Privacy Policy

SODASTREAM - PRIVACY STATEMENT

Notice last updated: [31/12/2019]

1. Our Commitment To Privacy

Your privacy is very important to us at SodaStream and its affiliates, hereinafter also "we" and/or "us" and/or "SodaStream". To better protect your privacy we provide this privacy policy ("Privacy Notice") explaining our information practices and the choices you can make about the way your information is collected, used and shared. To make this Privacy Policy easy to find, we make it available on our homepage and at every point where personal data may be requested.

We strongly urge you read this Privacy Policy and make sure you fully understand our practices in relation to personal data, before you access or use any of our services. If you read and fully understand this Privacy Policy, but remain opposed to our practices, you must immediately leave our website, and avoid or discontinue all use of any of our services. Where you have read this Privacy Policy but would like further clarification, please contact us at privacy@sodastream.com.

2. Important Information

2.1 The purpose of this Privacy Policy is to provide you with clear explanation of what personal data we collect, when, why and how we collect, use and share your personal data and it explains your statutory rights. This Privacy Policy is not intended to override the terms of any contract you have with us, nor any rights you might have under applicable data privacy laws.

2.2 Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information on our website or offline from those we actually know are under 13, and no part of our website is structured to attract anyone under 13. Parents and guardians should supervise their children's activities at all times. If we learn we have collected or received personal data from a person under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a person under 13, please contact us at privacy@sodastream.com.

2.3 Note that our website contains links to third party websites which we are not responsible for. Please review the privacy policies of such third party websites should you visit these websites. This Privacy Policy does not address the privacy or information practices of any third parties.

2.4 Our website uses cookies and other tracking technology to automatically collect certain data concerning its interactions with visitors. Some of this information may include personal data. We explain more about the information we collect using cookies and tracking technology in paragraph ‎10.

3. What Information Do We Collect and How Do We Collect It

3.1 GENERALLY

We collect the following information from visitors to our website. This is also the information we have collected about visitors to our website in the past 12 months. The source of all personal information we collect is the website visitors themselves.

Categories of Personal Information Specific Types of Personal Information Collected
Identifiers Name, email address, telephone number, street address information; information to set up and access your SodaStream account.
Electronic Information that identifies, relates to, describes, or is capable of being associated with, a particular individual Information you post in public spaces on our site or provide us by using our social media accounts or by allowing us to access your social media accounts (such as name, opinions, blogs).
Commercial information Information about your purchases, the consumption habits of yourself and members of your household
Internet or other electronic network activity information Your browser type, operating system, IP address, domain name, number of times you visited the website, dates you visited the website, date and time of an online request, the time required to download information you requested, error codes generated while your browser is in contact with our website and the amount of time you spent viewing the website.
Professional or employment-related information Curriculum Vitae (CV) information (if you apply for a job at SodaStream); position at your company (if you contact us on behalf of a company).

3.2 Personal data is collected when you voluntarily submit it through a website form, if you register with or use one of our website or online services. Our website automatically collects certain data concerning its interaction with visitors that facilitate operation, management and planning. Some information that may constitute personal data (such as your browser type, operating system, IP address, domain name, number of times you visited the website, dates you visited the website, date and time of an online request, the time required to download information you requested, error codes generated while your browser is in contact with our website and the amount of time you spent viewing the website) may be collected via cookies and other tracking technologies.

Aggregate Information (such as how many times visitors log onto our website) or other unidentifiable information may also be collected. Aggregated and unidentified data are not subject to this Privacy Policy. We explain more about our use of cookies and tracking technologies in paragraph 10.

3.3 If you register or contact us as an individual, we will collect your name, email address, telephone number, address information (together, "identification data"); information about your household ("household composition data"), the consumption habits of you and members of your household ("consumption data"), information about the device you use to access our website or online services ("device data"), payment and credit card information ("payment data"), information to set up and access your SodaStream account ("login data").

3.4 If you register or contact us on behalf of a company, we will collect company identification data, identification data from the company representative, company composition and consumption data, device data, payment data and login data. 

3.5 If you contact us by other offline methods in order to buy our products or services or by using one or more of the contact means provided offline, we will collect identification and payment data as relevant for the sale and delivery of the goods and services or to respond to your query or complaint and, as far as necessary, for the handling and fulfilment of the order and ongoing provision of our services. 

3.6 If you engage with us through social media e.g. Water Blog, Recipe Site, Instagram, Facebook, Pinterest, Twitter, we collect login information and any personal data you voluntarily provide, such as opinions in blog or recipe entries, or messages you post on our social media pages. If you upload content, including your personal data, to a social network and then tag our website, your submission will be subject to that social network's terms of use and privacy Policy, even where you post on an official SodaStream page on the social network. We do not have control over these terms of use and privacy policies, and have not reviewed their adequacy. You should therefore review these before submitting any personal data. 

3.7 If you apply to one of our open positions published in our careers sites, by sending us contact details and CV ("applicants personal data") via the relevant application on our website, or through any other means provided by us (e.g. social media),we will collect such applicants personal data in order to process your application. 

3.8 Third parties may also share information about you with us. For example, our business partners may give us information about you. We may receive information from commercial sources such as companies who compile information about shoppers and their preferences. 

3.9 We combine information from different sources. For example, we may combine information we have collected offline with information we collect online. We combine information we have collected across third-party sites, including social media sites. We combine information across devices such as computers and mobile devices. We may also combine information from third parties with information we already have. We may use this information to generate inferences about you and for the other purposes described in this Privacy Policy.

4. How Do We Use Your Personal Data

4.1 GENERALLY 

The following are the business or commercial purposes for which we use each category of personal information. Details about the information we collect for each category are provided above. More details about the business or commercial purposes are provided below.  

Categories of Personal Information Business or commercial purposes pursuant to the CCPA Specific purposes (further details appear below this chart)
Identifiers Providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments Auditing relating to a current transaction with the customer

GENERALLY

To provide our products and services To verify your identity To communicate with you To improve our products and services and prevent fraud

Information that identifies, relates to, describes, or is capable of being associated with, a particular individual

Providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments

Auditing relating to a current transaction with the customer

GENERALLY

To provide our products and services To verify your identity To communicate with you To improve our products and services and prevent fraud

Commercial information

Providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments

Auditing relating to a current transaction with the customer

GENERALLY

To provide our products and services To verify your identity To communicate with you To improve our products and services and prevent fraud

Internet or other electronic network activity information

Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, prosecuting those responsible for that activity

Undertaking internal research for technological development and demonstration

Undertaking activities to verify or maintain the quality of the service and to improve, upgrade or enhance the service Debugging to identify and repair errors

GENERALLY

To provide our products and services To verify your identity To communicate with you To improve our products and services and prevent fraud

Professional or employment-related information To process job applications

4.2 To provide our products and services

We collect personal data in order to offer our products and/or services and their functions. We may use the information collected in order to validate your order or subscription, to process your payment (for instance of a monthly fee in the case of a subscription) and to provide the products and services that you requested, ordered or to which you subscribed. We will also use your personal data as far as necessary for the handling and fulfilment of your order as well as to provide customer support. 

We also use this information for marketing and customer management purposes, to maintain our relationship with you, with a view to providing stellar customer experience. 

4.3 To verify your identity 

We may use the information collected from you to verify your identity. We may also use this information to establish and set up your account, verify or re-issue a password, log your activity and contact you from time to time; 

4.4 For internal business purposes such as: 

4.4.1 to improve our products in order to make them fit for our customers' needs and to draw insights in relation to possible improvements; 

4.4.2 to improve our services to you and customize your browsing experience. Some of the information (particularly the information collected by cookies and other tracking technology) helps us improve our website; better understand the visitors who come to our Services and what content is of interest to them; and 

4.4.3 to track any fraudulent activities and other inappropriate activities and monitor content integrity on our website. 

4.5 To process job applications 

We collect applicants’ personal data solely for SodaStream's internal recruitment purposes including for: identifying applicants, evaluating their applications, making hiring and employment decisions, and contacting applicants by phone or in writing. 

4.6 To communicate with you 

We use your personal data to respond to your queries and/or complaints about our products or services, and to provide you important information about your account and your products e.g. 

5. Direct Marketing: 

We may use your personal data, including information related to your order, such as your address for direct marketing purposes. We may for example send you emails to inform you of news and updates about our products and services. This may be in the form of email, post, SMS, telephone or targeted online advertisements. Where required by law, we will obtain your consent prior to sending you such marketing information. 

5.1 To protect your privacy and ensure you have control over the use of your personal data, we will always give you the opportunity to "opt out" of direct marketing when you contact us in relation to a product or service or you receive any email, text or other direct marketing communication. If you opt out of getting marketing email messages, you may continue to receive non-marketing email messages from us where permitted by law. 

5.2 You have a right to prevent direct marketing of any form at any time - this can be exercised by following the opt-out link attached to each communication, by changing privacy settings within your SodaStream account or by sending an email to privacy@sodastream.com. If you want to review or update the information you have provided us, you can click "my profile" at our website's home page and edit the information. If you have not been asked already to provide your email address and a password, we will ask you to do it before changes are made, so as to prevent others from accessing and altering your personal data. 

5.3 Based on the information we have about you, we take steps to limit direct marketing to a reasonable and proportionate level, and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. 

6. Legal Basis for Processing Personal Data: 

6.1 We will only collect, use or share your personal data for the purposes set out in this Privacy Policy where we are satisfied that:t: 

6.1.1 our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you. For example, in order to provide our product and our services it will be necessary for us to process certain personal data such as your address, phone number, identification data and payment data to create your user account or fulfil your order. Also, we carry out this processing for the purpose of knowing our customer and maintaining our relationship with you, with a view to providing a stellar customer experience; or 

6.1.2 our use of your personal data is necessary to support legitimate interests that we have as a business to provide products and services to our customers, provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights. For example, we strive to always improve our products and services in order to make them fit our customers' needs. For this reason, we process personal data such as consumption habits, device information and household composition and draw insights in relation to possible improvements; or 

6.1.3 our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have. For example, to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law; or 

6.1.4 you have provided your consent to us using your personal data for that purpose (e.g. where you provide us with marketing consents or opt-in to additional services). 

Where the basis of processing is your consent, you have the right to withdraw your consent, and therefore prevent that processing, at any time. 

7. How We Protect and Store Your Personal Dataa 

7.1 Data Security 

7.1.1 To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Some of the steps we take are: placing confidentiality requirements on our staff and service providers; destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected. SodaStream will comply with applicable laws in the event of any breach of the security, confidentiality or integrity of your personal data and, where we consider appropriate or where required by applicable law, notify you via email, text or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, in so far as it is consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. 

7.1.2 However, the security of personal data depends in part on the security of the device used to communicate with us, the security you use to protect your login information, and the security provided by your internet access service provider. We make commercially reasonable efforts to make the collection and security of information consistent with this Privacy Policy and all applicable laws and regulations. Where you have a SodaStream username, login or password, you are responsible for keeping this information confidential. We ask you not to share a username, login or password with anyone. 

7.2 Data Retention 

7.2.1 We may retain your data as long as necessary to provide our products and services, and beyond such time to the extent legally permitted and based on our legal obligations (e.g. in relation to invoice retention) or legitimate interests (e.g. in retaining data for the purposes of responding to possible disputes or complaints or for possible reactivation of subscriptions). 

7.2.2 In addition, we maintain a data retention policy which we apply to information in our care. Where your data is no longer required, we will ensure it is securely deleted or anonymised. 

7.2.3 Please note that SodaStream may retain applicants’ personal data submitted to it for no longer than two years after the applied position has been filled or closed. This is done so we could re-consider applicants for other positions and opportunities at SodaStream; so we could use their information as reference for future applications submitted by them; and in case the applicant is hired, for additional employment and business purposes related to his/her work at SodaStream. If you previously submitted applicants personal data to SodaStream, and now wish to access it, update it or have it deleted from SodaStream's systems, please contact us at privacy@sodastream.com.  

8. We May Share Your Personal Data 

SodaStream may share your personal data with third parties (or otherwise allow them access to it) only in the following manners and instances. These are also the categories of third parties with whom SodaStream has disclosed personal information in the preceding 12 months.ces: 

8.1 within the SodaStream family of companies. This includes current and future SodaStream subsidiaries, affiliates, and joint venture partners and our parent company PepsiCo. We may also share information with third parties with which we have an ownership interest or commercial relationship, such as companies whose products we distribute or whose products we think you might find interesting. 

8.2 with any third parties to whom the relevant SodaStream entity subcontracts all or part of this processing. The purpose of this transfer will be to help manage our business and deliver services. For instance, we may transfer your personal data to a service provider to the extent necessary to complete an order and deliver your product. Other instances may include transfers to e-marketing service providers, hosting providers and any other relevant roles. Note that we do not sell your personal data to any third party and have not done so in the preceding 12 months. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. 

8.3 where permitted by local data protection laws, SodaStream may disclose or otherwise allow others access to your personal data pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you. If warranted, we may also allow access to this information in special emergencies where physical safety is at risk. 

8.4 We may disclose any personal data or other information obtained from or about you, to third parties in connection with a merger, acquisition, bankruptcy or sale of all, or substantially all, of our assets, to the extent that this is necessary for the process. 

9. Transferring Personal Data Globally 

9.1 Your personal data may be transferred and stored outside your place of residence, that are subject to different standards of data protection. Particularly, if you live in the EU, you should be aware that your personal data may be shared with, and transferred to, SodaStream affiliates and third-party service providers who are located outside the EU. We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end: 

9.1.1 we will ensure that transfers within SodaStream and its affiliates will be covered by an agreement entered into by members of SodaStream Group (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the Group; 

9.1.2 where we transfer your personal data outside SodaStream or to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your personal data. Some of these assurances are well recognised certification schemes like the EU - US Privacy Shield for the protection of personal data transferred from within the EU to the United States; or 

9.1.3 where we receive requests for information from law enforcement or regulators, we will carefully validate these requests before personal data is disclosed. 

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above. 

10. Use of Cookies and Other Tracking Technologies  

SodaStream uses certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts). These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our customers with a better experience. For example, thanks to these technologies, we are able to maintain and keep track of our customers' preferences and authenticated sessions, to better secure our services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our services. 

Please note that third party services placing cookies or utilizing other tracking technologies through our services may have their own policies regarding how they collect and store information. Such practices are not covered by our Privacy Policy and we do not have any control over them. 

10.1 Do-Not-Track Signals and Similar Mechanisms.  

10.1.1 Some web browsers transmit "do-not-track" signals to websites. Because the standards for these signals are still under development, we currently do not take action in response to these signals.

10.2 Cookies 

10.2.1 Our website uses cookies, web beacons and similar technologies ("Cookies") to track information provided to us by your browser when you use our website. Cookies are small text files containing small amounts of information which are downloaded and may be stored on any of your devices that enable internet usage e.g. your computer, smartphone or tablet - like a memory for a web page. We use several different types of cookies. 

10.3 We use the following cookies on our website: 

10.31.1 necessary cookies 

Necessary cookies are essential and help you navigate our website. This helps to support security and basic functionality and are necessary for the proper operation of our website, so if you block these cookies we can't guarantee your use or the security during your visit.  

10.3.1.2 functionality cookies 

Functionality cookies are used to provide you the best user experience. These cookies are, for instance, used to personalise content for you in line with your location. It also allows our website to remember choices made (like turning off use of cookies or which location you have previously selected) to provide more personal features. 

10.3.1.3 Performance cookies 

Performance cookies help us to understand the behaviour of users of our website. This allows us to continuously improve our website to provide the best information in support of our project aims. These cookies are also used to help us understand how effective our website is. For instance these cookies tell us which pages visitors go to most often and if they get error messages from web pages. 

10.3.1.4 All of the Cookies are managed by third parties, and you may refer to the third parties' own website privacy notifications for further information. In particular, we use Google Analytics, which allow us to assess how you and other web users use our website, and this information is essential in helping us to continuously improve our website's functionality. They can be preserved from 30 minutes to two years. The information generated by these cookies about your use of our website (including your IP address) will be transmitted to and stored by Google Inc on servers in the United States. 

10.4 Control your cookie settings: 

Once you have given us your agreement to the use of cookies, we shall store a cookie on your computer or device to remember this for next time. Internet browsers allow you to change your cookie settings, for instance to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website, due to the fact that some may be functionality cookies. For further information about deleting or blocking cookies, please visit: http://www.allaboutcookies.org/manage-cookies/.

11. Your Rights in Relation to Your Personal Data  

11.1.1 Depending on where you live, you may have certain additional rights, such as the right to request access to your personal information or to request deletion of your personal information. 

11.1.2 Requests should be submitted to privacy@sodastream.com. These rights are not absolute, and we will respond to all requests we receive in accordance with applicable laws. The Your California Rights section below provides additional information for California residents. 

11.2 Your Rights as a California Resident 

11.2.1 California “Shine the Light” Law

If you reside in California, you have the right to ask us one time per year for information about our disclosure, if any, of personal information to third parties for their direct marketing purposes in the preceding calendar year. To make a request, please contact us privacy@sodastream.com. Please indicate that you are a California resident making a “Shine the Light” inquiry. We reserve our right not to respond to requests submitted other than by the means specified in this section, if the request is not labelled or sent properly, or if the request does not have complete information.

11.2.2 California Consumer Privacy Act (CCPA) 

We have explained our privacy practices in full in the other sections of this Privacy Policy. 

Disclosure of Personal Information We Collect About You

You have the right to know:

The categories of personal information we have collected about you; The categories of sources from which the personal information is collected;

Our business or commercial purpose for collecting personal information;

The categories of third parties with whom we share personal information, if any;

The specific pieces of personal information we have collected about you.

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

Delete your personal information from our records; and

Direct any service providers to delete your personal information from their records.

Please note that we may not delete your personal information if it is necessary to:

Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

Debug to identify and repair errors that impair existing intended functionality;

Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

Comply with the California Electronic Communications Privacy Act;

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

Comply with an existing legal obligation; or

Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Protection Against Discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

Deny goods or services to you;

Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

Provide a different level or quality of goods or services to you; or

Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.

Designate an authorized agent to submit CCPA requests on your behalf You may designate an authorized agent to make a request under the CCPA on your behalf. To do so, you need to provide the authorized agent written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below.

If you would like to exercise any of your CCPA rights as described in this Privacy Policy, please:  

11.3 We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require. If you have a password protected account with SodaStream, we may ask to verify your request through the account’s existing authentication methods. If you request that we disclose or delete your information, we will require you to re-authenticate with your account.

11.4 We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

12.

We may update and change this privacy statement from time to time, to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this Privacy Policy.

13. Contact Information

13.1 If you have any questions about this Privacy Policy or wish to exercise any of your rights as described in paragraph 11, you can contact us at:

privacy@sodastream.com.

We will attempt to resolve any complaints regarding the use of your Personal data in accordance with this Privacy Policy.