In this policy ADEX describe how and for what purposes ADEX collects and uses personal data. ADEX respects the privacy of data subjects and will treat personal data in compliance with the applicable laws, in particular data protection laws, including the General Data Protection Regulation (“GDPR”).
1. WHOSE... personal data is being used?
ADEX may collect and handle personal data in relation to contact persons of its business partners (including customers) and visitors of its website(s).
2. WHAT... personal data is being used?
With respect to its business partners, ADEX will collect and handle the name and contact details of its contact persons and any other information that may be specifically asked for by us or made available by our business partners to us. With respect to our website visitors we collect and handle the personal data that they input on our website. Besides, Company’s servers automatically record certain data, such as URL, IP address, browser type and language, and the date and time of the visit to the website.
3. WHY... is the personal data being used?
We shall use of the personal data in the normal course of business. More specific, the purposes will include the following
- legal and compliance purposes;
- sending personalized content and newsletters, mail, e-mails, features, promotional material, surveys and other updates;
- delivering products and services and otherwise performing our agreements;
- facilitating the online experience on the Company’s website(s);
- to test information security measures of Company, e.g. by performing pen tests;
- any other purposes that we may notify our business partners and data subjects of from time to time.
The use of data is based on the following legal grounds mentioned in the GDPR:
- the conclusion and performance of a contract with Company;
- to achieve the legitimate business interests of Company;
- to protect a vital interest of a natural person;
- compliance with a legal obligation to which ADEX is subject or with the consent of the data subject.
4. WHOM... does ADEX share personal data with?
ADEX may make use of processors to support certain of our business functions for the purposes set out above. If and insofar as these third parties process personal data while doing this, they will do so on the basis of a processing agreement in accordance with the GDPR. ADEX will only supply personal data to surveillance, tax and investigative authorities if ADEX is obliged by law to do so. Only where a data subject has given his/her unambiguous consent beforehand, we may share the personal data with third parties who advertise in and around our programs and digital extensions, provide sponsorship and offer prizes, etc.ADEX operates its business globally through its parent companies and its ultimate parent Aalberts industries N.V. in the Netherlands, affiliates and other related companies. The details of Aalberts Industries’ global operations are available on the website www.aalberts.com. With the globalization of the business, the internal need to share information within the Group is also becoming more important in order to meet operational needs, for shared sales and marketing activities and to comply with legal requirements. Personal information may therefore be shared amongst affiliates for the purposes mentioned above under WHY.
Sometimes it may be required to transfer personal data outside the European Union. ADEX will in such case only transfer the data in accordance with the applicable law and additional legal safeguards implemented by ADEX. Also where countries outside the European Union so not offer adequate safeguards for the protection of personal data, ADEX will satisfy the requirements the GDPR, e.g. by ADEX using contracts approved by the European Commission for the transfer of data to such countries.
5. WHAT... rights do data subjects have?
ADEX endeavours to only collect the minimum amount of personal data required. ADEX shall only retain personal data for the terms included in its data retention policy. Any data subject can request:
- to be provided with a copy;
- to correct;
- to delete the personal data kept on file by Company;
- to restrict the processing of the personal data;
- to object to the use of the personal data or;
- to exercise any rights of data portability (i.e. to transfer the personal data), in accordance with applicable local laws including the GDPR.