EU PRIVACY NOTICE CONCERNING CUSTOMER AND OTHER BUSINESS-RELATED PERSONAL DATA

1. INFORMATION ABOUT US
2. CONTACT DETAILS
3. WHAT PERSONAL DATA WE COLLECT AND WHY?
4. SHARING OF YOUR INFORMATION
5. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
6. YOUR RIGHTS

 

1. INFORMATION ABOUT US AND INTRODUCTION

Platform Specialty Products Corporation (sometimes referred to as “Platform,” “we,” the “Company,” or “us”) values and protects the Personal Data of our existing and prospective customers, business partners, suppliers, and website visitors.  Platform is a global, diversified producer of high technology specialty chemical products and provider of technical services with headquarters in the United States and trading in several countries some of which within the European Union. This Privacy Notice covering personal data of individuals in the EU contains important information about the way in which we collect, use, disclose, retain and otherwise process personal data. For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR“), Platform Specialty Products Corporation is the data controller responsible for any personal data that we process. Executive Headquarters: Platform Specialty Products Corporation 1450 Centrepark Boulevard, Suite 210 West Palm Beach, Florida 33401 561-207-9600 Platform Specialty Products have appointed MacDermid Graphics Solutions Europe as our representative office in the European Union.

2. CONTACT DETAILS

Questions, comments, and other communications regarding this Privacy Notice, or our privacy practices in general, are welcomed and should be addressed to our Data Protection Privacy Advocate. Any queries and requests regarding this privacy notice may be sent by email or post to: Data Protection Privacy Advocate MacDermid Graphics Solutions Europe Rue de l’Industrie- BP 30160- 68702 Cernay Cedex, France Email:  DPPA@MacDermid.com

3. WHAT PERSONAL DATA WE COLLECT AND WHY?

This section 3 covers the different sources and categories of personal data that we collect and process, why we do so, and the lawful bases for processing by Platform. Depending on your relationship with Platform, please see the relevant section below where we describe how we obtain your personal data and how we will treat it. This privacy notice covers the processing of information for the following categories of individuals: Section 3.1 Representatives of our Existing or Prospective Customers, Business Partners and Vendors Section 3.2            Visitors to Premises Section 3.3            Website Visitors Section 3.4            Job applicants

3.1 Representatives of our Existing or Prospective Customers, Business Partners and Vendors

We may collect personal data related to employees, directors, authorised signatories, in other words, representatives of Platform’s existing or prospective customers, business partners or vendors.
A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?
D – How long do we keep your personal data?

A – Sources of personal data

We may obtain your personal data from the following sources:

1. from you directly,
2. from a company that employs you, if you are an employee of our existing or prospective customer, business partner or vendor,
3. from Platform’s affiliates see the list in Annex 1;
4. during networking events that we have either hosted, or sponsored, or attended; and/or
5. from publicly available sources (for example, your company website or social media sites)

B – Personal data that we collect and process

We may collect the following categories of personal data relating to our existing or prospective customers’ or vendors’ employees, officers, authorised signatories, and other associated individuals:

1. name;
2. business address;
3. business email address;
4. business telephone number;
5. job title;
6. date of birth;
7. business bank details;
8. credit information; and/or
9. billing information.

C – Why do we collect your personal data and what are our lawful bases for it?

Representatives of our Existing or Prospective Customers and Vendors
We may use your personal data to:	Our lawful basis for doing so is:	Our legitimate interests in doing so are:
Provide you with our products or services or receive products or services from you	Legitimate Interest	Efficiently fulfil our contractual and legal obligations Management Reporting (including at an intra-group level)
Establish and manage our relationship		Efficiently fulfil our contractual and legal obligations Account Management Understand the market in which we operate Management Reporting (including at an intra-group level) Exercise or defend legal claims
Learn about how our products and services are or may be used		Understand the market in which we operate Management Reporting (including at an intra-group level)
Security		Managing security, risk and fraud prevention Management Reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication		Promote our goods and services Management Reporting (including at an intra-group level)

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 2. Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

D – How long do we keep your personal data?

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. We will keep your personal data for the duration of our business relationship with regard to the provision of goods or services to you.  We will retain information about you after the closure of a customer account or the end of a business relationship as long as required for legal, regulatory and legitimate business purposes. Upon expiry of such data retention period, we will delete it securely.

3.2 Visitors to Our Premises

A – Sources of personal data B – Personal data that we collect and process C – Why do we collect your personal data and what are our lawful bases for it? D – How long do we keep your personal data?

A – Sources of personal data

We may obtain your personal data from you directly and from our business systems’ records.

B – Personal data that we collect and process

1. name;
2. business contact details;
3. organisation;
4. role;
5. time and date of your visit; and/or
6. image (for example, from CCTV cameras at our premises).

C – Why do we collect your personal data and what are our lawful bases for it?

Visitors to our Premises
We may use your personal data to:	Our lawful basis for doing so is:	Our legitimate interests in doing so are:
Security	Legitimate Interest	Managing security, risk and crime prevention
Maintain records of visitors to our premises		Management Reporting
We may use your personal data to:	Our lawful basis for doing so is:
Where you provide us with information regarding your disability, we will process it as part of our legal obligation to make reasonable adjustments for recruitment process	Legal Obligation

If you object to us using your contact details for these purposes, please let us know using the email address provided in section 2.

D – How long do we keep your personal data?

We keep your personal data for as long as necessary to ensure the security of our office visitors, once this period ends and when there is no longer a legal or a business need to keep it, we will delete it securely.

3.3 Website Visitors

A – Sources of personal data B – Personal data that we collect and process C – Why do we collect your personal data and what are our lawful bases for it? A – Sources of personal data We may obtain your personal data from the following sources:

1. from you directly (for example, at the time of subscribing to any services offered on our website, including but not limited to ‘Contact Us’ submissions on our website [com/get-in-touch-with-the-team], email mailing lists, interactive services, posting material or requesting further goods or services);
2. from your device or browser; and/or
3. if you contact us, we may keep a record of that correspondence.

B – Personal data that we collect and process

1. name;
2. username;
3. email address
4. operating system;
5. browser type;
6. cookie data (please refer to the below table for specifics);
7. preferences regarding online marketing; and/or
8. IP address.

C – Why do we collect your personal data and what are our lawful bases for it?

Website Visitors
We may use your personal data to:	Our lawful basis for doing so is:	Our legitimate interests in doing so are:
Provide our website services to you	Legitimate Interest	Website Management Promote our goods and services Account Management
Establish and manage our relationship		Understand the market in which we operate Management Reporting (including at an intra-group level) Account Management
Learn about our websites(s) users’ browsing patterns and the performance of our website(s)		Website Management
Security		Managing security, risk and crime prevention Management Reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication		Promote our goods and services Management Reporting (including at an intra-group level)
Learn about how our products or services may be used		Understand the market in which we operate Management Reporting (including at an intra-group level)

If you object to us using your contact details for these purposes, including direct marketing, please send us an email using the email address in section 2. Where we use cookies or similar technologies we will seek your prior consent where required to do so by law. Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

3.4 Job Applicants

We may collect personal data related to job applicants for positions advertised on our website. A – Sources of personal data B – Personal data that we collect and process C – Why do we collect your personal data and what are our lawful bases for it? D – How long do we keep your personal data?

A – Sources of personal data

We may obtain your personal data from the following sources:

1. from you directly,
2. from a third party, for example, individual referrals or a recruitment agency,
3. from Platform’s affiliates [see the list in Annex 1];
4. via hard copy and web-based application forms;
5. during networking events that we have either hosted, or sponsored, or attended; and/or
6. from publicly available sources (for example, professional networks, such as LinkedIn)

B – Personal data that we collect and process

We may collect the following categories of personal data, which may differ, depending on the content of your CV or baseline documents you submit to us:

1. name;
2. residence address;
3. personal email address;
4. telephone number;
5. date of birth;
6. career and education history;
7. skills, experience, and qualifications;
8. personal interests, languages spoken, questionnaire results;
9. gender;
10. names and contact details for references. Please note that it is your responsibility to obtain consent from your references prior to providing us personal information about them;
11. current and historic salary details together with salary expectations;
12. details of your current benefit entitlements;
13. information about your entitlement to work in the country in which the Platform EU affiliate is located;

C – Why do we collect your personal data and what are our lawful bases for it?

Job Applicants
We may use your personal data to:	Our lawful basis for doing so is:
Contact referees Conduct background checks Verify information submitted Consider you for other employment positions with Platform’s	Consent
Check your eligibility to work in the country in which the Platform’s affiliate is located	Legal obligation
Where you provide us with information regarding your disability, we will process it as part of our legal obligation to make reasonable adjustments for recruitment process
We may use your personal data to:	Our lawful basis for doing so is:	Our legitimate interests in doing so are:
Facilitate the selection process Assess and confirm your suitability for employment Communicate with you	Legitimate interests	Talent Management (including at an intra-group level)
Execute business process and internal management		Management Reporting (including at an intra-group level)
Safeguard the security of our infrastructure, premises, assets and office equipment, including prevention of criminal activity, defending legal claims		Managing security, risk and crime prevention Exercise or defend legal claims

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 2.

D – How long do we keep your personal data?

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than six months after decision, unless we obtained their consent to keep it for longer.

4. SHARING OF YOUR INFORMATION

Data that we collect may be shared with our affiliated companies, suppliers or service providers, and government authorities. See details in relevant sections below. Affiliates Government or regulatory bodies Service providers Mergers and acquisitions

Affiliates

We may share your personal data with affiliates (see the list in Annex 1 below) for the following purposes:

• to provide us with IT support and systems and tools for managing operations,
• overall group-wide risk management,
• litigation management,
• compliance with regulatory requirements applicable to affiliates, and

In so doing, our affiliates may be data controllers and / or data processors of your personal data together Platform.  As data controllers and / or data processors, these affiliates will process your data in line with the intra-group data transfer agreements in line with the requirements of the GDPR.

Government or regulatory authorities

We may also disclose information about you if we have a legal duty to do so or if we are required or requested by any governmental or regulatory authority or similar body pursuant to any applicable law or regulation. Otherwise, we will keep information about you confidential.

Service providers

We may give information about you to organisations that provide a service to us or are acting as our agents, subject to contractual measures that we put in place obligating such organisations, on the understanding that they will keep the information confidential and will comply with applicable data protection laws. For example, we may share your information with the following types of service providers that we engage with:

1. Technical support providers who assist with our website and IT infrastructure;
2. Third party software providers, who may include ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
3. Professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
4. Money laundering and compliance search providers;
5. Providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes; and/or
6. Providers that help us generate and collate reviews in relation to our services.

Mergers and acquisitions

In the context of mergers and acquisitions, we may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of its business.

5. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In general, when transferring your personal data outside the EEA (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

• the transfer is to a non-EEA country which has an adequacy decision by the EU Commission (e.g. Israel);
• the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA.
• the transfer is to an organization which has Binding Corporate Rules approved by an EU data protection authority; or
• the transfer is to an organization in the US that is EU-US Privacy Shield certified.

You may request a copy of the relevant document by contacting us as indicated  in section 2 above.

6. YOUR RIGHTS

You have the following rights in relation to your personal data under the GDPR:

1. to obtain information on how we handle your personal data and access documents which contain your personal data;
2. to request us to correct or update your personal data if it is inaccurate or out of date;
   1. to object to the processing of your personal data for the purposes of our legitimate interests, as discussed above;
3. to erase personal data about you that is held by us:
   1. which is no longer necessary in relation to the purposes for which is was collected,
   2. to the processing of which you object, or

• which may have been unlawfully processed by us;

1. to restrict processing by us, i.e. to restrict processing to storage only:
   1. where you oppose to deletion of your personal data and prefer restriction of processing instead, or
   2. where you object to the processing by us on the basis of its legitimate interests;
2. to transmit personal data that you submitted to us back to you or to another organisation in certain circumstances; and
3. If we rely on your consent (for example, when setting cookies on your device or for direct marketing or for keeping your CV), you may withdraw your consent at any time.

If you at any time decide to exercise any of these rights, please contact us as indicated in section 2 above. If you are unhappy with how we have dealt with your request or concern, you have the right to file a complaint with a data protection supervisory authority in the EU.

To view the list of affiliates, please click here.