1.1. At Saint-Gobain we take privacy seriously and we are committed to protecting it.
1.2. In our commitment to protecting your privacy, we aim to comply at all times with the retained EU (European Union) law version of the General Data Protection Regulation (EU 2016/679) (“UK GDPR”), the General Data Protection Regulation (EU 2016/67) GDPR and all relevant and applicable data protection laws. If you are a supplier located in (i) the UK, the UK Data Protection Act 2018, (ii) Ireland, the Irish Data Protection Act 2018 (iii) Jersey, the Data Protection (Jersey) Law 2018, (iv) Guernsey, the Data Protection (Bailiwick of Guernsey) Law 2017 and (v) the Isle of Man, the Data Protection Act 2018.
1.3. This privacy notice is addressed to the following (and referred to as “you”, “your”):
1.3.1. our suppliers and service providers who are natural persons (such as self-employed persons)
1.3.2. the representatives or contact persons of our suppliers and service providers who are legal entities; and
1.3.3. any other visitors to our facilities acting on behalf of our suppliers and service providers.
1.4. This privacy notice is designed to provide information on how each of the Saint-Gobain companies in the UK and Ireland (each a “Company” and referred to as “we”, “us”, “our”) processes personal data about you. A list of each of the Saint-Gobain UK and Ireland companies is set out in Schedule 1 to this privacy notice.
1.5. For the purposes of data protection, the Company to whom you supply goods and services is the data controller of your personal data. As a “data controller”, that Company is responsible for deciding how personal data about you is processed.
1.6. This privacy notice may be amended from time to time to reflect any changes in the way in which we process your personal data. Please check this page occasionally to ensure that you are happy with any changes.
1.7. This privacy notice was last updated on 2nd February 2022.
2. THE INFORMATION WE HOLD ABOUT YOU
2.1. The information we hold about you may be provided by you or by our supplier or service provider or their representatives (i.e. your employer and colleagues).
2.2. We may process various types of personal data about you, including:
2.2.1. identification information (such as name, gender, vehicle registration number, copy of identification documents)
2.2.2. contact information (such as email address, telephone number, postal address)
2.2.3. your role (such as job title, areas of responsibility, name of employer)
2.2.4. images (such as photographs, CCTV or vehicle camera footage, video call recordings)
2.2.5. for individuals acting as a supplier or service provider, financial information (such as bank account details)
2.2.6. accreditation to industry standards or membership of trade associations (such as certificates or membership number)
2.2.7. personal data which is available in the public domain (such as employment history, directorships)
3. HOW WE USE YOUR PERSONAL DATA
3.1. We process personal data about you which is relevant to our procuring goods and/or services from you.
3.2. We rely on a variety of different lawful bases for processing your personal data, as set out below. In some cases, more than one legal basis may apply.
3.2.1. to comply with our legal obligations; for example:
220.127.116.11. identity or verification checks
18.104.22.168. complying with law enforcement or regulatory officials
22.214.171.124. information relating to legal claims made by you or against you
126.96.36.199. information relating to the occurrence, investigation or prevention of fraud or other illegal activities
188.8.131.52. accident investigation.
3.2.2. to perform the contract between us and you and to take steps before entering into the contract; for example:
184.108.40.206. opening your supplier account and the ongoing management of it
220.127.116.11. to make payment for goods/services procured from you
18.104.22.168. making enquiries about the goods and services and placing orders
22.214.171.124. receiving delivery of goods from you
126.96.36.199. making complaints or warranty claims.
3.2.3. to pursue our legitimate interest; for example:
188.8.131.52. to correspond or communicate with you, including audio or video call recordings
184.108.40.206. providing feedback about the procurement of goods and services from you
220.127.116.11. to comply with our environment, health and safety procedures
18.104.22.168. to protect our properties, vehicles and assets
22.214.171.124. information relating to the occurrence, investigation, detection or prevention of fraud and other criminal activities
126.96.36.199. to accommodate your needs when organising events to which you are invited.
3.2.4. where you have consented for us to do so; for example:
188.8.131.52. special category data in order for us to meet your specific requirements.
3.3. We may process Special Category data, but only when this has been provided by you in order for us to meet your specific requirements.
4. DATA SHARING
4.1. We will share your personal information with third parties where required by law, where it is necessary to administer the contractual relationship or where we have a legitimate interest in doing so.
4.2. Third parties may include other Saint-Gobain entities, service providers, fraud prevention agencies, regulatory bodies, payment processors, insurers, logistics providers, IT service providers, auditors, legal representatives and other professional advisors.
4.3. When we disclose your data to third parties, we only disclose the data necessary for them to provide their service and where we are sure they have adequate policies/procedures in relation to data protection. We have contracts in place with these third parties to ensure your data is secure and not used for purposes outside our specific instructions.
4.4. Wherever data is transferred or made available outside of the EEA, we undertake due diligence on the entity accessing or receiving your data to ensure they have put in place appropriate technical and organisational measures to protect and secure your data. We also put in place contractual safeguards in accordance with our obligations under the relevant data protection legislation (see 1.2). These contractual safeguards limit their ability to use your personal information so it can be used solely to provide services to us and/or to you and not otherwise.
5. DATA SECURITY & RETENTION
5.1. We take appropriate technical and organisational security measures and have rules and procedures in place to guard against unauthorised access, improper use, alteration, disclosure, destruction and accidental loss of your personal data.
5.2. We limit access to your personal data to those who have a business need to know and they will only process your personal data on our instructions and subject to a duty of confidentiality.
5.3. We have put in place procedures to deal with any actual or suspected data security breach and will notify you and the Information Commissioner’s Office for the UK, the Isle of Man Information Commissioner, The Office of the Data Protection Authority in Guernsey, Jersey Office of the Information Commissioner or the Data Protection Commission in the Republic of Ireland, where we are legally required to do so.
5.4. We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information will depend on the purposes for which we collect and use it, or as required to comply with applicable laws, or to establish, exercise or defend our legal rights.
6. YOUR RIGHTS
You have certain rights in relation to your personal information. There is normally no charge for exercising these rights. If you would like further information in relation to these rights, or would like to exercise any of them, please contact us by email at dataprotection.UK&I@saint-gobain.com at any time. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from receiving your request.
Subject to any exceptions, your rights include:
6.1. Access your personal information
You have the right to ask for a copy of the information we hold about you by emailing us at the address at the end of this Privacy Statement. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold such information.
6.2. Correct, modify and update your personal information
The accuracy of your information is important to us so please let us know of any changes to the information you have provided to us. In the first instance, please contact our Payment Centres who may require further information from you in order to process your request.
6.3. Erase your personal information or restrict its processing
In certain circumstances, you may ask for your personal information to be removed from our systems. Unless there is a reason the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
6.4. Withdraw your consent
Where you have given your consent to our processing of your personal data you may at any time withdraw your consent. Unless we have another legal basis to process your personal data (such as compliance with a legal obligation) we will cease any processing of your personal data following receipt of your notice of withdrawal of consent.
6.5. Object to our use of your personal information
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s) set out above or at the time your data is collected, you may object to us using your personal information for these purposes. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request.
6.6. Lodge a Complaint with the competent supervisory authority and seeking a judicial remedy
If you are concerned about the way we have processed or collected your personal information you have the right to complain to the relevant data protection regulator being the Information Commissioners Office for the UK or the Isle of Man Information Commissioner for the Isle of Man.
7. CONTACT US
7.1. Please direct any queries about this Privacy Statement or about the way we process your personal information to dataprotection.UK&I@saint-gobain.com.