USAGE CONDITIONS AND DATA MANAGEMENT POLICY

I. General provisions

I/1. The Operator

This website is operated by Roof Tile Group, which is the owner of the trade mark Gerard®. The company is founded and is operating in accordance with Belgium legislation, of which the head office is Belgium, ROOF TILE GROUP Europe NV Michielenweg 3, B-3700 TONGEREN, BELGIUM, e-mail address: [email protected]. hereinafter: Operator), directly or through its empowered subsidiary (in Slovenia AHI ROOFING, d.o.o., Beethovnova ulica 4, 1000 Ljubljana).

 

I/2. The User

Auser is any person who visits the website, makes use of its services as such may be made available by the Operator from time to time, irrespective of whether such User registers for an account or not. Certain services may be used only by registered users.

 

I/3. Scope and modification of the Policy

The scope of the present Usage and data management policy (hereinafter: Policy) extends to the services provided and the data management in connection with the Operator’s present website (hereinafter: Website).

In the absence of a contrary provision, the scope of the Policy does not extend to services and data management which are connected with the promotions, prize draws or services of third persons advertising on the Website or otherwise appearing there, with their other campaigns or published content. In the absence of a contrary provision, the scope of the Policy does not extend to the services and data management of websites and service providers which links on the present Website may lead to.

The Operator is entitled to modify the Policy at any time. The Operator is not obliged to send users separate notification of the modifications.In order to familiarize yourself with the updated version, we suggest you visit this present link regularly and check out our Policy.

 

I/4. The Operator’s activity, purpose of the Website

The Operator manufactures and sells Gerard roofing systems. 

The main purpose of the present Website is to present Gerard products and systems and the related services offered.

The information published on the Website does not qualify as an offer. The Operator takes no responsibility that the products appearing on the Website will actually be available in the future, in the quantity and quality presented on the Website.

The information published on the Website only serves as orientation for users, it can in no way be regarded as the Operator’s contractual declaration, official prospectus or instructions for use.

The Operator takes no responsibility if the information published on the Website differs from the information published by other dealers with regard to the same products and services.

Familiarity with the information published on the Website does not replace knowledge of official prospectuses related to the use and recourse to the products and services, or recourse to help from experts. 

 

I/5. Authoritative law

The Operator is an economic company registered in Belgium, which primarily performs its activities under the authority of Belgium legislation.

For such case that the application of a particular law may be stipulated, the Operator stipulates the application of Belgium law.

For such case that there is room to stipulate the legal authority, the Operator stipulates the exclusive competence of the Belgium authorities and courts with jurisdiction associated with his head office.

II. Data management

The personal data are processed and managed by the Operator, directly or through its data processors, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation or the GDPR).

The Operator strives to ensure that the following principles of managing the personal data fully prevail:

-   personal data are only managed for a specified purpose;

-   every stage of the data management conforms to this purpose, including the range of data managed;

-    the uptake and management of the personal data is honest and legal;

-    the data are accurate, complete and current;

-  if it is not necessary to identify the person concerned, the data management is modified in such a way that the person concerned cannot be identified on the basis of the available data;

-    the rights of the persons concerned correspondingly prevail.

 

II/1. Personal data collected by the Operator

With reference to our company, personal data signify information which identifies you or enables us to get in contact with you, for instance your name or e-mail address. Details of personal data collected by us may be listed in the following categories:

A) Information collected automatically upon your visit of our website.

When you visit our website, certain information is collected automatically on the devices you use. In certain countries, including the countries of the European Union and / or European Economic Area (“EU / EEA”), a defined range of this information may be regarded as personal data under the terms of relevant data protection legislation. For the collection and/or processing of personal data, we need to ask for your prior consent or have other proper statuary basis. 

We collect the following information: the IP address, the type of informatics device you use, the unique device ID number, the type of browser used, your geographical location (e.g. location by country or town), the information about buttons you have clicked, the pages you have visited, tracking of email opens and clicks on e-mails sent, and other technical information are to be regarded as such. We may also collect data on how the device interacted with our website, including the pages you wished to reach and the links you visited.

Collecting these data enables us to be better acquainted with the visitors to our websites, where they come from and which content of our homepages they are most interested in. This information is only used for internal analytical purposes according to the above, so we can satisfy the interests of our visitors and thus improve the quality of our websites.

We may collect some of these data with the aid of cookies and similar tracking technologies, the details of which are contained in our Cookie Policy. For the collection of data via cookies, we need to obtain your consent what is further regulated in the Cookie Policy.

B) Information provided voluntarily by you for implementation of specific request: 

Certain sections of our Website contain services for the use whereof you may need to fill in personal data: name, surname, e-mail address, telephone number, full address, post code, size of the roof and the estimated time period of interest for the purchase of the roof or roof installation, the IP address, the pages you have visited, tracking of email opens and clicks on e-mails sent,. Such, for instance, are the features in Campaign Registration Forms, Online Warranty, Roof Calculator, Roof Simulator or Find Your Roofing Expertin case you send an offer request.

In case of Find Your Roofing Expert form you provide solely data concerning the location, and not your specific and full address, such information shall not be deemed as “personal data”, since it is insufficient for identifying you. Moreover, even if you provide your full address, this information shall only serve for finding a roofing expert nearer to the entered address, and it shall not be used by us for identifying you. 

Kindly note that visiting the Website does not depend on registration, but some of the services are only accessible to registered users, such as the Roofnet Program, Calculator or Gerard for Architects subpages. The range of personal data collected from registered users, as well as all related information concerning the processing of such data are available upon the relevant registration process.

Kindly note that we at all times endeavor to protect the security and privacy of any data you provide or allow transmission by joining the Campaign or by registering to our online accounts.

 

II/2. The purpose and legal basis for personal data processing

We need to obtain your consent or other statutory basis if implementation of our services needs collection or processing of your personal data. In accordance with the GDPR regulation the form contains fields where individual consents need to be given.

A) General

We use the personal data collected on you for various reasons, including the following purposes:

- In order for us to be able to respond to possible requests from you or to provide you with the information or technical support you ask for.

- In order to inform you about the progress of the campaign via e-mails.

- For the purpose of using, supporting, personalizing, maintaining and improving our services.

- In order to comply with and enforce legal requirements, agreements and guidelines which must be applied.

- In order to avert, detect, identify, investigate and respond to any possible or actual demands, obligations, forbidden conduct or crimes, and to defend against these.

- For implementing additional activities in conformity with the present Policy.

- To prepare and provide additional information, technical support or to serve as intermediary in the preparation of the requested offer (e.g. sending your inquiry to the roofer).

- To inform about the progress of the campaign via e-mails.

- To issue online warranty.

- To send non-electronic direct marketing (e.g., flyers sent by post);

- To send electronic mailings that consist purely of polls, satisfaction surveys or market research, provided that the content of the mailing is strictly limited to this and does not promote goods or services;”

- To send inquires and personal data to out contracting roofers, to contact you.

The legal basis of the data processing is:

- art. 6 paragraph 1, letter f) of the GDPR: the Operator’s legitimate interest - in case of using functionality cookies, non-electronic direct marketing or electronic mailings that consist purely of polls

- art. 6 paragraph 1, letter b) of the GDPR: taking the necessary steps for the conclusion of a contract – in case you send us an offer request after using the features in Roof Calculator, Roof Simulator or Find Your Roofing Expert, or Online Warranty

- art. 6 paragraph 1, letter a) of the GDPR: your assent to the data processing – in particular cases as disclosed in the specific data processing policies   

In case of registered user accounts (such as on https://architects.gerardroofs.eu/ or Roofnet Program), the purposes of the data processing, as well as the legal basis for such processing are listed in the corresponding data processing policies.

B) Direct Marketing

By separate consent you are voluntary agreeing to use the data (name, surname, e-mail address, telephone number, full address, email clicks, email opens and page visits, purchases, warranties and requests) for direct marketing purposes, segmentation and profiling. Each Participant understands and expressly agrees that a statutory basis for processing of personal data under Article 6/1 (a) of the GDPR Regulation exists and that the data collected will be used for direct marketing services, such as:
- notifications about the course of the campaign or promotions;
- To send newsletters by e-mail with articles and promotions of goods and services.
- To segment and profile for making better and more personalized user experience.
- To gather user behavioral data in e-mails and web page for the purpose of scoring, personalization and profiling.
- For showing personalized adds on advertising platforms such as Facebook or Google.
- To send SMS, MMS or doing marketing via telephone.

The following means of communication will be used for direct marketing services communication, segmentation and profiling:

  • online marketing (account notifications)
  • email marketing
  • Mobile marketing (SMS and MMS to phone number)
  • telemarketing (phone calls)
  • direct you to an online platform (Roofnet) and connect you with the retailer or roofers to make an offer

C) Other

Besides the above, additional data management may be associated with certain services. The Operator will obtain necessary consent and provide appropriate information on the details of this data management (like purpose), in every case.

 

II/3. Map location

By separate consent you are voluntary agreeing that certain data concerning your property and the real estate (photograph and map location) will be displayed as a reference project on the websites and applications operated by Gerard® and will be handled by Gerard® for this purpose. By special confirmation you will declare that the provided information are true and are your data, and you have full authority to give them to Gerard@ and your ability to act is not limited:
- Name (will not be shown on the Map)
- Home address (will not be shown on the Map),
- building address (will not be shown on the Map):,
- And a photograph of the building that you have uploaded (will be displayed on the map together with the profile name and the colour).

  

II/4. Access to managed data, forwarding and usage of the data

Personal data eventually collected through the Website might become accessible to data processors such as web services providers or marketing companies. The data processors are only authorized to implement the Operator’s decisions, in accordance with the Operator’s instructions.

We may also forward your personal data to the following addressees:

To linked companies:

We may share personal data with companies in ownership or management relationship with us (for instance, with firms which monitor or manage our company, or have joint management with us, or which our company monitors or manages) – hereinafter: subsidiary.

Included here are those data which come to our attention in connection with websites operated by us or by our subsidiaries.

To specified service providers:

We may share your personal data with companies which provide services for us so that we can fulfil our obligations and keep you informed, for instance fulfilling orders, delivering parcels, sending postal deliveries and e-mails, analyzing customer data, offering help with marketing, investigating possible fraud activities, conducting customer surveys and running customer services.

To behavioral advertisers:

From time to time, we may permit firms qualifying as third parties which use behavioral advertising to use their technology to collect information available in connection with visiting and using our website in order to pursue promotional activity related to products and services considered to be of interest to you. These personalized adverts may appear on our websites and also on other websites.

In order to observe the legal obligations of any other party:

Your personal data may be shared with any other third party in order to fulfil legal obligations (or involvement in legal proceedings), so that we can defend our company, our employees, agents, clients, visitors and subsidiaries against any fraud or the possibility of such; or inasmuch as you consent to this.

The recipients or categories of recipients of personal data collected through registered user accounts are disclosed in the corresponding data privacy policies.

 

II/5. Data management for promotion and research purposes

Subject to the User’s prior consent, the Operator may use the contact details entered by the relevant User (e-mail address, postal address, telephone number, other IDs and data used for keeping in contact) for the purpose of sending an SMS, MMS, electronic letter to the user in relation to the Operator, the Operator’s activity, as well as the Website for promotion purposes, a newsletter concerning the service, or a letter including advertising, and for information for this purpose to reach him. 

The Operator may use the managed data for the purpose of surveys, market research, compiling a research sample, and for approaching users when doing research.

 

II/6. Retention of personal data

Unless otherwise specified herein or by the applicable law, we retain for as long as the legitimate interest exists. We are reviewing our data retention practices every two years, taking into account the principle of proportionality and the relevant circumstances. If direct marketing activities change or evolve significantly, the consent will be renewed. If there are no good reasons for further retention of data, consents for direct marketing shall be renewed or personal data stopped being processed (and deleted). You will always have the option to unsubscribe from direct marketing activities

If a civil law relationship is established between the user and the Operator, civil law rules are also authoritative for management of the data. In this case, the personal data are to be managed in the interest of implementing the demands of civil law, or on this legal basis. If an official or court procedure is launched due to an illegal act by the user, in order to conclude this successfully, the Operator may manage the data in consideration of this legal basis.

If we no longer have need for processing any of your personal data in order to carry out our business activities, then we will either delete or anonymize them, or if this is not possible (for instance, because your personal data have been stored in the saved archives), then we will store these personal data securely and in seclusion from other data processing activities until their deletion becomes possible.

In any case, we delete the entered data, if:

- managing them is unlawful, or deletion is ordered by legislation;

- the person concerned requests it;

- the data are incomplete or inaccurate, and this makes their usage impossible;

- the purpose for the data management no longer exists;

- this is ordered by an authority or court.

 

II/7. Associated data protection entitlements and options

You may access your personal data collected by us online and kept current using generally accepted updating methods. In order to update, correct or delete this information, get in touch with us at the address first above written or on the [email protected] e-mail address.

Besides the above, you may exercise the following data protection rights:

- to access, correct, update or, as the case may be, delete your personal data

- to raise an objection in connection with the processing of your personal data, ask for the limitation of processing of your personal data or by special request the implementation of portability

- to cancel receiving the marketing communication messages we send at any time without giving a reason. You can exercise this right by clicking on “unsubscribe” in the marketing e-mails we send or on the “opt-out” link. If you wish to cancel other forms of marketing too (e.g. postal marketing or telemarketing), then please get in contact with us.

- to withdraw your consent at any time and without giving a reason with respect to future processing of your personal data collected and processed by us based on your consent. The withdrawal of consent does not influence the legality of processing we carried out earlier while your consent was in force, nor does it influence the processing of personal data if this is done in consideration of another legal basis apart from personal consent.

- to lodge a complaint with the data protection authority with regard to the collection, storage, processing or forwarding of your personal data, or their utilization in any other way.

For further information, please contact the local data protection authority.

III. Rules for users

III/1. The user’s obligations and responsibility

The user is obliged to take appropriate care when entering his data. The Operator cannot be held responsible for damage resulting from the user not taking proper care concerning the protection of his data.

The user may only use the site on his own responsibility. The Operator does not accept responsibility for damage or inconvenience suffered by the user while using the site, if these arise from the user not proceeding with due caution when using the site. The user only may make his data public and accessible to others at his own responsibility. 

When using the site, the user is obliged to proceed honorably, bearing others’ rights and interests in mind.

The user is obliged to respect operative legislation, and during usage is obliged to refrain from all activity which is unlawful, or which damages the interests of others. Included in this, the user is obliged to respect others’ private spheres, personal rights and intellectual property rights, especially the regulations concerning the protection of literary, scientific and artistic creations, inventions, design patterns, utility models, trademarks and brand names subject to copyright protection. The user is obliged to refrain from committing crimes and misdemeanors, and furthermore is obliged to refrain from using all obscene, indecent expressions and utterances, or any other which are likely to result in indignation in others;

All users are obliged to refrain from all activity which would impede proper usage of the site. All users are obliged to refrain from all activity which damages the Operator’s interests. Included in this, the user is obliged in particular: 

- To refrain from upsetting or obstructing the operation of the site;

- To refrain from activities which are aimed at obtaining or using the Operator’s business secrets or information which he keeps secret;

- To refrain from all communication which bears false information with regard to the service;

- To refrain from all activity which threatens the informatics security of the site;

- To refrain from all activity which is aimed at advertising his own product or service, or those of another, third person.

Besides the above, the Operator may set further restrictions, of which he will inform the users. 

While using the site, users may only make other persons’ data public, or make them available to others, if the person concerned has expressly consented to this. The consent of the person concerned is not necessary in the case of open public appearance, or with regard to data he has previously made public without restriction.

When registering, users may only enter their own personal data. Entering other persons’ data qualifies as unlawful data management, which could have consequences defined by legislation. In case of the abuse of others’ personal data, the Operator will provide the competent authority with help in order to detect the infringement and identify the person committing the infringement.

The restrictions described in the present point apply to all visitors to the site.

 

III/2. Procedure against offending users 

If a user contravenes the stipulations of the present Policy, or the specifications of legislation, the Operator may delete the user’s registration. In this case the user’s registration is terminated, he may not make use of the site services in the future.

If there is room for an official, court procedure based on the user’s conduct, the Operator may store the data needed for identifying the user irrespective of the deletion, as well as the data applicable to the offense, and may pass these on to the competent body.

If the user infringes the rights of a third party, and this third party is entitled to initiate a procedure, the Operator may pass on the data to the third party, if the third party can verify his legal interest in this connection.

IV. Data security

We use appropriate and widespread security methods in order to prevent unauthorized access, to preserve the accuracy of the data and to ensure proper utilization of the personal data.

If you create a user account through our website, the account data and full profile enjoy the secured protection of a password. We suggest that you do not give your password to anyone. Our staff will never ask you for your password, either in an unwanted telephone call or an unwanted e-mail. Do not forget to log out of your account and close the browser window when you have finished a session. This helps to prevent others accessing your personal data and correspondence, if you share your computer with someone else or you use a computer in a public place which others have access to. 

When you voluntarily make certain personal data public on the internet, for instance on message boards, in e-mail or on chat interfaces, there is a risk that others could collect or use this information. The security of data transfer via the internet or any wireless network is not absolutely perfect. As a result of this, in such case, despite the fact that we take all reasonable and expected measures in order to protect your personal data, we cannot guarantee the security of the data you forward to us, so you may do this only on your own responsibility.

V. Provision concerning children

Our Homepage has been produced for private persons over the age of 18. As we cannot determine the age of persons accessing our Website for lack of personal data and verifiability in this regard, we use this data protection declaration for every age group. In such case that a private person younger than 18 years old has provided us with his personal data without the consent of his parents or guardians, we request that a parent or guardian get in touch with us so that we can take the necessary measures to delete the data in question.

VI. Practice and data protection activity of third parties in connection with personal data

The data protection guidelines of advertisers linked with the use of our homepage and of payment or other services may differ from that of the present Data Protection Policy. We suggest that you familiarize yourself with the data protection regulations of the service provider in question before asking for a quotation from or concluding an agreement with these service providers.

 

VII. Forwarding of personal data outside the European Economic Area (EEA)

As our company is a member of a multinational company group, in certain cases your personal data may be forwarded to or shared with countries outside the EEA, for reasons including but not limited to achieving the goals referred to in the present Data Protection Policy, taking the appropriate legal bases into consideration. Such transfers are currently performed to our subsidiary in New Zealand, jurisdiction formally recognized by the European Commission in 2012 as ensuring an adequate level of protection for personal data transferred from the European Union (Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand).

In the above case our company or the members of our company group will take all reasonable and necessary measures in order to ensure that personal data forwarded to a country outside the EEA are processed in a secure manner. If you would like to know more about these appropriate measures, please contact us.