Effective date: April 23, 2020
This Privacy Notice describes how BW Papersystems, and its subsidiaries and affiliates, including the ultimate parent company Barry-Wehmiller Group, Inc., (together “the Company”, “we” or “us”) processes Personal Data of Individuals who browse our websites or who represent our current, former or future customers, suppliers/vendors or other stakeholders (“Stakeholders”). The description of how we process Personal Data in recruitment can be found in our Careers site. In this Privacy Notice, Personal Data refers to any information relating to an identified or identifiable person.
We collect Personal Data directly from Stakeholders and Individuals as well as through their interactions and use of our products and services. We do not knowingly collect Personal Data about Individuals who are minors. The Personal Data we collect depends on the context of the interactions. In limited circumstances we may also collect Personal Data from third parties, for example for lead generation, customer/supplier due diligence or credit checks.
2. How Personal Data is Used
2.1 Daily Business Purposes
Personal Data may be processed for the following purposes: Providing products and services; logistics and customs; billing, debt collection, financial and tax reporting and analysis; insurance; Stakeholder due diligence; customer and Individual financial checks in relation to loans to customers; Stakeholder relationship management; sales and marketing activities (including newsletters and events at trade shows); corporate compliance; compliance with contractual or legal obligations; to protect against legal liability; to protect and defend the rights or property of the Company; to prevent and investigate wrongdoings in connection with the property or services; litigations; to protect the health and safety of our team members, external stakeholders and the public; privacy, information security and operational and information technology management; or any other related purposes.
For these purposes, categories of Personal Data may typically include the following: Individual’s name, contact details and marketing preferences; preferred language; photos or videos (with prior written permission) in relation to some marketing activities; information about the role and job location; billing information (including credit card data); financial information in relation to loans to customers; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing; or any other type of information that is necessary for the purposes above.
2.2 Customer Support
Personal Data may be processed for the following purposes: Machine/equipment installation; machine/equipment monitoring, diagnostics, fault analysis and debugging in order to optimize machine operations and to reduce support response times and costs; production and service team management (including applying for visas that are needed in customer’s location) and training; customer care and support activities; analyzing data for offering predictive and preventive maintenance; to facilitate spare parts ordering; backups and recovery as part of normal maintenance practice for the service; providing notifications internally and/or to the customer for certain alarm conditions or status/fault updates; auditing the machine/equipment remotely to verify the condition of the machine/equipment to determine if changes or adaptations are needed; or any other related purposes.
For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; sound recordings or photos that may include the Individual in addition to machine/equipment related data; or any other type of information that is necessary for the purposes above, along with Stakeholder’s name and information about their machine/equipment/service and business.
Operator identifier (i.e. identifier that is created by the customer and that the machine operator uses to log in to the machine) is linked with machine related data in order to understand how the machine is used and how operator behavior may affect the machine, in order to better utilize the machine and make it run better.
2.3. Services (Including Digital Services and Websites)
Personal Data may be processed for the following purposes: Access permission control (to provide and manage access to the service); tracking usage to monitor how service is used and to develop it; technical and security management and handling issues; providing a contact form and communicating to users; to enable ordering of machines, services, equipment or spare parts; or any other related purposes.
For these purposes, categories of Personal Data may typically include the following: Individual’s name, contact details and marketing preferences; preferred language; login details; information about how the Individual is using the service (for example when and which part of the service); Individual’s IP address, browser, network, device, web pages visited prior to coming to the service; or any other type of information that is necessary for the purposes above, along with Stakeholder and machine/equipment/service related data.
2.4 Product Development
Personal Data may be processed for the analysis and improvement of machines, equipment and services, or for other related purposes. For these purposes, information about machines, equipment and services are mainly used. However, Personal Data, as listed above in 2.1 - 2.3, may also be used if necessary for the purposes.
2.6 Consulting and IIoT Services
Further, we may provide services, for example in relation to consulting or IIoT (Industrial Internet of Things), where we process Personal Data as the “data processor” on behalf of our customer. In these situations, the customer is the “data controller” and carries the responsibilities under applicable legislation, including providing a privacy notice to individuals describing how their Personal Data is processed.
3. Sharing and Transfer
Personal Data may be accessed and processed, when necessary for the purposes described above, by our relevant team members. When necessary, Personal Data may also be shared with, for example, external advisors including, but not limited to, legal and tax advisors, auditors, creditors, banks, credit insurance partners or relevant authorities. Further, we may use third party service providers (including, for example, software and cloud providers, sales agents or debt collection agencies) to process Personal Data on our behalf.
Personal Data may be stored, transferred to, and processed in any country where we have team members or facilities or in which we engage service providers, including in the United States of America. We implement appropriate safeguards to protect Personal Data as required when transferred, including transfers outside the European Union (EU) and European Economic Area (EEA).
4. Legal Basis and Retention
Processing of Personal Data is mainly based on a performance of a contract or legitimate interests of the Company.
Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer.
We implement and maintain industry standard technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and the nature, scope, context and purposes of processing of Personal Data.
6. More Information
Individuals may contact us for more information on how their Personal Data is collected, used, and disclosed. Individuals may also request copies of or rectification or deletion of their Personal Data or to opt out from marketing messages, when applicable. Depending on the applicable legislation, Individuals may also have the right to lodge a complaint with an applicable supervisory authority regarding how their Personal Data is used.
Contact details for more information and requests:
|Group Data Protection Officer
8020 Forsyth Blvd
St. Louis, MO 63105
United States of America
7. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. Any changes will be posted on the applicable websites.
California Addendum to Privacy Notice
Updated February 20, 2023
This California Addendum to the Privacy Notice describes the Company’s practices regarding the collection, use, and disclosure of the personal information of Stakeholders who are California residents (“California Stakeholders”), describes the rights of California Stakeholders under the California Consumer Privacy Act (“CCPA”), and explains how California Stakeholders may contact the Company to exercise their rights, if applicable (the “Addendum”). This Addendum supplements the Company’s Privacy Notice above.
Individuals who have a disability may be able to use a screen reader or other assistive device to review the contents of this Privacy Notice. If you require additional disability assistance, please reach out to your contact person in the Company, or call the Barry-Wehmiller company that you have a relationship with (contact details listed at https://www.barrywehmiller.com/business). You might also contact us through the “Contact us section” of our website, advise of a request for disability assistance and request a callback.
2. Personal Information Collected
Within the last 12 months, we have collected the following categories of personal information from California Stakeholders:
- Identifiers: an individual’s name, contact details, IP address, government identifiers.
- Customer records: a signature, billing and financial information, credit card data, employment history.
- Commercial Information: records of Stakeholders, including their business and the machine/equipment/service being used.
- Internet or other similar network activity: browsing history, search history, interactions with websites, applications or advertisements.
- Geolocation data: IP address.
- Professional or employment-related information: current or past job history.
We do not use or disclose sensitive personal information to “infer” characteristics as defined under the CCPA, or for any purpose other than that which is necessary to provide you with our services as specified in the CCPA.
3. Sales and Sharing of Personal Information
We do not sell personal information, including within the preceding 12 months.
We may share your personal information for purposes of cross-context, targeted behavioral advertising, including within the preceding 12 months.
4. Retention Periods
Personal Information will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you are a client with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise.
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
5. Your Rights and Choices
The CCPA provides Consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
- Right to Know - In certain circumstances, you have the right to request the Company disclose certain information to you about our collection and use of your personal information over the past 12 months.
- Right to Delete - You may have the right to request the Company to delete your personal information that we collected from you and retained, subject to certain exceptions.
- Right to Correct - You may have the right to request the Company to correct any inaccurate personal information we may hold about you. We will use commercially reasonable efforts to correct inaccurate personal information, taking into account the nature of the personal information and the purpose for our processing.
- Right to Opt-Out of Targeted Advertising - You may opt out of the processing of your personal information obtained from your activities on nonaffiliated websites for the purposes of targeted advertising. To opt out of targeted advertising, you must toggle “off” the Targeting Cookies in our center for managing consent preferences, found here: , or enable global privacy control settings on your browser. Note that this right to opt out does not apply where we have appropriately limited our partners to be our “service providers” or “processors” as these terms are defined under the CCPA.
- Right to Non-Discrimination - We will not discriminate against you for exercising any of your rights.
- California’s “Shine the Light” Law - In addition to the rights described above, California's "Shine the Light" law (Civil Code Section §1798.83) permits California residents that have an established business relationship with us to request certain information regarding our disclosure of certain types of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year.
6. Exercising Your Rights
To exercise the right to opt out of targeted advertising (or “sales” of personal information as that term is defined in state law), please visit the Do Not Sell or Share My Personal Information page to learn more about and to exercise this right.
To exercise any of the remaining rights described above, please submit a request to us by one of the following methods:
|Group Data Protection Officer
8020 Forsyth Blvd
St. Louis, MO 63105
United States of America
7. Changes to this Addendum
We may update this Addendum from time to time. Any changes will be posted on the applicable websites.
8. Questions About This Notice
If you have any questions about this Addendum, the ways in which the Company collects and uses your information described herein and in the Privacy Notice, your choices and rights regarding such use, or if you wish to exercise your rights under California law, please do not hesitate to contact via email at email@example.com or via post as noted above.