Privacy Statement
1. Introduction
At James Hardie we are committed to maintaining the accuracy, confidentiality and security of personal data. This Privacy Statement describes, inter alia, the categories of personal data we process, how your personal data may be processed, for what purposes and on what legal basis we process your data and how your privacy is safeguarded. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data and how we treat it.
The James Hardie group is made up of different individual companies. Whenever dealing with one of our group companies, the “controller” of your personal data will be the company that decides why and how your personal data is processed alone or jointly with another James Hardie group entity or group entities. For a list of the James Hardie group companies for which this privacy statement is relevant, please have a look at section 18.
Where this privacy statement refers to “we”, “us”, “our” or “James Hardie”, this refers to the James Hardie group company (or companies) processing your personal data as controller under the GDPR.
James Hardie processes personal data from different categories of personal data in the normal course of its business. Such personal data may relate to individuals working for prospective and existing vendors and customers including employees working for parties such as dealers, distributors, architects and housebuilders. Personal data may also relate to individuals visiting our websites, downloading our online applications, connecting with us through social media or at business events or calling our telephone lines.
As a general rule, James Hardie only collects and processes personal data if there is a lawful justification to do so. This includes necessity for the performance of a contract or service offered by us, our legitimate interest to process the data or based on consent given.
2. From whom and how may we collect personal data?
We may collect and process data about the following categories of data subjects:
- Former, current and potential customers, including, without limitation, dealers, distributors, retailers, channel partners, contractors, architects and end-users (collectively, “Customers”)
- Former, current and prospective individuals providing goods and services to us, including, without limitation, temporary agents, contractors, outsourcers, consultants, experts, board members, auditors, dealers, distributors, suppliers, and vendors (collectively, “Suppliers”) of us;
- Entrants to sponsored competitions;
- Complainants, correspondents and enquirers;
- Current, former and prospective shareholders;
- Claimants or defendants in current or prospective litigation;
- Marketing contacts, journalists, trade association and lobbying contacts; and
- Individuals visiting our websites, downloading our online applications, connecting with us through social media or at business events or calling our telephone lines.
We collect this personal data because you have given this to us:
- by entering information on one of our websites;
- when we visit your stores;
- via our mobile applications;
- via social media platforms;
- when corresponding with us by phone, email or otherwise;
- by entering competitions run by us;
- by taking surveys undertaken by us or on our behalf;
- when signing up to receive newsletters, promotions and other notifications;
- when participating in promotional events, seminars or trainings; and
- when you open an account with us.
Or we may collect this personal data about you ourselves:
- because you have allowed your data to be shared as part of your company website, public profile, third party social network or other website that you operate or use;
- because you have allowed your data to be shared on online registers, professional platforms and websites for the purpose of getting into contact with third parties including Suppliers and Customers;
- because your information is otherwise publically available, for example with regards to journalists, trade association or lobbying contacts.
- because you have visited our websites, where we may track, for example, traffic data, location data, weblogs and other communication data, and the resources you access;
- technical information including anonymous data collected by the hosting server for statistical purposes, the Internet Protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
3. What data do we collect?
The data that we may collect and process includes for example:
- Name
- Contract information (address, phone number, fax, email);
- The company for who you work;
- Job title(s) and/or function(s);
- Department and/or business unit;
- Your signature;
- Customer records (purchase history, after sale services, warranty history, buying preferences etc.);
- Technological data (IP addresses and data stored in cookies –see section 12 below for more information on cookies);
- Geo-location data, for example, when you sign for delivery using a mobile device and have activated the feature on your mobile device that allows us to locate you via GPS;
- Credit rating and bank details;
- Credit limit and payment terms;
- Identification data in official identification documents if permitted by national law;
- Sales information relating to the sale of products or services;
- Portraits (e.g. photograph)
- Correspondence or other communications with you about our products, services or business.
4. For what purposes do we use personal data?
We use the information we may hold on you for the following purposes:
- customer service purposes, including to provide products and services to Customers; to take, verify, process, and deliver orders and returns; to invoice and process payments; to manage credit limits; for warranty, technical support, or other similar purposes; and to establish and maintain Customer accounts;
- communication with Customers, including to respond to requests for assistance and to update them about the status of their orders by postal mail, email, telephone, and/or text message;
- administration purposes, including to understand how Customers access and use our websites (so called website analytics, see section 13 below for further information) and social media platforms (see section 15 below for further information;
- interest based online marketing (targeting; see section 12 for further information);
- marketing and promotional purposes, including through email or equivalent electronic means, to send news and newsletters, special offers and promotions, or to otherwise contact Customers about products, services or information;
- to review and fulfill orders, purchasing or sales history from Suppliers; to exchange information, including performance indicators, about goods or services; and to organize seminars, events, training courses and marketing activities;
- to enable administration for the entity structure, management and management reporting, administration of organization contacts;
- to update, rectify, block or erase personal data when appropriate; to permit data subjects to access and review their personal information; and
- research purposes, including in relation to market and industry research customer experience; to be used in daily correspondence (e.g. email messages, letters, etc.); Compliance with applicable legal obligations, including to respond to a court order; and to permit risk management, compliance, legal and audit functions.
5. Legal basis for processing data
We process your personal data on the following legal basis:
Legal basis
|
Type of processing (examples)
|
Legitimate interests
Our legitimate interests are:
- to run, promote and grow our business;
- business development, marketing and market research;
- to service and know our Customers and the market we are operating in.
|
day-to-day communication with Customers, Suppliers and other individuals by postal mail, email, telephone, and/or text message; including to respond to inquiries and for warranty, technical support, or other similar purposes;
- managing credit limits of Customers;
- to provide updates to you on James Hardie group companies;
- When James Hardie group companies cooperate to provide operational, IT, Human Resources, finance, marketing and customer service services to other group companies;
- To help protect the security, integrity and availability of our products, systems and services;
- for market research in order to improve our products and/or services and to gain a better understanding of the market;
- to organize seminars, events, training courses and marketing activities;
- for prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you; to comply with a request from you in connection with the exercise of your rights under the GDPR;
- processing data you give us about your customers for the purposes for which you provide us with that data and as a record of any sale and delivery;
- making deliveries to you and your customers;
- to enable administration for the entity structure, management and management reporting, administration of organization contacts;
- to provide marketing to you including through email or equivalent electronic means, to send news and newsletters, special offers and promotions, or to otherwise get in contact about products, services or information;
When James Hardie group companies combine products, services, systems, databases and companies, for purpose of continuity of the business and running a central and effective administration. This may, for example, occur when data residing in a marketing or CRM system of one James Hardie group company, such as Fermacell GmbH, is combined with and/or migrated to a marketing or CRM system of another James Hardie group company such as James Hardie Europe B.V.
- to provide digital tools or features to our customers and users of our websites;
- for profiling and statistical analysis. We may for example combine different categories of personal information that we collect about you online or through the buying of our goods;
- when you browse our website, we may use certain cookies;
- when you visit our social media platforms, to be able to connect with you;
- Under certain circumstances, to use your photograph, video or credentials;
- for the exercise or defense of legal claims.
|
Performance of a contract
The personal information you provide may be processed when it is necessary in order for us to:
- enter into or perform a contract with you or take the necessary steps for us to enter into or perform a contract with you;
- supply you with any products or services; or
- where you are in discussions with us about any new product or service
|
Making deliveries to you and your customers;
to establish and maintain Customer accounts; to take, verify, process and deliver orders and returns; to invoice and process payments;
to place and manage orders with Suppliers; to process invoices and make payments; to exchange information, including performance indicators, about goods or services;
day-to-day communication with Customers and Suppliers by postal mail, email, telephone, and/or text message; including to respond to inquiries and for warranty, technical support, or other similar purposes;
when you enter an on-line competition or promotional feature, to administer the competition or promotion and notify winners;
- For the exercise or defense of legal claims.
|
Compliance with legal obligations
Where we are under a duty to disclose or share your personal information in order to comply with applicable law or with a request from government or law enforcement officials.
|
- to meet national security or law enforcement requirements or to prevent illegal activity;
- to identify you when you contact us;
- to verify the accuracy of data we hold about you;
- to meet transparency obligations imposed on us by law.
|
Consent
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Statement. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
|
- to provide marketing to you including through email or equivalent electronic means, to send news and newsletters, special offers and promotions, or to otherwise get in contact about products, services or information, but only if we do not rely on another legal basis such as legitimate interest;
- when you allow us to use your photograph or video or when you have given us credentials which we would like to use for business purposes.
|
6. Who has access to your personal data?
If this is permitted by applicable data protection laws, your personal data transferred may be disclosed to the following recipients or categories of recipients:
- Authorized persons working for or on behalf of us (e.g. persons working in operations, IT, human resources, finance, marketing and customer service positions);
- Agents, service providers and advisers that we engage (e.g. James Hardie Group companies and third party vendors and advisers providing services in connection with marketing, customer service, transport, personal data storage, back-up and analytics, application development, payment and credit cards, procurement, and compliance vetting);
- Our partners, to offer joint products and services to you in connection with our products and services, or when such partners sponsor or participate in our events and conferences.
- Other authorized third parties in connection with a potential sale, divesture, or transfer of a James Hardie group company or companies (including any shares in the company) or any combination of its products, services, assets, affiliates, and/or businesses.
- With third parties, to enforce our terms, agreements, policies or rules, to help protect the security, integrity and availability of our products, systems and services; to exercise or protect James Hardie group company rights and property (including intellectual property), to comply with legal requirements, or in other cases if we believe in good faith that disclosure is required by law (including in response to a lawful subpoena or other law enforcement request).
- Law enforcement or government authorities where necessary to comply with applicable law.
If this is permitted by applicable data protection laws, your personal information may be shared with and processed other members within the James Hardie group including but not limited to the entities in section 18. This may occur, for example:
- When James Hardie group companies cooperate to provide operational, IT, Human Resources, finance, marketing and customer service services to other group companies;
- To help protect the security, integrity and availability of our products, systems and services;
- When different James Hardie group companies jointly develop products and services; and
- When James Hardie group companies combine products, services, systems, databases and companies. This may for example occur when data residing in a marketing or CRM system of one James Hardie group company is combined with and/or migrated to a marketing or CRM system of another James Hardie group company.
Where other members of the James Hardie group or these third parties act as a “data processor” they carry out their tasks on behalf of the data controller and upon its instructions for the above-mentioned purposes.
7. International transfers
When sharing data with other members within the James Hardie group or with third parties, it may happen that your personal data is collected and processed in a jurisdiction outside of Europe. If those jurisdictions do not have adequate protection (as determined by the European Commission, Art. 45 GDPR), we ensure prior to the transfer that the transfer is either subject to appropriate safeguards, for example by self-certification of the recipient for the EU-US Privacy Shield (for US recipients only) or by entering into so-called standard data protection clauses of the European Union with the recipient.
You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-to provisions securing an appropriate level of data protection. For this purpose, please contact us using the contact information in section 16.
8. Security of your information
To help protect the privacy of personal data, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We generally try to restrict access to your personal data to those individuals working for James Hardie Group companies that have a need to know that information and always in compliance with applicable law.
In addition, we train the people working for us about the importance of confidentiality and maintaining the privacy and security of your personal data. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Please be aware, though, that despite our efforts, no security measures are perfect or impenetrable. We cannot ensure, and do not warrant or guarantee, that the information you transmit to us will remain secure, nor do we guarantee that this information will not be accessed, disclosed, altered, destroyed or used in an unauthorized manner.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on our website if a security breach occurs. Depending on where you live, you may have a legal right to receive a notice of a security breach in writing.
9. Data storage and retention
Your personal data may be stored in different assets including but not limited in our CRM and ERP systems, email clients, James Hardies' servers, and on the servers of the (cloud-based) services James Hardie engages, located in the United States, Australia and in countries in the European Union. Where this is feasible we will try to encrypt your personal data at storage and during transmission.
Except as otherwise permitted or required by applicable law or regulatory requirements (in particular, data retention periods), James Hardie endeavours to retain your personal data only for as long as it is necessary to fulfil the purposes for which the personal data was collected. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements. We retain account information of existing, former and prospective customers and vendors for as long as the account is active and thereafter for a period subject to statutory data retention periods. Non-personally identifiable and aggregated information may be stored indefinitely. Further details can be found in our data retention policy which is available on request.
10. Right to access, correct and delete your personal data and further data subject’s rights
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects.
Right of access and right to rectification: You have a right to request access to any of your personal data that James Hardie may hold, and to request correction of any inaccurate data relating to you.
Right to erasure: Provided the legal requirements are fulfilled, you may request deletion of your data. This does not apply to personal data which is subject to a statutory retention period or which are necessary for the establishment, exercise or defence of legal claims.
Right to lodge a complaint: You have a right to lodge a complaint with the appropriate data protection authority, in particular in the country of your residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes applicable law.
Right to restriction of processing: You have the right to restrict our processing of your personal data in certain cases.
Data portability: Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal data is processed by automatic means, you have a right to receive all personal data which you have provided to James Hardie in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
Rights to object: Where we are relying upon legitimate interest to process data, then you have the right to object to such processing on grounds relating to your particular situation, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Normally, where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis. You also have the right to object to the processing of your personal data for marketing purposes at any time. Please also see section "Information regarding your rights to object".
Right to withdraw consent: Where we are relying upon your consent to process data, you have the right to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. This would particularly apply to Cookies and we have implemented functionality on our website to support this.
11. Are you required to provide your personal data?
You may interact with us without providing any personal data to us. However, please note that in this case certain features or services might not be available to you.
12. Cookies (only relevant for users of our website)
Cookies. This website uses cookies. Cookies are small text files which a website may put on your computer or mobile device when you visit a site or page in order to for example provide language setting functionality, help analyze the website’s performance and to recommend content relevant to your visit. Cookies are stored in your browser. The cookie will help the website, or another website, to recognize your device the next time you visit. Most cookies won’t collect information that identifies you as a person (personal data), and will instead collect more general information such as how visitors arrive at and use our website. Cookies may be used to create a profile of the visitor's activities on the Internet. You can find further information about this in section 13.
Information on the types and categories of cookies we use, and the way you can manage the usage of cookies by deactivating, rejecting or deleting them can be found in our Cookie Notice. You can also click our Cookie Settings button below to find out more.
Tags. This website may use tags. A tag is a generic name for code elements found our websites. Most tags simply describe the content of the page, but certain types of tags contain programmatic elements or inject dynamic content like video or audio files into the page. Some tags, in particular ones that add content or functionality from sources external to your domain, can carry privacy risks which require assessment and management. These are third party tags and in most of cases they provide additional value to your website. However, you need to be aware of these, so that you can focus on where there are higher risks. Most of the cookies set on our websites will be set via these tags, but some tags may also collect data about you without the use of cookies.
13. Website analytics (only relevant for users of our website)
We use web analytics to measure the web sites activity and determine the areas of the web sites which are the most visited, hence improving visibility of our content. For this we use the tool Google Analytics which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymize IP addresses. While doing so, Google saves shortened IP addresses. You may object to the collection or processing of your data by using the following link to download and install a browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en. Google Analytics uses cookies. Google is located outside the EEA but is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
14. Links to other websites (only relevant for users of our website)
Our sites may contain links to other sites not affiliated with us for your convenience. When you access those links, you will leave our website. We do not control such websites. These sites have their own policies and practices with respect to online privacy, and we cannot be held responsible for the privacy practices or the content of these unaffiliated sites. For avoidance of doubt, the personal data you choose to give to unrelated third-party websites are not covered by this Privacy Statement.
We may display advertisements from third parties. Such an advertiser may ask you for personal data as well. We cannot be held responsible for the privacy practices of the advertisers on our websites. However, we encourage our partners and advertisers to adopt privacy policies that respect the local legal requirements.
15. Social Media and other Platforms (only relevant for users of our websites)
You can engage with us through social media websites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third party social media sites, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
If you post information when you interact with our websites through social media sites, depending on your privacy settings, this information may become public on the Internet. You can control what information you share through privacy settings available on some social media sites. For more information about how you can customize your privacy settings and how third party social media sites handle your personal information, please refer to their privacy help guides, privacy notices and terms of use.
Facebook Lead Ads
We use the Facebook Lead Ads service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") to display advertisements to you and other interested users on Facebook and other websites, giving you the opportunity to provide us with your contact information such as ... and information about ... . In doing so, you may choose to share the information you have already provided to Facebook with us. We use your name information to address you personally, your email address to contact you personally, and your ... information to personalise newsletter content for you. To do this, Meta may use cookies, web beacons and other storage technologies and collect your IP address and other information. In what way Meta uses the data for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Meta stores this data and whether data is passed on to third parties is not conclusively and clearly stated by Meta and is not known to us.
The data processing is carried out with your consent based on Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management platform, which you can access here, without affecting the lawfulness of the processing carried out based on the consent until revocation. Furthermore, you can revoke your consent by setting your browser accordingly or as a logged-in user of the social network Facebook at https://www.facebook.com/settings/?tab=ads#_. You can also deactivate user-based advertising via the deactivation page of the network advertising initiative ( http://optout.networkadvertising.org/), via http://www.youronlinechoices.com/de/praferenzmanagement/ or the US website ( http://www.aboutads.info/choices).
Insofar as personal data is collected with Lead Ads as a Facebook business tool and forwarded to Meta, we and Meta are joint controllers for this data processing on a limited basis. We have concluded a joint data controller agreement with Meta in accordance with article 26 GDPR, the terms of which can be found here https://www.facebook.com/legal/controller_addendum. Accordingly, we are responsible for providing the data protection information and for the implementation of the tool on our website in a manner that is secure from a data protection perspective. Meta is responsible for data security. Data subject rights regarding data processed by Meta can be asserted directly with Meta and will be forwarded to Meta in the event of an assertion with us. For more information on what personal data is processed under shared responsibility, please visit https://www.facebook.com/legal/terms/businesstools_jointprocessing. Processing by Meta after onward transfer is not under shared responsibility.
It cannot be guaranteed that Meta does not transfers data to the USA for the purpose of storage and further processing. If such data transfer to the USA takes place, it is based on the standard contractual clauses of the EU Commission: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.
For more information about how Meta processes personal data, including how to exercise your data subject rights against Meta, please see Meta's Data Policy at https://www.facebook.com/about/privacy.
The use is associated with a certain legal uncertainty and currently always with a remaining entrepreneurial risk. For example, the information on the part of Meta on the treatment of this offer and on the type and manner of the associated processing is still partly unclear or not very transparent, so that a conclusive assessment is not yet possible. This can also lead to (joint) responsibility for processing operations that cannot be fully understood and the information in the DSE can also only be provided superficially in some cases.
When using lead ads, it should be noted that there are likely to be further legal requirements in addition to the disclosures in the privacy policy, which we do not address here.
For example, further requirements are necessary for contacting persons (e.g. regularly a consent in the sense of the UWG and a double opt in procedure for verification).
If the leads are to be passed on to third parties, this would also have to be taken into account accordingly, which we do not assume here.
The information provided here is only an example and may need to be adapted depending on the content of the leads to be generated.
It can be of particular importance which information is to be requested by the integrated form function. It should be clear to the users what the information is required for and for what purpose it is used. Also, only necessary and as little data as possible should be requested.
Insert link to CMP.
According to the prevailing view, consent is required (cf. https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202008_onthetargetingofsocialmediausers_en.pdfpara. 65 ff.).
If the data processing is nevertheless to be based on legitimate interests, the section should be replaced by the following: "The data processing is based on art. 6(1)f GDPR. Our legitimate interest lies in effective advertising measures using social media and communication on specific products. If the data processing is based on our legitimate interest, you can object to the processing at any time with effect for the future. Insofar as a corresponding consent has been requested, the processing is carried out exclusively based on art. 6(1)(a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the revocation. The revocation can be done by deactivating the corresponding selection on our consent management platform, which you can reach via the following link: […]“
It is disputed whether this agreement meets the requirements for a joint responsibility agreement according to art. 26 GDPR. This has been rejected by supervisory authorities several times in the past, which is why operating a Facebook Fanpage is accompanied by a certain degree of legal uncertainty (cf. https://www.datenschutz.rlp.de/fileadmin/lfdi/Dokumente/Handlungsrahmen_Soziale_Medien_20200306.pdfand https://www.baden-wuerttemberg.dhttps://www.baden-wuerttemberg.datenschutz.de/lfdi-stellt-wesentliche-anforderungen-an-die-behoerdliche-nutzung-sozialer-netzwerke-klar/transparency is conceivable, for example.
This is only a suggestion, provided that one assumes the applicability of joint responsibility.
However, it is currently unclear whether joint responsibility applies. According to art. 26(1)(1) GDPR, this is primarily dependent on whether the controllers "jointly determine the purposes and means of the processing". The "Addendum for Controllers" provided by Facebook, which is the contractual basis for a possible joint responsibility, applies, according to point 5 (a) (ii) of the "Terms of Use for Facebook Business Tools", only "in relation to personal information in event data related to actions on your websites and in your apps with integrated Facebook Business Tools, for the processing of which you jointly determine the means and purposes with Facebook Ireland. The extent to which this applies to Facebook Lead Ads is currently unclear. Lead Ads is not mentioned in the exemplary list of business tools https://www.facebook.com/help/331509497253087 https://www.facebook.com/legal/technology_terms(Itshould be kept in mind that ultimately it has not yet been decided whether joint responsibility exists and it is not clearly regulated by Facebook whether the JCA covers this. In principle, if there is joint responsibility, a JCA must also be concluded. If such a JCA is concluded when it is not clear that joint responsibility exists, it can sometimes be understood to mean that one now wants to be responsible for the areas covered by the contract).
Furthermore, or in addition, it is likely that a commission processing agreement with Facebook will have to be concluded for the processing operations not covered by joint responsibility, which may be included in the agreements concluded with Facebook.
[UR8]A data transfer at least to the USA cannot be ruled out (cf. point1 at https://www.facebook.com/legal/EU_data_transfer_addendum). Such a data transfer to third countries is currently associated with an entrepreneurial risk due to the so-called Schrems II ruling, even if standard contractual clauses are agreed.
Pinterest Ads
We use the AdData Feature of Pinterest Ads, a serivce of the Pinterest Europe Limited (2nd Floor, Palmerston House, Fenian Street, Dublin 2, Irland), to provide you and other interested users our advertisements in a personalized way on Pinterest. To do this, we collect your activity data on our website through the Pinterest Tag. The joint processing lies in the collection and transmission of such activity data by us to Pinterest Europe through an authorized advertising service feature and includes the collection and transmission of activity data through Pinterest Tag, a Pinterest API or any other advertising service feature. The joint processing does not include the subsequent processing of activity data by Pinterest.
We have therefore concluded a joint controller agreement with Pinterest Europe regarding the processing of your data in accordance with Art. 26 GDPR. Within the agreement we have regulated with Pinterest Europe who fulfils which obligations under the GDPR. This concerns in particular the exercise of the rights of the data subjects and the fulfilment of the information obligations pursuant to articles 13 and 14 of the GDPR.
Pinterest Europe is responsible with regard to the personal data stored by Pinterest Europe pursuant to the joint processing for the assertion of data subject rights pursuant to articles 15-20 of the GDPR. For the right to object, insofar as the joint processing is based on Article 6(1)(f) GDPR, we and Pinterest Europe are responsible in relation to our own respective processing.
For more information on how Pinterest Europe processes personal data, including the legal basis on which Pinterest Europe relies, the ways in which data subject rights can be exercised against Pinterest Europe and information of Pinterest under article 13(1)(a) and (b) GDPR, please refer to Pinterest Europe's privacy policy at https://policy.pinterest.com/en-gb/privacy-policy.
Note to the customer:
Should you base this processing on the legal basis of consent, we recommend that you explain at this point or in the section „rights of the data subject“ how to revoke consent.
Should you rely on legitimate interest as the legal basis when using the service vis-à-vis the data subject, we recommend inserting an opt-out/objection option at this point.
When using cookies, please note that the user must be informed about the function duration of the cookie. We recommend implementing this in the third-party provider's module, in the cookie policy or in the CMP.
16. Privacy and Data Protection Office and Data Protection Officers
James Hardie established a Privacy and Data Protection Office with data protection experts located in the United States, the European Union and Australia. In addition, for Germany, James Hardie has appointed a Data Protection Officer.
If you have any questions regarding the processing of your personal data or if you believe your privacy rights have been violated, please contact us at:
Privacy and Data Protection Office
|
Data Protection Officer Germany
|
Europe (general)
|
Germany (only)
|
Attn: Privacy and Data Protection Office
|
Attn: Data Protection Officer
|
Düsseldorfer Landstraße 395,
|
Düsseldorfer Landstraße 395,
|
47259 Duisburg,
|
47259 Duisburg
|
Germany
|
Germany
|
[email protected]
|
[email protected]
|
17. Version
The version of this Privacy Statement is dated 17 July 2018 and it replaces the Privacy Statement dated 10 April 2018. We may from time-to-time revise this Privacy Statement. We will make the revised Privacy Statement available on our websites. If we make a material change to the policy we will provide you with an appropriate notice in accordance with legal requirements. Our current customers and suppliers, as well as our registered website users will be informed about the changes beforehand.
18. Entities
This privacy statement applies to those entities belonging to the James Hardie group listed below that process your personal data. This privacy statement shall also apply to any entities not being listed to the extent this privacy statement is being referenced as being applicable.
Entity name
|
Address
|
James Hardie Europe Holdings GmbH
|
Germany, Benningsen-Platz 1, 40474 Düsseldorf
|
James Hardie Europe GmbH
|
Germany, Benningsen-Platz 1, 40474 Düsseldorf
|
James Hardie Batiment SAS
|
France, 6 place de la Madeleine, 75008 Paris
|
James Hardie Netherlands B.V.
|
Netherlands, Loonse Waard 20, 6606 KG Niftrik
|
James Hardie Spain S.L.U
|
Spain, Barrio la Estración s/n, 39719 Orejo, Cantabria
|
Fels Recycling GmbH
|
Germany, Westrampe 6, 38442 Wolfsburg
|
Fermacell Schraplau GmbH
|
Germany, Bahnhofstraße 1, 06279 Schraplau
|
James Hardie Europe B.V.
|
Netherlands, Loonse Waard 20, 6606 KG Niftrik
|
James Hardie Building Products Ltd
|
Great Britain, 7 The Priory, Old London Road, Canwell, Sutton Coldfield, B75 5SH
|
Information regarding your rights to object
Objection to direct marketing
You may at all times object to the processing of your personal data for direct marketing purposes. Please take into account that, due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign already running.
Objection to data processing on grounds relating to your particular situation
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning yourself. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Your objection may be made informally. Please direct your objection to:
Privacy and Data Protection Office
|
Data Protection Officer Germany
|
Europe (general)
|
Germany (only)
|
Attn: Privacy and Data Protection Office
|
Attn: Data Protection Officer
|
Düsseldorfer Landstraße 395,
|
Düsseldorfer Landstraße 395,
|
47259 Duisburg,
|
47259 Duisburg
|
Germany
|
Germany
|
[email protected]
|
[email protected]
|