SUPPLEMENTAL EEA+ PRIVACY NOTICE
Last Updated: January 3, 2023
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. If you are located in the EEA or UK, references to the “GDPR” below are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
1. Who is the Data Controller?
If you are inside the EEA+ but outside the United Kingdom when you visit, shop or register with Wahl online or use any of our Websites or online services, your personal data is controlled by Wahl GmbH and you may contact our data protection officer Norbert Gaulocher at: Am Erlenbach 2 88662, Überlingen, Germany, email@example.com.
The UK controller of personal data is Wahl (UK) Limited. Contact details are as follows: Wahl (UK) Limited
Sterling House, Clipper Close, Ramsgate, Kent, CT12 5GG, firstname.lastname@example.org.
2. What are the legal bases for processing?
To the extent required by applicable law, we collect and process personal data of individuals located in the EEA+ only where there exists a legal basis for doing so. Such legal bases are as follows:
It is in accordance with your consent, per Art. 6(1)(a) of the GDPR.
It is necessary for us to perform a contract with you—specifically, the terms and conditions that apply to our Services—or take steps at your request prior to entering into the contract, per Art. 6(1)(b) of the GDPR.
It is necessary to comply with our legal obligations, per Art. 6(1)(c), such as if we are required by law to disclose personal data to law enforcement agencies or governmental authorities.
It is necessary for us or third parties to pursue legitimate interests that are not outweighed by your privacy and other fundamental interests, per Art. 6(1)(f) of the GDPR. Those legitimate interests are to provide you and other users of our Services with a good and safe experience, administer and enforce our contractual and legal rights, develop new services and features that we can offer to you and others, and manage our business operations and relationships with you and third parties.
It is necessary for our legitimate interests, per Art. 6(1)(f) of the GDPR, to exercise our legal rights or defend legal claims.
It is necessary, per Art. 6(1)(f) of the GDPR, to give effect to a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider.
We only process sensitive data for specific purposes where you have given us your explicit consent to do so, per Art. 9(2)(a) of the GDPR.
3. On What Basis Do We Transfer Personal Data Across Borders?
We operate our Services with the assistance of service providers in the United States, UK, Spain, Canada, Argentina, Brazil, Colombia, Costa Rica, and Ecuador. If you consent to our use of third-party analytics and advertising cookies (see our Cookies Notice Page [insert link to separate webpage containing this document]), our analytics and advertising partners will process your personal data in the United States, UK, Spain, Canada, Argentina, Brazil, Colombia, Costa Rica, and Ecuador. We take measures to ensure that service providers and other recipients in the United States, Brazil, Colombia, Costa Rica, and Ecuador all provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses that have been approved by the authorities of your country. Data transfer agreements are accessible upon request by contacting us at the details shown further above.
4. How Long Do We Retain Personal Data?
In general, we store personal data only as long as necessary to fulfil the purpose for which we collected it (the “General Retention Period”), except in the following situations:
Where applicable laws require us to retain your personal data for a legally prescribed period beyond the General Retention Period, in which case we will keep that personal data for the legally prescribed time period before deleting it;
Where your personal data is relevant to potential legal claims by or against us, in which case we will keep that personal data for as long as the legal claims can be made or, if it has been made, for as long as the personal data is relevant to the resolution of the claims or any appeal thereto;
Where we are instructed by a court order, subpoena, or other legal directive to retain your personal data beyond the General Retention Period; and
Where we need a reasonable period of additional time to verify that the purposes for which we collected your data no longer apply and to delete the data following such verification.
If none of these exceptions apply to certain personal data, we will retain personal data for as long as necessary to fulfil the purpose for which we collected it, which in most cases does not exceed 5 years.
5. Do You Have to Provide Personal Data?
There is no law or contract stating that individuals in the EEA+ have to use our Services. We will try to tell you what personal data we need from you to provide certain Services or a certain level of quality of Services to you. In those cases, if you do not provide the personal data that we request from you, we will not be able to provide you with the Services or level of quality of Services that you request from us.
6. Your Rights
You have the following rights, subject to conditions and in some cases limitations under the data protection laws that apply to you:
To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of your personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
To transfer or receive a copy of your personal data in a usable and portable format if we process it on the basis of your consent or a contract with you.
To obtain from us the rectification of inaccurate personal data concerning you.
To ask us to erase your personal data to the extent it is not required for legally required purposes or an exception to erasure applies under applicable law.
To withdraw your consent at any time with future effect if we process your personal data on the basis of consent.
To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
You can exercise your rights by emailing email@example.com or sending mail to:
Wahl Clipper Corporation
2900 North Locust Street
Sterling, Illinois 61081