Cookie Policy
Effective from: 1st May 2024
Introduction
This is the Privacy Notice for Wavin B.V. and its affiliates (hereinafter: “Wavin”, “we”, “our” or “us”) and its websites (referred to as “Website”). This Privacy Notice applies to Personal Information that we process about you when you:
- Use any of our Websites (including all subdomains depending on your location);
- Use any of our IT systems, including messaging, applications (unless a specific privacy notice applies) and collaboration platforms (“IT systems”)
- Create an account on any of our Websites, subdomains, applications or IT systems;
- Contact us or when we contact you;
- Apply for one of our job vacancies;
- Purchase or make use of goods or services from us (including attending webinars, training, tradeshows, etc.);
- Provide services or goods to us (for example, you are a sole trader or where you are providing services or goods on behalf of your employer/contractor); and
- Visit our premises.
This Privacy Notice also explains your rights in relation to the Personal Information that we collect and how to exercise them. Throughout this Notice, each of these activities will be collectively referred to as the “Activities”
The data controller for Personal Information collected under this privacy notice is Wavin B.V. and/or the relevant Wavin Group entity that you are dealing with, or with whom your data may be shared as explained further in this notice. An overview of the applicable responsible Wavin Group entities and, where applicable, their representatives, can be found here. You can contact us using the details in Section 12.
1. What Personal Information Do We Collect
Personal Information means any information which can directly or indirectly identify a living individual. We collect the following Personal Information:
Personal Information Collected Directly From You (where provided)
- Identification Details: including your first and last name, title, gender, job title, company name, and “myWavin” account information, including username (email address) and password.
- Contact Details: including your personal or business phone number, email address, home or business address.
- Communication Details: including Identification Details and Contact Details and any information which you provide in the form of queries, comments, feedback, on social media messaging, within contact forms or otherwise.
- Application Details: including Identification Details, Contact Details, CV details, cover letter, information within your CV, and preferred locations of work, when you apply for a vacant role.
- Marketing Preferences: including preferred methods of contact, your Contact Details, and your interests.
Personal Information Collected When You Become A Customer Or Supplier
- Contract Details:
- Account Details
- Payment Details:
- Product or Service Usage Details
Personal Information Collected From Your Time on Our Premises
- Visitor Details
- Recording of Footage
Personal Information Collected Automatically
- Cookies and Preference Details
Personal Information Collected Indirectly
We may receive Personal Information about you from indirect sources for example:
- Reference Details
- Employee Referral Programmes:
- Credit Checks:
There are also other sources of your Personal Information that may be applicable from time to time, such as, government agencies, tax authorities. We may also collect information that is available publicly (e.g., journalist contact details or media contacts) etc.
2. What We Do With Your Personal Information and Legal Bases Relied On
Wavin collects and uses your Personal Information for the purposes and on the lawful bases as set out below.
For our Legitimate Interests. We process your Personal Information for the following purposes on the basis of our legitimate interests or those of a third-party, where they are not outweighed by your interests or fundamental rights and freedoms:
- Communication Purposes.
- Business and Operational Purposes.
- Social Media Interaction Purposes.
- Personalisation Purposes.
- Customer Optimisation Purposes.
- Online Campaign and Promotion Purposes.
- Phone Call Recording Purposes.
- Prevention and Detection of Unlawful Activities Purposes.
- Product and Services Improvement Purposes.
- Health, Safety and Security Purposes
- Processing Job Application Purposes.
Your Consent. We process your Personal Information for the following purposes on the basis of your consent:
- Newsletter and Marketing Purposes
- Cookies and Analytics Purposes
- Photograph or Video Purposes.
To Enter Into and Administer Our Contracts With You. We will process your Personal Information for the following purposes on the basis of performing contracts with you (as a customer or supplier):
- For the purposes of setting up customer/supplier accounts.
- To administer services or provide goods that we have been contracted to perform or sell.
Legal Obligations. We may process your Personal Information for the following purposes on the basis of our legal obligations:
- Compliance Purposes.
- For the Purposes of Defending Against Legal Claims, Demands or Proceedings
- For the Purposes of Establishing, Protecting or Exercising Legal Rights.
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may also anonymize or aggregate any of the Personal Information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually.
3. How We Share Personal Information
To fulfil the purposes described above, from time to time we share your Personal Information with other entities that assist us in our Activities. These entities will have access to your Personal Information, but only when necessary to perform their services. We do this on a need-to-know basis, and we ensure that before we share your Personal Information, we put in place appropriate contractual agreements as required.
These entities may include:
A. Other entities within our Group – this may include within the Wavin group, or with other or affiliate entities to the extent required for internal administration purposes, management purposes or other business-related purposes as described within this Notice.
B. Service Providers and Data Processors – we may engage service providers from time to time who assist us in our Activities, including, for example:
- Business partner suppliers including, without limitation: IT providers, website hosting providers, CRM database providers, etc., and sub-contractors who might assist with the performance of any contract we enter into with them or to provide services on our behalf;
- Marketing companies and other advertising companies that assist us or that carry out marketing activities on our behalf;
- Analytics and search engine providers that assist us in the improvement and optimisation of our Website and Activities.
We may also share Personal Information with third parties:
A. Who are Professional Advisors – including, without limitation: tax, legal or other corporate advisors who provide professional services to us to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm and for risk management purposes.
B. In the case of a legal requirement or legal proceedings – such as in response to court orders, law enforcement of legal process, for national security purposes, to establish, protect or exercise our legal rights, as required to enforce our terms of service or other contracts, to defend against legal claims or demands, to detect, investigate, prevent of take action against illegal activities, or threats to rights, property or a person’s safety; or in the context of an investigation, regulatory requirement, judicial proceeding, or to protect the rights or safety of the Website, our Activities, and/or our affiliated entities.
C. In the case of a corporate transaction or reorganisation – Personal Information may be disclosed to third parties as part of any merger, sale, transfer of our assets, acquisition, bankruptcy, or similar event.
D. In line with your consent or request – we may disclose your Personal Information to a third-party where you have provider prior consent or have requested that we do so.
4. International Data Transfers
or individuals who reside in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, it is likely that we may need to transfer Personal Information to locations outside of the EEA, UK, or Switzerland in order to facilitate and manage our global business operations.
Similarly, subject to compliance with local law requirements, the recipients of Personal Information described in Section 3 may be located in countries whose laws regarding data protection may not offer an adequate level of protection compared to the laws in your country. For example, not all countries outside the EEA, UK or Switzerland offer the same level of protections.
Where we transfer Personal Information to other entities within our group, or service providers based outside of these locations, we rely on the following safeguards:
- Adequacy Decisions
- European Standard Contractual Clauses (“SCCs”)
- The UK International Data Transfer Agreement (“IDTA”)
- In limited circumstances where the transfer is permitted by applicable data protection laws.
The European SCCs are contractual clauses approved by the European Commission that ensure appropriate data protection safeguards when personal information is transferred from the EEA to third countries. They can be viewed here.
The UK's IDTA has been issued by the UK Government to ensure appropriate data protection safeguards when personal information is transferred from the UK to third countries or territories that have not been deemed adequate by a formal decision of the UK Government. This can be viewed here.
You may request a copy of the European SCCs and/or UK IDTA by contacting us using the details at Section 12.
5. How Long We Retain Personal Information
We retain your Personal Information for as long as required to satisfy the purpose for which they were collected and used, unless a longer period is necessary to comply with legal or contractual obligations, or to defend a legal claim.
To determine the appropriate retention period for Personal Information, we firstly consider applicable legal requirements or whether any statutory retention periods apply. We also consider the volume, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means.
Your Rights
If you are located within the EEA, in certain circumstances, you have the following rights:
- You can request information about how we process your Personal Information, where and how we collected your data, the categories of Personal Information, with whom we share it, and how long we retain it.
- You can request access to copies of your Personal Information which we process.
- You have the right to request that we correct the Personal Information we maintain about you if that data is inaccurate or out of date.
- You can request the deletion of certain Personal Information that we have collected from or about you.
- You can object to the processing of your Personal Information or ask us to restrict the processing.
- You can request portability of your Personal Information (meaning we will transfer it from our IT environment to another environment).
- You can opt out of marketing communications we send at any time. You can opt out by clicking on the “unsubscribe” or “opt-out” link in any marketing email that we send you.
- When we have collected and processed your Personal Information based upon your consent, you may withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect processing of your Personal Information when we have relied on other legal grounds for the processing.
- As a French resident, you have the right to post-mortem guidance meaning you can provide guidelines regarding the retention, deletion and communication of your personal data after your death.
- You also have the right to lodge a complaint to your relevant data protection authority about our collection and use of your Personal Information. We encourage you to contact us first if you have any queries, comments, or concerns about the way we handle your Personal Information. However, as explained above, you also have the right to make a complaint to your local data protection authority.
If you have any questions or if you wish to exercise one of your rights under applicable local data protection laws, please use the contact details provided in Section 12 below and specify your request.
6. California Resident Notice
Under California Civil Code Section 1789.3, users of electronic commercial services are entitled to the following specific consumer rights notice: The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 N. Market Blvd., Suite S-202, Sacramento, California 95834, or by telephone at (800) 952-5210.
Under the California Consumer Privacy Act or "CCPA”, California residents have the right:
- To request (twice in a 12-month period) the disclosure of the categories and specific pieces of Personal Information that we collected about you, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you.
- You can request that we correct the Personal Information we maintain about you if that data is inaccurate or out of date.
- To request the deletion of certain Personal Information that we have collected from or about you.
- To request to opt out of the sale of Personal Information for cross-context behavioural advertising purposes (where such data is sold).
- Not to be discriminated against.
You may request to exercise your rights under the CCPA by submitting a request (yourself or by an authorized agent) through the contact details provided below or, dial us at + 1-800-xxx-xxxx or + 1-xxx-xxx-xxxx and specify your request.
We may request additional information necessary to confirm your identity. We will provide information on the actions taken without undue delay. Verifiable consumers requests shall be addressed, and data will be provided in a portable format, within 45 days, subject to exceptions set out in the CCPA.
Under California Civil Code Section 1798.83, California residents can request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of Personal Information and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes and (b) the names and addresses of all such third parties.
To make such a request from us, if entitled, please submit a written request to the contact details provided in Section 12. We will respond to such properly addressed written requests.
7. Security of Personal Information
Wavin recognizes the importance of data security for our stakeholders. We treat your Personal Information with the utmost care and have put in place appropriate security measures to protect the confidentiality, integrity, and availability of your Personal Information from unlawful or unauthorized processing and accidental loss, destruction, or damage.
We monitor our network and systems for vulnerabilities and attacks, and also carry out regular testing to identify ways to further strengthen security.
Although we take commercially reasonable measures to protect your Personal Information, we cannot guarantee its security. For this reason, we urge users to take every precaution to protect their Personal Information whilst using the Internet.
8. Do-Not-Track Requests
We do not respond to Do Not Track requests. Do Not Track is a preference you can set in your web browser to inform websites and mobile applications that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
9. Other Websites
Our Website may, from time to time, contain links to and from third-party websites, such as our business partners, social media networks, branch organizations and affiliates.
If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. Please consult these notices before you submit any Personal Information to these websites.
10. Changes to This Privacy Notice
We will update our Privacy Notice as needed and the most recent version will be available on each applicable Website at all times.
If a fundamental change to the nature of the use of your Personal Information is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you separately.
This Privacy Notice was last updated in May 2024.
11. Contact Us
If you have any questions about this Privacy Notice or the processing of your Personal Information in general, or if you wish to exercise any of your rights, please email us at dataprivacy@orbia.com indicating the nature of your query.