Global Vendor Privacy Policy - English
Table of contents
1. Introduction
2. Definitions
3. Entity Responsible for Processing Your Personal Data
4. Types of Personal Data We Collect
5. Purposes for Processing Your Personal Data
6. Lawfulness of the Processing
7. Who We Share Your Personal Data With
8. Storage, Security and Transfers of Personal Data Outside the EU/EEA
9. Retention of Personal Data
10.Your Data Privacy Rights
11.Updates to this Policy
12. References
13. Contact details
1. Introduction
Hager together with its affiliates ("Hager", "we" or "us") has issued this Global Vendor Privacy Policy (hereafter "Policy") to describe how we handle Personal Data that we hold about Vendors (hereafter also referred to as "you").
We respect the privacy rights of individuals and are committed to handling Personal Data responsibly and in accordance with applicable law. This Policy sets out the Personal Data that we collect and process about you, the purposes of the Processing and the rights that you have in connection with it.
If you are in any doubt regarding the applicable standards, or have any comments or questions about this Policy, please contact us as described in the section "Contact Details" below.
2. Definitions
"Hager" means headquarters and any company or entity that is directly or indirectly controlled by or under common control with headquarters where control means either (i) direct or indirect ownership or control of more than 50% of the voting interests of the subject company or entity, or (ii) the ability to control the activities of the subject entity through contractual rights.
"Personal Data" means any information about an identified or identifiable natural person who is the business contact person of a Vendor. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" or "Processed" means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Vendor" means any supplier, vendor, distributor, reseller, agents consultant, professional adviser, interim agencies (who provide all types of contingent and non-permanent workers) independent workers and any other third party with whom Hager has entered into a business relationship and who are providing services or products to Hager.
3. Entity Responsible for Processing Your Personal Data
Each Hager affiliate is responsible for the Processing of Personal Data it collects from its respective Vendors. For more details concerning the Hager affiliate who is your data controller, please contact us as indicated in the section "Contact Details" below.
4. Types of Personal Data We Collect
In the context of your relationship with Hager, we may process the following Personal Data about you.
- Identification data – such as your name, pictures.
- Contact details – such as business address, telephone, email address, etc.
- Professional details – such as job title/position, affiliated organization, office location, skills and competences, etc.
- Financial characteristics – such as account number, bank details and credit reports.
- National identifiers – such as tax ID, VAT number and social security number.
- Information relating to your sales history with us.
- Background checks such as criminal records.
- CCTV footage and voice recordings.
- Time records for interims.
- Location data for certain Vendors.
5. Purposes for Processing Your Personal Data
We collect and Process Personal Data about our Vendors for the following purposes:
- for the purpose of general business relationship management within Hager and for contractual purposes;
- to manage our daily business activities such as executing payments;
- to manage any queries, complaints or claims relating to the services you provide to Hager;
- for marketing, advertising and public relations purposes, in connection with Hager's business activities, products and services, and to inform Vendors about important developments within Hager;
- to manage Vendor account profiles on our websites (f.e. My Hager, MyDiagral) and to give access to such profiles;
- where necessary to comply with laws and regulations, under judicial authorization, or to exercise or defend the legal rights of the Hager affiliates;
- to help us conduct our business more effectively and efficiently, or check and improve the quality of our products and/or services;
- to carry out research and development with various Hager partners;
- to provide technical education and training to our Vendors ;
- to investigate violations of laws or breaches of Hager policies, contractual agreements, ethical charter and codes of conduct,including when reported via our Ethical Hotline;
- for building security and videosurveillance;
- to give access to Vendors and for time recording;
- to locate certain Vendors for security purposes;
- for analysis and performance measurement;
- to carry out telephone recordings for quality assurance purposes;
- for online and offline customization and profiling.
6. Lawfulness of the Processing
We collect and process Personal Data where necessary to perform our agreement with you (i.e. to manage our business relationship with you). In some cases, we may need to process your Personal Data where required to comply with applicable laws. In such case, the Processing of your Personal Data is necessary for us to comply with a statutory or contractual requirement. Without your Personal Data, we cannot manage our relationship with you, nor comply with applicable laws.
Where required by applicable law, we will ask you to give your prior consent before processing your Personal Data (e.g. to geo-locate certain Vendors on our premises).
In all other cases, we will process your Personal Data where such Processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., in the context of our general internal business operations).
7. Who We Share Your Personal Data With
We take care to allow access to Personal Data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we allow a third party to access Personal Data, we will implement appropriate measures to ensure the information is used in a manner consistent with this Policy and that the security and confidentiality of the information is maintained.
7.1. Disclosures to Hager affiliates
We may share your Personal Data with, or give access to, other Hager affiliates in order to facilitate the management and administration of our Vendor accounts and for other legitimate business purposes.
7.2. Disclosures to third party service providers
In addition, we make certain Personal Data available to third parties who provide data processing services to us, for example, in the context of IT platform management or support services, infrastructure and application services, marketing, data analytics etc. We may also disclose Personal Data to external consultants, lawyers and advisors and in accordance with applicable data protection laws.
7.3. Disclosures to public authorities
We also disclose Personal Data to public authorities, such as national social or tax authorities, in accordance with applicable laws.
7.4. Disclosures to other third parties
We may also disclose Personal Data to other third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
- In response to lawful requests by public authorities (including for national security or law enforcement purposes);
- As necessary to establish, exercise or defend against potential, threatened or actual litigation;
- Where necessary to protect the vital interests of another person;
- In connection with the sale, assignment or other transfer of all or part of our business;
- With your consent.
8. Storage, Security and Transfers of Personal Data outside the EU/EEA
Hager stores all Personal Data on its servers that are located within and outside the European Union (EU) and the European Economic Area (EEA). Hager maintains appropriate administrative, technical and physical safeguards designed to help maintain the confidentiality and integrity of Personal Data and to protect it against accidental or unlawful destruction, accidental loss, unauthorised alteration, disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in its possession. In adherence with data protection laws and internal policies, Hager addresses security at all appropriate technology infrastructure points.
Hager operates at a global level, and consequently, in limited cases we may need to transfer some Personal Data to countries other than the ones in which your Personal Data was originally collected, for example, to facilitate the vendor relationship management at a global level. Some of these countries may be located outside the EU/EEA. Where that is the case, Hager will implement appropriate or suitable safeguards to ensure that an adequate level of protection is provided to Personal Data that is transferred outside the EU/EEA, such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law. If you wish to obtain a copy of the safeguards we have in place, please contact us as described in the section "Contact Details" below.
9. Retention of Personal Data
We will store your Personal Data for as long as we have an existing relationship with you and otherwise as required by applicable law. Generally this means your Personal Data will be retained until the end of your contractual relationship with us and as long we have an ongoing legitimate business need to do so. Personal data will be kept for direct marketing purposes for as long as you have not opt-out from receiving marketing communications.
10. Your Data Privacy Rights
The following rights are available to you under applicable data protection laws:
- The right to obtain confirmation as to whether or not Personal Data concerning you are being processed and, where that is the case, the right to access your Personal data and obtain a copy;
- The right to obtain the rectification of inaccurate Personal Data and to have incomplete Personal Data completed;
- The right to obtain the erasure of your Personal Data and to restrict the Processing of your Personal Data on certain legal grounds.
- The right to object to Processing of your Personal Data, on grounds relating to your particular situation, where such Processing is necessary for the purposes of Hager's legitimate interests,unless Hager has compelling legitimate purposes for Processing your Personal Data;
- The right to request the portability of your Personal Data where the Processing is based on your consent or on a contract and the Processing is carried out by automated means.
- The right to withdraw your consent at any time if the Processing of your Personal Data is based on your consent. Withdrawing your consent will not affect the lawfulness of any Processing we conducted prior to your withdrawal, nor will it affect Processing of your Personal Data conducted in reliance on lawful Processing grounds other than consent.
- You also have the right to opt-out of electronic marketing communications we send directly to you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing communication we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details described in the section "Contact Details" below.
- The right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here.)
If you wish to exercise any of the rights described above, please contact us as described under Section "Contact Details" below. We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
11. Updates to This Policy
This Policy may be updatedto reflect any necessary changes in our privacy practices. In such cases, we will inform you on our HagerGroup website and indicate at the top of the Policy when it was most recently updated. We encourage you to check back at this website periodically in order to be aware of the most recent version of this Policy.
12. References
This Policy may be supplemented by other policies and procedures (including where required to comply with data protection laws in different countries), which can be found on our HagerGroup website.
13. Contact Details
Please address any questions or requests relating to this Policy, or raise any concerns, by email at vendorprivacy@hagergroup.com.