This Policy informs you how we collect and use your personal data, how you can control its use, and describes our practices concerning the data collected from our websites that link or refer to this Policy (such as websites, computer or mobile software applications, social media, and HTML-formatted e-mail messages), as well through offline sales, marketing activities and training courses (collectively the “Services”).
When we process personal data of yours, Firestone will be the data controller of that processing activity.
We reserve the right to from time to time modify this Policy at our own discretion. Such modification will be communicated via an appropriate way.
Personal data is information that directly or indirectly identifies you (the user of the Service) as an individual, indirectly meaning when combined with other information, for example, your name, username, postal address, email address and phone number, a unique device identifier such as the IMEI or the MAC-address or the IP address.
Through your use of the Services, we may collect your personal data. In any case, you will be either asked to explicitly consent to the collection and further processing of your personal data or at least be informed that such processing is based on another lawful premise. We will use your personal data for the purposes as described below or when seeking your consent. We do not collect and process more or other types of personal data than necessary to fulfill the respective purposes. We will only use personal data as set forth in this Policy unless you have specifically provided your consent to another use of your personal data. If we intend to use your personal data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, use your personal data for a different purpose only with your permission.
In case we rely on your consent to process your personal data, you will have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Each registration form will indicate what kind of personal data we collect - various purposes may require the collection of various personal data, for instance:
We are constantly seeking to improve your experience when you visit our websites or when you are interacting with us through other means.
Through your interaction with us and your use of the Services, we may collect personal data. Personal data we collect may include, but is not limited to:
All personal data we are collecting from you is stored within a secured infrastructure under our management, with the support of external suppliers as described in section 5 of this Policy.
Depending on your use of the Services, we may collect and use your personal data for the following purposes (“the Purposes”):
We shall not collect personal data that are not relevant for the purposes as set out above or otherwise notified to you when we seek your consent for the processing of your personal data, and shall not retain the data longer than necessary for those purposes or, as the case may be, for the period as determined in an agreement or by law.
This means that we store personal data:
In any case, you will be informed that your personal data will be stored for the given purpose, even if no consent is required under applicable law, as well as whether the processing of personal data on the basis of a statutory or contractual requirement or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data.
In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to requirements by law.
We take data security very seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the information we collect from an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or our affiliates with a business need-to-know or who require it in order to perform their duties.
Among other things, we optimize the security of your personal data by:
In the event of a data breach containing personal data, we will follow all applicable data breach notification laws.
We will disclose your personal data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
a) Within the Holcim Ltd Group
We are part of a global organization (the “Holcim Ltd Group”), consisting of companies in the E.U. and abroad. Your personal data may be transferred to one or more Holcim Ltd Group affiliated companies located in or outside the E.U. as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other purposes as described in this Policy.
The above will be strictly connected with:
b) External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for data processing services or to send you information that you requested. For the purpose of collecting consent and maintaining the database, your data may be disclosed to our providers of informational systems rendering services for Firestone (such as SalesForce), solely under respective processor agreements. We will only share or make accessible such information with external service providers to the extent required to process your requests. This information may not be used by them for any other purposes, in particular not for their own or third-party purposes. Our external service providers are contractually bound to respect the confidentiality of your personal data.
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer information, including personal information, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give affected users notice before personal data become subject to a different privacy statement.
We will only disclose Your personal data to public bodies where this is required by law. We will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside Your country of residence.
Further, we may disclose your personal data in order to protect our legitimate interests or if it is required or permitted by law or if you give Your explicit consent for such transfer of your personal data.
Under specific circumstances, it will also be necessary for us to transfer your personal data to countries outside the European Union/European Economic Area (EEA) (“Third Countries"). Transfers to Third Countries may refer to all processing activities described in this Policy. This Policy shall apply also if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence.
Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law.
While using our Services, you may be asked to indicate whether you wish to receive certain marketing information by phone, text message, email and/or mail. If you do so, you thereby agree that we may use your personal data to provide you with information about our products and services, promotional activities and special offers.
By consenting to our processing of your personal data for sending communications, promotion, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communication channels, you agree that we are allowed to process your personal data for this purpose in the manner and under the conditions outlined in this Policy.
At any given time, you may change your preferences regarding Direct Marketing by using the opt-out option contained in every direct marketing mailing, contacting us in accordance with section 12 below or, if applicable, by adapting your account information.
As a data subject, you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated in this Policy. We will respect your individual rights and will deal with your concerns adequately.
The following list contains information on your legal rights which arise from applicable data protection laws:
We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
In certain situations, we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
In some cases, we may not be able to clearly identify you on the basis of your personal data due to the identifiers which you provide in your request. In such cases, where we cannot identify you as a data subject, we are not able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification.
In order to exercise your legal rights, please notify us by email to firstname.lastname@example.org.
If you believe that the processing of your personal data infringes your statutory rights, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Our Services may, from time to time, contain hyperlinks to websites which are not controlled by us. Although we will do our utmost to make sure that the hyperlinks on the Website lead exclusively to websites which share our safety and confidentiality standards, we are not responsible for the protection or confidentiality of any data you may submit on such other websites. Before submitting information on such sites, we recommend that you read their privacy and other statements in that regard.
Individuals under the age of 16 should not provide us with their personal data without the consent and supervision of their parent or guardian. Without such permission, we do not wish to save personal data from such individuals, nor process or forward such data to any third parties. If we become aware that personal data from under-aged persons were inadvertently collected, we will delete such data without undue delay.
Normally, we do not process special categories of personal data concerning you ("sensitive data"). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health or a natural person's sex life or sexual orientation. However, should it be relevant to process your health data within the framework of your meeting, for example, because you are disabled and we have to take this into account during the meeting, for instance, to make your visit to one of our premises run smoothly or if we provide food in the context of a meeting and you are allergic to something, we will ask your explicit consent before we process this data
We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Policy at any time. For this reason, we encourage you to refer to this Policy on an ongoing basis. This Policy is current as of the "last revised” date which appears at the bottom of this page. We will treat your personal data in a manner consistent with the Policy under which they were collected unless we have your consent to treat them differently.
We will also keep prior versions of this Policy in an archive for your review.
Please direct your questions regarding the subject matter of data protection and any requests in the exercise of your legal rights to email@example.com.
Updated version: April 1, 2021