The purpose of this fair processing notice ("Notice") is to inform you of how IHI Bernex AG and its subsidiaries ("we", "us" and "our") will process your personal data as a data controller and the measures and processes we have put in place to ensure its adequate protection. Providing such information is one of the requirements of the General Data Protection Regulation 2016/679 ("GDPR").
This notice does not form any contractual relationship between you and us, and we may amend it from time to time.
2. LAWFUL PROCESSING
We will only process your personal data:
A. where you have given your consent;
B. where the processing is necessary to provide our products or services to you/your employer;
C. where the processing is necessary to respond to a request from you/your employer;
C. where the processing is necessary to maintain our relationship with you/your employer;
E. where the processing is necessary for compliance with our legal and regulatory obligations
In case of (a) above, you may withdraw your consent at any time, by making a request as set out in section 12 below.
3. WHAT PERSONAL DATA WE COLLECT ABOUT YOU
3.1 We process the following types of personal data about you:
A. Your name, company name, email address and other contact details;
B. Your role, department, position and/or job title within your employment
C. Details of your preferences for types of marketing events or materials;
D. Details of your access to our premises, systems, websites; and
E. Your messages, feedback or contributions to surveys and questionnaires.
3.2 It may be mandatory for you to provide us with your personal data, to enable us to manage our business and operations, to maintain our relationship with you/your employer, to provide our products or services to you/your employer or to comply with our legal and regulatory obligations. If you fail to provide your personal data, we might be unable to maintain our relationship with you/your employer or to provide our products or services to you/your employer.
Version 1, May 2018 N:\Corporate\Human_Resources\General Data Protection Regulation Page 2 of 4
3.3 We make every effort to maintain the accuracy and completeness of your personal data which we store and to ensure all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you (see section 9 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
4. HOW WE COLLECT PERSONAL DATA
We usually collect your personal data from the information you/your employer submits during the course of your/your employer's relationship with us. This will typically be through you/your employer sending us emails and other correspondence, business cards, the forms and documents used when you/your employer signs up to our marketing or market data news lists, when you are named as an authorized person to trade on behalf of your employer, the sign up information you/your employer uses to access any of our products or services either on your own behalf or on behalf of your employer.
We may also collect your personal data from other sources such as our group companies, fraud prevention agencies, credit reference agencies and the records of governmental agencies.
5. HOW WE USE PERSONAL DATA
We will process your personal data in connection with the management of our relationship with you/your employer and the provision of our products and services to you/your employer for the following purposes:
A. to provide you/your employer with requested products or services;
B. to respond to your/your employer's messages or posts to us;
C. to provide you/your employer with promotional and marketing materials about our products and services that we think you/your employer may be interested;
D. to manage, develop and improve our product range, services, stores, information technology systems and websites;
E. for monitoring and assessing compliance with law and our policies and standards;
F. to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
G. to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
H. for administrative purposes in relation to the security of and access to our systems, premises, platforms and websites and applications;
I. to comply with court orders and exercise and/or defend our legal rights;
J. for any other legitimate business purpose; and
K. as otherwise permitted or required by any applicable law or regulation.
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Your personal data may be transferred to (including accessed in or stored in) a country or territory outside the European Economic Area ("EEA"), including to countries whose laws may not offer the same level of protection of personal data as are enjoyed within the EEA.
In particular, we may share your personal data with our group companies outside of the EEA including Japan and China. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR. You can
obtain copies of the relevant safeguard documents by making a request as set out in section 12 below.
7. WHEN WE MAY DISCLOSE YOUR PERSONAL DATA
We do not and will not sell, rent out or trade your personal data. We will only disclose your personal data to the following recipients:
A. to our group companies;
B. to third parties who process your personal data on our behalf (such as our systems providers including cloud providers);
C. to third parties who process your personal data on their own behalf but through providing you or your employer with a service on our behalf (such as our suppliers);
D. to companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
E. to any third party to whom we assign or novate any of our rights or obligations;
F. to any prospective buyer in the event we sell any part of our business or assets;
G. to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
8. HOW WE PROTECT YOUR PERSONAL DATA
We are committed to safeguarding and protecting your personal data and will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to protect your personal data from accidental or unauthorized destruction, loss, alteration, disclosure or access.
9. YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT
9.1 If you wish to:
A. update, modify, or delete your personal data, or obtain a copy of your personal data that we hold; or
B. restrict or stop us from using any of your personal data which we hold, you can request this by contacting us as set out in section 12 below.
9.2 In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data.
Version 1, May 2018 N:\Corporate\Human_Resources\General Data Protection Regulation Page 4 of 4
10. HOW LONG WE WILL HOLD YOUR PERSONAL DATA FOR
We will only retain your personal data as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
11. HOW WE UPDATE OR CHANGE THIS FAIR PROCESSING NOTICE
We may change or update parts of this Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Notice on www.ihi-bernex.com. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Notice so you are fully aware of any changes or updates.
12. HOW YOU CAN CONTACT US
If you have any queries about the contents of this Notice or your personal data, or wish to make a request in relation to your personal data, please contact us using the details set out below:
13. HOW TO LODGE A COMPLAINT TO THE REGULATOR
You are entitled to lodge a complaint with our data protection regulator if you consider that we have breached your data protection rights. Our data protection regulator is “Autoriteit Persoonsgegevens”, to be contacted via autoriteitpersoonsgegevens.nl.