INFORMATION ON THE PRIVACY OF CUSTOMERS AND SUPPLIERS

1. Purpose of this Information

This Information is aimed at defining the principles that ALIAXIS HOLDING ITALIA S.p.A has adopted regarding the use and protection of the Personal Data of its customers and suppliers. We respect the privacy rights of our customers and suppliers and are committed to processing Personal Data responsibly and in accordance with applicable laws. This Notice describes the Personal Data we collect and process, the purposes of the Processing and your rights in relation to it. If you have any questions regarding the applicable standards, comments or complaints regarding this Policy, please contact us as indicated in section 5 below.

2. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person (e.g. a Data Subject). An identifiable person means any person who can be identified, directly or indirectly, in particular by means of an identifier such as a name, an identification number, residence data, an online identifier or by reason of one or more factors specific to his or her identity. physical, physiological, genetic, mental, economic, cultural or social.

“Processing” means any operation or series of operations carried out on Personal Data, whether by automated means or otherwise, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation use, disclosure by transmission, disclosure or dissemination by other means, alignment or combination, restriction, erasure or destruction.

“Sensitive Personal Data” means any information relating to racial or ethnic origin, political or philosophical opinions, religious beliefs, physical or mental health or condition, life, sexual preferences or orientation, membership or trade union affiliation, biometric data, genetic information, the commission or alleged commission of a criminal offense and any other related legal action or past conviction of the Data Subject.

“Data Subject” means (i) any representative or business contact of a customer, supplier, service provider and/or distributor, whether existing or potential; (ii) any natural person who can be considered an end customer (end customers, distributors, installers, private individuals...).

3. Processing of the Personal Data of the Interested Parties

3.1. General informations

We process Personal Data relating to Data Subjects whose Personal Data may have been provided to us. For the purposes of this Information, ALIAXIS HOLDING ITALIA S.p.A will act as responsible for the processing of the Personal Data of the Interested Parties. Furthermore, other Aliaxis Group Companies may also act as data controllers for certain group-wide processing activities relating to Personal Data.

3.2. Types of Personal Data we may collect

types of Personal Data processed regarding the Interested Parties may include, but are not limited to: identification data and contact details (such as name, address, telephone number, e-mail address, date of birth...), professional data (such as employer , professional figure, position, office location etc....), position and electronic data (such as browsing history on Aliaxis websites), details relating to personal and professional life, national identifiers (such as tax code, VAT number, Identity card/passport, immigration status/visas, IT information necessary to grant access to the Company's web platform or mobile application (such as IP addresses, browsing data and login information), financial details (such as bank account number , credit card details) and any other information that may be communicated voluntarily (such as information relating to questions or complaints from an interested party).

In most cases, Personal Data is collected directly from the interested party but, in some cases, it can be obtained indirectly from:

  • other entities of the Aliaxis Group;
  • Aliaxis Group security/IT systems;
  • public sources such as business registers and other publicly available information relating to companies; And
  • third parties, if permitted by applicable law or with the consent of the Data Subject (such as the employer of a Data Subject or data intermediaries).

3.3. Sensitive Personal Data

As a rule, we will not collect or process any Sensitive Personal Data received from Data Subjects. However, in some circumstances and where required by national law, we may need to collect, or request to communicate on a voluntary basis, some Sensitive Personal Data for business purposes legitimate them, for example, convictions and criminal offenses (e.g. in the case of bankruptcy proceedings) or religious beliefs (e.g. for the organization of travel for an interested party, a copy of an identification certificate is required to request a visa: in some countries, your passport may reveal information about your religion).

3.4. Legitimacy of the Processing

The legal basis on which we rely to collect and process Personal Data varies depending on the Personal Data itself and the specific purpose for which such Personal Data is collected. In general, we process the Personal Data of the Interested Parties on the basis of the following legal and legitimate bases:

  • compliance with the legal obligations to which we are subject (e.g. contract and tax laws);
  • need to conclude or perform a contract with the interested party and/or his employer/company (including the opening of customer accounts, logistics (such as shipping and delivery), invoicing, dispute management…);
  • where such Processing falls within our legitimate interests and is not overridden by the interests of data protection, or the fundamental rights and freedoms of the interested parties (e.g. for the conduct of our business or to manage customers/suppliers);
  • consent of the interested party (e.g. when an interested party subscribes to a newsletter

Where the Processing of Personal Data is necessary for the purposes of the execution of a contract with an interested party and/or his employer/company (e.g. to manage said relationship) or to comply with applicable laws, the communication of Personal Data Personal is a legal or contractual requirement. Consequently, if the interested party does not provide us with such Personal Data, we will not be able to manage this relationship or comply with applicable laws. Where required by law, we will ask the interested party to give his prior consent to the processing of Personal Data (e.g. for the Processing of Sensitive Personal Data).

3.5. Purpose of the Processing

Personal Data is ordinarily processed for the purpose of managing our relationship with the interested party or his employer/company. We may also Process Personal Data for the following purposes:

  • customer/supplier accounting management purposes (order management, invoicing, debt collection, etc.…);
  • promotion, advertising and marketing of our products and services;
  • communicating information to customers (through our newsletter, via email, social media platforms and brand centres);
  • respond to requests/complaints from customers/suppliers;
  • evaluation of company performance;
  • performing accounting, forecasting, budgeting and financial planning activities;
  • mobile application management;
  • collection of evidence in case of disputes;
  • provide technical assistance to our customers, as well as after-sales services (including technical information relating to our products);
  • manage customer account profiles on our web platforms and mobile apps, and provide access to those profiles. For further information regarding Personal Data collected online, please see our Web Privacy Policy;
  • help us conduct our business more effectively and efficiently, as well as monitor and improve the quality of our products and/or services;
  • carry out surveys, satisfaction surveys and studies with our customers;
  • And comply with applicable laws and regulations, or exercise or defend our legal rights.

If we wish to further process Personal Data for purposes other than those described in this Policy, we will inform the Data Subjects and provide any other relevant information before starting the Processing.

3.6. Disclosure of Personal Data

We ensure that we allow access to Personal Data only to our employees who need such access to carry out their duties and responsibilities, as well as to third parties who have a legitimate purpose to access it. If we disclose Personal Data to another Aliaxis Group entity or to a third party, we will take all necessary steps to ensure an adequate level of protection for such data.

In particular, the Personal Data of the Interested Parties may be communicated to the following categories of recipients:

a) Other Aliaxis Group Companies: We may share Personal Data with other entities within the Group to develop our relationship with the Data Subjects and/or their employer/company, as well as for other legitimate business purposes such as services/security IT, Tax & Accounting and General Business Management;
b) Third Party Service Providers: We may also disclose certain Personal Data to third parties who provide services to us, such as IT providers, contractors, lawyers and consultants on a need-to-know basis.
c) Public authorities: we may also communicate Personal Data to public authorities, in compliance with applicable laws.
d) Other third parties: we may also communicate Personal Data to other third parties for other legitimate reasons, including:

  • where we are legally required to do so (for example, to comply with valid legal processes such as search or subpoena warrants, or court orders, etc.);
  • said communication is required in order to provide services and/or information to interested parties and/or their employer/company;
  • said communication is justified by our legitimate interests described above;
  • this communication relates to our regular reporting activities to other companies in the Aliaxis Group; in connection with the sale, assignment or other transfer of all or a portion of our business;
  • with the prior consent of the interested party.

3.7. International Transfer of Personal Data

Our Group operates globally, so we may need to transfer Personal Data to group affiliates or third party service providers located in countries other than those in which the Personal Data was initially collected to facilitate the management of our relationship with customers and suppliers globally. In this case, we will implement appropriate safeguards to ensure an adequate level of protection of any Personal Data transferred. If the transfer concerns Personal Data of European residents in countries outside the European Union (EU) and the European Economic Area (EEA), we will take the necessary measures to ensure an adequate level of data protection under EU law, such as entering into standard EU contractual clauses with the party receiving the data.

3.8. Protection of Personal Data

We are committed to ensuring the protection of the Personal Data of the Interested Parties. In order to prevent unauthorized access or disclosure or any other unlawful form of Processing of Personal Data, we have put in place appropriate physical, technical and procedural measures to protect the Personal Data in our possession.

Access to Personal Data is limited to authorized employees for the sole purpose of fulfilling their professional responsibilities. We have also implemented adequate technical measures, including but not limited to access authorizations, authentications, firewalls, antivirus measures, backup and disaster recovery plans, designed to provide a level of security appropriate to the risk inherent in the processing of Personal Data.

3.9. Storage and Deletion of Personal Data

We will retain Personal Data in accordance with applicable laws and solely to the extent necessary to fulfill the intended purposes of collection. Generally, this means that Personal Data will be retained for as long as we have a relationship with the Data Subject and/or their employer/company, plus a reasonable period of ten years thereafter to respond to inquiries or to handle any legal matters. .

At the end of the retention period, we will ensure that the Personal Data is deleted or anonymised, or, if this is not possible (for example, because the Personal Data has been stored in backup archives), we will store it securely, isolating it from any further processing activity.

4. Privacy rights of interested parties. Interested parties have the following rights:

  • right to obtain confirmation as to whether or not their Personal Data is being processed and, if so, the right to access and/or receive a copy of their Personal Data;
  • right to rectify or update any incorrect or incomplete Personal Data;
  • right to obtain the deletion of your Personal Data;
  • right to limit the Processing of your Personal Data according to certain legal bases;
  • right to object to the Processing of their Personal Data for reasons connected with their specific situation, where said Processing is necessary for the purposes of the legitimate interest of a Company;
  • right to opt-out of marketing communications sent to you at any time;
  • right to receive their Personal Data in a structured, commonly used and electronically readable format, and to have their Personal Data transmitted to another manager where the Processing is carried out by automated means and is based on the consent of the interested party or on the contractual terms stipulated with the interested party or his employer/company;
  • right not to be subject to decisions based solely on automated processing (including profiling) and which produce legal effects or affect the interested parties.
  • right to withdraw your consent at any time if the Processing of Personal Data is based on your consent. The revocation of consent will not affect the legitimacy of any Processing carried out before said revocation, nor will it affect the Processing of Personal Data carried out by relying on grounds of legitimacy of the Processing other than consent;
  • And right to lodge a complaint with the competent data protection authority.

In the event that the interested party wishes to exercise one of the above-mentioned rights, please contact us as indicated in section 5 below. We will respond to all your requests in accordance with applicable data protection laws.

5. Requests or Concerns

If you have any questions or concerns about how we process your Personal Data, or if you would like further information regarding this Policy, or if you wish to exercise your privacy rights, please contact: the Director of Human Resources, currently Maddalena DE PADOVA, at the company headquarters.

6. Updates to this Policy

This Policy may be updated periodically to reflect any necessary changes in our privacy practices. Last updated October 2022.

ALIAXIS HOLDING ITALIA S.p.A.