For the purposes of applicable data protection laws and regulations, the Company is considered the “Data Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Policy. The Company is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or its affiliates. Before you provide us with any Personal Data or browse our Website, you must read through this Policy in full and make sure that you are comfortable with our privacy practices and agree to comply with the terms and conditions set forth herein.
Please note that our Website may contain links to other websites. These third party sites are not subject to this Policy and we recommend that you review the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the data that we collect and have no control over the actions of any third parties in relation to your Personal Data. Please refer to the Glossary below for an explanation of the defined terms in this Policy.
Whose Personal Data Do We Collect
The Company collects Personal Data from a range of individuals in the context of its business activities, including the following:
How We Collect Personal Data
We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. For example, when individuals undertake the following activities, we generally collect their Personal Data:
We may also collect Personal Data from third party sources. For example, we may collect information from your employer; publicly available sources; our service providers, vendors, and other business contacts for the purposes described herein.
The Categories Of Personal Data We Collect
The Company may collect a range of Personal Data from, or about, you, during our business activities, such as the following:
When you do not provide Personal Data that the Company requests, we may not be able to provide you the requested service or complete a transaction, and you agree that the Company will not be liable or otherwise responsible for any actions resulting therefrom.
Data Processing Purposes
Generally, the Company Processes Personal Data for a broad range of purposes, including the following:
Please note that you cannot communicate with us through the “Contact” or support links on the Website or via e-mail without providing some Personal Data. If you contact us or our service providers, a record of that session or correspondence will be maintained in accordance with applicable policy and/or law.
Talent Management And Recruitment
When you apply for employment via our Website or otherwise, we will collect additional Personal Data about you that is specific to that employment position, such as your qualifications, career history, third party references and interview notes. We may also ask you for other information, for example your interests and the types of jobs you are interested in. Any Personal Data you provide to us in relation to an employment application will be processed in accordance with this Policy and any other privacy statement that may be included with the job announcement to which you apply.
Legal Basis For Processing
In order to comply with certain applicable data privacy laws, the Company is required to set forth the legal basis for the Processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data, as set out above, the legal basis for the Company’s Processing of your Personal Data will typically be one of the following, which are not mutually exclusive:
Data Localization
The Company has its corporate headquarters in the United States and is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or one of our affiliates. We may transfer your Personal Data to one or more such databases outside your country of domicile, potentially including countries which may not require an adequate level of protection for your Personal Data compared with that provided in your country, and in which case, Personal Data may be available to government authorities under lawful orders and laws applicable in such foreign jurisdictions. The Company and its affiliates have established reasonable and appropriate controls as required by applicable law to safeguard the possession of, and transfer of, Personal Data. If you are located in the EEA or the UK, you can request a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances, using the email address provided below. By providing the Company any Personal Data, you hereby consent to its transfer across international borders in accordance with this Policy.
Sharing And Disclosure Of Personal Data
The Company may share or otherwise disclose your Personal Data within the Company, to affiliates and subsidiaries, and selected third parties in accordance with applicable law. The following are examples of how your Personal Data may be shared and the reasons and purposes for undertaking such activities:
The Company may share your Personal Data with employees and other officials and representatives within our parent company, subsidiaries and affiliates who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or to direct a query that you have submitted to the relevant department or affiliate.
We may disclose your Personal Data to third parties, including the following: law enforcement and regulatory authorities; the Company's advisors and consultants; IT service providers; third parties engaged by the Company for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from the Company's Website; for the purposes of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; or to enforce the Company's policies or Website Terms and Conditions of Use.
We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
With your consent, we may disclose your Personal Data to third parties who offer products that may be of interest to you. These companies may then contact you directly with product or sample offers, personalized offers and information or to ask for your feedback on products and programs that may be of interest to you.
Our employees may use personal devices to access our systems containing your Personal Data, thus your Personal Data may be transferred through or to service providers who contract with our employees for cellular data everywhere in the world.
We may be required to share your Personal Data in order to comply with a court order, law, or legal process, including to respond to government or regulatory requests. We may disclose Personal Data if we have reason to believe that disclosure is necessary to identify, contact or bring legal action to enforce any of the Company’s rights, including against you or a third party, for non-payment, violation of any agreement with us, or to otherwise support our business interests. We may share your Personal Data to protect the safety of the Company, our customers or others; or to prevent injury to or interference with, our rights or property, or the rights or property of other data processors or anyone else that could be harmed by such activities.
To the extent you engage with the Company for us to provide you, or a third party, with any of the services or deliverables described herein, you hereby consent to the disclosure of your Personal Data to any third party the Company reasonable determines to be applicable to the provision of the services or deliverables, provided the third party does not also sell the Personal Data, unless that disclosure would be consistent with applicable data protection laws.
We Do Not Sell Personal Data
Without prior consent, the Company does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, Personal Data to another business or a third party for monetary or other valuable consideration.
Data Security
The Company takes reasonable technical and organizational security measures to protect Personal Data from accidental or unlawful destruction or loss and unauthorized access, destruction, misuse, modification or disclosure. However, no information system can be fully secure, so we cannot guarantee the absolute security of your Personal Data. Moreover, we are not responsible for the security of Personal Data you transmit to us over third-party operated systems or networks, including the Internet and wireless networks. You provide the Company with any and all information, including Personal Data, at your own risk and you hereby agree that, to the extent permitted by law, the Company shall not be liable or otherwise responsible for any data incidents that may compromise the confidentiality, integrity, or security of your Personal Data.
Records Retention
We will keep your Personal Data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us and the country in which the Personal Data is processed. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty, and liability purposes. We may also keep a record of correspondence with you (e.g., if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
Your Rights And Responsibilities
You are permitted, and hereby agree, to only disclose or otherwise provide Personal Data to the Company if such Personal Data is accurate, reliable, and relevant to our relationship, and only to the extent such disclosure or provision will not violate any applicable data protection law, statute, or regulation, or infringe upon any person’s data privacy rights or privileges. Some data protection laws, such as the General Data Protection Regulation (EEA),and the California Consumer Privacy Act (United States), provide individuals with the rights described below. If you are in the EEA, a California resident, or otherwise afforded such rights and would like to exercise them in the context of any of your Personal Data the Company (or a service provider or processor acting on our behalf) has in our possession, custody, or control, please contact us, or have your authorized agent contact us, in accordance with the instructions listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose Personal Data is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request, where permitted by law. If you make, or an authorized agent on your behalf makes, any request related to your Personal Data, we will ascertain your identity, or the identify of your authorized agent, to the degree of certainty required under the law before addressing your request. For example, the Company may be required you to match at least two or three pieces of Personal Data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, Personal Data, or otherwise responding to your request. We may also request that the authorized agent provides written documentation that demonstrates his/her authorization to act on your behalf. The data privacy rights afforded under data protection laws are not absolute, and the Company may be permitted to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us.
Marketing and Unsubscribe. In accordance with applicable law, we may process your Personal Data for marketing purposes. If, at any time, you decide that you no longer want to receive commercial communications from us, whether by email, telephone or post, you can “opt-out” from receiving such communications by clicking on the “unsubscribe” link provided at the bottom of each commercial email and updating your preferences, or by contacting us at dataprotection@rpminc.com. Some jurisdictions provide individuals with the right to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To the best of the Company’s knowledge, we do not share Personal Data with third parties with whom we have reason to believe use such information for their own direct marketing purposes.
Correcting your Information. Keeping your Personal Data accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to delivery relevant services to you. Please let us know about any changes that may be required to your Personal Data via dataprotection@rpminc.com.
Accessing and Transferring Personal Data. Some data protection laws provide individuals with the right to know about, and access, the Personal Data we have collected about them, including the categories and specific pieces of Personal Data we have collected; the categories of sources from which the Personal Data is collected; the business or commercial purpose for collecting the Personal Data; the categories of third parties with whom we have shared, disclosed, or sold Personal Data and the purpose for doing so. In addition, some jurisdiction provide individuals with the right to request the Company transfer, to the extent feasible, Personal Data in certain forms and formats.
Erasing and Deleting Personal Data. Some data protection laws provide individuals with the right to request that we (and any applicable service provider or processor acting on our behalf) delete/erase your Personal Data in our possession, custody, or control.
Object to Processing. Some data protection laws provide individuals with the right to object to the manner in which the Company undertakes certain types of Processing involving your Personal Data, including where we are relying on a legitimate business interest for such Processing or engaging in direct marketing.
Restriction of Processing. You may be entitled to request that we restrict our Processing of your Personal Data, for example, in circumstances in which the accuracy of the Personal Data is contested.
Do Not Track Signals. Some web browsers may transmit “do-not-track” signals to websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Anti-Discrimination. Some data protection laws provide the organizations are prohibited from discriminating against individuals for exercising their data privacy rights. The Company does not, under any circumstances, intend or otherwise seek to discriminate against individuals for any reason, including for exercising a data privacy right.
Persons with Disabilities. The Company strives to ensure that every person has access to information related to our products and services, including this Policy. Please contact us if you would like this Policy provided in an alternative format and we will take commercially reasonable measures to meet your needs.
Complaints. Some data protection laws afford individuals the right to lodge a complaint about an organization’s Processing with government or regulatory authorities. For example, individuals in the EEA have the right to lodge a complaint with the competent Data Protection Authority, a list of which can be accessed at: https://edpb.europa.eu/about-edpb/board/members_en.
Children’s Personal Data
The Website and services are not intended for “children,” which may be defined differently within applicable data protection laws. We do not knowingly Process information of children under the age of sixteen (16) without the consent of their parents or legal guardians and you are hereby prohibited from providing the Company with any such information. In an instance where such information was collected, it would be purely accidental and unintentional. By using our Website or otherwise providing us with Personal Data, you hereby represent that you are over the age of sixteen (16) and the Personal Data does not relate to any person under the age of sixteen (16).
Biometric Data
Where permitted by law and in certain limited circumstances, the Company may collect biometric data and other biometric identifiers related to our customers, suppliers, service providers, employees, temporary workers, contractors, or agents, for instance, during a pandemic or other health related emergencies. The Company may use cameras, kiosks, and similar devices to collect, retain, and use information derived from the scanning of a person’s facial geometry (i.e., biometric identifiers) in order to facilitate temperature screening as part of the Company’s health and safety screening programs, and for other security-related purposes. In other circumstances, the Company may collect the same type of data from individuals that are accessing sensitive areas of the Company’s facilities or for other administrative (e.g., timekeeping) or security functions and purposes. The Company will retain such biometric identifiers for no longer than as is permitted by law, but in no event longer than one (1) year after the applicable individual’s last interaction with the Company. The Company will implement and maintain protocols for the security and permanent destruction, or disposal of, biometric identifiers in a manner that complies with applicable data protection law and renders such data and identifiers unreadable so as to remove any potential for its reuse or re-identification. Barring any applicable law to the contrary, the Company may disclose and disseminate biometric identifiers to third parties in the same manner as it may disclose and disseminate Personal Data to third parties in accordance with this privacy policy, and such disclosures of biometric identifiers may include to third party service providers and law enforcement or regulatory agencies, where permitted by law.
Non-Personal Data Information & Cookies
Non-Personal Data is information that does not identify you as an individual, either directly or indirectly. The Company, either directly or through third parties, may automatically collect certain types of Non-Personal Data from you when you are using the Company’s Website. We may also collect Non-Personal Data that you voluntarily provide, such as information included in response to a questionnaire or survey.
We may share Non-Personal Data with other third parties that are not described above. When we do so we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your household, your computer, or your device. Aggregation means that we combine the Non-Personal Data of numerous people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular person.
Except for any Personal Data the Company may collect from you as described in this Policy, any material, information or other communication you transmit, upload or post to the Website or email to the Company (“Communications”) will be considered non-confidential and non-proprietary. The Company will have no obligation to preserve the confidentiality or refrain from disclosing Communications. The Company will have no liability for and will be free to copy, disclose, distribute, incorporate and otherwise use the Communications and all data, images, sounds, tests, product ideas, suggestions or enhancements, as well as anything embedded therein for any and all commercial or non-commercial purposes.
In general, you may visit the Website without telling the Company who you are or revealing Personal Data about yourself. However, the Company and companies providing services to or on behalf of the Company may use various technologies, such as cookies and web beacons (1x1 pixels), to collect non-Personal Data discernible as a result of your visit. We will explicitly request your consent to use cookies on our Website. Cookies are used to collect general usage and volume statistical data. You may control the use of cookies at your browser (visit www.aboutcookies.org for more information); however, if you reject cookies some or all of your ability to use our Website may be limited. In addition to using cookies, we use Google Analytics to analyze trends, administer the Website, track movements around the Website and gather demographic information about our user base as a whole. To opt of out being tracked by Google Analytics across all Websites visit http://tools.google.com/dlpage/gaoptout. We also use tools provided by Addthis.com, and you can receive more information about its cookie and privacy policy at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html. They may also use and disclose non-Personal Data derived from our advertising campaigns for reporting purposes, for scheduling and optimization of content delivery and, of course, they may do so if they are required to do so by law. The Company may use any information gained through its Website for any legal purpose, including without limitation, for purposes of developing, using and making available to third parties (at no charge or for a fee) aggregated information regarding trends, products, security/privacy patterns and research, internal record keeping and reporting, measuring and reporting learning, performance and other statistical information concerning any aspect of the Website except that the Company will not report aggregated data in a manner that reasonably permits such information to be identified with any user.
Social Media Features
Our Website may also include social media or lead generation features, such as Facebook or Twitter buttons and widgets, such as the “share this” button. These features may collect your IP address, which page you are visiting on our Website and may set a cookie to enable the feature to function properly. Social media and lead generation features and widgets may be hosted by a third party. Your interactions with these features and widgets are governed by the privacy policy of the company providing it. For more information, please visit any of the following http://www.aboutads.info/choices/, http://optout.networkadvertising.org, or http://www.youronlinechoices.eu.
Questions and complaints
If you have a concern or complaint about how the Company has used your Personal Data, or to exercise any data protection rights afforded to you under the law, please contact us at any of the following: dataprotection@rpminc.com, https://rpminc.com/contact/, or at 1 (800) 776-4488.
Changes to this Policy
We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our Website. It is your responsibility to review the Policy every time you submit information to us or place an order.
Definitions
Data Controller: A party that determines the purposes and means of data processing.
Data Protection Authority: The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of the Company and/or affiliate;
European Economic Area (EEA): The EEA includes all European Union member states and Iceland, Liechtenstein and Norway. For purposes of this Policy, the EEA will include the United Kingdom in the event it leaves the European Union.
Personal Data: Information that is subject to an applicable data protection law which relates to an identified or identifiable individual and may include names, addresses, email addresses, job applications, user account information, correspondence, web browsing information (e.g. data associated with a particular cookie) and IP addresses, when such information can be linked to an individual.
Processing: Doing anything with Personal Data; this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party, or even deleting it.
Last updated September 8, 2020.