to the revised DSG as per 25.09.2020, which is expected to come into force on 01.09.2023, are mentioned in brackets in each case.

2.1 The operator of Mobile Apps and the controller responsible for processing your personal data is Geberit Verwaltungs AG, Schachenstrasse 77, 8645 Rapperswil-Jona, Switzerland (“Geberit”).

2.2 Our data protection officer can be reached by email at dataprotection@geberit.com or at the postal address above for the attention of “The data protection officer”.

This section provides further information about what personal data we collect from you and how we process it. The legal basis for some of our data processing is our legitimate interest in the performance of our contractual relationship with you according to the “Terms of Use for Geberit Mobile Apps”, pursuant to Article 13 (as from September 2023 Article 31) of the DSG. If you require further information about the balancing of interests, please contact us using the details provided in Section 2. You have the right to object at any time to the processing of personal data relating to you, on grounds relating to your particular situation.

3.1 Download of Mobile Apps

When downloading Mobile Apps, certain information is passed on to your chosen online store for mobile applications (so-called apps). As this data is processed exclusively through the respective online store, the handling of this data is beyond our control. For more information, please refer to the terms of use and privacy policy of the respective online store provider.

3.2 Use of Mobile Apps

3.2.1 When you open Mobile Apps for the first time, we ask you to specify the country in which you intend to use it so that we can offer you services in the appropriate language and with the intended functionality.

3.2.2 When using Mobile Apps, the backend servers used to provide, for example, user manuals of Geberit products will automatically and temporarily collect information transmitted by your mobile end device in server log files. This data is as follows:

• IP address of the mobile end device sending the request
• Request path and arguments
• Request time
• Operating system of the mobile end device sending the request

The data in these server log files are not analysed in a way that identifies individual persons. In cases where the information listed above contains personal data (particularly the IP address), the legal basis for collecting this data is our legitimate interest in collecting this data to ensure the proper functioning of our Mobile Apps. The collection of your personal data also ensures the security of our IT systems. Your personal data is not processed further and deleted as soon as it is no longer required for the purpose for which it was processed, after 30 days at the latest. If the data is stored for other, similar reasons, your personal data is anonymised so that you cannot be associated with or identified from this data.

3.2.3 If the Geberit ID is used for user authentication in Mobile Apps, the following information is stored locally on your mobile end device: Unique identifier (“UID”) of the Geberit ID, your name, email address, phone number, and country. No data is transmitted outside your mobile end device.

3.2.4 When using Mobile Apps, your chosen online store for apps and/or operating system provider may collect usage and diagnostics data such as, for example, frequency of Mobile Apps usage and information on Mobile Apps crashes, and provide this data to us in aggregated and anonymised form. The collection of such data is governed by the terms of use and privacy policy of the online store and/or operating system provider and is thus beyond our control. The legal basis for viewing and evaluating this data on our side is our legitimate interest in the analysis, optimisation and economic operation of Mobile Apps.

Personal data is stored only locally on your mobile end device. Geberit has no access to this data and does not forward it to third parties. This may differ when using the Geberit ID, so please note the relevant data protection information of the Geberit ID.

As a data subject you have the right to access your personal data, have them corrected or deleted, restrict their processing or object to their processing.

Since we do not have access to your personal data on your local device, you can exercise these rights yourself by adjusting or deleting your information in Mobile Apps.

If you have any questions, please send us a written request using the contact details specified above or send an email to the following address: dataprotection@geberit.com.

The current version of this privacy policy is always available in Mobile Apps (typically under the “Information” or “More” menu items).

Version: July 2023

Changes compared with the previous version of this document (January 2021):

• Added list of changes compared with the previous version of this document
• Updated and improved descriptions of data processing activities in section 3 (Information about the processing of your data):
  • The information is now structured in two main areas, which are about downloading Mobile Apps and using Mobile Apps
  • Added information about server log files and the Geberit ID
  • Removed data processing activities concerned with functionality that is not available in your country
• Simplified or removed further sections in accordance with the Mobile Apps functionality offered in your country