Privacy Protection

ee

SEKISUI S-LEC AMERICA, LLC CLIENT DATA PROTECTION NOTICE

Sekisui S-Lec America, LLC. ("Sekisui”) greatly appreciates the opportunity to work with you. We value your trust and strive continually to justify that trust.

As you likely will have heard, the General Data Protection Regulation ("GDPR”) is effective from May 25, 2018, bringing with it new requirements for the handling of personal data, including personal data of Sekisui’s clients like you.

Sekisui is committed to protecting the privacy and security of your personal information. This data protection notice describes how we collect and use personal information about you and individuals affiliated with you prior to, during, and after your client relationship with us. It applies to all prospective and current clients. As updated from time to time, this notice will continue to apply after our work for you concludes.

With respect to certain individuals in the European Union, Sekisui may be considered a data controller under applicable data protection laws as they may vary from time to time, including the General Data Protection Regulation (Regulation (EU) 2016/679) ("Data Protection Laws”). This means that we are responsible for deciding how we hold and use personal information about you. We are providing this notice pursuant to the Data Protection Laws. This notice does not form part of any contract to provide legal services. We may update this notice at any time.


Terms used in this notice

In this notice, Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and Process and Processed shall be construed accordingly.

Sensitive Personal Data means information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health and data concerning a natural person’s sex life or sexual orientation.


The Personal Data that Sekisui collects

Depending on the requirements of a particular matter, Sekisui may receive the following Personal Data about you, which includes Sensitive Personal Data:

Your name;

Your contact details (e.g. postal address, personal or business email address, telephone number, mobile number);

Your date of birth;

Your gender;

Your race or ethnicity;

Your nationality; Your bank details;

Your governmental identification numbers;

Information relating to your health;

Information relating to your insurance;

Information relating to your taxes;

Your educational history and qualifications;

Your employment history;

Information relating to your employment and work performance;

Information relating to your travel arrangements;

Your passport and visa details;

Premises security information, which may include access logs and CCTV footage;

Photographs; and

Information relating to your family; and

Other information relating to the matters which Sekisui acts for you.

In addition to Personal Data that you provide to Sekisui, Sekisui may obtain Personal Data about you from others, including third-party databases in the course of performing required checks such as anti-money laundering or sanctions checks. Depending on the circumstances of a particular matter, we also may obtain Personal Data from other parties in connection with our work on your behalf.


Why Sekisui uses your Personal Data

The legal basis that Sekisui relies upon for Processing your Personal Data, whether such Processing occurs before, during or after your relationship with Sekisui, will fall into one of the following categories:The performance of any of Sekisui’s obligations under your engagement with Sekisui as well as Sekisui’s policies or legal obligations (including Anti-Money Laundering and sanctions checks; the legitimate interests of Sekisui, including checks necessary to protect Sekisui’s financial position; and where applicable, your provision of consent for Sekisui to Process your Personal Data in a certain way.

The legal basis that Sekisui relies upon for Processing your Sensitive Personal Data, whether such Processing occurs before, during or after your relationship with Sekisui, will fall into one of the following categories: where the Processing is necessary to comply with Sekisui’s legal obligations; where the Processing is necessary for reasons of substantial public interest; where the Processing is necessary for the establishment, exercise or defense of legal claims; and where you have provided explicit consent for Sekisui to use your Sensitive Personal Data in a certain way.

Sekisui does not require consent to use Sensitive Personal Data in order to carry out its legal obligations. In limited circumstances, Sekisui may approach you for your written consent to allow it to Process Sensitive Personal Data; if Sekisui does this, it will provide you with full details of the information it would like to use and the reason for such use, so that you can consider whether you wish to consent. In situations involving personal data relating to children under the age of 16 (or a lower age if permitted by the Data Protection Laws), Sekisui will seek parental consent.


Sekisui may use your Personal Data, including Sensitive Personal Data, for the following purposes:

administering arrangements concerning your client relationship with Sekisuicarrying out checks prior to or during the course of your relationship with Sekisui, such as Anti-Money Laundering or sanctions checks; conducting Sekisui’s ongoing business; processing any payments received on your behalf, including any legal obligations relating to such payments; and providing you and your representatives with marketing information about Sekisui and our services.

We will not Process your Personal Data, or Sensitive Personal Data, for any other purposes incompatible with the purposes mentioned above.


If you fail to provide Personal Data

If you fail to provide certain Personal Data when requested, Sekisui may not be able to perform the services that it has agreed to provide for you, or may be prevented from complying with our legal obligations (such as running required checks).


With whom Sekisui will share your Personal Data


Sekisui will not sell your Personal Data to third parties.

Sekisui may sometimes share your information with its trusted service providers and other third parties who perform services and functions on Sekisui’s behalf to support its interactions with you, including for example technology providers, disclosure and discovery vendors, experts, and consultants.

Sekisui may also have to disclose your Personal Data to comply with a legal obligation imposed on it.

From time to time, Sekisui may disclose your Personal Data to organizations for the purposes of fraud and credit risk reduction. Sekisui may also share your Personal Data with its legal advisers for the purposes of obtaining advice and the protection of its legal rights


Where Sekisui stores your Personal Data and how it secures your Personal Data

Data received by Sekisui may be transmitted to, processed in, and stored in the United States. Accordingly, your Personal Data may be stored and processed outside of the European Economic Area. Where this is the case, Sekisui will have adequate safeguards in place to ensure the security of your Personal Data.

To safeguard your Personal Data, Sekisui maintains appropriate physical, electronic and procedural safeguards. However, please note that the transmission of information via the internet is not completely secure. Although Sekisui will do its best to protect your Personal Data, it cannot guarantee the security of any such Personal Data transmitted via the internet.


How long will Sekisui keep your Personal Data?

Sekisui will retain your Personal Data for seven years following the conclusion of your matter. After that time, unless Sekisui has an ongoing basis to maintain that information, Sekisui will delete your Personal Data from its systems and notify any third parties to whom it transferred your Personal Data of the need to delete that data.


Your rights

You have a number of rights under the Data Protection Laws, including the right to: Access a copy of the Personal Data that Sekisui holds about you; Rectify inaccuracies in Personal Data that Sekisui holds about you; Have the Personal Data that Sekisui holds about you erased in certain circumstances; Restrict the Processing of your Personal Data in certain circumstances; Object to the Processing of your Personal Data in certain circumstances; Transfer the Personal Data that Sekisui holds about you to another entity in certain circumstances; and Withdraw any consent you have provided.

If you would like to invoke any of those rights, please inform dataprotection@s-lec.us.


Complaints

If you have a complaint about the way Sekisui is using your Personal Data then initially you should contact dataprotection@s-lec.us

 
 Notice of Rights for California Residents under CCPA
 

The California Consumer Privacy Act of 2018 ("CCPA”) provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights. Please make sure you consult our general privacy policy for complete information.

1. Collection, Use, Disclosure of Personal Information

We may collect, use, disclose Personal Information. Personal Information which may have been collected by us in the preceding 12 months and may be disclosed or shared is as listed below.

 
 
 
3. Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Section 4. Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

4. Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by any of the below methods:

• Emailing us at: SSA-MKT@s-lec.us

• Contact us at 859-745-4676

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

• You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

• We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

• Making a verifiable consumer request does not require you to create an account with us.

• We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

5. Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

6. No Sale of Personal Information

We will not sell your Personal Information to external third parties for marketing purposes without your consent.

7. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.