Praesidiad is the group company of certain businesses, including Hesco, Betafence and Guardiar

Praesidiad General Data Protection Policy

Latest update: 25 May 2018

This general data protection policy (hereinafter: “Data Protection Policy”) governs the processing of your personal data by Praesidiad Group Limited (hereinafter: “Praesidiad”) and its affiliates (including Hesco, Betafence and Guardiar) as part of your visit to our websites (hereinafter: “Websites”), your communication with us via e-mail, telephone, fax and social media (hereinafter Social Media Channels”, e.g. Facebook, LinkedIn, Twitter, Pinterest and Google+) and in relation to any order or purchase or other interaction.

NOTE 1. This Data Protection Policy does not apply to the processing of personal data contained in any application of a person who is applying for a job at Praesidiad or its affiliates, either through use of the Websites, or by any other means. If you want information on how we process the personal data of applicants, please refer to our Applicants’ Data Protection Policy.

NOTE 2. If you want information on how we process personal data via cookies, social plugins and other types of tracking technology, please refer to our Cookie Policy.

1. IN GENERAL

1.1 Your personal data are processed by Praesidiad Group Limited, 8th Floor, The Gridiron Building, One Pancras Square, London, United Kingdom, N1C 4AG, with corporate registration number 10847053, and its affiliates (hereinafter: “Praesidiad”, “we”, “us”, “our”). You can contact us via e-mail at gdpr@praesidiad.com.

1.2 Any notion starting with a capital shall be defined by explicit reference in this Data Protection Policy. Where possible, given the context, singular words shall be interpreted as also including the plural and vice versa.

1.3 Where reference is made to certain laws or regulations, such reference shall also include any change, replacement or annulment of said laws or regulations, including any related executive decisions.

1.4 We reserve the right to modify, change or amend the Data Protection Policy at our own discretion and from time to time. Such modification, change or amendment shall be communicated via the Websites. If you do not accept the modifications, changes or amendments, you can inform us by sending an e-mail to gdpr@praesidiad.com. If we do not receive such an e-mail from you within three (3) business days after the changes to the Data Protection Policy have been announced on our Websites, you will be deemed to have unambiguously accepted all such changes.

2. TYPES OF PERSONAL DATA WE PROCESS

2.1 Whenever you use our Websites and Social Media Channels, we may collect:

• Technical information associated with the device you use, such as your IP-address, browser type, geographical location and operating system;

• Information concerning your browsing behaviour, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page.

2.2 Whenever you fill out a contact form on our Websites, or contact us via e-mail, telephone, fax or Social Media Channels, we may collect:

• The basic identity information you provide us with, including your name, e-mail address, postal address, telephone number, the company you work for, and your function;

• The content of your communication and the technical details of the communication itself (including the reason why you have contacted us and with whom you correspond at our end, date, time, etc.);

• Your preferences regarding the communication medium used;

• Your preferences regarding receiving our e-mail communications, such as newsletters, promotions, advertisements, etc.;

• Publicly available information from your profile on Social Media Channels;

• Any other personal data you choose to provide to us.

2.3 Whenever you have any other dealing with us, including placing an order to purchase something from us, visiting one of our sites or marketing operations or exhibitions, allowing us to place an order to purchase something from you or otherwise acting as a supplier for our business, we may additionally collect:

• Basic identity information, including name, e-mail address, postal address, telephone number, the company you work for, and your function;

• Financial data, such as your bank account number, VAT number, invoices or other data that we need to process your order or purchase;

• Any other personal data you choose to provide to us.

2.4 We receive all of the personal data listed above directly from you. It may happen that we receive additional information about your preferences and behaviour from our partners, such as Google. If you require more information about the personal data these parties process about you and make available to others, please consult their respective data protection policies.

3. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

3.1 We process your personal data to provide in a personalized and efficient way the information, products and services you request via the Websites, by e-mail, telephone, fax or Social Media Channels.

3.2 We process your personal data for marketing purposes. For example, to provide you with targeted communications, promotions, offerings and other advertisements of us and selected partners.

Unless you are an existing customer who has already purchased similar goods or services from us and who we wish to target with our own marketing material, we will only send you communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communication channels if you explicitly consented to receiving such communications, promotions, offerings, newsletters and other advertisements, or if such communication can be justified for the protection of our legitimate interests in accordance with applicable law.

3.3 We may process your personal data to perform statistical analysis so that we can improve and develop our Websites, products and services.

3.4 We may process your personal data to comply with our legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.

We may be required to collect and transfer your personal data to your financial institution or payment service provider to allow them to comply with their legal obligations, such as obligations under applicable anti-money laundering and counter-terrorism financing legislation.

3.5 We may process your personal data for the preservation of our legitimate interests, or those of our partners or a third party, in particular if and when your registration with or use of the Websites, Social Media Channels or other communication channels can be considered: (a) a violation of any applicable terms of use or the intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of the Websites, Social Media Channels or other communication channels, (c) a danger to the Websites, Social Media Channels or other communication channels or any of our or our subcontractors’ underlying systems due to viruses, Trojan horses, spyware, malware or any other form of malicious code, or (d) in any way hateful, obscene, discriminatory, racist, slanderous, spiteful, hurtful or in some other way inappropriate or illegal.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

4.1 For processing your personal data for the purposes outlined in Clauses 3.1 and 3.2 of this Data Protection Policy, we as the responsible party ask for your consent.

4.2 The processing of your personal data for the purpose outlined in Clauses 3.1 and 3.2 of this Data Protection Policy is also necessary for the protection of our legitimate interest to market and promote our products, services and brands and the overall successful commercialization of our products and services.

4.3 The processing of your personal data for the purpose outlined in Clauses 3.1 and 3.3 of this Data Protection Policy is necessary for the protection of our legitimate interest to continuously improve our Websites, Social Media Channels, products and services to ensure that you have the best experience possible.

4.4 The processing of your personal data for the purpose outlined in Clause 3.4 of this Data Protection Policy is necessary to allow us to comply with our legal obligations.

4.5 The processing of your personal data for the purpose outlined in Clause 3.5 of this Data Protection Policy is necessary for the protection of our legitimate interest to keep our Websites, Social Media Channels, products and services safe from misuse and illegal activity.

5. TO WHOM WE SEND YOUR DATA

5.1 We rely on third party processors to provide you our Websites and Social Media Channels, as well as to process your personal data on our behalf. These third party processors are only allowed to process your personal data on our behalf upon our explicit written instruction.

5.2 We may share your personal data with other entities within our Group. However, we will take appropriate measures to ensure that all entities within our Group take due care that all processing of your personal data is in line with what is set out in this Data Protection Policy.

5.3 Your personal data may be shared upon our own initiative with the police or the judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Websites, our Social Media Channels or other communication with us.

6. LOCATION AND TRANSFER

6.1 We process your personal data first and foremost within the European Economic Area (EEA). However, in order to process your personal data for the purposes outlined in Clause 3 of this Data Protection Policy, we may also transfer your personal data to other entities within our Group or to third parties who process on our behalf outside the EEA. Should such transfer take place, Praesidiad will ensure that there are safeguards in place to ensure the safety and integrity of your data as well as all rights with respect to your personal data you might enjoy under applicable mandatory law.

6.2 Each entity outside the EEA that processes your personal data shall be bound to observe adequate safeguards in order to ensure the safety and integrity of your data. Such safeguards will be the consequence of:

• The country of the recipient having legislation in place which may be considered equivalent to the protection offered within the EEA; or

• Of a contractual arrangement between us and that entity. All our entities are parties to a contractual agreement based on the European Commission’s Standard Contractual Clauses (controller-to-controller) (Commission Decision C(2004)5721).

7. QUALITY ASSURANCES

7.1 Your personal data are only processed for as long as needed to achieve the purposes listed under Clause 3 of this Data Protection Policy or, where we rely on your consent as the legal basis for processing, up until such time where you withdraw your consent for processing them. We will de-identify your personal data when they are no longer necessary for the purposes outlined in Clause 3 of this Data Protection Policy, unless there is:

• An overriding interest of Praesidiad, your financial institution, the payment service provider, or any other third party, in keeping our personal data identifiable;

• A legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.

7.2 You understand that an essential aspect of our marketing efforts involves making our marketing materials more relevant to you. This means that we build and use a profile of you based on relevant characteristics as outlined in Clause 2 of this Data Protection Policy to provide you with communications, promotions, offerings, newsletters and other advertisements about products and services that may interest you.

7.3 We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by our personnel or our third party processors will only be on a need-to-know basis and will be subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations which can never be guaranteed.

7.4 If you are registered to receive communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communication channels, you can change your preferences for receiving such communications, promotions, offerings, newsletters and other advertisements by following the opt-out link provided in such communications.

8. YOUR RIGHTS

8.1 You have the right to request access to all personal data relating to you that is processed by us. However, we reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for the purpose of causing us nuisance or harm.

8.2 You have the right to ask that any personal data relating to you that are inaccurate are corrected free of charge. If you submit a request for correction, such request must be accompanied by proof of the accuracy of the correction you are seeking.

8.3 You have the right to withdraw your earlier given consent for the processing of your personal data.

8.4 You have the right to request that personal data relating to you be deleted if they are no longer required in the light of the purposes outlined in Clause 3 of this Data Protection Policy or, where we rely on your consent as the legal basis for processing, when you withdraw your consent for processing them. However, you should keep in mind that a request for deletion will be evaluated against:

• Our overriding interests or those of any other third party;

• Any legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.

Instead of deletion you can also ask that we limit the processing of your personal data if and when: (a) you contest the accuracy of the data, (b) the processing is illegitimate, or (c) the data are no longer needed for the purposes listed under Clause 3. 8.5 You have the right to oppose the processing of personal data if you are able to prove that there are serious and justified reasons connected with the particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification. 8.6 You have the right to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us.

8.7 If you wish to submit a request to exercise one or more of the rights listed above, you can send an e-mail to gdpr@praesidiad.com. An e-mail requesting to exercise a right shall not be construed as consent to the processing of your personal data beyond what is required for handling your request. Any request should be dated and clearly state which right you wish to exercise and the reasons for it if such is required. The circumstances may mean we need to undertake verification of your identity before we action your request in order to protect your personal data to the relevant standard.

We will promptly inform you of having received this request. If the request proves valid, we will action it as soon as reasonably possible and at the latest thirty (30) days after having received the request.

If you have any complaint regarding the processing of your personal data by us, you may always contact us via the e-mail address listed above. If you remain unsatisfied with our response, you are free to file a complaint with the competent data protection authority.