2. For what purpose do we use your Personal Data?
We will always process your personal data based on one of the legal basis provided for in the EU GDPR (Articles 6 and 7). We will process your data for specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support its business activities (Article 5 and 25(2) EU GDPR).
We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate services and products:
- providing our services and performing the agreement;
- maintaining administration, as well as other internal management tasks;
- the calculation, recording and collection of amounts due, including the assignment of claims to third parties;
- to handle your request for information;
- to contact you and to answer any of the questions you might have asked;
- being able to inform you about any other of our products and services that may be interesting to you and to make you new offers;
- to manage your customer account;
- to provide, improve, and develop our products, services, and advertising;
- to ensure that content from our site is presented in the most effective manner for you;
- to use personal information for purposes such as data analysis, research, and audits;
- to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;
- complying with legal obligations, such as the administration and retention obligation;
- settling any disputes.
In addition, we may process your personal data for other purposes in case you have given us separate consent. Please be aware that you are entitled to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal thereof.
Also, subject to obtaining your express prior consent, we may also collect and process your personal data for the following purposes:
- to provide you with information which we feel may be of your interest;
- to allow you to participate in interactive features of our services, when you choose to do so;
- to manage your subscription to the newsletter;
- to share your personal information with third-party partners who may send you marketing communications in relation to their products and services;
- for making business analysis.
3. What is the Legal Basis for the Processing of Personal Data?
The processing of your personal data is based on the following legal grounds:
1. consent given by you;
2. for the performance of the contract with you;
3. legal obligations (e.g. tax legislation); and
4. for the purpose of our legitimate interests.
For the processing of personal data that does go beyond what is strictly necessary for the provision of our services, which is not based on a statutory duty, nor on your consent, Teijin Aramid relies on what is called a “legitimate interest”. That legitimate interest lies in everything that is necessary for the normal management and continuity of our business operations. Of course we take your privacy into account. If you feel that we are violating your privacy, you are free to file a complaint (see below).
4. What types of Personal Data do we use?
- Name, Surname
- Home Address
- Identification number (e.g., customer number)
- Location data
- Email address (personal / professional)
- Telephone number (personal / professional)
- Online identifiers (IP address / cookie identifiers)
- Credit card / bank account information
- Recorded customer phone calls
- Video surveillance (CCTV footage)
- Recruitment information (e.g., CV, certificates, marital status, date of birth, reference letters).
5. Mandatory provisions
When we ask you for personal data, we will state for each situation whether the provision of the data is necessary or mandatory and what the (possible) consequences are if the data is not provided. The basic principle here is that Teijin Aramid will not process more personal data than necessary for the purposes described above.
6. Transmission to Third Parties
We may share your personal data with our Company entities and with third parties in accordance with the EU GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26,28 and 29 EU GDPR).
Subject to your prior consent, your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. Your personal data will only be shared by us with the partners in order to provide or improve our products, services and advertising.
We may share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys.
Corporate Affiliates and Corporate Business Transactions
We may share your personal data with all Company’s affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
7. Transfer to abroad
Your personal data may be processed in countries outside the EEA. Where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place in order to cover such transfers (Articles 44 ff. EU GDPR).
First of all, transfer of personal data to a third country may take place on an adequacy decision of the European Commission. This means you can transfer personal data to third countries who are recognized as providing adequate protection. Click here to find out which countries outside the EU offer an adequate level of data protection.
When the transfer cannot be based on an adequacy decision, Teijin Aramid has to provide appropriate safeguards to transfer personal data to a third country. Teijin Aramid has taken appropriate safeguards. Transfers to third countries, which cannot be based on an adequacy decision, will only take place based on Binding Corporate Rules or Standard Contractual Clauses.
8. Our Records of Data Processes
We handle records of all processing of personal data in accordance with the obligations established by the EU GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the EU GDPR and cooperate with the supervisory authorities as required (Article 31 EU GDPR).
9. Security Measures
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
We use appropriate technical or organizational measures to achieve this level of protection (Article 25(1) and 32 EU GDPR).
10. Retention Period
11. Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 EU GDPR).
12. Processing likely to result in High Risk to Your Rights and Freedoms
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 EU GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the EU GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 EU GDPR).
13. Automated Decision Making and Profiling
We can make use of profiling. We can use profiling so that we inform you based on your interests and geolocation. For example, if you are particularly interested in the product Twaron®, we can keep you informed on that topic. In addition, the data is used for marketing and statistical purposes.
14. Your Rights
You have the following rights:.
- Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 EU GDPR).
- Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information (Article 15 EU GDPR).
- Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 16 EU GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 EU GDPR).
- Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply (Article 18 EU GDPR).
- Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply (Article 21 EU GDPR).
- Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply (Article 20 EU GDPR).
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply (Article 22 EU GDPR).
If you intend to exercise such rights, please refer to the contact section.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.
16. Links to other sites
We may propose hypertext links from the website on which this policy is stated to third-party websites or internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
For reporting matters in the field of security, privacy, the right to forgetfulness, EU GDPR and other related topics, please contact: ITServicedesk@teijinaramid.com