Privacy and GDPR statement

Privacy and GDPR statement

                                                                        GDPR PRIVACY POLICY

                                                       Last date of revision: 21 November 2024

 

1. WHO DOES THIS PRIVACY POLICY APPLY TO?

1.1. Nissha Metallizing Solutions (“Nissha Metallizing Solutions", “the Group” or “We”) is the global market leader in the production of metallized paper for labeling and packaging solutions. Nissha Metallizing Solutions is a group of wholly owned subsidiaries of the Japanese multinational company, Nissha Co., Ltd.

1.2. Nissha Metallizing Solutions has five manufacturing facilities around the world (Belgium, Italy, the US, Brazil and Germany), and consists of the following companiesthat process personal data:

  •    Nissha Metallizing Solutions N.V., with registered office in Belgium, 3600 Genk, Woudstraat 8;
  •   Nissha Metallizing Solutions Srl, with registered office in Italy, Via Lombriasco 4-16, 12030 Casalgrasso;
  •   Nissha Metallizing Solutions Ltd., with registered office in the United States of America, Franklin, MA 02038, 24 Forge Park;
  •    Nissha Metallizing Solutions Produtos Metalizados Ltda., with registered office in Brazil, 2786 Osasco, São Paulo, Av. Dr. Alberto Jackson Byington;
  •    Nissha Metallizing Solutions GmbH, with registered office in Germany, Holzhauser Straße 96-100, 13509 Berlin.

 

1.3. This GDPR Privacy Policy (“GDPR Privacy Policy”) applies to the processing of personal data:

  •    by all Nissha Metallizing Solutions' companies established in the European Economic Area, regardless of whether the processing takes place in the European Economic Area or not;
  •    by all Nissha Metallizing Solutions companies established outside the European Economic Area, insofar as they process personal data of data subjects who are in the European Economic Area in the framework of:
  •    the offering of goods or services to such data subjects in the European Economic Area.
  •    the monitoring of their behaviour as far as their behaviour takes place within the European Economic Area.

 

1.4. All Nissha Metallizing Solutions are separate and independent legal entities. Depending on the processing activity in the context of which your personal data are processed, they may be qualified as a separate data controller or a joint controller with one or more of the other Nissha Metallizing Solutions.

Each Group company carries out data processing in accordance with current data protection regulations, providing respective privacy notices to different data subjects (e.g. employees, etc.).  

1.5. As far as the personal data processing made through the website www.nisshametallizing.com is concerned, the data controller is Nissha Metallizing Solutions NV, for the data collected on www.nisshametallizing.com.

1.6. We want to be a great group. In order to achieve that goal we are committed to work in the right way. We are committed to protect your privacy and to process your personal data in a transparent manner, in particular with respect to the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”).

1.7. Where relevant, we have made a distinction among:

  •    website visitors;
  •    contact persons of suppliers, customers, prospects or any other individuals whose personal data are processed in the framework of our business activities with legal persons.

 

2. WHAT IS COVERED BY THIS GDPR PRIVACY POLICY?

2.1. With this GDPR Privacy Policy we would like to inform you about why and how we process your personal data when we perform our business activities or when you use our website (www.nisshametallizing.com) (the “Site”) and any of the services we offer through our Site, whom we give that information to, what your rights are and whom you can contact for more information or queries.

2.2. Our Site may link to other sites provided by other affiliated companies/entities or by third parties. We link to websites that share our high standards and respect for privacy and recommend you consult the privacy statements on these websites, before disclosing any personal data.

 

3. WHY WE USE YOUR PERSONAL DATA

3.1. I AM A WEBSITE VISITOR

3.1.1. We only process your personal data for legitimate business reasons. These purposes include, but not limited to:

a.  dealing with enquiries and requests (e.g. sent via the online “contact us” form).

b.  gathering statistics about the use of the Site.

c.  improving the Site performance and design.

d.  marketing activities.

 

3.2. I AM A CONTACT PERSON OF A SUPPLIER, A CUSTOMER, A PROSPECT , OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED IN THE FRAMEWORK OF OUR BUSINESS ACTIVITIES WITH LEGAL PERSONS (E.G.  A VISITOR, A BUSINESS CONTACT , ETC.)

3.2.1. We only process your personal data for legitimate business reasons. These purposes include, but not limited to:

a.  supplier, customer, prospect, consumer , and visitor management;

b.  order and supply management;

c.  invoicing and accounting;

d.  services (including organizing our services) and activities (including dealing with enquiries, requests and complaints);

e.  marketing (including email direct marketing) and sales;

f.  statistics and market research;

g.  public relations and press contacts;

h.  respecting our legal obligations;

i.  dispute management;

j.  security measures.

 

4. THE LEGAL GROUNDS FOR PROCESSING YOUR DATA

4.1. I AM A WEBSITE VISITOR

4.1.1 We process your personal data based on the following legal bases for each purpose:

a.  dealing with enquiries and requests (e.g. sent via the online “contact us” form);

We process your personal data based on performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or on a legitimate interest;  

b.  gathering statistics about the use of the Site;  

We process your personal data based on consent.

c.  improving the Site performance and design;

We process your personal data based on consent.

d.  Marketing activities;

We process your personal data based on consent

 

When relying on legitimate interests, we always determine on a case-by-case basis whether our interests are not overridden by your interests, fundamental rights and freedoms. You may obtain the information on the balancing test by contacting the Group in the manner indicated in 5.2.

 

4.2. I AM A CONTACT PERSON OF A SUPPLIER, A CUSTOMER, A PROSPECT, OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED IN THE FRAMEWORK OF OUR BUSINESS ACTIVITIES WITH LEGAL PERSONS (E.G.  A VISITOR, A BUSINESS CONTACT, ETC.)

4.2.1. We process your personal data based on the following legal bases for each purpose:

a.  supplier, customer, prospect, consumer and visitor management;

We process your personal data based on legitimate interest.  This processing enables us to effectively manage the supplier, customer, prospect, consumer and visitor to provide our services.

b.  order and supply management;

We process your personal data based on legitimate interest. This processing enables us to effectively manage our operation of order and supply.

c.  invoicing and accounting;

We process your personal data based on legitimate interest. This processing enables us to settle payments in providing our services.

We may also process your personal data based on legal obligation to comply with applicable laws to accounting.

d.  services (including organizing our services) and activities (including dealing with enquiries, requests and complaints);

We process your personal data based on legitimate interest. This processing enables us to provide our services.

e.  marketing (including email direct marketing) and sales;

We process your personal data based on legitimate interest. This processing enables us to carry out marketing and sales activities.

We may also process your personal data based on consent if your consent is required for specific marketing activities, such as email direct marketing.

f.  statistics and market research;

We process your personal data based on legitimate interest. This processing enables us to carry out marketing and sales activities.

g.  public relations and press contacts;

We process your personal data based on legitimate interest. This processing enables us to communicate with the public.

h.  respecting our legal obligations;

We process your personal data based on legal obligation.

i.  dispute management;

We process your personal data based on legitimate interest. This processing enables us to manage risk in relation to disputes.

j.  security measures.

We process your personal data based on legitimate interest. This processing enables us to protect our system and your personal data.

When relying on legitimate interests, we always determine on a case-by-case basis whether our interests are not overridden by your interests, fundamental rights and freedoms. You may obtain the information on the balancing test by contacting the Group company in the manner indicated in 5.2.

 

5. YOUR RIGHTS

5.1. You have several rights concerning the personal data we hold about you. We would like to inform you that you have the right to:

  •    obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  •    ask that we update the personal data we hold about you or correct such personal data that is incorrect or incomplete;
  •    ask that we delete personal data that we hold about you or restrict the way in which we use such personal data if the requirements under the GDPR are met;
  •    withdraw consent to our processing of your personal data at any time, without affecting the lawfulness of processing based on the consent before the withdrawal (to the extent such processing is based on consent);
  •    receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or the performance of a contract);
  •    object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.

 

You may withdraw your consent at any time to the processing of your personal data for email direct marketing. If you do not want to continue receiving any direct marketing email from us, you can contact us (see below) or click on the unsubscribe function in any such communication. In that event, your personal data shall no longer be processed for such purposes.

5.2. In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at privacy@nisshametallizing.com, an email account managed by [enter the name of the group company that is data controller for the email account], that will forward your message to the relevant Group company. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

5.3. If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.

 

6. HOW WE OBTAIN YOUR PERSONAL DATA

6.1. I AM A WEBSITE VISITOR

6.1.1. We may obtain your personal data when you use the Site and its services. This may be for instance the case when you surf on the Site, when you fill in the “contact us” form on the Site, etc.

 

6.2. I AM A CONTACT PERSON OF A SUPPLIER, A CUSTOMER, A PROSPECT , OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED IN THE FRAMEWORK OF OUR BUSINESS ACTIVITIES WITH LEGAL PERSONS (E.G.  A VISITOR, A BUSINESS CONTACT , ETC.)

6.2.1. We may obtain your personal data in the framework of the execution of our business activities.

6.2.2. We may obtain such personal data from you (e.g. by contacting us, by completing online forms, by our business relationship), third parties (e.g. your employer or third party service providers that we use in the framework of our business activities) or publicly available resources.

6.2.3.When we obtain personal data from external parties, we enter into contractual clauses with these parties obliging them to respect the data protection legislation, which contains the obligations of the external parties to provide you with all necessary information and - if necessary - to obtain your consent for processing the personal data as described in this GDPR Privacy Policy.

 

7. PERSONAL DATA WE COLLECT

7.1. I AM A WEBSITE VISITOR

7.1.1. The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected in order to be associated with identified subjects, but which by its very nature could allow users to be identified.

This category of data includes (i) the IP addresses or domain names of the computers used by users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the user's operating system and computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing

7.1.2. On the Site, you have the possibility to contact us by completing the “contact us” form. The following personal data are collected through this form: first and last name, e-mail address, country, company, phone number (optional) and your message.

We also collect personal data through cookies on the Site, according to the cookie policy at this link [insert]

 

7.2. I AM A CONTACT PERSON OF A SUPPLIER, A CUSTOMER, A PROSPECT , OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED IN THE FRAMEWORK OF OUR BUSINESS ACTIVITIES WITH LEGAL PERSONS (E.G.  A VISITOR, A BUSINESS CONTACT , ETC.)

7.2.1. The personal data that we collect or obtain may, among other things, include :

  •    identification data (e.g. name, address (private/work), phone number (private /work), e-mail address (private / work);
  •    personal characteristics (e.g. age, gender, date of birth, place of birth, nationality, language, family composition);
  •    financial specifics (e.g. bank account number, creditworthiness);
  •    data about which products and services you order;
  •    data about how you interact with us (e.g. when you contact us) and other similar information.

 

8. DISCLOSURES

8.1. We may disclose your personal data to affiliated companies, and third parties that provide services to us and that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we use your personal data” section above. The following external parties may for instance be involved:

  •    external service providers we rely on for various business services;
  •    law enforcement authorities in accordance with the relevant legislation;
  •    external professional advisors (e.g. attorneys or consultants of the Group or its companies).

If our business enters into a joint venture with or is sold to or merged with another business entity, your personal data may be disclosed to our new business partners or owners.

8.2. Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Economic Area (such as Japan, the U.S.A, Brazil) whose laws may not provide the same level of data protection. To ensure that your personal data are processed in accordance with the principles related to data protection, Nissha Metallizing Solutions has adopted appropriate safeguards in line with the GDPR. If you want to obtain more information about the appropriate safeguards in place, you can e-mail us at privacy@nisshametallizing.com.

8.3. In general, we will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this GDPR Privacy Policy. We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

 

9. SECURITY OF YOUR PERSONAL DATA

9.1. We employ strict technical and organizational (security) measures to protect your personal data from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage both online and offline.

These measures include:

  •    training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  •    access to your personal data is limited to those who need the access to perform their duties;
  •    administrative and technical controls to restrict access to personal data on a ‘need to know’ basis (passwords, digital certificates);
  •    technological security measures, including fire walls, encryption and anti-virus software;
  •    physical security measures, such as staff security badges to access our premises.

 

10.  DATA RETENTION

10.1. I AM A WEBSITE VISITOR

10.1.1. Your personal data will not be retained longer than necessary for the purposes described above.

10.1.2. As a general rule, personal data obtained through the contact form on the Site are stored for a period of 1 year from the last contact with you. Depending on the specific situation and the applicable national legislation, we may , however , retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer : (i) as long as is necessary for our daily business; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.

 

10.2. I AM A CONTACT PERSON OF A SUPPLIER, A CUSTOMER, A PROSPECT , OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED IN THE FRAMEWORK OF OUR BUSINESS ACTIVITIES WITH LEGAL PERSONS (E.G.  A VISITOR, A BUSINESS CONTACT , ETC.)

10.2.1. Your personal data will not be retained longer than necessary for the purposes described above.

10.2.2. As a general rule, records in the framework of our business activities that may contain personal data (e.g. contracts, orders, correspondence etc.) are stored for a period of 10 years.

Personal data processed for direct marketing purposes, are however stored for a period of 1 year from the last contact with the individual concerned, without prejudice to the possibility of withdrawing consent given at any time. If you have become a customer during this period, we may however retain your personal data for a longer period, namely 10 years from the delivery of the products or services, or from the latest contact with Nissha Metallizing Solutions (if this contact would take place at a later date).

Depending on the specific situation and the applicable national legislation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer: (i) as long as is necessary for our daily business; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.

 

11. AUTOMATED DECISION-MAKING

11.1. Automated decisions are defined as decisions about individuals that are based solely on the automated processing of personal data and that produce legal effects that significantly affect the individuals involved.

11.2. As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.

 

12. HOW TO CONTACT US?

12.1. We hope that GDPR Privacy Policy helps you understand, and feel more confident about, the way we process your personal data. If you have any further queries about this GDPR Privacy Policy and the Site in general, please contact us by e-mailing us at privacy@nisshametallizing.com.

 

13. CHANGES TO THIS GDPR PRIVACY POLICY

13.1. We may modify or amend this GDPR Privacy Policy from time to time. Any changes we may make to this GDPR Privacy Policy in the future will be posted on this page. To let you know when we make changes to this GDPR Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended this GDPR Privacy will apply from that revision date. Please check back periodically to see changes and additions.