Privacy Notice

General statement on data protection

introduction

Our group of companies respects your privacy and is committed to protecting your personal information in accordance with fair information practices and applicable data protection laws.

This Privacy Notice explains how we and our companies collect, use and share personal information that you provide to us or that we otherwise receive or generate ("Personal Information").

scope of application

Personal data is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Privacy Notice applies to the personal information we receive through our normal business activities, both online and offline, ie collection in connection with sales and marketing, partner and supplier engagement and investor relations. This privacy notice does not apply to personally identifiable information obtained through our careers site; this is subject to the privacy policy for applicants.

data controller

The data controller in relation to your data is the company in our group which originally collected your data and determined the purposes and means of using your data.

If you would like to know who the data controller relevant to you is or have any other questions about your data, please contact our Privacy Officer at the email address below.

Recipients of personal data

• In-house: Business functions that need access to your data to fulfill our contractual and legal obligations (ie sales, accounting, operations, legal) or for the purpose of our legitimate interests (ie marketing).
• Third: We may use third parties to provide services and functionality on our behalf. We may provide personal information to these third parties to perform these services and functions. The processing of this personal data is carried out according to our instructions and is compatible with the original purposes.
• required by law: We may also provide personal information to public or judicial authorities, law enforcement agencies and regulatory bodies where required to do so by law. This also includes compliance with national security and law enforcement regulations as well as authorities and courts in the countries in which we operate. To the extent permitted by law, we may also disclose personal information to third parties (including legal counsel) if this is necessary for the establishment, exercise or defense of legal claims or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or required to support external audit, compliance and corporate governance functions.
• Mergers and Acquisitions: Personal information may be transferred to a party acquiring all or a portion of the equity, assets or operations of a Group company in the event of a sale, merger, liquidation, dissolution or other action.
• Affiliates: We may also transfer and share information with our affiliates in compliance with applicable laws.

International Transfers

Because we are an international group of companies with companies and offices in different countries, we may transfer your personal information from one company to another or from one country to another in order to achieve the purposes set out above. We will share your personal information in accordance with applicable law and only to the extent necessary for the purposes set out above. Within our group of companies, personal data is passed on on the basis of the same regulations and the same high level of security. If necessary, data processing agreements will be concluded to ensure the necessary level of data protection.

We use appropriate lawful processes to transfer personal information across national borders within the lawful framework. If we rely on the Standard Contractual Clauses (also known as Model Clauses) to facilitate this sharing, we will comply with the terms of those clauses, even if those terms and this notice conflict.

We will not sell or otherwise transfer your personal information outside of our group of companies, except:

• To service providers who perform services on our behalf. We only share your personal information with service providers that we have contractually obligated not to process or share the information, except to perform services for us or to comply with legal obligations;
• to comply with legal obligations, including but not limited to responding to requests from law enforcement or other government regulators;
• to investigate suspected or actual illegal activity;
• to prevent personal injury or financial loss; or
• to support the sale of our business or a transfer of some or all of our business or assets (including in the event of bankruptcy).

storage

We retain your personal information for as long as we have an ongoing relationship with you or as necessary to achieve the purpose for which it was collected, typically for the duration of a contractual relationship and for the period thereafter where required by law or permitted under applicable law.

Your rights as a data subject

• You have the right, at reasonable intervals and without undue delay or cost, to a copy of any data that we process about you.
• You have the right to have inaccurate or outdated personal data rectified or updated.
• You have the right to have your personal data deleted.
• You have the right to object to the processing of your personal data, unless this processing is required by law. If the objection is justified taking into account the specific situation, the processing must be stopped.
• In principle, you have the right to request the transfer of your data to you. Data portability means providing your personal data in a structured, commonly used and machine-readable form that ensures it can be easily transmitted to other companies. The right to data portability is subject to restrictions, ie it does not apply to paper documents and must not prejudice the rights of others or sensitive company data.
• You can request that decisions not be made solely on the basis of automated decision-making processes if those decisions produce legal effects or significantly affect you.
• You have the right to withdraw consent previously granted for a specific purpose where that consent is the legal basis for the processing of your personal data.

We respect these rights and have processes in place to respond to people who wish to exercise these rights. If you would like to know who the data controller relevant to you is or have any other questions about your data, please contact our Privacy Officer at the email address below.

Security

We strive to ensure the security of your processed personal data and to implement appropriate technical measures and security policies that protect your data from:

• Unauthorized Access.
• Improper Use or Disclosure.
• Unauthorized Modification.
• Unlawful destruction or accidental loss.

All our employees and any third parties that we engage to process your personal data are obliged to respect the confidentiality of your data.

Privacy concerns and contact options

If you have any concerns about an alleged breach of data protection law or any other regulation by us, please contact our Privacy Officer at the email address below.

A Privacy Officer will be made available to you to investigate your complaint and will provide you with information on how the complaint is being handled.

If we do not respond to your requests or give you a good reason why we cannot, you have the right to contact the supervisory authority to lodge a complaint.

Changes to our privacy policy

We reserve the right to change, modify and update this privacy notice at any time. Check regularly that you have read the most recent notice.