For the purposes of applicable data protection laws and regulations, the Company is considered the “Data Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Policy. The Company is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or its affiliates. Before you provide us with any Personal Data or browse our Website, you must read through this Policy in full and make sure that you are comfortable with our privacy practices and agree to comply with the terms and conditions set forth herein.
Please note that our Website may contain links to other websites. These third party sites are not subject to this Policy and we recommend that you review the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the data that we collect and have no control over the actions of any third parties in relation to your Personal Data. Please refer to the Glossary below for an explanation of the defined terms in this Policy.
Whose Personal Data Do We Collect
The Company collects Personal Data from a range of individuals in the context of its business activities, including the following:
- Representatives of our suppliers, customers and other business contacts.
- Contractors and similar types of workers.
- Individuals that use, or otherwise access, our Website.
- Consumers and customers.
- Individuals who visit our premises or facilities.
- Job applicants.
- Individuals related to, or otherwise affiliated with, our Company’s employees.
- Individuals who contact us by any means.
How We Collect Personal Data
We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. For example, when individuals undertake the following activities, we generally collect their Personal Data:
- Use or access our Website and/or complete one of our web forms (e.g. using our “Ask the Expert” service).
- Contact our customer service centers or request information from us in any other way.
- Visit our premises.
- Submit an order to, or make a purchase with, the Company.
- Provide us your contact information via business card or otherwise.
- Complete a survey or otherwise provide us feedback.
- Communicate with us via social networking websites, third party applications, or similar technologies.
- Visit one of our trade counters at an exhibition.
We may also collect Personal Data from third party sources. For example, we may collect information from your employer; publicly available sources; our service providers, vendors, and other business contacts for the purposes described herein.
The Categories Of Personal Data We Collect
The Company may collect a range of Personal Data from, or about, you, during our business activities, such as the following:
- Identity data, such as your name, title, company/organization name, e-mail address, telephone and fax numbers and physical address (including street, city, state, postal code, and/or country). If you visit any of our business locations in person, we may require you to sign in and provide your name, car registration number, driver’s license number, or other information.
- Business contact data, such as information related to other employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we may conduct, or possibly conduct, business activities.
- Marketing and communications data, including your marketing preferences and your subscriptions to our publications.
- Transaction data, including inquiries about and orders for our products and services and details of payments to and from you, including purchase order history and information needed to facilitate payment transactions.
- Customer Feedback, and similar comments, surveys, and recommendation, including feedback about our Website, products, services, and data Processing practices.
- Usage data, including information about how you use our Website, the pages you view, the links you click, the materials you access, the date and time you access the Website, the website from which you linked to our Website, and other actions taken within the Website. We may also collect usage data if you access our internet services at a Company location or facility.
- Technical data, such as your Internet Protocol (IP) address, your browser type and capabilities and language and your operating system. For information about the cookies we use on our Website, please see below. We may also collect technical data if you access our internet services at a Company location or facility.
- Biometric data, as further detailed in the section on Biometric Data below.
When you do not provide Personal Data that the Company requests, we may not be able to provide you the requested service or complete a transaction, and you agree that the Company will not be liable or otherwise responsible for any actions resulting therefrom.
Data Processing Purposes
Generally, the Company Processes Personal Data for a broad range of purposes, including the following:
- To provide you with information about, and to fulfil your requests for, products and services.
- To answer your questions or respond to your feedback or inquiries.
- To conduct research and advertising.
- To contact you about improved products or product uses.
- To provide you with e-newsletters; email, or other communications.
- To allow you to participate in online support or “Ask the Expert” services.
- To notify you of any changes to your services and to provide you with information in relation to similar goods and services that may be of interest.
- To administer and manage warranties
- To communicate with you and third party contacts.
- To enable your participation in promotions, sweepstakes or consents.
- To administer our Website and help improve our products and services.
- To allow you to report problems with our Website.
- To carry out analytics in relation to the use of our Website.
- To comply with applicable laws, regulations, or other legal or administrative processes.
- To better ensure the security of the Company’s property, locations, and premises.
- To defend our legal, regulatory, and business interests.
- To protect the health and safety of Company’s employees, temporary workers, contractors, agents visitors or any other individual who may visit our business locations or facilities, for instance during a pandemic or other health emergencies.
Please note that you cannot communicate with us through the “Contact” or support links on the Website or via e-mail without providing some Personal Data. If you contact us or our service providers, a record of that session or correspondence will be maintained in accordance with applicable policy and/or law.
Talent Management And Recruitment
When you apply for employment via our Website or otherwise, we will collect additional Personal Data about you that is specific to that employment position, such as your qualifications, career history, third party references and interview notes. We may also ask you for other information, for example your interests and the types of jobs you are interested in. Any Personal Data you provide to us in relation to an employment application will be processed in accordance with this Policy and any other privacy statement that may be included with the job announcement to which you apply.
Legal Basis For Processing
In order to comply with certain applicable data privacy laws, the Company is required to set forth the legal basis for the Processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data, as set out above, the legal basis for the Company’s Processing of your Personal Data will typically be one of the following, which are not mutually exclusive:
- For the performance of a contract that we have in place with you or other individuals, or to take steps at your request prior to entering into a contract.
- To support the Company or our third parties’ legitimate business interests (for example, in maintaining and promoting our business by providing customers with feedback opportunities).
- To comply with our legal obligations.
- With your consent.
The Company has its corporate headquarters in the United States and is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or one of our affiliates. We may transfer your Personal Data to one or more such databases outside your country of domicile, potentially including countries which may not require an adequate level of protection for your Personal Data compared with that provided in your country, and in which case, Personal Data may be available to government authorities under lawful orders and laws applicable in such foreign jurisdictions. The Company and its affiliates have established reasonable and appropriate controls as required by applicable law to safeguard the possession of, and transfer of, Personal Data. If you are located in the EEA or the UK, you can request a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances, using the email address provided below. By providing the Company any Personal Data, you hereby consent to its transfer across international borders in accordance with this Policy.
Sharing And Disclosure Of Personal Data
The Company may share or otherwise disclose your Personal Data within the Company, to affiliates and subsidiaries, and selected third parties in accordance with applicable law. The following are examples of how your Personal Data may be shared and the reasons and purposes for undertaking such activities:
The Company may share your Personal Data with employees and other officials and representatives within our parent company, subsidiaries and affiliates who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or to direct a query that you have submitted to the relevant department or affiliate.
We may disclose your Personal Data to third parties, including the following: law enforcement and regulatory authorities; the Company's advisors and consultants; IT service providers; third parties engaged by the Company for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from the Company's Website; for the purposes of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; or to enforce the Company's policies or Website Terms and Conditions of Use.
We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
With your consent, we may disclose your Personal Data to third parties who offer products that may be of interest to you. These companies may then contact you directly with product or sample offers, personalized offers and information or to ask for your feedback on products and programs that may be of interest to you.
Our employees may use personal devices to access our systems containing your Personal Data, thus your Personal Data may be transferred through or to service providers who contract with our employees for cellular data everywhere in the world.
We may be required to share your Personal Data in order to comply with a court order, law, or legal process, including to respond to government or regulatory requests. We may disclose Personal Data if we have reason to believe that disclosure is necessary to identify, contact or bring legal action to enforce any of the Company’s rights, including against you or a third party, for non-payment, violation of any agreement with us, or to otherwise support our business interests. We may share your Personal Data to protect the safety of the Company, our customers or others; or to prevent injury to or interference with, our rights or property, or the rights or property of other data processors or anyone else that could be harmed by such activities.
To the extent you engage with the Company for us to provide you, or a third party, with any of the services or deliverables described herein, you hereby consent to the disclosure of your Personal Data to any third party the Company reasonable determines to be applicable to the provision of the services or deliverables, provided the third party does not also sell the Personal Data, unless that disclosure would be consistent with applicable data protection laws.
We Do Not Sell Personal Data
Without prior consent, the Company does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, Personal Data to another business or a third party for monetary or other valuable consideration.
The Company takes reasonable technical and organizational security measures to protect Personal Data from accidental or unlawful destruction or loss and unauthorized access, destruction, misuse, modification or disclosure. However, no information system can be fully secure, so we cannot guarantee the absolute security of your Personal Data. Moreover, we are not responsible for the security of Personal Data you transmit to us over third-party operated systems or networks, including the Internet and wireless networks. You provide the Company with any and all information, including Personal Data, at your own risk and you hereby agree that, to the extent permitted by law, the Company shall not be liable or otherwise responsible for any data incidents that may compromise the confidentiality, integrity, or security of your Personal Data.
We will keep your Personal Data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us and the country in which the Personal Data is processed. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty, and liability purposes. We may also keep a record of correspondence with you (e.g., if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
Your Rights And Responsibilities
You are permitted, and hereby agree, to only disclose or otherwise provide Personal Data to the Company if such Personal Data is accurate, reliable, and relevant to our relationship, and only to the extent such disclosure or provision will not violate any applicable data protection law, statute, or regulation, or infringe upon any person’s data privacy rights or privileges. Some data protection laws, such as the General Data Protection Regulation (EEA),and the California Consumer Privacy Act (United States), provide individuals with the rights described below. If you are in the EEA, a California resident, or otherwise afforded such rights and would like to exercise them in the context of any of your Personal Data the Company (or a service provider or processor acting on our behalf) has in our possession, custody, or control, please contact us, or have your authorized agent contact us, in accordance with the instructions listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose Personal Data is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request, where permitted by law. If you make, or an authorized agent on your behalf makes, any request related to your Personal Data, we will ascertain your identity, or the identify of your authorized agent, to the degree of certainty required under the law before addressing your request. For example, the Company may be required you to match at least two or three pieces of Personal Data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, Personal Data, or otherwise responding to your request. We may also request that the authorized agent provides written documentation that demonstrates his/her authorization to act on your behalf. The data privacy rights afforded under data protection laws are not absolute, and the Company may be permitted to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us.
Marketing and Unsubscribe. In accordance with applicable law, we may process your Personal Data for marketing purposes. If, at any time, you decide that you no longer want to receive commercial communications from us, whether by email, telephone or post, you can “opt-out” from receiving such communications by clicking on the “unsubscribe” link provided at the bottom of each commercial email and updating your preferences, or by contacting us at dataprotection[at]ro-m.com. Some jurisdictions provide individuals with the right to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To the best of the Company’s knowledge, we do not share Personal Data with third parties with whom we have reason to believe use such information for their own direct marketing purposes.
Correcting your Information. Keeping your Personal Data accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to delivery relevant services to you. Please let us know about any changes that may be required to your Personal Data via dataprotection[at]ro-m.com.
Accessing and Transferring Personal Data. Some data protection laws provide individuals with the right to know about, and access, the Personal Data we have collected about them, including the categories and specific pieces of Personal Data we have collected; the categories of sources from which the Personal Data is collected; the business or commercial purpose for collecting the Personal Data; the categories of third parties with whom we have shared, disclosed, or sold Personal Data and the purpose for doing so. In addition, some jurisdiction provide individuals with the right to request the Company transfer, to the extent feasible, Personal Data in certain forms and formats.
Erasing and Deleting Personal Data. Some data protection laws provide individuals with the right to request that we (and any applicable service provider or processor acting on our behalf) delete/erase your Personal Data in our possession, custody, or control.
Object to Processing. Some data protection laws provide individuals with the right to object to the manner in which the Company undertakes certain types of Processing involving your Personal Data, including where we are relying on a legitimate business interest for such Processing or engaging in direct marketing.
Restriction of Processing. You may be entitled to request that we restrict our Processing of your Personal Data, for example, in circumstances in which the accuracy of the Personal Data is contested.
Do Not Track Signals. Some web browsers may transmit “do-not-track” signals to websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Anti-Discrimination. Some data protection laws provide the organizations are prohibited from discriminating against individuals for exercising their data privacy rights. The Company does not, under any circumstances, intend or otherwise seek to discriminate against individuals for any reason, including for exercising a data privacy right.
Persons with Disabilities. The Company strives to ensure that every person has access to information related to our products and services, including this Policy. Please contact us if you would like this Policy provided in an alternative format and we will take commercially reasonable measures to meet your needs.
Some data protection laws afford individuals the right to lodge a complaint about an organization’s Processing with government or regulatory authorities. For example, individuals in the EEA have the right to lodge a complaint with the competent Data Protection Authority, a list of which can be accessed at: edpb.europa.eu/about-edpb/board/members_en.
Children’s Personal Data
The Website and services are not intended for “children,” which may be defined differently within applicable data protection laws. We do not knowingly Process information of children under the age of sixteen (16) without the consent of their parents or legal guardians and you are hereby prohibited from providing the Company with any such information. In an instance where such information was collected, it would be purely accidental and unintentional. By using our Website or otherwise providing us with Personal Data, you hereby represent that you are over the age of sixteen (16) and the Personal Data does not relate to any person under the age of sixteen (16).
Non-Personal Data Information & Cookies
Non-Personal Data is information that does not identify you as an individual, either directly or indirectly. The Company, either directly or through third parties, may automatically collect certain types of Non-Personal Data from you when you are using the Company’s Website. We may also collect Non-Personal Data that you voluntarily provide, such as information included in response to a questionnaire or survey.
We may share Non-Personal Data with other third parties that are not described above. When we do so we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your household, your computer, or your device. Aggregation means that we combine the Non-Personal Data of numerous people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular person.
Except for any Personal Data the Company may collect from you as described in this Policy, any material, information or other communication you transmit, upload or post to the Website or email to the Company (“Communications”) will be considered non-confidential and non-proprietary. The Company will have no obligation to preserve the confidentiality or refrain from disclosing Communications. The Company will have no liability for and will be free to copy, disclose, distribute, incorporate and otherwise use the Communications and all data, images, sounds, tests, product ideas, suggestions or enhancements, as well as anything embedded therein for any and all commercial or non-commercial purposes.
Social Media Features
Questions and complaints
If you have a concern or complaint about how the Company has used your Personal Data, or to exercise any data protection rights afforded to you under the law, please contact us at any of the following: dataprotection[at]ro-m.com, www.rust-oleum.eu/contact/, or at +32 (0)13 460 200.
Changes to this Policy
We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our Website. It is your responsibility to review the Policy every time you submit information to us or place an order.
A party that determines the purposes and means of data processing.
Data Protection Authority
The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of Company and/or affiliate;
European Economic Area (EEA)
The EEA includes all European Union member states and Iceland, Liechtenstein and Norway. For purposes of this Policy, the EEA will include the United Kingdom in the event it leaves the European Union.
Information that is subject to an applicable data protection law which relates to an identified or identifiable individual and may include names, addresses, email addresses, job applications, user account information, correspondence, web browsing information (e.g. data associated with a particular cookie) and IP addresses, when such information can be linked to an individual.
Doing anything with Personal Data; this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party, or even deleting it.
Last updated September 8, 2020