JINDAL FILMS DATA PRIVACY POLICY

Last updated: August 2018

 

1.POLICY STATEMENT

Jindal Films Europe (“JFE”) is an expert in the development and manufacture of specialty films for flexible packaging and labeling markets. JFE is committed to protecting your privacy. We conduct our business in compliance with the Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).

This privacy policy explains how JFE, as a data controller under the GDPR, processes and shares “Personal Data” (in the meaning of the GDPR, i.e. any information relating to an identified or identifiable natural person) about its clients, prospects, contacts, suppliers, vendors, and any co-contractors in the framework of running its activities.

This privacy policy also provides information about the Data subjects’ rights in relation to the processing of their Personal Data.
JPE has implemented appropriate technical and organizational measures to ensure and to be able to demonstrate that any Personal Data processing is performed in accordance with the GDPR.

JFE’s storage of information is treated as confidential and only accessed by authorized personnel. JFE is dedicated to protect Personal Data against unauthorized/unlawful processing and use by implementing appropriate data protection policies.

2.TERMS AND DEFINITIONS

General Data Protection Regulation (GDPR): the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Data breach: A breach in security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Controller: A natural or legal person, public authority or other body which, alone or jointly with others, determines the purposes, conditions and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency or other body which, processes personal data on behalf of the data controller.

Supervisory Authority: National authority tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the European Union.

Data Protection Officer (DPO): An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR.

Data subject: A natural, living person who can be identified or is identifiable; and for the purpose of this privacy policy, any clients, prospects, contacts, suppliers, vendors, and any co-contractors of JFE.

Personal data: Any information relating to an identified or identifiable natural person (‘Data subject’) :an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.

Privacy Impact Assessment: A process to identify and reduce the privacy risks of new projects or practices.

Processing: Any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Regulation: A binding legislative act that must be applied in its entirety across the European Union.

Subject Access Right: Also known as the right to access, it entitles the Data subject to have access to and information about the personal data that a controller has concerning them.

Special categories of personal data (Sensitive data): Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and (…) genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

3.INFORMATION COLLECTION AND USE

3.1 Type of Personal Data that are processed

JFE receives and stores Personal Data whenever you interact with us. Some data are communicated voluntarily (like any information you enter on our website or give us voluntarily in any other way), while other data are collected automatically (e.g. when visiting our website).

In addition to some specific “online” data collected as specified under section 3.2 below, JFE may process the following Personal Data:

  • Contact details (e.g. email address, first name, last name, office address, phone number)
  • Administrative data (e.g. date and place of birth, copy of ID card or passport, social security number)
  • Professional data (e.g. job function/title, identity of your employer)
  • Financial information (e.g. bank and account details)
  • Any other Personal Data provided to, or collected by, JFE when entering in contact with us for whatever reason.

Beyond these purposes, we process your data only if you have granted express consent for its stated purposes.

3.2 Specific “online” Personal Data

3.2.1 General

The use of JFE’s website generates a processing of data collected either automatically or voluntarily.

By visiting JFE’s website, you consent to the collection and use of Personal Data as described herein, especially, details of your visits to our site including, but not limited to, traffic data, location data, weblogs, and other communication data.

If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Please note that your access to our website is entirely voluntary.

3.2.2 Cookies

JFE collects information about your computer and assigns a “cookie” (a small, unique identifier text file). You do not provide this information; it is collected automatically as a means of supporting visits to our website and this cookie identifies your computer. As a visitor of this site, you may be assigned a permanent cookie file on your computer’s hard drive.

When you access this website, you are informed via a pop-up banner of the use by JFE of cookies “to ensure the best experience of our website” that directs you to this privacy policy to know more.

Some cookies are stored only for the period during which you internet browser remains active (session cookies) and others for a longer predetermined period of time (permanent cookies). Session cookies are sent between your computer and the server to collect information. They are not saved once you close your web browser. Permanent cookies can thereafter be used to customize this website based on the user’s choices and interests.

JFE web servers automatically gather information from website visitors so the site can communicate with the visitor’s computer during the visits. JFE also track information like number of visits to the site, which part of the site visitors selects, IP address, domain type, browser type, date and time of the day. This information is used for statistical purpose to help us design and administer the site.

As at the date of this privacy policy, we use the following types of cookies:

  1. Google Analytics
    – Name: _ga
    – Category: Statistics
    – Type: HTTP
    – Purpose : Used to distinguish users
  2. Google Analytics
    – Name: _gid
    – Category: Statistics
    – Type: HTTP
    – Purpose : Used to distinguish users
  3. Google Analytics
    – Name: _gat_gtag*****
    – Category: Statistics
    – Type: HTTP
    – Purpose : Used to throttle request rate
  4. Linkedin
    – Name: bcookie
    – Category: Statistics
    – Type: HTTP
    – Purpose : Browser ID cookie
  5. Linkedin
    – Name: bscookie
    – Category: Statistics
    – Type: HTTP
    – Purpose : Secure browser ID cookie
  6. Linkedin
    – Name: lidc
    – Category: Statistics
    – Type: HTTP
    – Purpose : Used for routing
  7. WordPress MultiLingual plug-in
    – Name: _icl_current_language
    – Category: Strictly necessary
    – Type: HTTP
    – Purpose : Used for storing the language of the website
  8. Jindalfilms.com
    – Name: jindalfilms_com_geo_choice
    – Category: Strictly necessary
    – Type: HTTP
    – Purpose : Used for storing the selection of the regional choice

We use the third-party cookies as above-described under 1 to 7 to collect analytics and statistics with a view to improving our website and services. We have opted for the anonymization of the IP address of the users of this website. Therefore, these cookies do not collect identification information relating to you but allow us to use your anonymous connection data for statistical purposes related to the pages visited. JFE has no control over these cookies, how they are used and how they use the information that is collected and is not responsible for their use on your terminal device. You should refer to the terms and conditions and privacy policy of the third parties concerned.

You remain free to disable or choose to not receive a cookie file by enabling your web browser to refuse cookies or prompt you before accepting a cookie. Please note that by ‘switching off’ these cookies, you may be unable to access or receive certain services available on our website. JFE shall not be responsible for the malfunction or disruption of this website due to the rejection or deletion of cookies necessary for its proper functioning.

3.2.3 Links to other sites

Please be aware that while visiting our site, visitors can follow links to other sites that are beyond our sphere of influence. JFE is not responsible for the content or privacy policy of these other sites.

3.2.4 Collection of customer data

JFE collects and processes Personal Data about you that you specifically and voluntarily provide, notably when you sign up as a new login account (such as your first name, last name, company name, email address, position). You will receive a login confirmation email. This email contains your email address and password.

If you contact us, we may keep a record of that correspondence.

JFE’s customers can at any time access and edit, update or delete their contact details by logging in with their username and password to JFE’s platform.

3.2.5 Survey Participation

JFE may (from time to time) offer our customer and website visitors an opportunity to participate in customer surveys on the website regarding their experience in using our website or service. For JFE existing customers, we may also send these surveys periodically to them email. You are under no obligation to respond to any survey, and may unsubscribe from receiving further email surveys by following the ‘unsubscribe’ instructions in any such communication. Information collected by JFE when you participate in either of the above survey types may include your full name and contact details. Such Personal Data collected through our surveys is used for internal business purposes only, to monitor the quality of and improve our website and customer services.

4.PURPOSE OF THE PROCESSING OF PERSONAL DATA

The processing of Personal Data by JFE must be justified by one of the legal grounds specified in the GDPR.
JFE uses the Personal Data collected for the following general purposes:
(i) To provide the Data subjects with the services requested
✓ Processing is necessary for the performance of a contract to which the Data subject is party

(ii) To improve our website and services (through, among others, client survey), and ensure the security of our website
✓ Processing is necessary for the purposes of the legitimate interests pursued by the data controller
✓ Where required by law, the Data subject has given consent to the processing of his or her Personal Data.

(iii) To maintain and update our list of contacts
✓ Processing is necessary for the purposes of the legitimate interests pursued by the data controller

(iv) To manage JFE relationships with its clients and contacts
✓ Processing is necessary for the performance of a contract to which the Data subject is party
✓ Processing is necessary for the purposes of the legitimate interests pursued by the data controller

(v) To provide the clients and contacts with information about JFE and its range of services (though, among others, newsletters, communications, updates and invitations to JFE events held throughout the year)
✓ Processing is necessary for the purposes of the legitimate interests pursued by the data controller
✓ Where required by law, the Data subject has given consent to the processing of his or her Personal Data.

5.PROTECTION OF YOUR PERSONAL DATA

JFE has implemented appropriate administrative, technical and physical security programs to keep information that is stored in JFE systems protected from unauthorized access or disclosure and accidental loss or destruction. Our systems are configured with data encryption, or scrambling technologies and industry standard firewalls.

6.SHARING PERSONAL DATA

6.1.Types of recipients

JFE may share your Personal Data:

  • With JFE employees or JFE affiliated entities (e.g. subsidiaries, parent companies, sister companies, etc.)
  • With any service provider to the extent necessary for such service provider to provide services to JFE and to assist JFE in providing services to the Data subjects, or with any other co-contractor. JFE shall entered into a contract with such service providers/co-contractors which have implemented safeguards with a view to comply with GDPR requirements, and in particular which commit not to further transfer to any non-authorized third party the Personal Data received from JFE and not to use the Personal Data received from JFE for any other purpose than the predefined purpose.
  • With certain authorities or similar institutions (government, tax authorities, banks or insurance companies) to the extent that it is necessary for the performance of the contract or because it is required by law.
  • With any public authorities or court as might be required by law, court orders or any other valid legal process brought against JFE, in order for JFE to protect and defend its rights, property or safety.

6.2 Geographical location

The recipients may be located inside or outside the European Union but the Personal Data will not be transferred to any country outside the European Union which does not ensure an adequate level of protection unless if such transfer is based on an adequacy decision, or if appropriate safeguards have been put in place (binding corporate rules or standard data protection contractual clauses), or based on the Data subjects’ consent.

7.RETENTION AND DELETION

JFE applies different retention periods for different categories of Personal Data.
In general, Personal Data will be retained for a period deemed necessary for the purpose for which it was intended, for the purpose for JFE to perform their obligations under a contract with their clients, and for as long as required or permitted by law.

When the processing of the Personal Data is no longer necessary for the purpose for which it was collected, JFE will erase the Personal Data.

8.YOUR RIGHTS

The Subject Data have a right to ask JFE for access to their Personal Data, the correction or deletion of their Personal Data, a limitation of data processing, the right to oppose the processing and the right to data portability. The Subject Data can exercise these rights by sending a request to DPO@jindalfilms.com. In such event, JFE has the right to ask for verification of your identity as appropriate. JFE will endeavor to respond within an appropriate timeframe and in any event within any timescales required by the GDPR.

Furthermore on JFE’s website you can access to your Personal Data and information in the ‘Login Account’. You can manage your account in changing your password, profile information. For the closure of your account you have the possibility to do so in the “My account” page through “Delete my account’’ and JFE will send you an email confirming your account closure.

9.NOTIFICATION OF DATA BREACH

JFE will notify the Supervisory Authority (CNPD) in case of Personal Data breach no later than 72 hours after detecting the breach.

Pursuant to the provisions of the GDPR, clients and contacts will be notified of a Personal Data breach, without undue delay, only when the Personal Data breach is likely to result in a high risk to their rights and freedoms.

10.CHANGES TO THIS POLICY

JFE may decide, at its own discretion, to change this privacy policy to ensure it is accurate, complete and up-to-date.

You are encouraged to review this privacy policy periodically to remain informed about your rights and how we are processing your Personal Data.

11.JFE’s DATA PROTECTION OFFICER

JFE has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:

Jindal Films Europe S.A.R.L
Attn: Data Protection Officer
11 rue de l’Industrie
L-8399 Windhof
Luxembourg
DPO@jindalfilms.com

12.FOR FURTHER INFORMATION

If you have any further questions regarding JFE’s data protection policy then please feel free to contact us by email at: DPO@jindalfilms.com, or in writing at:

Jindal Films Europe S.A.R.L
Legal  Dept
11 rue de l’Industrie
L-8399 Windhof
Luxembourg