CRC INDUSTRIES – EUROPE PRIVACY NOTICE
Effective Date: May 25th 2018
CRC Industries Europe BVBA (”CRC Belgium”) and CRC Industries UK Limited, CRC Industries France S.A.S., CRC Industries Deutschland GmbH, CRC Industries Iberia, S.L.U., CRC Industries Sweden AB, and CRC Industries Finland OY (collectively, with CRC Belgium,”CRC EU,” we,” ”us,” or ”our”) are committed to respecting your privacy. In support of our commitment, we developed this privacy notice to be transparent about the data we collect about you and how it is used and shared, as well as the choices and rights available to you with respect to the data we maintain about you. This privacy notice applies to:
- Information about you shared with us by third parties for our own use, as well as publicly-available information collected by us.CRC Belgium will be the controller of your personal data and responsible for the processing of such data by or on behalf of CRC EU, and each other CRC EU company will be joint controllers of such data.
I. INFORMATION WE COLLECT AND HOW WE USE IT
Collection and Use of Personal Data Personal Data Collected
We collect information that can be used to identify or contact a person (we refer to this as ”personal data”). Personal data includes information that does not directly identify you by name or include your contact information, but which may be used to identify that a specific computer or device has accessed our website and online services and which if combined with certain other information could be used to identify you. The types of personal data we collect and process include:
- Full name
- Contact information (work or home postal address; work, mobile or home telephone number; work or personal email address)
- Employer or agency, industry, and job title
- Delivery and payment information
- Survey response data
- Education and experience information (CV information; professional experience; employment history; education; certifications; personal interests)
- Engagement information (order, engagement and collaboration history; contractual relationship information; inquiries, feedback and comments; content contained in email exchanges with us)
- IP address
- Log data
- Cookie data (including third-party cookies and related data)
- Location data
- Social media use and utilization
We collect personal data when you provide it to us directly (e.g., when you submit a contact form through our website or provide us with your business card at a trade show); when generated by your activity on our website and online services (e.g., the amount of time spent on a particular page of our website); when shared with us by our business partners (e.g., email marketing vendors, trade show sponsors, or HR staffing agencies); and when available through publicly-available sources (e.g., information shared by you on LinkedIn).
Use of Personal DataWe collect, use, store, organize, structure, disclose, or otherwise process personal data as described below:
- We process personal data for the purposes for which such personal data was provided. For example, if you share your name and contact information with us when submitting an inquiry or requesting information through our website, we will use this information to respond to you and provide you with the information requested. If you register to access an online portal or other online service requiring registration, we will use the information submitted by you to provide you with access to the relevant service and to maintain your account. If you purchase a product or service from us, we will use the personal data provided by you to fulfill the order and satisfy related contractual obligations, including to process your payment, facilitate delivery, and comply with any applicable service or warranty obligations (in these situations, we may also save your payment information so that you can use it the next time you want to order a product or service from us).
- To send you news and information about products and services that may be of interest to you, including to personalize your online service experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website and online services, third-party sites, and via email or text message.
- To send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with us, you generally may not opt out of receiving these communications.
- To help maintain the safety, security, and integrity of our website and online services, products, databases and other technology assets.
- For internal administrative purposes, such as auditing, data analysis, and research to improve our products, services, and customer communications. This includes processing for purposes of statistical analysis, including Google Analytics.
- If you enter a sweepstake, contest or similar promotion, we use the information you provide to administer such programs.
- To arrange interviews, consider you for employment, and personnel administration (to the extent you apply for a job through our website and online services).
- Where we have legal obligations to process the personal data and for legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders).
- To manage data subject requests.
- For internal investigations of possible misconduct or failure to comply with our policies and procedures.
- Based on your consent: In some cases, at the point at which you provide personal data, we may ask you for your consent to collect and process your personal data. If you provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described below. If you withdraw your consent it will not affect any processing of your personal data that has already occurred. Where we process your personal data based on consent, we will provide more detailed information to you at the time when we obtain your consent.
- Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your personal data to comply with a relevant law/regulation or to fulfill our obligations under a contract with you. Where we process your personal data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing your personal data to fulfill our obligations under a contract with you, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
- Our legitimate interest: We may process your personal data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and educational opportunities. In addition to other rights you may have as described below, you have the right to object to such processing. You can register your objection by contacting us as described below.Collection and Use of Non-Personal Data Non-Personal Data CollectedWhen you use our website and online services, we also collect certain non-personal data that does not, on its own, identify any individual. The types of non-personal data we collect and process include:
- Location data. Depending on the website and online services and your computer or device permissions, we may collect information about your device’s approximate (e.g., country or zip code) or precise location (”location data”). Various technologies may be used to collect this location information, such as IP address, GPS, and other sensors that may provide information on nearby devices, Wi-Fi access points, and cell towers. We will only collect your computer’s or device’s precise location with your consent.
USE OF NON-PERSONAL DATA
We may collect, use, transfer, and disclose non-personal data for any purpose. However, if we combine non-personal data with personal data, the combined information will be treated as personal data for as long as it remains combined. We use non-personal data for a number of legitimate business purposes, some of which are described below:
- We collect log data, location data, and cookie data so that we can better understand website user behavior and improve our products, services, and advertising.
- We collect information regarding user activities on our website and online services. This information is aggregated and used to help us provide more useful information to our customers and website users, and to understand which parts of our website and online services are of most interest. Aggregated data is considered non-personal data for the purposes of this privacy notice.
- We use non-personal data (including log data, location data, and cookie data) to understand and analyze trends, to administer the website and online services, to learn about user behavior on the website and online services, to improve our products and services, and to gather demographic information about our user base as a whole.We may also collect similar data from emails sent to you to help us track which emails are opened and which links are clicked by recipients. In some of our email messages, we use a ”click-through URL” linked to content on our website and online services. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website and online services. We track this click-through data to help us determine interest in topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Where permitted by law, we may combine the personal data you provide to us through the website and online services with information we collect through other CRC EU website and online services, our offline records, and information provided to us by third parties. Where permitted by law and feasible, we may also combine your personal data with information collected through your use of the website and online services (such as log data, location data, and cookie data), in which case we will treat any information that is combined or associated with your personal data as personal data for as long as it can reasonably be linked with your personal data. We use this consolidated information to improve our website and online services and product offerings, enhance our marketing and research activities, communicate information to you, and for any other legitimate purpose described in this privacy notice.
II. HOW PERSONAL DATA IS SHARED AND TRANSFERRED
PERSONAL DATA SHARED WITH THIRD PARTIES
We disclose your personal data to third parties who provide us with various business services (e.g., monitoring and maintaining our website or internal business applications, preparing newsletters and mailings, and payments of commissions or other amounts). These service providers and contractors are restricted from using this personal data in any way other than to provide services on our behalf and subject to our documented instructions only.
We may also share your personal data with our affiliates (e.g., for internal administrative purposes or where a CRC EU affiliate supports one of our business functions). The names and locations of such affiliates can be found here and here.
We may also disclose information we collect to legal counsel, law enforcement, and other appropriate authorities in special cases, including: (i) when we have a reason to believe that such disclosure is necessary to identify, contact, or bring a legal action against someone who may be causing injury to or interference with our rights and property or those of any other person; or (ii) when we believe that it is required by applicable laws, court orders, or government regulations.
If all or part of CRC EU is merged into another entity, the information we have about you may be transferred to a third party as part of that transaction. Your information may also be included among the assets affected by financing agreements undertaken by us.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
In some instances, the service providers, business partners, CRC EU affiliates, and others that we share personal data with are in other countries. The level of protection for your personal data in these other countries may not be the same as the level of protection in your country. In these cases, we protect any information transferred to third countries using appropriate safeguards, such as contractual clauses approved by relevant supervisory authorities (where required and applicable). All CRC EU affiliates outside of the European Union that access or receive your personal data are subject to data protection contracts approved by the European Commission and that impose on such affiliates a level of protection for your personal data equivalent to European data protection requirements.
In any event, we only share personal data with our affiliates and third parties performing services on our behalf if such affiliates and third parties provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing they conduct will meet the requirements of applicable law and ensure the protection of your personal data.
III. YOUR RIGHTS
You have various rights with respect to the collection, use, transfer and processing of your personal data, as described below. However, we reserve the right to limit these rights at any time where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. To exercise any of the rights below, please contact us using the applicable contact information below.
You have the right to obtain confirmation as to whether or not your personal data is being processed by us. Where we are processing your personal data, you have the right to access the data and to obtain certain information about the processing of such data.
RIGHT TO RECTIFICATION
You have the right to obtain rectification of any personal data that is inaccurate or incomplete, including by means of providing a supplementary statement.
RIGHT TO ERASURE
You have the right to have your personal data erased where one of the following applies:
- Your personal data is no longer necessary with regards to the purposes for which it was collected.
- You withdraw your consent (where the processing is based on such consent).
- You object to the processing where such processing is based on our (or a third party’s) legitimate interest and there are no overriding legitimate grounds for the processing.
- Your personal data must be erased to comply with a legal obligation under applicable law. However, this right to erasure will not apply to the extent the processing is necessary for:
- Compliance with a legal obligation which requires processing; or
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, to the extent permitted under applicable law.
RIGHT TO RESTRICTION OF PROCESSING
You have the right to restrict the processing of your personal data where one of the following applies:
- The accuracy of the personal data is contested.
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.
- We no longer need the personal data for the purposes of the processing, but it is required for the establishment, exercise or defense of legal claims.
- Where the processing is based on our (or a third party’s) legitimate interest and you have objected to processing (as described immediately below).
RIGHT TO OBJECT
You have the right to object (on grounds relating to your situation) at any time to the processing of your personal data for direct marketing purposes or where the processing is based on our (or a third party’s) legitimate interest. When objecting to processing based on our legitimate interest, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
RIGHT TO WITHDRAW CONSENT
Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
RIGHT TO DATA PORTABILITY
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit such data to another entity without hindrance from us, where each of the following conditions are met:
- Your request does not adversely affect the rights of others;
- Your request does not adversely affect our rights (including intellectual property rights);
- The processing is based on your consent or the performance of a contract to which you are a party; and
- The processing is carried out by automated means.
Right Not to Be Subject to Solely Automated Decisions
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, unless permitted under applicable law.
Right to Submit a Complaint to Supervisory Authorities
You have the right to lodge a complaint with an applicable data protection authority. You have the right to lodge such a compliant in the European country of your habitual residence, place of work, or place of an alleged infringement if you consider that the processing of your personal data infringes applicable EU data protection laws. A list of all European supervisory authorities and their respective contact information is available here.
IV. HOW WE PROTECT PERSONAL DATA
We provide reasonable technical, physical, and organizational safeguards to protect your personal data, including safeguards designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed which may lead to physical, material or non-material damage. To the extent appropriate or required by applicable law, these security measures include:
- Access to personal data is limited to authorized employees and service providers who need access to perform the activities described in this privacy notice on our behalf.
- Personal data is pseudonymized where appropriate or required by law, and sensitive personal data transferred to or stored on any mobile device is encrypted using industry-accepted encryption solutions.
- CRC EU personnel engaged in the processing of personal data are informed of the confidential nature of personal data, receive appropriate training on their responsibilities, and are obligated pursuant to CRC EU policy to maintain the confidentiality of personal data.
- The effectiveness of our security measures is regularly tested, assessed, and evaluated to ensure the ongoing security of processing systems.
- Internet-connected databases containing personal data are monitored for unauthorized intrusions using network- based and/or host-based intrusion detection mechanisms.
- Service providers and other third parties engaged by us to process personal data on our behalf are contractually obligated to process personal data only on our documented instructions and must provide similar security measures as those used by us or as required under applicable law.Although we strive to provide reasonable and appropriate security for the personal data we process and maintain, no security system can prevent all potential security breaches. In particular, email or forms sent using our website and online services may not be secure. You should take special care before deciding to send us information via email. Further, if you create an account through our website and online services, it is your responsibility to protect your access credentials from unauthorized access or use.
V. RETENTION AND DELETION OF PERSONAL DATA
We implement and maintain reasonable restrictions on the retention of personal data and generally disposes of such personal data once it is no longer necessary for the purposes for which it was collected or further processed. However, we may continue to store archived copies of your personal data for legitimate business purposes and as necessary to comply with applicable law. In addition, we may continue to store anonymous, aggregated or anonymized information for any legitimate business use described in this privacy notice.
VI. LINKS TO THIRD-PARTY WEBSITES
VII. HOW TO CONTACT US
If you have any questions about this privacy notice, our use of your personal data, or your rights with respect to such use, you may contact us using the contact information below:
CRC Industries Europe BVBA Touwslagerstraat 1 B-9240 Zele Belgium
VIII. CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend this privacy notice at our discretion and at any time. When we change it, we will post the updated notice on our website and online services, and it will be effective as of the date posted. Your continued use of our website and online services following the posting of changes will constitute your acceptance of such changes.
- Pixel Tags. Pixel tags (also known as web beacons) are small blocks of code installed on our website and online services which enable our online partners to serve cookies when you visit our website and online services and are generally used in combination with cookies to track activity user on our website and online services, receive relevant log data and cookie data, and perform other activities relating to the monitoring and analysis of the use and performance of our website and online services.
- Software Development Kits. Software development kits (also called SDKs) function like third-party cookies and pixel tags, but operate in the mobile app environment where cookies and pixel tags cannot function as effectively. Instead of using cookies and pixels tags, we may install pieces of code (the SDK) provided by our online partners (such as advertising companies, ad networks, and analytics providers) in our mobile apps for these online partners to monitor and analyze the use and performance of our mobile apps and services.
- Statistical Identifiers. Statistical identifiers refer to identifiers created using certain device information and log data. Collectively, this information makes your browser or device sufficiently distinct for a server or similar system to reasonably determine that it is encountering the same browser or device over time. Statistical identifiers enable us and our partners to uniquely identify your browser or device for the same purposes as cookies. Statistical identifiers may be associated with your personal data (such as your email address). However, if we associate non- personal data with personal data, the combined information will be treated as personal data for as long as it remains combined.