WHO WE ARE

KOHLER Co. is a global company on a mission to help people live gracious, healthy and sustainable lives.

This Privacy Notice describes how KOHLER Co. and its affiliates and subsidiaries (together, "Kohler", "we", "us", "our") process personal information in connection with the activities described in the "Scope" section, below.

For questions about this Notice, you may contact the Kohler Global Data Privacy Team using the contact information in the "How To Contact Us" section of this notice.


TABLE OF CONTENTS

  1. WHAT INFORMATION WE COLLECT
  2. HOW KOHLER USES YOUR PERSONAL INFORMATION
  3. SHARING YOUR INFORMATION
  4. RETENTION OF YOUR INFORMATION
  5. DATA SECURITY AND INTEGRITY
  6. YOUR CONTROLS AND CHOICES
  7. THIRD PARTY SERVICES
  8. CHILDREN'S PERSONAL INFORMATION
  9. CHANGES TO OUR PRIVACY NOTICE
  10. HOW TO CONTACT US
  11. JURISDICTION SPECIFIC
  1. UNITED STATES: STATE PRIVACY RIGHTS NOTICE
  2. SUPPLEMENTAL NOTICE FOR EEA AND UK
  3. SUPPLEMENTAL NOTICE FOR BRAZIL
  4. SUPPLEMENTAL NOTICE FOR CANADA
  5. SUPPLEMENTAL NOTICE FOR CHINA

Scope

This Privacy Notice applies to our processing of personal information collected:

  • via our websites, mobile applications, social media pages, and other digital properties that display or link to this Privacy Notice;
  • from our customers and prospective customers, including former, current and prospective customers and others with whom we currently do or have done business;
  • and from business partners, vendors and service providers, including former, current, and prospective business partners, vendors and service providers with whom we do or have done business.

This Privacy Notice does not apply to:

  • the personal information we collect from our employees, contractors, or job applicants;
  • the personal information collected in connection with Kohler's hospitality business ("Kohler, Wisconsin") (please see our Kohler, Wisconsin Privacy Policy for more information);
  • the personal information collected in connection with Kohler's health business ("Kohler Health") (please see our Kohler Health Privacy Policy for more information);
  • any personal information Kohler processes on behalf of a third-party entity, such as a business customer or vendor.

State Law Privacy Rights: See the Jurisdiction Specific Information tab above. The United States: State Privacy Rights Notice section supplements this Privacy Notice and contains important information for residents of applicable U.S. states, including about rights under applicable state privacy laws.

EEA and UK Notice: Please see the Jurisdiction Specific Information tab above. The Supplemental Notice for EEA and UK supplements this Privacy Notice and contains important information for individuals located in the European Economic Area (“EEA”) or United Kingdom (“UK”).



WHAT INFORMATION WE COLLECT

Information You Provide to Us

Information Category Description/Examples
Personal or business contact information Such as: name, billing and mailing address, telephone number, professional title and company name, and email address.
Transaction and payment information Such as: banking or credit card details, transaction details (e.g., billing and delivery address, order number), and other information needed to complete transactions on our services.
User-generated content Such as: comments, questions, messages, images, videos, and other content or information that you generate, transmit, or otherwise make available on our websites or other services or that you otherwise submit to us (online or offline), as well as associated metadata.
Communications information Such as: information provided by you when you interact with our Customer Service team (including call recordings), contact us directly by email or mail, and communications with chat features such as our chatbots.
Demographic information Such as: your city, state, country of residence, postal code, and age.
Government-issued identification number information Such as: your national identification number (e.g., Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver's license or state ID number), and an image of the relevant identification card.
Marketing information Such as: your preferences for receiving our marketing communications and details about your engagement with them.
Account information Such as: the username and password that you may set to establish an online account on our services, along with any other information that you add to your account profile.
Promotion information Such as: information you share when you enter a competition, promotion, or complete a survey. Please note that if you participate in a sweepstakes, contest or giveaway, we may ask you for your contact data to notify you if you win or not, to verify your identity, determine your eligibility, and/or to send you prizes, and/or for any other purpose set forth in the contest rules and other relevant information for each sweepstakes and contest. In some situations, we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary. We recommend that you read the rules and other relevant information for each sweepstakes and contest that you enter.
Other information Information not specifically listed here, which we will use as described in this Privacy Notice or as otherwise disclosed at the time of collection.

 

Information Collected Automatically

Information Category Description/Examples
App, browser, and device information Such as: information about the device, operating system, browser, IP address and other device characteristics (e.g., plug-ins and the network you are connected to).
Usage and activity information Such as: information about what you view or click while visiting our sites and apps and how you use our services, and information about how our services are performing when you use them (such as diagnostic and troubleshooting information, crash data, website performance logs, error messages or reports).
Session replay information Such as: information about your interaction with our sites and with our webforms (such as IP address, time of session, and other session details), including the use of TrustedForm session replay technology. For more information on TrustedForm session replay technology, please navigate to https://activeprospect.com/trustedform-privacy-notice/.
Communication interaction information Such as: your interactions with our email or other communications, which we may collect through use of pixel tags (also known as clear GIFs) that may be embedded invisibly in our emails.
Cookies and similar technologies See our Cookie Policy here for more information. In particular, note that we may employ cookies and software code to operate chat and other artificial intelligence ("AI") technologies, and other features that you can use to communicate with us or input data relevant to your experience. These technologies may access and use information about webpages you visit on our website, your IP address, and other personal information you share through online chats or within inputs to facilitate our services to you.

 

Information we obtain from Affiliates and third parties

Information Category Description/Examples
Kohler group of companies ("Affiliates") We may obtain information about you such as personal contact information, financial information, and usage information from our Affiliates as a normal part of conducting business.
Information from our marketing and advertising partners and event co-sponsors We may receive your name and contact information, what marketing content you viewed, or interactions on our sites.
Information from analytics providers We may receive information about your interactions on our sites.
Information from public sources We may obtain information about you from social media platforms, government agencies, public records, and other publicly available sources.
Information from other entities to which we provide products and services We may obtain information about you from entities to which we provide products and services, such as retailers, distributors, and franchisees.
Information from referral sources We may obtain information about you from entities that provide referrals.
Information from business transaction partners We may obtain information about you from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.

 


Handling Of Information We Collect

How Kohler Uses Your Personal Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Delivery, personalization, and improvement of our products and services. We may use your personal information:

  • To provide you with products and services;
  • To create and maintain your Kohler account;
  • To provide customer support;
  • To send product- or service-related communications;
  • To fulfill your event registration requests;
  • To send administrative information to you, such as information regarding guarantees and warranties and changes to our terms, conditions and policies;
  • To customize your experience with our services and products, including by saving device-based settings;
  • To conduct research and development, analysis, and otherwise improve our products and services or develop new products and services, including by analyzing trends or patterns in the usage of our products and services; and
  • For machine learning purposes, including in connection with the provision of our products and services, for customer service purposes, and in connection with our research and development efforts, provided that we will only use your personal information to train our AI models where you have opted in to such training.

Marketing and advertising. We, our service providers, and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes, including:

  • To send and measure the effectiveness of direct marketing communications about our products and services and other news about products which we have reason to believe will be of interest to you; and
  • To facilitate interest-based advertising, which may include information collected through cookies and other technologies described in the "Information Collected Automatically" section above.

Compliance and protection. We may use your personal information:

  • To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
  • To protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
  • To audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • To enforce the terms and conditions that govern our products and services; and
  • To prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you, and we will not attempt to reidentify any such data. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve our products and services, to promote our business, and to train our AI models and for other machine learning purposes.

Data sharing in the context of corporate events. We may share certain personal information in the context of actual or prospective corporate events. For more information, see the "Sharing Your Information" section below.

Further uses. In some cases, we may use your personal information for further uses, in which case we will ask for your consent to use your personal information for those further purposes if they are not compatible with the initial purpose for which information was collected.


 

Sharing Your Information

We work with our Affiliates, service providers, and other third parties to help provide our services, and therefore share personal information with these third parties. We may share personal information with:

  • Advertising partners
    • Third-party advertising companies for the interest-based advertising purposes described above.
  • Affiliates
    • As a normal part of conducting business and offering our services, personal information that we collect and process may be transferred between our Affiliates.
  • Authorities and others
    • Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate to comply with applicable laws, protect the rights/safety of ourselves or others, and other similar compliance/protection purposes.
  • Business transferees
    • In the context of actual or prospective business transactions to an acquirer, successor, or assignee of Kohler or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.
  • Other users and the public
    • Content you generate on message boards, chat, profile pages, blogs and other services to which you can post information and content (including, without limitation, our social media), or messages you send through our systems may be made visible to other users and the public.
  • Partners
    • Third parties with whom we partner, including parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
  • Professional advisors
    • Professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Third-party service providers
    • These can include providers of services such as website hosting, services-related consulting and monitoring, chatbot technology providers and other providers of AI technologies, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, payment processing, and other services.
  • Third parties designated by you
    • Third parties where you have instructed us or provided your consent to share your personal information.


 

Retention of Your Information

We retain your information as required to fulfil the purposes for which we collected it, including to provide our products and services, comply with legal obligations, or protect our or others’ interests. While retention periods may vary by country, we maintain internal retention policies based on the considerations below:

  • The length of time we have an ongoing relationship with you and provide our products or services to you (for example, for as long as you have an account with us or keep using our products and services);
  • The length of time we have an ongoing relationship with you as our client and provide you with products and services;
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions or communications for a certain period before we can delete them); or
  • Whether retention is advisable considering our legal position (such as applicable statutes of limitations, litigation or regulatory investigations).

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.


 


Data Security & Controls

DATA SECURITY AND INTEGRITY

We have implemented organizational, technical, and physical security measures designed to protect your personal information. Please be aware that despite our efforts, no data security measures can guarantee absolute security. You can help keep your data safe through reasonable steps to protect your information against unauthorized disclosure or misuse.


 

YOUR CONTROLS AND CHOICES

In this section, we describe the rights and choices available to all users. Residents of certain US states and Europe can find additional information about their rights by going to the Jurisdiction Specific Information tab where they can find their respective supplemental notice.

Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into your account or using the contact methods described in Account Actions Information below.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
If you receive text messages from us, you may opt out of receiving further text messages from us by replying “STOP” to our message.

Cookies and other technologies. For information about cookies and other automatic data collection technologies we use, as well as how to control them, see our Cookie Policy here.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Some Internet browsers and browser extensions support the Global Privacy Control (“GPC”). The GPC can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data “sales” as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Linked third-party platforms. If you choose to connect to our products or services through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Account Actions Information. You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion at https://privacy.kohler.com/, by calling us toll free at 1-800-923-1138, or via email to KohlerGlobalDataPrivacy@kohler.com.


 


ADDITIONAL INFORMATION

THIRD PARTY SERVICES

This Privacy Notice does not address, and we are not responsible for the privacy, information security, or other practices of any third parties.

This includes any third party operating any website, application, or other service to which our services may link. Please note that when you use third party services, their own terms and privacy policies will govern your use of their services and products.


 

CHILDREN'S PERSONAL INFORMATION

Our sites and services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect personal information from individuals under 16. If you are under the age of 16, please do not provide any personal information through our sites or services. If a user is suspected of being younger than 16 years of age, Kohler will take steps to delete the individual's information as soon as possible.


 

CHANGES TO OUR PRIVACY NOTICE

We may update this notice from time to time to reflect changes and will indicate changes by posting the new version of the Privacy Notice (and effective date) on this website or by other appropriate means. We encourage you to periodically review this website and our Privacy Notice to understand how Kohler protects your personal information. Once effective, the revised Privacy Notice will apply to you and your personal information. In all cases, your use of our services after the effective date of any modified Privacy Notice indicates your acknowledgement that the modified Privacy Notice applies to your interactions with our services and our business.


 

HOW TO CONTACT US

If you have questions, complaints, or concerns regarding this Privacy Notice, please contact us at KohlerGlobalDataPrivacy@kohler.com, call us toll free at 1-800-923-1138, or write to us at 444 Highland Drive MS 005, Kohler, WI 53044, Attn: Legal Department.



UNITED STATES: STATE PRIVACY RIGHTS NOTICE

Except as otherwise provided, this section supplements the information contained in our Privacy Notice and applies to residents of states that have privacy laws applicable to us that grant their residents some or all of the rights described below (collectively, the "State Privacy Laws"). In the event of any conflict or inconsistency between this section and the other sections of our Privacy Notice, this section will control for residents of states with State Privacy Laws.

This section describes how we collect, use, and share Personal Information of residents of these states in our capacity as a “controller” or “business” and describes the rights these residents may have with respect to their Personal Information. Please note that not all rights listed below may be afforded to all residents of a state with a State Privacy Law and that if you are not a resident of a state with a privacy law applicable to us, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it. Furthermore, in some cases, we may provide a different privacy notice to certain categories of residents of these states, such as job applicants, in which case that notice will apply instead of this section.

For purposes of this section, the term "Personal Information" has the meaning given to “personal data,” “personal information,” or other similar terms, and “Sensitive Personal Information” has the meaning given to “sensitive personal information,” “sensitive data,” or other similar terms, in each case, in the State Privacy Laws, except that in neither case does such term include information exempted from the scope of the State Privacy Laws. Similarly, for purposes of this section, the terms “sell,” share,” “targeted advertising,” and “profiling” have the meanings provided to these terms by State Privacy Laws, as applicable, and do not include activities exempted from the scope of those laws.

Your privacy rights

The State Privacy Laws may provide residents with some or all of the rights listed below. However, these rights are not absolute and some State Privacy Laws do not provide these rights to their residents. Therefore, we may decline your request in certain cases as permitted by law.

  • Information. You may have the right to request information concerning whether we are processing your Personal Information as well as the following information about how we have collected and used your Personal Information:
    • The categories or specific pieces of Personal Information that we have collected about you and inferences derived from such Personal Information.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling or sharing Personal Information.
    • The categories of third parties with which we share Personal Information.
    • The categories of Personal Information that we sold or disclosed for a business purpose.
    • A list or the categories of third parties to whom your Personal Information (or any Personal Information) was sold or disclosed for a business purpose.
  • Access. You may have the right to request a copy of the Personal Information that we have collected about you. If available in a digital format, you may have the right to request that a copy of your Personal Information is provided in a portable and, to the extent technically feasible, readily usable format.
  • Appeal. You may have the right to appeal our denial of any request validly submitted. If so, and we deny your request, we will inform you of the reason for denying your request and provide you with instructions on how you may be able to appeal the decision. If we deny your appeal, we will also inform you, if applicable, of any online mechanism that may be available to you to submit a complaint to the applicable attorney general or regulator.
  • Correction. You may have the right to ask us to correct inaccurate Personal Information that we have collected about you.
  • Deletion. You may have the right to ask us to delete the Personal Information that we have collected about you and/or from you.
  • Opt-out.
    • Opt-out of certain processing for targeted advertising purposes. We may process Personal Information for targeted advertising purposes. You may have the right to opt-out of certain processing of Personal Information for targeted advertising purposes.
    • Opt-out of profiling/automated decision-making. We do not use your Personal Information to engage in profiling in furtherance of decisions about you, or perform automated decision-making or use automated decision-making technology that results in legal or significant financial impacts, significant impacts on housing, education, employment, health care, or criminal justice, or similarly significant impacts.
    • Opt-out of other sales of Personal Information. You may have the right to opt-out of other sales of your Personal Information.
  • Consumers under 16. We do not have actual knowledge that we collect, sell or share the Personal Information of consumers under 16 years of age.
  • Sensitive Personal Information. We do not process Sensitive Personal Information for the purpose of inferring characteristics about consumers under the State Privacy Laws.
  • Nondiscrimination. You may be entitled to exercise some or all of the rights described above free from discrimination as prohibited by the State Privacy Laws.

Exercising your right to information/know, access, appeal, correction, and deletion

You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion at https://privacy.kohler.com/, calling us toll free at 1-800-923-1138, or via email to KohlerGlobalDataPrivacy@kohler.com.


Exercising your right to opt-out of targeted advertising and the “sale” or “sharing” of your Personal Information

While we do not sell Personal Information for money, we, like many companies, use services that help deliver interest-based ads to you as described above. The State Privacy Laws may classify our use of some of these services as “selling” or “sharing” your Personal Information with the advertising partners that provide the services. These third parties use this information for, among other purposes, serving ads that are more relevant and may sell that information to, or share that information with, other businesses for advertising and other purposes. Note that opting out will not affect your receipt of advertising based on activities within or across our own websites or apps or the processing of your Personal Information solely for measuring or reporting advertising performance, reach, or frequency.

You can submit requests to opt-out of tracking for targeted advertising purposes or other sales of Personal Information via email to KohlerGlobalDataPrivacy@kohler.com or via phone by calling 1-800-923-1138, or by broadcasting the global privacy control signal. You may also opt-out of tracking of this sort or other sales of Personal Information by navigating to and clicking on the “Do Not Sell or Share My Personal Information” link on any Kohler website and following the instructions provided.


Verification of Identity; Authorized agents

We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.


Personal information that we collect, use and disclose

We have summarized the Personal Information we collect, the purposes for which we collect it and the third parties with or to whom we may disclose, sell or share it by reference below to both the categories defined in the "What information we collect" section of this Privacy Notice above and the categories of Personal Information specified in the California Consumer Privacy Act (Cal. Civ. Code §1798.140). This chart describes our practices currently and during the 12 months preceding the effective date of this Privacy Notice. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal Information (including Sensitive Personal Information) not described below.

Personal Information (“PI”) we collect CCPA statutory category Purposes Categories of third parties to whom we “disclose” PI for a business purpose Categories of third parties to whom we “sell” or “share” PI
Personal or business contact information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California customer records
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Social media platforms and other information/referral sources
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Demographic information
  • Identifiers (online)
  • Identifiers (other)
  • California customer records
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Social media platforms and other information/referral sources
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Account Information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California customer records
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Communications information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California consumer records
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Transactional and payment information
  • Commercial information
  • California consumer records
  • Financial information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Marketing information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California customer records
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Advertising partners (to facilitate online advertising)
  • Partners
User-generated content
  • Sensory Information
  • California consumer records
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • None
Promotion information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California customer records
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Advertising partners (to facilitate online advertising)
  • Partners
App, browser, and device information
  • Identifiers (other)
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Usage and activity information
  • Identifiers (other)
  • Commercial information
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Communication interaction information
  • Identifiers (online)
  • Identifiers (other)
  • Commercial information
  • California consumer records
  • Internet or Network Information
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Partners
  • Entities to which we provide products and services
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Advertising partners (to facilitate online advertising)
  • Partners
Information derived from the above
  • Inferences
  • Delivery, personalization, and improvement of our products and services
  • Marketing and advertising
  • Compliance and protection
  • To create aggregated, de-identified and/or anonymized data
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Third-party service providers
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing partners
  • Advertising partners (to facilitate online advertising)
  • Partners

SENSITIVE PERSONAL INFORMATION
Sensitive Personal Information (“SPI”) we collect CCPA statutory category Purposes Categories of third parties to whom we “disclose” SPI for a business purpose* Categories of third parties to whom we “sell” or “share” SPI
Government-issued identification number data
  • Identifiers
  • California customer records
  • Delivery, personalization, and improvement of our products and services
  • Compliance and protection
  • Data sharing in the context of corporate events
  • Further uses
  • Affiliates
  • Service providers
  • Payment processors
  • Professional advisors
  • None
Other Sensitive Personal Information
We do not intentionally collect this information, but it may be revealed in identity data or other information we collect
  • Protected classification characteristics
  • Delivery, personalization, and improvement of our products and services
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create aggregated, de-identified and or anonymized data
  • Further uses
  • N/A
  • None

*Your Personal Information may also be disclosed to third parties at your request or with your consent, to third parties in connection with a business transaction, and/or to law enforcement, regulators and other third parties for legal reasons.

**Each of the categories of Personal Information that is sold or shared with third parties is sold or shared for purposes of marketing, advertising, analytics and service personalization.


Shine the Light Law

Under California’s Shine the Light law (Cal. Civ. Code §1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to KohlerGlobalDataPrivacy@kohler.com. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.


Notice of Financial Incentive

We may provide financial incentives to consumers who allow us to collect and retain Personal Information, such as Identifiers (e.g., name and email address) and Commercial Information (e.g., purchase history). These incentives may result in differences in our prices or services offered to consumers, and may include payments to consumers and/or a lower price for goods and services (e.g., discounts and other promotions). For example, the financial incentives we may provide include:

  • Loyalty programs, where you earn rewards credits based upon spend levels
  • Discounts or free products for frequent visitors
  • Periodic promotional discounts and other offers

The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer.

Please note that participating in any financial incentive program is entirely optional and participants may withdraw from the program at any time. To opt-out of the program and forgo any ongoing incentives, please follow the instructions in the program’s terms and conditions, or contact us using the contact details set forth in the “How to Contact Us” section, above.

Each financial incentive or price or service difference related to the collection and use of Personal Information is based upon our reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty and repeat purchases. We calculate the value of the offer and financial incentive by using the expense related to the offer.


Contact Us

If you have questions or concerns about this privacy notice or our information practices, please contact us using the contact details set forth in the “How to Contact Us” section, in the full notice tab.


 

SUPPLEMENTAL NOTICE FOR EEA AND UK

Where this notice applies

Where this notice applies. The information provided in this Notice for EEA and UK (“EEA-UK Privacy Notice”) supplements the Privacy Notice and applies only to individuals located in the EEA or the UK. For the purposes of this EEA-UK Privacy Notice, “EEA-UK Data Protection Legislation” means all applicable legislation and regulations relating to the processing and/or protection of data or information that is capable, whether directly or indirectly, of identifying a natural person, in each case as in force from time to time in the European Union, the EEA or the UK, including: (i) the General Data Protection Regulation 2016/679 (“EU GDPR”); the EU GDPR as it forms part of the laws of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (“UK GDPR”) (EU GDPR and UK GDPR together, “GDPR”); (iii) any other legislation which implements any other current or future legal act of the EEA or the UK concerning the protection and processing of personal data and any national implementing or successor legislation; and (iv) any amendment or re-enactment of any of the foregoing. The terms “controller,” “processor,” “data subject,” “personal data” and “processing” in this EEA-UK Privacy Notice shall be interpreted in accordance with the applicable EEA-UK Data Protection Legislation.

Personal information. References to “personal information” in this EEA-UK Privacy Notice should be understood to include a reference to “personal data” as defined in EEA-UK Data Protection Legislation. That is, information about individuals from which they can be directly or indirectly identified.

Controller. The specific company identified on this page as being the operator of this website is the data controller in the meaning of the EEA-UK Data Protection Legislation for the processing activities described in this EEA-UK Privacy Notice.

In the course of our business relationship with you, we may share business partner contact information with affiliated Kohler companies. We and these companies are jointly responsible for the proper protection of your personal data (Art. 26 of the GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Kohler companies granting you the right to centrally exercise your data subject rights under the Account Actions Information section of this Privacy Notice.

Our legal bases for processing

In respect of each of the purposes for which we use your personal information, the EEA-UK Data Protection Legislation requires us to ensure that we have a “legal basis” for that use.

Our legal bases for processing your personal information described in this EEA-UK Privacy Notice are listed below.

  • Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your personal information for is set out in the table below.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).

We have set out below the legal bases we rely on in respect of the relevant purposes for which we use your personal information - for more information on these purposes and the data types involved, see ‘HOW KOHLER USES YOUR PERSONAL INFORMATION’.

Purpose Categories of personal information involved Legal basis
Delivery, personalization and improvement of our products and services
  • Personal or business contact information
  • Demographic information
  • Government-issued identification number data
  • Communications information
  • Information from analytics providers
  • App, browser and device information
  • Usage and activity information
  • Communication interaction information
  • Cookies and similar technologies
  • Contractual Necessity to deliver the products or services which we have agreed to provide you with
  • Legitimate Interests. We have a legitimate interest in providing you with a good service, and in ensuring that our products and services are tailored to your needs and interests
  • Consent, in respect of any optional cookies used for this purpose
Marketing and advertising
  • Personal or business contact information
  • Demographic information
  • Communications information
  • Marketing information
  • Cookies and similar technologies
  • Communication interaction information
  • Legitimate Interests. We have a legitimate interest in promoting our operations and goals as an organisation and sending marketing communications for that purpose
  • Consent, in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given marketing communications
Compliance and protection
  • Personal or business contact information
  • Demographic information
  • Government-issued identification number data
  • Compliance with Law
  • Legitimate Interests. Where Compliance with Law is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We may also have a legitimate interest in ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety.
Data sharing in the context of corporate events
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in sharing personal information in the context of certain corporate events to ensure the continuity of our products and services and the ongoing operation of our business.
To create aggregated, de-identified and/or anonymized data
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in taking steps to ensure that how we use Personal Data is as un-privacy intrusive as possible. We believe it is also in your interests that we take these privacy protective steps.
Further uses
  • Any and all data types relevant in the circumstances
  • The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the personal information was collected.
  • Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.

ADDITIONAL INFORMATION

No Automated Decision-Making and Profiling. As part of our services, we do not engage in automated decision-making and/or profiling that produces legal or similarly significant effects.

Your rights

General. The EEA-UK Data Protection Legislation gives you certain rights regarding your personal information. If you are located in EEA or the UK, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information where there is no good reason for us continuing to process it - you also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
  • Object. Object to our processing of your personal information where we are relying on Legitimate Interests - you also have the right to object where we are processing your personal information for direct marketing purposes.
  • Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time.

Exercising These Rights. You may submit these requests by email to KohlerGlobalDataPrivacy@kohler.com. You may also submit requests to exercise your right to information/know, access, appeal, correction, or deletion at https://privacy.kohler.com/. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information). If we reject any request you may make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to Lodge a Complaint with your Supervisory Authority. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.


DATA PROCESSING OUTSIDE EEA OR THE UK

We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use our service, your personal information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside the EEA or the UK. Where we share your personal information with third parties who are based outside the EEA or the UK, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your personal information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal information by the European Commission or UK Government (as and where applicable) (from time to time), or under specific adequacy frameworks approved by the European Commission or UK Government (as and where applicable) (from time to time), such as the EU-U.S. Data Privacy Framework or the UK Extension thereto.
  • Transfers to territories without an adequacy decision.
    • We may transfer your personal information to countries or territories whose laws have not been deemed to provide such an adequate level of protection.
    • However, in these cases:
      • we may use specific transfer mechanisms, which are mandated by the EEA-UK Data Protection Legislation to legitimise transfers of personal information subject to the GDPR from the EEA and/ or the UK to third countries and designed to give personal information effectively the same protection it has in the EEA and/ or the UK - for example, the EU’s standard contractual clauses (“EU SCCs”), the UK Addendum to the EU SCCs, or the UK’s International Data Transfer Agreement, and any other replacements published by the European Commission or the UK’s Information Commissioner’s Office and/ or UK Secretary of state from time to time; or
      • in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your personal information to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ - for example, reliance on your explicit consent to that transfer.

You may contact us through any of the mechanisms listed in the “How to Contact Us” section of the main notice if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or the UK.


 

SUPPLEMENTAL NOTICE FOR BRAZIL

Where Brazil’s Privacy Notice applies

The information provided below applies only to individuals in Brazil.

Personal information. References to “personal information” in this Privacy Notice should be understood to include a reference to “personal data” as defined by Law no. 13,709/2018 (General Data Protection Law – "LGPD"). That is, information about individuals from which they are directly identified or can be identified.

Controller. The company identified as being the operator of this website is the data controller according to LGPD for the processing activities described in this Privacy Notice.

Data Protection Officer (“DPO”). Person named by the Controller and Processor to act as a channel of communication between the Controller, the subjects of such data and the National Data Protection Authority ("ANPD")

In the course of our business relationship with you, we may share your contact information with affiliated Kohler companies. We will be jointly responsible for the proper protection of your personal data. To allow you to effectively exercise your data subject rights in the context of this joint controllership, we will enter into an agreement with the affiliated Kohler companies granting you the right to centrally exercise your data subject rights under "Your Rights" found in the section below.


Collection of your Personal Information

We obtain your personal data through our website or through other forms of contact and interaction with the public. Your data may be obtained when you provide it to us, for example, when registering on our websites. We may also obtain your personal data through indirect means, such as through the collection of cookies and other features on our website.


Use of Personal Information and Legal Bases for Processing

In respect of each of the purposes for which we use your personal information, the LGPD requires us to ensure that we have a "legal basis" for that use.

Our legal bases for processing your personal information described in this Privacy Notice are listed below.

  • When we need to celebrate a contract with you ("Execution of a Contract").
  • When it is necessary for our legitimate interests and on behalf of your interests and fundamental rights ("Legitimate Interests").
  • When we need to comply with a legal or regulatory obligation ("Compliance with Law").
  • When we have your specific consent to process your personal data ("Consent").

We have outlined below the legal grounds we rely on for the specific purposes for which we use your personal information – for more information, please access How Kohler Uses Your Personal Information.

Purpose Categories of personal information involved Legal basis
Delivery, personalization and improvement of our products and services
  • Personal or business contact information
  • Demographic information
  • Information from analytics providers
  • App, browser and device information
  • Usage and activity information
  • Communication interaction information
  • Cookies and similar technologies
  • Execution of a Contract to provide the products or services we have agreed to deliver to you.
  • Legitimate Interests. We have a legitimate interest in delivering excellent service and ensuring our products and services are customized to meet your specific needs and preferences.
  • Consent, regarding any optional cookies used for this purpose.
Marketing and advertising
  • Personal or business contact information
  • Demographic information
  • Marketing information
  • Cookies and similar technologies
  • Communication interaction information
  • Legitimate Interests. We have a legitimate interest in advancing our organization's objectives and promoting our operations, which includes sending marketing communications for this purpose.
  • Consent. In cases or jurisdictions where applicable data protection laws require consent, we will seek your consent before sending any marketing communications.
Compliance and protection
  • Personal or business contact information
  • Demographic information
  • Compliance with the Law.
  • Legitimate Interests. When Compliance with Law is not applicable, we have a legitimate interest in participating in, supporting, and adhering to legal processes and requests, including cooperation with authorities. Additionally, we have a legitimate interest in protecting, maintaining, and enforcing our rights, property, and safety.
Data sharing in the context of corporate events
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in sharing personal information during certain corporate events to ensure the continuity of our products, services, and the ongoing operation of our business.
To create aggregated, de-identified and/or anonymized data
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in minimizing privacy intrusion when using personal data, and we believe it is also in your interest that we take these privacy-protective steps.
Further uses
  • Any and all data types relevant in the circumstances
  • The original legal basis will be relied upon if any further use of personal information is compatible with the initial purpose for which it was collected. Consent will be required if any further use of personal information is incompatible with the original purpose for which it was collected.

Kohler will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


Sharing Personal Information

Kohler may disclose your personal information to a third party, when necessary. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We may disclose your personal information to the following categories of third parties:

  • Service providers;
  • Our affiliates;
  • Third parties to whom you authorize us to disclose your personal information in connection with products or services we provide you; and
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.


International Transfers of Personal Information

We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use our service, your personal information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside Brazil. When we share your personal information with third parties who are based outside Brazil, we try to ensure compliance with the principles, rights of the data subject and the data protection regime provided by the LGPD, making sure one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your personal information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal information by the ANPD.
  • Transfers to territories without an adequacy decision.
    • We may transfer your personal information to countries or territories whose laws have not been deemed to provide such an adequate level of protection.
    • However, in these cases:
      • we may use specific appropriate safeguards, which are designed to give personal information effectively the same protection it has in Brazil – for example, standard contractual clauses, specific contractual clauses for a given transfer or binding corporate rules;
      • in limited circumstances, we may rely on an exception, or 'derogation', which permits us to transfer your personal information to such country despite the absence of an 'adequacy decision' or 'appropriate safeguards' – for example, reliance on your explicit consent to that transfer.

You may contact us at KohlerGlobalDataPrivacy@kohler.com if you want further information on the specific mechanism used by us when transferring your personal information out of Brazil.

Brazil's Privacy Notice supplements the information contained in Kohler's global privacy notice published at https://www.kohlercompany.com/privacy/. This Notice applies to data processing activities in Brazil and/or that involve individuals located in Brazil. We have adopted this Notice in compliance with the LGPD, and any terms defined under the LGPD will carry the same meaning when used in this Notice.


Storage and Deletion of Personal Information

We securely store your personal data in compliance with applicable security standards and in a way that ensures your ability to exercise the rights granted under privacy and data protection laws. Some of the technical and administrative measures we use to protect your information are (encryption data both at rest and in transit, multi-factor authentication (MFA), Firewalls).

Kohler will only store your personal data for as long as necessary to fulfill the purpose for which it was collected, including compliance with applicable laws, regulations and court orders. Upon termination of processing activities, Kohler will securely delete the data if there is no legal basis to justify its storage.


Your Rights

The LGPD gives you certain rights regarding your personal information. The LGPD gives you certain rights regarding your personal information. We highlight that in cases provided for in art. 3º of the LGPD, this law will be fully applicable and its provisions will prevail, especially for Brazilian citizens, in the event of any conflicts between different laws. Therefore, you may ask us to comply with your requests, including:

  • Confirmation of the existence of processing;
  • Access;
  • Rectification;
  • Anonymization, redaction or elimination of unnecessary or excessive personal data, or of data that is not being processed in compliance with LGPD;
  • Portability;
  • Deletion of personal data being processed based upon consent;
  • Disclosure of subprocessors and other third parties with whom personal data is shared;
  • Information about consent choices and the consequences of refusing consent; and
  • Revocation of consent.


Exercising These Rights

You may submit these requests by email to KohlerGlobalDataPrivacy@kohler.com. You may also submit requests to exercise your right to information/know, access, appeal, correction, or deletion at https://privacy.kohler.com/policies/en/. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to File a Complaint with ANPD. In addition to your rights outlined above, if you are not satisfied with our response, or how we process your personal information, you can make a complaint to ANPD through the link https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao-titular-de-dados/denuncia-peticao-de-titular.


Data Protection Officer ("DPO")

Please find below the contact information of our DPO. If you have any questions or complaints about the processing of personal data carried out by KOHLER, please contact our DPO directly:


 

SUPPLEMENTAL NOTICE FOR CANADA

Canada's Personal Information and Electronic Document Act (PIPEDA) defines the use and disclosure of personal information. It provides Canadian residents more control over how their personal information is used when engaging in commercial activities. Residents are provided with the right to access their personal information and the right to challenge its accuracy.

All personal information is collected and processed in accordance with our privacy notice. You may submit these requests by email to KohlerGlobalDataPrivacy@kohler.com. You may also submit requests to exercise your right to information/know, access, appeal, correction, or deletion at https://privacy.kohler.com/.

As a Canadian resident, you have the following rights regarding your personal information:


Rights to Access

You have the right to request and access any personal information we have of you.


Right to Correct

You have the right to correct any inaccurate or outdated personal information we hold about you or delete any inaccurate information.


Withdraw Consent

You have the right to withdraw consent on any activities which you have not consented on such as direct marketing or cookies or delete any user generated content you have posted on our website.


 

SUPPLEMENTAL NOTICE FOR CHINA

Application of this Supplemental Notice for China
This Supplemental Notice for China will apply to the extent that you provide personal information to any Kohler entity or any Kohler affiliate, and to the extent that any data protection law in China applies from time to time. It does not replace the Privacy Notice. To the extent that this addendum is inconsistent with the Privacy Notice, this addendum shall prevail. To the extent that this addendum or the Privacy Notice are inconsistent with applicable laws and regulations, they shall be deemed amended to the extent required to comply with such applicable laws and regulations.


Definitions of Personal Information and Sensitive Personal Information

Personal Information is various information that is recorded electronically or by other means and is related to an identified or identifiable natural person, excluding anonymized information. Sensitive Personal Information is Personal Information which, once leaked or illegally used, would easily hurt a natural person’s human dignity or cause harm to personal or property safety, including information regarding such as biometrics, religious beliefs, specially designated identities, medical health, financial accounts, and location tracking, as well as the Personal Information of minors under the age of 14. We will only process your Sensitive Personal Information for the purposes mentioned in the Privacy Notice and to the extent necessary. Our processing of your Sensitive Personal Information will not have an impact on your legitimate rights and interests permitted by applicable laws and regulations.


Your Rights Relating to Personal Information

The following are your individual rights and to practice any of these rights, please contact us at KohlerGlobalDataPrivacy@kohler.com.
To the extent permitted by applicable laws and regulations:

  • You have the right to know what personal information is handled
  • You have the right to know how your personal information is handled
  • You have right to access your personal information
  • You have a right to ask for your personal information to be corrected or supplemented
  • You have a right to ask to limit or reject processing of your personal information or to delete your personal information
  • You have a right to opt-out of automated decision making for push notifications or automated decision making for any marketing purposes; for automated decisions made on matters that have an important impact on personal rights and interests, you have a right to know how they are made and you have a right to reject purely automated decisions on such matters.
  • You have the right to withdraw consent to personal information processing
  • You have the right to ask that we transfer personal information that you have provided to us to a third party of your choice if all the following conditions can be met: (1) your identity can be verified as authentic; (2) the personal information requested for transfer is the information that you consented to provide or that was collected based on a contract; (3) the transfer of personal information is technically feasible; and (4) the transfer of personal information does not harm the legitimate rights and interests of others.
  • You have the right to cancel your account and after this, we will stop providing products and services and delete your personal information unless otherwise stipulated by law.

We will respond to your request of exercising your data subject rights in accordance with the applicable laws and regulations. Having said that, to the extent as permitted by laws and regulations, we may not be able to respond to your request of exercising your data subject rights in the following circumstances:

  • If your request is contrary to our obligations under laws and regulations;
  • If the requested data is directly related to national security or national defense security;
  • If the requested data is directly related to public safety, public health, or significant public interest;
  • If the requested data is directly related to criminal investigations, prosecutions, trials and enforcement of judgments, etc.;
  • If we have sufficient evidence of your subjective malice or abuse of rights;
  • If it is in the interest of safeguarding your or other individuals’ significant legitimate rights and interests, such as life and property, but it is difficult to obtain your authorization or consent;
  • If responding to your request to exercise your rights would result in serious harm to your or other individuals’ or organizations’ legitimate interests;
  • If the requested data involves trade secrets.

Revocation of Consent and Exercising Your Rights

You have the right to withdraw your consent to process Personal Information at any time if your consent is the lawful basis for our processing. To exercise this right please send an email to KohlerGlobalDataPrivacy@kohler.com and practice the right to opt-out. You may also submit requests to exercise your right to information/know, access, appeal, correction, data portability, deletion or account cancellation by sending an email to KohlerGlobalDataPrivacy@kohler.com or at https://privacy.kohler.com/.


Separate Consent

We will ask for separate consent under the following circumstances when applicable unless we have a Non-Consent Lawful Basis:

  • Your Sensitive Personal Information is handled;
  • Your Personal Information is transferred outside of China;
  • Your Personal Information is provided to another personal information handler;
  • Your Personal Information is publicly disclosed;
  • Use your Personal Information that has been collected for the purpose of maintaining public security for any other purposes.

A Non-Consent Lawful Basis means one of the following circumstances: (i) our processing of your Personal Information is necessary for entering into or performing a contract to you, or for human resource management according to lawfully developed labor policies and lawfully signed collective contracts; (ii) our processing of Personal Information is necessary for carrying out our legal responsibilities or legal obligations; (iii) our processing of Personal Information is necessary in response to a public health emergency or for protecting a natural person’s life, health and property safety in an emergency; (iv) we process Personal Information to a reasonable extent in carrying out activities for public interests; (v) we process your Personal Information that has been published by you or otherwise has been published legitimately to a reasonable extent and in compliance with applicable laws and regulations; or (vi) other circumstances as provided by applicable laws or regulations.


Transfer of Personal Information Overseas when applicable

  • We are not allowed to transfer your personal information outside of China unless we have a lawful basis to do so, and unless we have a Non-Consent Lawful Basis for transferring your Personal Information overseas, we will request your explicit consent for the transfer to take place. If we transfer your personal information outside of China, we will complete the relevant transfer compliance mechanism as required by applicable laws and regulations.
  • We keep records of the transfers we make.