Customer Notice

Data Privacy Notice for the Markem-Imaje Group clients’ employees | Updated March 1st, 2019

1. Introduction

Each entity of the Markem-Imaje Group (the “Company”, "us", "we" or "our") is committed to protecting personal data, and intends to process personal data in a transparent and lawful way. Personal data is any information relating to an identified or identifiable natural person. Name, address, phone number and bank account number are examples of personal data. In all circumstances the Company aims to process personal information according to the following principles:
  • Transparency: Personal data is used fairly, lawfully, and transparently.
  • Limited Use: Personal data is collected for a specific and legitimate business purpose and used in a manner that is compatible with for that purpose. We security dispose of it when it is no longer needed.
  • Data Minimization: Only relevant data– not excessive amounts – is collected or used.
  • Accuracy: We aim to keep personal data accurate and up-to-date.
  • Security and Limited Access: Personal data is stored securely and is shared only with those individuals who need the data to accomplish a business objective.

This Privacy Notice (the “Privacy Notice”) is intended to provide our clients (“client”, “you”, “your”) with some information regarding how the personal data of their employees will be collected, used, shared, and protected within the processes that will be deployed by the Company, which are described in greater detail in the sections below (the “Processes”). You can find the latest version of this Privacy Notice on: https://www.markem-imaje.com/customer-notice. The Company may change this Privacy Notice from time to time by updating this page.

 

2. Who is the relevant “controller” of your personal data?

Each entity of the Markem-Imaje Group is a controller when it determines the purposes and means of the processing of personal data. Our intention is to comply with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and applicable local laws. The Company can be contacted here: Chemin de Blandonnet 10, 1214 Vernier, Switzerland or at privacy@markem-imaje.com.

 

3. What data is being collected or gathered?

The Company processes the personal data of your employees in order to effectively administer the commercial relationship with you, as described further in Section 5 below. We do not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person or data concerning health or sex life and sexual orientation. The Company will be collecting from you directly, from your employees or obtaining from other source the following categories of personal data: 

  • Master data: Client’ employee first name, last name, gender, job title, function, department, manager’s name, work email address, landline and mobile work phone number, work fax number, language, decision maker (Yes/No), Cookies, IP address, interests for our products and services.
  • Ownership: Client’ company ownership information, company owner information.
  • Criminal Records: Relating to criminal charges and investigations on controlling individuals where medium or high-risk score calculated.
 

4. How is the data being processed?

The above mentioned personal data are being processed to allow the Company to (i) maintain and keep current customers data base, administer the contractual and commercial relationship with its customers; (ii) comply with applicable laws and regulations and (iii) to enable the Company to run its business and manage its relationship with you effectively, lawfully and appropriately. We will not use your personal data for decisions based solely on automated processing if the decision produces legal effects concerning you or significantly affects you, unless you gave your explicit consent for this processing. Your personal data may also be processed in connection with any legal proceedings or prospective legal proceedings, in order for the Company to establish, exercise or defend its legal rights, or in order to fulfill legal obligations, including but not limited to after a request from a competent administrative or judicial authority or in any circumstance where such processing is requested pursuant to applicable laws.

 

5. Why does the data need to be processed?

Processing of your personal data will always be based on legitimate grounds. The Company will be processing the personal data described above for the following purpose(s):

  • Fulfilling our contractual obligations to clients and administrating contracts and agreements.
  • Verifying identity, which may include natural persons, where a contractual relationship is proposed or exists, in order to assess the financial standing and other commercial risks to our business.
  • Maintaining a centralized customers’ database.
  • Processing quotations, orders, invoicing, delivery and payment of our products and services.
  • Offering services and maintenance contracts to you.
  • Providing help desk services and maintenance support to you.
  • Delivering training to your employees.
  • Performing marketing campaigns and communication related to our products and services (emailing and phone prospecting) and sending invitations to events.
  • Providing e-commerce and sales order automation solutions.
  • Organizing meetings and follow-up of commercial relationship; - Corresponding with attorneys, legal advisors, assessors and financial partners.
  • Performing due diligences for compliance purposes.
  • Conduct customers’ survey and case study.
  • Developing commercial statistics.
  • Administering cookies.

The Company is relying on the following legitimate grounds for these processing operations:

  • Legitimate Interests: The processing described are necessary to administer and facilitate our commercial relationship and for the purposes of the Company's legitimate interest. The Company has weighed these legitimate interests against the fundamental rights and freedoms of the data subject, and concluded that the processing outlined here is legitimate and appropriate. Further information can be provided regarding this analysis upon request.
  • Performance of a contract: The processing described are necessary to enter into or for the performance of your commercial agreements and contracts and to administer their management.
  • Legal Obligation: Processing linked to tax, safety, and other regulatory compliance obligations is necessary for compliance with a legal obligation to which the Company is subject.
 

6. Who has access to your personal data?

The Company limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose. Personal data is shared on a “need to know” basis. Only those individuals who need the data to accomplish a business objective should have access to personal data, and only for as long as they need it to accomplish the objective. Individual recipients are not authorized to share personal data with other employees or third parties unless that sharing is authorized and complies with all applicable Company policies. Specifically, for the Processes, we anticipate that the following categories of recipients will have access to your personal data, for the purposes listed below:

  • Sales and Marketing teams: The Company’s Sales and Marketing teams, each in their scope of responsibility, will access and process some of your personnel’ data for the purposes described in Section 5 and, in particular, for marketing campaigns and management of event invitation, developing commercial statistics and for the management of the commercial relationships.
  • Finance team: The Company’s Finance team will access and process some of your personnel’ data for the purposes described in Section 5 and, in particular, for assessing the financial standing and other commercial risks to our business and for processing invoicing and payment .
  • IT teams: Dover Corporation IT teams and Company IT teams as well as any IT subcontractor acting on behalf of Dover Corporation or on behalf of the Company will be able to access some of your personnel’ data for delivering and supporting IT services.

Some of the recipients noted above are located outside of the EU, and are likely to be located in many countries worldwide. As described in Section 7 below, all such transfers to internal recipients will be compliant with all applicable laws and regulations.

The Company may engage third party vendors to assist in processing personal data from time to time. The Company will pass on to any such vendor its obligations under the applicable data privacy law, require that the vendor secure the data, and provide additional notice as required by law. We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required by law to do so.

 

7. Where is the data being transferred?

On what legal grounds? Your personnel data may be transferred outside the EU for the purposes listed above pursuant to EU Standard Contractual Clauses, Privacy Shield, or another legally binding and permissible arrangement. Such transfers will be compliant with all applicable laws and regulations. Specifically, we anticipate that your data may be transferred to several countries worldwide. Relevant additional details regarding the basis for transfers of your personal data can be provided upon request addressed to privacy@markem-imaje.com. Your personal data may also be processed and later transferred in connection with any legal proceedings or prospective legal proceedings, in order for the Company to establish, exercise or defend its legal rights, or in order to fulfill legal obligations, including but not limited to after a request from a competent administrative or judicial authority or in any circumstance where such processing is requested pursuant to applicable laws.

 

8. Data Security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure the personal data we process. We employ a suite of various IT security tools in order to safeguard personal data, restrict access to the data, and have physical and organizational security measures in place to prevent unauthorized or unlawful access to personal data and accidental loss, destruction, or damage to personal data. The Company also maintains an inventory of personal data and evaluate the protections that we have in place for that data to ensure that our security measures are tailored to the sensitivity of the data.

As an illustration, the following specific security measures are in place:

  • Perimeter protection using Firewalls as well as monthly vulnerability scanning, and intrusion detection and prevention systems have been put in place to protect against malicious access.
  • Encryption mechanism is used when data are transmitted outside the Company and Dover group network as well as on all data at rest on mobile devices.
  • Authentication mechanism with strong password policy and Role Base Access Control for authorizing access to the various resources where personal data are stored and processed.
  • Regular security awareness training of all employees to increase our defense.

Information Security governance including security incident management response plan as well as CyberSecurity program improvement plan based on the NIST-Cyber Security Framework (CSF) as a guideline to measure, enhance and monitor our global security program. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

If, despite all our efforts, a data breach does occur, we shall do everything in our power to limit the damage. In case of a data breach which is likely to result in a high risk, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We always inform the relevant supervisory authority or authorities without undue delay.

 

9. Data Retention information

The Company strives to only store your personal for as long as is necessary for the purpose for which we have processed it, and to dispose of it securely once that purpose has been fulfilled. How long we retain your data depends on the type of data and the purpose for which we process your data. The retention periods are established considering legitimate business purposes, according to the local regulations.

However, where the Company is required by applicable law to retain your data longer or where your data is required to assert or defend against legal claims, the Company will retain your data until the end of the relevant retention period or until the claims in question have been settled.

 

10. Data subject rights

Data subjects rights vary based on your local law. However, you can always ask the Company for more information about the people who will be able to see and access the data that relates to you. If you are aware of inaccurate data, it is your responsibility to request that data to be updated and corrected. You may also have the right to:

  • a. Request for confirmation that your personal data is processed by the Company;
  • b. Request a copy of your personal data that is processed by the Company;
  • c. Request to have your personal data corrected, updated, rectified or completed;
  • d. Request to have your personal data erased from some or all systems of the Company to the extent legally permitted;
  • e. Request to restrict the processing of your personal data;
  • f. Request a copy of your personal data in a way that would allow transfer of data to another controller, in a machine-readable, commonly used format;
  • g. Request that your personal data be transferred to another controller;
  • h. Raise an objection to the processing of your personal data on grounds related to your particular situation; or
  • i. Raise an objection to the processing of your personal data for the purposes of direct marketing;
  • j. Withdraw your consent, where specific processing operations involving your personal data are based on your consent;
  • k. Give directives on the fate of your personal data after death (applicable in France only).

The Company is committed to ensuring your data is protected from misuse. If you think your data and information have been used in violation of the laws, regulations, or the applicable data protection provisions, please alert the Company and it will assist you.

Furthermore, you have the right to lodge a complaint with the supervisory authority, if you believe that your data have been processed unlawfully. Any requests, including those regarding the exercise of such rights, and questions can be directed to your local representative or privacy@markem-imaje.com.

 

11. Cookies

Our website uses cookies. For more information on the cookies we use and on the way to opt-out from them, please consult our Cookies Policy at the following address: https://www.markem-imaje.com/cookie-notice.

Back to top