Table of contents

1 Purpose of this Privacy Policy
2. definitions
3. processing of personal data of data subjects
4. data protection rights of data subjects
5. requests or concerns
6. updates to this privacy statement

1. purpose of this privacy statement

The purpose of this Privacy Policy is to set out the principles that Aliaxis Deutschland GmbH will apply in relation to the use and protection of personal data of customers and suppliers.

We respect the privacy rights of our customers and suppliers and are committed to handling personal data responsibly and in accordance with the law. This Privacy Policy describes the personal data we collect and process about you, the purposes of the processing and the rights you have in relation to it.

If you have any doubts about the applicable standards or any comments or complaints about this Privacy Policy, please contact us as explained in Section 5 below.

2. definitions

"Personal data" means any information relating to an identified or identifiable natural person (i.e. a data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Sensitive Personal Data" means any information relating to a Data Subject's racial or ethnic origin, political or philosophical opinions, religious beliefs, physical or mental health or condition, sex life, sexual orientation or preference, trade union membership or affiliation, biometric data, genetic information, criminal offences or suspected criminal offences and any related legal action or previous convictions.

"Data Subject" means (i) any representative or business contact of a customer, a supplier, a service provider and/or a distributor, whether existing or prospective; (ii) any natural person who may be considered as an end customer (end users, distributors, installers, individuals...).

3. processing of personal data of data subjects

3.1 General information

We process personal data of data subjects whose personal data have been provided to us.

For the purposes of this notice, Aliaxis Deutschland GmbH acts as the controller of your personal data. In addition, other Aliaxis companies may also act as data controllers for certain processing activities in relation to your personal data on a group-wide basis.

3.2 Types of personal data that may be collected by us

The personal data we process about you includes: Identifying and contact data (such as name, address, telephone number, email address, date of birth...), professional data (such as employer, job title, position, office location, etc.), location and electronic data (such as browsing history on Aliaxis' websites), personal and professional life details, national identifiers (such as tax ID and VAT ID/passport, immigration/visa status), IT-related information necessary to access the Company's web platform or mobile application (such as. IP addresses, navigation data and login information), financial data (such as bank account number, credit card details) and any other information that may be voluntarily disclosed by you (e.g. information in connection with a data subject's questions or complaints).

In most cases, personal data is collected directly from you, but in some cases it is collected indirectly from:

  • other companies of the Aliaxis Group;
  • the Aliaxis Group's IT/security systems;
  • public sources such as business registers and other publicly available information about companies; and
  • Third parties where permitted by applicable law or with your consent (e.g. a data subject's employer or data intermediaries).

3.3 Sensitive personal data

Generally, a company will not collect or process sensitive personal data from you. However, in certain circumstances and where required by national law, we may need to collect or voluntarily request the provision of some sensitive personal data for legitimate business purposes, for example, about criminal convictions and offences (e.g. in the case of bankruptcy proceedings) or religious beliefs (e.g. if we are organising travel for a data subject, a copy of proof of identity will be required in order to apply for a visa; in some countries the passport may contain information about religion).

3.4 Lawfulness of the processing

The legal basis on which a company relies to collect and process personal data depends on the personal data itself and the specific purpose for which the data is collected.

In general, we process personal data of data subjects for the following lawful and legitimate reasons:

  • Compliance with legal obligations to which we are subject (e.g. contract and tax law);
  • Necessity for the conclusion or performance of a contract with the data subject and/or his/her employer/company (including opening of customer accounts, logistics (such as shipping and deliveries), invoicing, settlement of disputes...);
  • where such processing is in our legitimate interests and is not overridden by the data protection interests or fundamental rights and freedoms of the data subject (e.g. for our general business activities or to manage our customers/suppliers).
  • Consent of the data subject (e.g. when a data subject subscribes to a newsletter).

Where the processing of your personal data is necessary to perform a contract with a data subject and/or their employer/company (i.e. to manage an employment relationship) or to comply with applicable laws, the provision of the personal data is a legal or contractual obligation. Therefore, we cannot manage this employment relationship or comply with applicable laws if the data subject does not provide us with the personal data in question.

Where required by law, the Company will seek prior consent from the data subject to process personal data (e.g. for the processing of sensitive personal data).

3.5 Purposes of Processing

Personal data is usually processed for the purposes of managing our relationship with the data subject or their employer/company. We may also process personal data for the following purposes:

  • Customer/supplier account management (order management, billing, invoicing, collection, etc.);
  • Promotion, advertising and marketing of our products and services;
  • Informing customers (via our newsletters, email, social media platforms and brand centre);
  • Responding to enquiries/complaints from customers/suppliers;
  • Assessing business performance;
  • Accounting, forecasting, budgeting and financial planning;
  • Mobile application management;
  • Collection of evidence in case of disputes;
  • Providing technical support to our customers and customer service (including technical information about our products);
  • Managing customer account profiles on our web platforms and mobile apps and accessing those profiles. For more information about the personal data we collect online, please see our Internet Privacy Policy;
  • To help us run our business more effectively and efficiently and to review and improve the quality of our products and/or services;
  • To conduct surveys, satisfaction surveys and research with our customers; and
  • Comply with applicable laws and regulations or exercise or exercise our legal rights.

If we intend to further process personal data for a purpose other than that described in this notice, we will inform data subjects of those other purposes and provide any other relevant information prior to further processing.

3.6 Disclosure of personal data

We take care to allow access to personal data only to those of our employees who need such access to perform their duties and responsibilities, and to third parties who have a legitimate purpose for accessing such data. In the event that we disclose personal data to another Aliaxis Group company or to a third party, we will take all necessary steps to ensure an adequate level of protection of such data.

In particular, personal data of data subjects may be disclosed to the following categories of recipients:

  • Other Aliaxis companies: We may share personal data with other companies within the group to develop our relationship with data subjects and/or their employer/company, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general corporate governance.
  • Third Party Service Providers: We may also share certain personal data with third parties who provide services to us, such as IT providers, external consultants, lawyers and advisors, on a need-to-know basis.
  • Public bodies: We may also disclose personal data to public bodies where this is compatible with applicable laws.
  • Other third parties:
    • We may also disclose personal data to other third parties for other lawful reasons, including:
    • When we are required to do so by law (e.g. to comply with legal process such as search warrants, subpoenas or court orders, etc.);
    • where such disclosure is necessary for the purpose of providing services and/or information to the data subjects and/or their employer/company;
    • where such disclosure is justified by the legitimate interests of the Company as defined above;
    • where such disclosure is in connection with regular reporting to other companies in the Group;
    • in connection with the sale, assignment or other transfer of part or all of our business;
    • with the prior consent of the data subject.

3.7 Transfer of personal data abroad

Our Group operates on a global basis and we may need to transfer personal data to Group companies or third party service providers in countries other than those where your personal data was originally collected in order to facilitate the management of our relationships with customers and suppliers worldwide.

In this case, we will implement appropriate safeguards to ensure that an adequate level of protection is provided for any personal data transferred.

Where the transfer relates to personal data of European residents to countries outside the European Union (EU) and the European Economic Area (EEA), we will take the necessary steps to ensure an adequate level of data protection under EU law, such as entering into EU standard contractual clauses with the party receiving the data.

3.8 Protection of personal data

We are committed to ensuring the protection of personal data of data subjects. To prevent unauthorised access or disclosure or any other unlawful form of processing of personal data, we have put in place appropriate physical, technical and procedural measures to protect the personal data in our possession.

Access to personal data is only permitted to authorised employees for the performance of their duties. In addition, we have put in place appropriate technical measures, including but not limited to access permissions, authentication, firewalls, anti-virus measures, backup and disaster recovery plans, designed to provide a level of security appropriate to the risk of processing the personal data.

3.9 Storage and deletion of personal data

We retain personal data in accordance with applicable laws and only for as long as is necessary to fulfil the purposes for which the data is collected. Generally, this means that personal data will be retained for as long as we have a relationship with the data subject and/or their employer/company, plus a reasonable period of time to respond to requests or to deal with legal matters.

After the retention period has expired, we ensure that personal data is deleted or anonymised, or if this is not possible (e.g. because the personal data has been stored in backup archives), we store the personal data securely and isolate it from any further processing until deletion is possible.

4. data protection rights of data subjects

Data subjects have the following rights:

  • The right to obtain confirmation as to whether personal data concerning them is being processed and, if so, the right to access and/or obtain a copy of their personal data;
  • the right to have inaccurate or incomplete personal data corrected or updated;
  • the right to have their personal data erased;
  • the right to restrict the processing of their personal data on specific legal grounds;
  • the right to object to the processing of their personal data on grounds relating to their particular situation, where such processing is necessary for the purposes of the legitimate interest of an undertaking;
  • The right to object at any time to marketing communications sent by us to you;
  • The right to receive their personal data in a structured, commonly used and machine-readable format and to have their personal data transferred to another controller, where the processing is automated and based on the data subject's consent or on contractual terms with the data subject;
  • The right not to be subject to decisions based solely on automated processing (including profiling) which produce legal effects or concern data subjects.
  • The right to withdraw their consent at any time where the processing of personal data is based on their consent. Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to the withdrawal, nor the processing of personal data carried out in reliance on lawful grounds for processing other than consent; and
  • The right to lodge a complaint with a competent data protection authority.

If you wish to exercise any of the above rights, please contact us as described in Section 5 (below). We will respond to all requests in accordance with applicable data protection laws.

5. queries or concerns

If you have any questions or concerns about the way we process personal data, or if you would like further information about this privacy notice, or to exercise your data protection rights, please contact:

Mr. Jörn Menzel
Steinzeugstr. 50
68229 Mannheim
datenschutz@aliaxis.com
T: +49 621 486-1325
F: +49 621 486-25 1325

6. updates to this privacy statement

This privacy statement may be updated periodically to reflect any necessary changes in our privacy practices.