NEXEO EU PRIVACY SHIELD PRIVACY STATEMENT
This EU Privacy Shield statement describes how we collect, use, and disclose personal information that we receive in the United States from the European Union (“Personal Data”). We adhere to the US-EU Privacy Shield Principles (“Privacy Shield”) of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Recourse with respect the Personal Data. For further information about the Privacy Shield and to review our self-certification, please visit the U.S. Department of Commerce’s website at https://www.privacyshield.gov.
Categories of Individual Data Subjects We may obtain Personal Data in the United States about (i) website visitors, (ii) customers, suppliers, vendors and service providers, and (iii) our current and former EU employees. Our practices with respect to such Personal Data are described below.
Customers, Suppliers, Vendors and Service Providers We may obtain various types of Personal Data about employees and agents of our customers, suppliers, vendors, and service providers. Such data may include contact information (names, titles, addresses, phone and fax numbers, and e-mail addresses); information about products and services ordered or provided; financial and payment information; user IDs, passwords, and information collected through Internet-based and e-commerce activities, and other transaction-related data.
We may use Personal Data for legitimate business purposes, including delivery of products or services; to establish or maintain business relationships; to provide access to Internet-based and e-commerce activities; to perform accounting functions; satisfy our legal obligations; satisfy administrative functions; prevent prohibited or illegal activities, and enforce our legal agreements; and to conduct other activities as necessary or appropriate in connection with servicing and developing business relationships.
Employees and agents of our customers, suppliers, vendors, and service providers may contact us to access or correct Personal Data that we maintain about them by sending an e-mail to firstname.lastname@example.org, or by using the Contact Information section at the end of this EU Privacy Shield statement.
EU Employees We process Personal Data collected from our EU employees for business purposes, such as i) matters relating to day-to-day business operations, job functions, compensation, employee benefits, performance assessments, and training, ii) offering services and benefits to employees, iii) maintaining contact with current and former employees, and iv) compliance with our legal obligations.
Employees located in the EU should contact their local human resources manager to ask questions or obtain additional information about our practices with respect to Personal Data. Job applicants should also consult any additional terms that apply when they submit their applications or resumes.
Choice We will seek your consent prior to using the personal information in a manner incompatible with the purposes we describe in our EU Privacy Shield statement, purposes disclosed at the time of collection, or purposes subsequently authorized.
We will not transfer your data to third parties for purposes beyond the below mentioned without your express permission. We will request you to opt in for any transfer of information and if you choose not to provide that permission we will refrain from sending personal data to third parties for use outside of its intended purpose.
Other Necessary Disclosures and Onward Transfer We may disclose Personal Data to agents, suppliers, vendors, service providers, and subcontractors to perform services for legitimate business purposes. We require those organizations to protect Personal Data with appropriate safeguards as listed in the Privacy Shield Principles. Such organizations are prohibited by law or by contract from using Personal Data for purposes other than purposes disclosed at the time of collection, purposes disclosed in this EU Privacy Shield statement, or purposes subsequently authorized.
These organizations include financial institutions; human resources service providers; healthcare administrators; healthcare providers; employee stock plan administrators; database managers; customer service providers; and other organizations that provide financial services; accounting services, auditing services, actuarial services, tax preparation services, IT infrastructure, IT support, and IT development services, employee training services, customer relationship management services, and other technical, logistical, and administrative services. These organizations may perform functions such as fulfilling orders, analyzing data, providing training, administering and providing healthcare services, sending payment and wire transfers, providing customer service, providing IT support and systems management, and providing other financial, technical, logistical, or administrative functions.
We may disclose Personal Data in connection with the sale or transfer of all or part of its business. Personal Data disclosed for this purpose will still be protected in accordance with the relevant Privacy Shield Principles.
We may disclose Personal Data where required or permitted by law or by an order or requirement of a court, administrative agency, or other government entity, or by court rules concerning the production of records; where we have reasonable grounds to believe that use or disclosure is necessary to protect the rights, privacy, property, or safety of others; where we have reasonable grounds to believe that the information relates to breach of an agreement or violation of the law that has been, is being, or is about to be committed; or where it is necessary to enforce or apply our legal agreements, to pursue remedies, or to limit our damages.
Data Security and Data Integrity We take reasonable precautions to protect personal data on computer servers from loss, misuse and unauthorized access, disclosure, alteration, and destruction. We also make reasonable efforts to keep personal data reliable for its intended use, accurate, current, and complete. We retain information for as long as reasonably required for business purposes or to comply with our legal obligations.
Access At your request, we will provide you with reasonable access to your personal information, so that you can review what we have stored and, if you choose, request corrections to it. You may request access by writing to us at the address listed in the Contact Information section below. After you request access, we will provide the personal information that you request as soon as practically possible.
Recourse, Enforcement, Liability Please contact us with any questions or concerns related to this EU Privacy Shield statement by using the contact information given below. We will investigate and attempt to resolve complaints or disputes regarding personal information in accordance with this EU Privacy Shield statement. We are accountable for Personal Data that we receive under the Privacy Shield, including any Personal Data that we subsequently transfer to a third party as described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if the third-party agents that we engage to process Personal Data on our behalf do so in a manner that is inconsistent with the Privacy Shield Principles, unless we are able to prove that we are not responsible for the event giving rise to the claim. We have agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) to resolve disputes pursuant to the Privacy Shield Principles. For complaints that have not been satisfactorily addressed, you may contact the EU DPAs panel directly using the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. In the event that we or the assigned recourse mechanism is unable to resolve a complaint, binding arbitration may be pursued through the Privacy Shield Panel.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). Subsequently, we may be required to disclose Personal Data that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We have elected to use the self-assessment method for verifying our compliance with the U.S. Department of Commerce Privacy Shield Program.
Nexeo Communications & Corporate Affairs
3 Waterway Square Place, Suite 1000
The Woodlands, TX, USA 77380