This is the Privacy Notice of Wavin B.V. (Stationsplein 3, 8000AD, Zwolle, the Netherlands) and its affiliates (hereinafter: “Wavin”, “we”, “our” or “us”).
This Privacy Notice (“Notice”) describes the basis on which we process your Personal Data when you purchase our products or services, visit our premises, use our applications (such as the Loyalty App and Sentio App), interact with us or otherwise make use of our services (such include webinars, training, tradeshows etc.) ("Services") or are a supplier of Wavin.
The Wavin entity that is responsible and acts as a “data controller” (data operator) for the Personal Data collected in light of the provision of the Services, is the Wavin entity with whom you have concluded a contract, whose premises or website(s) you have visited or with whom you interacted in any other way. An overview of the applicable responsible Wavin entities and, where applicable, their representatives, can be found here.
If you are based the United Arab Emirates you hereby expressly acknowledge and agree that by using our Services or by otherwise providing us with your Personal Data (as defined below) we are permitted to process your Personal Data in line with this Notice, including any transfer of your Personal Data outside of the United Arab Emirates. If you do not wish us to process your Personal Data as set out in this Privacy Notice, you should not use our Services or otherwise provide us with your Personal Data. To the extent to which our processing of your personal data is also caught by the EU General Data Protection Regulation 2016/679 (“GDPR”), the consent secured under this paragraph is not intended to form the legal basis for processing under that law. Our lawful bases for processing under the GDPR are set out under Section 2 of this Privacy Notice.
1. PERSONAL DATA WE COLLECTFor purposes of this Notice, "Personal Data" means any information through which we can identify you as an individual. The Personal Data we collect about you when you visit our Website or make use of our Services include the following:
- Your personal information, including contact details. This includes your first and last name, title, gender, job title, company name, address, email address, telephone number and “myWavin” account information, including username (email address) and password.
- Your contract/financial details. The contract and financial information that has been disclosed to us and can be linked to you as a customer representative, such as contract information, payment method, payments made or due (including invoice details), details of authorised persons(s) on the accounts, payment transaction reference, transaction data including transaction history, your authorisation by the company you represent and, if applicable, your identity document (passport or driver’s license).
- Recording of video footage. When you enter or buildings or premises, you are recorded by our video surveillance systems (CCTV). You can also be recorded on video footage during events or fairs that we organize and during which we make video footage.
- Log of visitors at our premises. This includes first and last name, time of arrival and departure and, if applicable, vehicle registration number.
- Your use of our Services. We collect information relating to your use of our Services, such as which purchases you make on behalf of your company, the amount and date of your purchase, the product or service you purchase, location of purchase, product usage, functional classification etc.
- Your picture. Where requested we collect your picture to identify you as customer representative.
- Your communication data. Your requests, any complaints you may have and any other (engagement) data that we receive if you communicate with us via e-mail, by telephone, online or via social media.
- Any other Personal Data. This includes any Personal Data that you disclose to us during the course of your contractual relationship with us, either voluntarily or upon request.
2. WHAT WE DO WITH YOUR PERSONAL DATAWavin collects and uses your Personal Data for the purposes below. For the purposes of compliance with GDPR, those are also the lawful bases on which we process your Personal Data.
For the performance of our agreement with you: To carry out the agreement that we concluded or will conclude with you on behalf of your company and to provide you with the information and Services you request. For instance, we will need to process your Personal Data in order to deliver products and invoices, keep in contact with you, manage and handle requests, manage your “myWavin” account, provide (technical) support or customer service, facilitate webinars, training or tradeshows, provide essential information regarding the Services, etc.
For our legitimate commercial interests: This includes the following:
- to send (personalized) marketing (such as newsletters via email) to our existing customers for the purpose of advertising our products and services or otherwise engaging with our customers for marketing or commercial purposes (e.g. via email, telephone or hardcopy post), provided that you have not opted out.
- to manage our internal client database (CRM) system, in order to keep track of our financials and Services.
- to personalize our Services, such including, online ordering, calculation tools, BIM content, e-learning, technical drawings and/or price lists.
- to better understand you as a customer (customer optimization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve you and others and to deliver relevant and targeted advertising (both on our own Website and on other websites (including social media)).
- to operate and expand our business activities and Services.
- to obtain feedback on our products and Services and develop and improve the quality of our Services (e.g. by conducting customer satisfaction surveys).
- to operate company policies and procedures, such as for training and learning purposes.
- to ensure and protect the integrity, security and safety of our systems, buildings and premises. This includes the prevention of unauthorized persons from accessing our premises and protecting our facilities.
- to enable us to make corporate transactions, such as mergers, sales, reorganizations, transfer of our assets or business or acquisitions.
- other legitimate business purposes permitted by applicable law.
Use of information based on your consent: We may use your Personal Data referred to above in the section ‘Personal Data we collect’ to send you marketing communications (such as newsletters, promotions, news on products or service updates) via email, other electronic means or telephone, subject to your consent (e.g. in light of our newsletter subscription).
We may also ask for your consent to process certain Personal Data for other specific purposes, where necessary in order to secure consent pursuant to the GDPR. If we do so, we will provide you with full details of the Personal Data that we would like to process and the reason we need it, so that you can carefully consider whether you wish to consent.
From a GDPR standpoint, you can withdraw your consent at any time; see the Section 7 regarding Your rights below.
To comply with our legal obligations: Any information referred to above in the section ‘Personal Data we collect' may be used to comply with a legal obligation to which we are subject, such as maintaining appropriate business records, complying with lawful requests by governmental agencies and public authorities and to comply with applicable laws and regulations or as otherwise required by law.
3. HOW WE SHARE YOUR DATATo fulfill the purposes described above, from time to time we share your Personal Data with other companies that assist us in delivering our Services. These companies will have access to your Personal Data, but only when strictly necessary to perform their services. We do this on a strict need-to-know basis and we ensure that before we share your Personal Data we enter into contractual agreements with these companies. These companies are:
- Other entities within the Wavin Group. we will share your Personal data internally between the responsible Wavin entities to the extent required for internal administrative purposes, management purposes or other business related purposes as described in this Notice. An overview of the relevant responsible Wavin entities can be found here.
- Service Providers and Processors. We engage third party vendors, from time to time, including:
- Business partners, suppliers (such as IT service providers) and sub-contractors for the performance of any contract we enter into with them or to provide services on our behalf;
- Professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to us);
- Financial institutions, mostly to carry out credit related investigations regarding our customers;
- Telemarketing companies and other advertising companies that assist us or that carry out marketing activities on our behalf; and/or
- Analytics and search engine providers that assist us in the improvement and optimisation of our Website and Services.
- Third parties in case of legal requirement. We also disclose your Personal Data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process served on us, or to protect the rights or safety of the Website, us or our affiliated companies.
- Third parties in case of a corporate transaction. In addition, information about our customers, including Personal Data, may be disclosed as part of any merger, sale, transfer of Wavin’s assets, acquisition, bankruptcy, or similar event.
- With consent. We also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so. As per the introductory section to this Notice, if you are based the United Arab Emirates, your continued used of our Services constitutes your consent to such disclosure in each of the cases listed above within this Section 3.
4. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATASubject to compliance with local law requirements, the recipients of Personal Data described in Section 3 may be located inside or outside your own country, in countries whose laws regarding data protection may not offer an adequate level of protection compared to the laws in your country. For example, not all countries outside the European Economic Area ("EEA") offer the same level of protection as in the EEA.
Wavin will take all necessary measures to ensure that transfers out of your country are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, Wavin may base the transfer on appropriate safeguards, such as the EU standard contractual clauses adopted by the European Commission or other approved data transfer or certification mechanisms together with binding and enforceable commitments of the recipient. In each instance, Wavin will review the transfer and ensure that any additional technical and organizational measures are put in place to ensure that an adequate level of protection is provided. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request using the contact details provided in Section 10 below.
5. SECURITYWavin will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Notice. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.
6. DATA RETENTIONWe retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary to comply with legal obligations (such as fiscal or legal obligations) or to defend a legal claim. If you would like to receive further information on how long we store your Personal Data, please contact us using the contact details provided in Section 10 below and specify your request.
7. YOUR RIGHTSWavin will comply with your privacy rights consistent will all local legal requirements. Any individual may inquire as to the nature of the Personal Data stored or processed about him or her by Wavin or through a third party authorized by us.
Subject to the conditions set forth in the applicable law of your jurisdiction, and to the extent to which our processing of your Personal Data is subject to the GDPR, you have the right to access, right to rectification, right to erasure, right to restrict data processing, right to object against profiling and your right to data portability. If you are not sure whether our processing of your Personal Data is subject to the GDPR, please do not hesitate to contact us using the information set out under Section 10 below.
Further, to the extent Wavin relies on its legitimate interests to process your Personal Data under the GDPR, you have the right to object to such use (unless Wavin can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims).
In the event that, under the GDPR, your Personal Data is processed on the basis of your consent, you can withdraw consent at any time by contacting us, using the contact details provided below, without affecting the lawfulness of processing based on consent before its withdrawal. If you are the United Arab Emirates, withdrawal of your consent may affect your ability to continue to use our Services.
Finally, if you are unsatisfied with how we process your Personal Data or if you believe that your data protection rights have been violated, you may have the right to lodge a complaint with the supervisory authority depending on the country where you live or work or where you believe your rights have been infringed.
If you have any questions or if you wish to exercise one of your rights under applicable local privacy laws or submit any objections regarding the processing of your Personal Data, please use the contact details provided in Section 10 below and specify your request.
We will respond to your request as soon as possible and consistent with applicable law. If a request is denied, the reason for the denial will be communicated within such response.