Data Protection Information

Data Protection Information

PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS - California Privacy Policy - Effective March 29, 2021

We, Westlake Compounds Holding, S.A.S., a subsidiary of Westlake Chemical Corporation, provide the Westlake Global Compounds website under the web address www.westlakeglobalcompounds.com. In context with the website, we process personal data.

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, including the European Union’s General Data Protection Regulation (“GDPR”).

In Section A of this Data Protection Information we provide you with information about the controller responsible for the processing of your personal data.

In Section B you find information about the processing of your personal data.

In Section C you find more detailed information on the use of cookies or similar technologies.

In Section D you further find information on your rights regarding the processing of your personal data.

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the GDPR. You will find more detailed information about this in Section E.

  Table of Contents
A Information on the controller
B Information on the processing of personal data

I. Informational use of the website

II. Use of web analysis technologies

III. use of online contact forms

C Information on the use of cookies

I. General Information on cookies

II. Management of the cookies used on this website

III. Cookies used on this website

D Information on the rights of data subjects

I. Right of access

II. Right to rectification

III. Right to erasure ("right to be forgotten")

IV. Right to restriction of processing

V. Right to data portability

VI. Right to object

VII. Right to withdraw consent

VIII. Right to lodge a complaint with a supervisory authority

E Information about the technical terms of the GDPR used in this Data Protection Information
F Effective date of and changes to this Data Protection Information

 A. Information on the controller

Westlake Compounds Holding, S.A.S.
1 bis rue Maurice Hollande, 51100 Reims, France
privacy@westlake.com
+33 (0) 3 26 36 75 88

B. Information on the processing of personal data

I. Informational use of the website

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server by the browser used on your device for technical reasons. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a so-called “web server log file”.

In order to provide the search functions of our website, data that you enter into our search functions is temporarily processed on our web server.

In order to provide the administrative functions for cookie consent for this website, data from strictly necessary cookies (➡ Section C) is temporarily processed on our web server in order to determine whether you have already given your consent, the next time you visit the website.

You receive more detailed information on this below:

1. Details on the personal data which are processed
Categories of personal data processed Personal data included in the categories Sources of the data Obligation of the data subject to provide the data Storage duration
HTTP Data

Protocol data which accrue when visiting the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons:

These include IP address, type and version of your internet browser, operating system used, last site accessed before visiting the site (referrer URL), date and time of visit.

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the requested website content.

Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g., a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Search Function Data

Data that you enter into the search functions of our website:

These include all information that you enter as search terms in the respective search form on the website.

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the requested function of the website.

Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g., a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Opt-In Data

Data that you provide for the management of cookie consents for this website and data that is assigned to your device, when using the function to manage the cookie consents:

These include, in particular, your consent and, where applicable, your individual selection for the use of cookies on your device.

(For the management of cookie consents, we use strictly necessary cookies. You can find detailed information on the content of the cookies used in Section C.III.)

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot take any cookie consents on this website into account.

Two years

(The cookies used for the management of cookie consents are stored on the user’s device. You can find more information on the validity period of the cookies used in Section C.III.)

2. Details on the processing of the personal data
Purpose of processing the personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient

Providing the website content requested by the user:

For this purpose, data are temporarily processed on our web server.

HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is the provision of the website content requested by the user.

Hosting Provider

Providing the search functions of our website:

For this purpose, data that you enter into our search functions is temporarily processed on our web server.

HTTP Data

Search Function Data

No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is the provision of the search function of the website requested by the user.

Hosting Provider

Providing the cookie consent management function for this website as well documenting cookie consents:

When the site is visited again, we determine whether you have already given consent and activate the cookies as well as associated analysis and web tracking technologies based on your consent.

(For this purpose, data from strictly necessary cookies are processed temporarily on our web server. You can find detailed information on the content and the purposes of the cookies used in Section C.III.)

HTTP Data

Opt-In Data

No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is the management of the cookie consents given by the user for this website.

Hosting Provider

Ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data are temporarily stored and evaluated in log files on our web server.

HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks).

Hosting Provider
Providing reliable access to the site by supporting the server on which the site sits; creating, organizing, and compiling the content, graphics, and design that make up the site. HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is providing reliable access to the site and its content, and making the site visually appealing and engaging.

IT Service Provider
Providing a stable, secure platform for the site; troubleshooting functionalities and design features; enhancing the performance and security of the site HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is providing a stable and secure site and making repairs and improvements as needed

IT Service Provider
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations

Hosting Provider

(currently: Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States)

Processor United States

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above).

IT Service Provider:

Planit Advertising, Inc. (1414 Key Highway, Suite 100, Baltimore, MD, 21230, USA) and Ameex Technologies Corp. (1701 East Woodfield Road, Suite 710, Schaumburg, IL, 60173, USA)

Processor United States

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above).

II. Use of web analysis technologies

Upon your consent, we will use web analysis technologies to record and analyse the usage behaviour on our website with the purpose of improving the website and of better achieving the website’s objectives (e.g., increase in number of page visits).

For this purpose, we use cookies ( ➡ Section C ).

You will find more detailed information on this in the following:

1. Details on personal information which are processed
Categories of personal data processed Personal data included in the categories Sources of the data Obligation of the data subject to provide the data Storage duration
Google Analytics HTTP Data

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool Google Analytics is used:

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out a web analysis by means of Google Analytics.

18 months
Google Analytics Device Data

Data that is assigned to your device by the web analysis tool Google Analytics:

These include a unique visitor ID for recognising returning visitors.

(For the web analysis tool Google Analytics, we use cookies. You can find detailed information on the content of the cookies used in Section C.III.)

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out a web analysis by means of Google Analytics.

We process the data only temporarily for the period the website is used.

(The cookies used for the web analysis tool Google Analytics are stored on the user’s device. You can find more information on the validity period of the cookies used in Section C.III.)

Google Analytics Profile Data

Data generated by the web analysis tool Google Analytics and stored in pseudonym usage profiles:

These include data about the use of the website, in particular page visits, frequency of visits and time spent on the pages visited, which is matched with the unique visitor ID of the respective visitor, stored in the Google Analytics Device Data.

Generated by us   18 months
2. Details on the processing of personal data
Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient

Improvement of the website and further achievement of the objectives of the website (e.g., increase in number of page visits):

For this purpose, the behaviour of users on our website is recorded and analysed. Users of the website are marked so that they can be recognised again on the website. Usage profiles are created from this information.

The objective of this process is to examine where users come from, which areas of the website they visit, how often they visit, how long they visit, and which subpages and categories are looked at.

For these purposes, we use the web analysis tool Google Analytics provided by Google. (For this purpose, data from cookies are processed temporarily on our web server. You can find detailed information on the content and the purposes of the cookies used in Section C.III.)

Google Analytics HTTP Data

Google Analytics Device Data

Google Analytics Profile Data

No automated decision-making takes place. Article 6 paragraph 1 point (a) of the GDPR (Consent) Google
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations

Google:

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Processor USA

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above). While we put strict contractual arrangements in place with our service providers in order to ensure the protection of your personal data, the level of data protection in the USA is still not comparable to the level of data protection in the EU. In particular, there may be a lower threshold for access to your personal data by governmental agencies and judicial redress mechanisms may not exist for all such governmental access. The transfer of personal data is therefore also subject to explicit consent pursuant to Article 49 Section 1 Point (a) of the General Data Protection Regulation.

III. Use of online contact forms

We offer you the possibility on the website to contact us using contact forms. We process the information provided by you in the contact forms to process your request. Where applicable, we also store the information for evidence purposes for any assertion, exercise or defence of legal claims or in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations.

When processing your request, we may forward your request to another Westlake company or to one of our sales agents, insofar as it is needed to fulfil your request or to deliver the service.

When the contact forms on our website are used, certain information (for example, your IP address) is, for technical reasons, sent to our server by the browser that is used on your device. We process this information in order to provide the contact forms on our website and to ensure the security of the IT infrastructure used to provide the contact form.

You receive more detailed information on this below:

1. Details on personal data which are processed
Categories of personal data processed Personal data included in the categories Sources of the data Obligation of the data subject to provide the data Storage duration
Contact Form HTTP Data

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the contact forms on our website are accessed:

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the requested website content.

Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Contact Form Data

Data you provide us with in contact forms on the website:

These include the information provided to us in the relevant website contact form, in particular your name, telephone number, email address and the content of your request.

User of the website

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot process your request.

Data are stored until your request has been dealt with.

We store these data for one year, but in the event of any legal disputes, then until such have been concluded.

2. Details on the processing of the personal data
Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient

Provision of the contact forms on the website

For this purpose, data are processed temporarily on our web server.

Contact Form HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is the provision of the website content requested by the user.

Hosting Provider

Ensuring the security of the IT infrastructure used for the provision of the contact forms, in particular for the detection, elimination, and conclusive documentation of incidents (e.g., DDoS attacks):

For this purpose, data are temporarily stored and evaluated in log files on our web server.

Contact Form HTTP Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is ensuring the security of the IT infrastructure used to provide the contact forms, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).

Hosting Provider

Processing of your request

For this purpose, we may forward data to particular Westlake companies and third-party sales representatives to the extent this is necessary for the performance of a contract between you and the controller or the implementation of pre-contractual measures taken at your request.

It may for example be necessary for the delivering of services on our behalf to forward your personal data to a particular sales agent, if you are located in a country that is part of a sales agent’s territory.

Contact Form Data No automated decision-making takes place.

If your request concerns a contract to which you are party or the performance of pre-contractual measures:

Article 6 paragraph 1 point (b) of the GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract).

Otherwise:

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

In this case, our legitimate interest is the processing of your request.

Westlake companies

Third-party sales representatives

Storage and processing for evidence purposes for any assertion, exercise or defence of legal claims Contact Form Data No automated decision-making takes place.

Article 6 paragraph 1 point (f) of the GDPR (pursuing legitimate interests under balancing of interests):

Our legitimate interest is assertion, exercise or defence of legal claims.

 
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations

Hosting Provider

(currently: Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States)

Processor United States

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above).

Westlake companies:

Westlake Akishima Co., Ltd., Palazzo Siena 8F, 2-4-6 Higashi-Shimbashi, Minato-ku, Tokyo 105-0021 Japan;

Westlake Compounds Mexico S. de R.L. de C.V., Calle Pedro Hinojosa, Col. Cd. Industrial, Matamoros 87499 Mexico;

Westlake Compounds Spain S.L.U., Calle Mar del Carib., 5 Santa Perpétua de Mogoda 08130 Spain;

Westlake Compounds Italy S.R.L., Via Milano, 201 Samarate 21017 Italy;

Westlake Compounds Germany GmbH , Am Färberwerder 11, Eilenburg 04838 Germany;

Westlake Compounds Vietnam Company Limited , No. 2, Road 15A, Bien Hoa Industrial Zone 2, Dong Nai Province 71000 Vietnam;

Westlake Compounds (Changshu) Co., Ltd., No. 16 Hai Ning Road, Advanced Material Industrial Park of Haiuy Town, Changshu Jiangsua 215522 China;

Westlake Catalyse, S.A.R.L., 139 Vioe Atlas, Zone Athélia 3 La Ciotat 13600 France;

Westlake Chemical Corporation, 2801 Post Oak Blvd., Suite 600, Houston, Texas 77056, United States

Controller Depending on the location of the relevant recipient, within or outside the EU.

For Westlake companies which are not located in the EU:

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above).

Third-Party Sales Representatives Controller Depending on the location of the relevant recipient, within or outside the EU.

For Third-Party Representatives that are not located in the EU:

There is no adequacy decision by the European Commission within the meaning of Article 45 Section 3 of the General Data Protection Regulation.

This transfer of personal data is subject to standard contractual clauses pursuant to Article 46 Section 5 of the General Data Protection Regulation and Article 26 Section 4 of Directive 95/46/EC. A copy of the standard contractual clauses can be obtained from us (see contact details in section A above).


4. Details about joint responsibility

For processing your request, we decide on the purposes and means of processing personal data along with other controllers. You will find more detailed information on this in the following:

Joint controllers Contact information Agreement between the joint controllers
Westlake companies, as identified in Section B.III.3 above. Contact details of the relevant Westlake company, as stated in Section B.III.3 above.

We will provide you with the essence of the agreement between us and the controller on request (for contact information, see Section A).

Should you require any further information or should you wish to exercise any data protection rights (see Section D for details on these rights) against any of the joint controllers, you may of course contact them directly. However, as a contact point for data subjects, we are also happy to assist and to coordinate your request with the relevant joint controllers.

C. Information on the use of cookies

We use cookies in connection with providing our website. We use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

You will find more detailed information on this below.

1. General information on cookies

Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the website is visited again with the same device, the cookie and the information it contains can be retrieved.

1. First-party and third-party cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookies Cookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller
Third-party cookies Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

2. Transient and persistent cookies

A distinction can be made between transient and persistent cookies depending on how long they remain active:

Transient cookies (Session cookies) Cookies that are automatically deleted when you close your browser
Persistent cookies Cookies that remain stored on your device for a certain period of time after the browser is closed

 

3. Consent-free cookies and cookies requiring consent

Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookies Cookies that are automatically deleted when you close your browser
Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (“strictly necessary cookies”)
Cookies requiring consent Cookies for all purposes of use other than the aforementioned
II. Management of the cookies used on this website

1. Granting consent to the use of cookies and management of cookies using a cookie dashboard

If a user’s consent is necessary for the use of certain cookies, we only use these cookies when you use our website if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on this website in Section C.III. of this Data Protection Information.

When you visit our website, we display a “cookie banner” in which you can declare your consent to the use of cookies on this website by clicking on a button. When you click on the button, you have the option of giving your consent to the use of all of the cookies described in detail in Section C.III. of this cookie information. You also have the option, by clicking on the “cookie dashboard” button, to choose individual cookies. In the “cookie dashboard” of this website, you also have the option of changing your individual selections at a later point in time.

We also store your consent and any individual cookies you have selected in the form of a cookie (“opt-in cookie”) on your device in order to determine, when you visit the website again, whether you have granted your consent. The opt-in cookie has a limited effective period of six months.

Strictly necessary cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.

2. Managing cookies using browser settings

You can also manage the use of cookies in your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at http://www.allaboutcookies.org/manage-cookies/.

However, we would like to point out that some functions of the website may not work properly or at all if you deactivate cookies in general in your browser.

III. Cookies used on this website

The following cookies may be used on this website:

Name First-party / third-party Purpose of use and content Effective term Consent necessary?
Opt-In-Cookies
Name First-party This cookie is strictly necessary to store your consent and any individual cookie use choices on your device in order to determine whether you have granted your consent at your next visit to the website. Persistent: 6 months No
cookie-agreed First-party / third-party Purpose of use and content Effective term Consent necessary?

Google Analytics cookies

These cookies are used by the web analysis tool Google Analytics to record and analyse the usage behaviour on our website, in order to improve the website (➙ Section B).
 ga First party This cookie contains a unique visitor ID and is used to distinguish different users from each other. Persistent: 2 years Yes
 gid First party This cookie contains a unique visitor ID and is used to distinguish different users from each other. Persistent: 24 hours Yes
 gat First party This cookie is used to throttle the request rate. Transient Yes

D. Information on the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

• Right of access (Article 15 of the General Data Protection Regulation)

• Right to rectification (Article 16 of the General Data Protection Regulation)

• Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation)

• Right to restriction of processing (Article 18 of the General Data Protection Regulation)

• Right to data portability (Article 20 of the General Data Protection Regulation)

• Right to object (Article 21 of the General Data Protection Regulation)

• Right to withdraw consent (Article 7 paragraph 3 of the General Data Protection Regulation)

• Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)

You may contact us for the purpose of exercising your rights using the contact information in Section A.

Where applicable, you may find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Information.

Below you find more detailed information on your rights with regard to the processing of your personal data:

I. Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the GDPR).

You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the GDPR.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the GDPR).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R067.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR).

You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR).

You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).

You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link:

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Data Protection Information. If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes. You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

VII. Right to withdraw consent

Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the GDPR, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the GDPR.

The supervisory authority responsible for us is: the Commission Nationale de l’Informatique et des Libertés

Commission Nationale de l’Informatique et des Libertés (“CNIL”)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
https://www.cnil.fr/en/home
+33 (0)1.53.73.22.22

E. Information about the technical terms of the GDPR used in this Data Protection Information

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the GDPR.

The full scope of the definitions of the GDPR can be found in Article 4 of the GDPR, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You will find more detailed information on the most important technical terms of the GDPR used in this Data Protection Information below:

“Personal data”

means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Data Subject”

means the respective identified or identifiable natural person, to which the personal Data refers to;

“Processing”

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Profiling”

means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“Controller”

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor”

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“Recipient”

means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party”

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“International organisation”

means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

“Third country”

means a country which is not a member state of the European Union (“EU”) or the European Economic Area (“EEA”);

“special categories of personal data”

means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

F. Effective date of and changes to this Data Protection Information

The effective date of this Data Protection Information is March 29, 2021.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.