In all circumstances, the Company will process the data in accordance with the provisions of the General Data Protection Regulation:
This Privacy Notice (the "Privacy Notice") is intended to provide our customers and their employees ("customer", "You") with information about how your personal data will be collected, used, shared and protected within the processes that the Company will deploy, which are described in more detail in the following sections (the "Processes"). You can find the latest version of this Privacy Notice at https://www.markem-imaje.com/privacy. The Company may update this Privacy Notice when required to do so by updating this website and, where these changes are relevant, we will notify you in accordance with applicable law.
Any type of request can be sent to us in the following languages, German, Spanish, French, English or Italian.
The Company is not responsible for the data transferred by it and that correspond to third parties, if they have not been collected under the basic principles of legitimacy and transparency, being fully responsible to the person who transferred them to the Company, being able to take the Company all those legal and/or administrative measures that correspond.
We will not use your personal data to make decisions based solely on automated processing if the decision produces legal effects that significantly concern or affect you unless you have given your explicit consent to this processing.
Your personal data may also be processed in connection with any legal process or process, for the Company to establish, exercise or defend its legal rights, or to comply with legal obligations, including, but not limited to, following a request from a competent administrative or judicial authority or in any circumstance in which such processing is requested in accordance with applicable laws.
Legitimate interests: The processing described is necessary to administer and facilitate our business relationship and for the legitimate interest of the Company. The Company has weighed these legitimate interests against the fundamental rights and freedoms of the interested party and has concluded that the processing described here is legitimate and appropriate, in accordance with the provisions of current regulations.
More information about this analysis can be provided upon request, via our email email@example.com.
Performance of a contract: The processing described is necessary to enter into or for the execution of your commercial agreements and contracts and to administer their management.
Legal obligation: The processing linked to tax, security and other regulatory compliance obligations is necessary for compliance with a legal obligation to which the Company is subject.
The Company establishes a limit on access to personal data held by us only those members of the Company, who need them for a legitimate business purpose.
Personal data is shared on a "need to know" basis. Only those people who need the data to fulfill a business objective should have access to their personal data, and only for as long as they need it to fulfill the purpose.
Individual recipients are not authorized to share your personal data with other employees or third parties unless such sharing is authorized and complies with all applicable Company policies.
For the processes, we anticipate the following categories of recipients will have access to your personal data, for the purposes indicated below:
Sales and Marketing teams: The Company's Sales and Marketing teams, each in its own field of responsibility, will access and process some of your staff data for the purposes described in Section 5 and for marketing campaigns and event invitation management, development of business statistics and for the management of business relationships.
Financial Equipment: The Company's Finance team will access some of its staff data and process it for the purposes described in Section 5, to assess the financial condition and other business risks of our business and to process billing and payment.
IT Teams: The IT teams of Dover Corporation (Parent Company) and the IT teams of the Company, as well as any IT subcontractor acting on behalf of Dover Corporation, or on behalf of the Company, may access some of the data of its personnel to provide and support IT services.
Compliance Equipment: Dover Corporation and the Company's Compliance teams may access some of your personal data to conduct third-party due diligence and to comply with export control regulations.
Legal Team: The legal teams of Dover Corporation and the Company may access some of your personal data to carry out the corresponding legal proceedings under the contract, negotiations or legal proceedings that may be established based on the existing contractual relationship.
Some of the recipients mentioned above may be located outside the EU, Switzerland or the UK and are likely to be in many countries around the world. As described in Section 7 below, all such transfers to internal recipients will comply with all applicable
laws and regulations, in accordance with the requirements of the applicable General Data Protection Regulation.
The Company may from time to time engage third-party vendors to assist in processing personal data. The Company will transmit to any of these providers its obligations under applicable data privacy law, require the provider to secure the data, and provide such additional notice as required by law. We will not sell, distribute or transfer your personal data to third parties unless we have your prior consent that will be informed.
Your personal data may be transferred outside the EU for the purposes listed above in accordance with the EU Standard Contractual Clauses (SCC) (europa.eu), or other legally binding and permissible agreement at the time of the Transfer. Such transfers will comply with all applicable laws and regulations from time to time. We anticipate that this data may be transferred to various countries around the world.
Relevant additional details may be provided based on transfers of personal data upon request addressed to firstname.lastname@example.org.
Your personal data may also be processed and subsequently transferred in connection with any legal proceedings or future legal proceedings, for the Company to establish, exercise or defend its legal rights, or to comply with legal obligations, including, but not limited to, upon a request from a competent administrative or judicial authority or in any circumstances where such processing is requested in accordance with applicable laws.
We are committed to ensuring the security of your personal data. To prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure the personal data we process. We employ a set of various IT security tools to safeguard personal data, restrict access to data and have physical and organizational security measures in place to prevent unauthorized or unlawful access to personal data and accidental loss, destruction or damage to personal data. The Company also maintains an inventory of personal data and evaluates the safeguards we have in place for that data to ensure that our security measures are tailored to the sensitivity of the data.
For illustrative purposes, the following specific security measures apply:
Perimeter protection has been established through firewalls, as well as monthly vulnerability scanning, and intrusion detection and prevention systems to protect against malicious access.
An encryption mechanism is used when data is transmitted outside the company and Dover group network, as well as on all data at rest on mobile devices.
Authentication mechanism with a strong password policy and Role-Based Access Control to authorize access to the various resources on which personal data is stored and processed.
Regular safety awareness training for all employees to increase our defense.
Information Security Governance, including a security incident management response plan, as well as a Cybersecurity program improvement plan based on NIST's Cybersecurity Framework (CSF), as a guideline for measuring, improving, and monitoring our overall security program.
We have established procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
If despite all our efforts, a data breach occurs, we will do everything in our power to limit the damage. In the event of a data breach that may pose a high risk, and depending on the circumstances, we will inform you about corrective measures to prevent further damage, as established by applicable law. We always inform the relevant supervisory authority or authorities without undue delay when we are legally obliged to do so.
The Company endeavors to store your personal data only for the time necessary for the purpose for which we have processed it and to securely delete it once that purpose has been fulfilled. How long we keep your data depends on the type of data and the purpose for which we process it. Retention periods are set for legitimate business purposes, in accordance with local regulations.
However, where applicable law requires the Company to retain your data for longer or where your data is necessary to assert or defend against legal claims, the Company will retain your data until the end of the relevant retention period or until the claims in question have been resolved.
At any time, you can request the update of your data, but we also remind you that it is your obligation to notify any information that directly affects the updating of your personal information, having to communicate it as soon as possible, and thus being able to maintain the quality of the data we process for our commercial relationship.
We remind you of the rights granted to you by the current Regulation, without incidentally mentioning the existing rights under your jurisdiction:
Right to withdraw the consent given.
The Company is committed to ensuring that all data is protected against unlawful use.
If you believe that your data and information have been used in violation of applicable laws, regulations or data protection provisions, please notify the Company and the Company will inform you.
In cases of non-compliance by the Company, at the time of responding or processing your rights, you may file a claim with the Data Protection Control Authority, of your country of origin, in accordance with the provisions of the European Union, in the following link you can locate your Control Authority: Our Members | European Data Protection Board (europa.eu).
But remember that previously before submitting any claim to the Control Authority, you must have previously notified the Company of the possible incident or exercise of Law always by email: email@example.com.
We remind you that, to process any type of incident or Law, we must verify your identity, requiring your identity document, if necessary, insofar as the exercise of these rights is subject to certain legal conditions and limitations, we may have to reject your request if these conditions are not met or if legal limitations apply.
In addition, the Company has the power to reject requests that are unreasonably repetitive, require disproportionate technical effort (e.g., developing a new system or fundamentally changing an existing practice), or create a risk to the privacy of
others. In any case, we will try to process your request in accordance with the legally established deadlines.
There will be no silence on the part of the Company when responding to requests, while if it proceeds or is rejected it will be notified if we have reliable proof of your request.