chemistry matters

Innospec Third Party Privacy Notice

Spanish Version

  1. What is this document and why should you read it?
    • 1.1 This privacy notice explains how and why Innospec Inc. group companies and offices to which the EU General Data Protection Regulation applies (also referred to as “Innospec”, “we”, “our” and “us”) use personal data about the third parties with which we engage or do business. This includes our customers, suppliers, agents, consultants and partners who are individuals, as well as, where any of these are entities, their respective shareholders, directors, officers, managers, key employees or other individuals (referred to as “you”).
    • 1.2 You should read this notice so that you know what we are doing with your personal data or the personal data you might provide on behalf of any individual. Please also read any other privacy notices that we give you that might apply to our use of your personal data in specific circumstances in the future.
    • 1.3 If you give us personal information about another person, in doing so you confirm that they have given you their prior permission or you have their authorisation to provide it to us and for us to be able to process their personal data (including any sensitive personal data).  You must also ensure this and other relevant privacy notices are brought to their attention so they can review how their personal information may be used.
    • 1.4 This notice does not form part of any contract with Innospec.
  2. Innospec’s data protection responsibilities
    • 2.1 “Personal data” is any information that relates to an identifiable natural person. A name, address and contact details are all examples of personal data if they identify you or another person.
    • 2.2 The term “process” means any activity relating to personal data including, by way of example, collection, storage, use and transmission.
    • 2.3 Innospec is a “controller” of your personal data and of any personal data you provide. This is a legal term – it means that we make decisions about how and why we process any personal data and, because of this, we are primarily responsible for making sure it is used in accordance with applicable data protection laws.
  3. What types of personal data do we collect, where do we get it from and for what purposes is it processed?
    • 3.1 We collect many different types of personal data about you and individuals within your business that you provide for lots of reasons including:-
      • 3.1.1 to conduct screening or due diligence to comply with global anti-corruption laws, trade sanctions and other relevant laws and regulations to prevent improper conduct contrary to public policy;
      • 3.1.2 to administer, manage and/or perform any current or potential contract or other business relationship with you;
      • 3.1.3 for security and/or health and safety related reasons; and/or
      • 3.1.4 for direct marketing purposes, including sending you details of our newsletters to keep you up to date with news relating to the Innospec business.
    • 3.2 Further details of the personal data we collect are set out in Schedule 1. Paragraph 6.7 below lists the categories of recipients with whom we may share the personal data.
    • 3.3 We receive personal data when any questionnaires, checklists or account creation forms are provided to us (or to third parties acting on our behalf) or when you correspond with us in connection with our business. This may be provided directly by you or provided on your behalf by a colleague acting for your business. We also create some personal data ourselves and obtain some personal data from other sources such as screening and background check providers, credit reference agencies and from public sources such as publically available directories and online resources for the purposes above.
    • 3.4 If any of the personal information given to us changes, such as your contact details or those of a relevant colleague within your business, please inform us without delay by letting your Innospec contact know or by contacting us in accordance with paragraph 12 below.
  4. What do we do with personal data of our business contacts, and why?
    • 4.1 We process the personal data of business contacts for particular purposes in connection with current or potential contracts or other business relationships with us, and the management and administration of our business.
    • 4.2 We are required by privacy laws to always have a permitted reason or justification (called a “lawful basis”) for processing your personal data. There are six such permitted lawful bases for processing personal data.
    • 4.3 Our processing of your personal data is either:
      • 4.3.1 based upon your consent;
      • 4.3.2 necessary for us to ensure compliance with legal obligations including compliance with global anti-corruption laws and/or trade sanctions;
      • 4.3.3 necessary for us to take steps to potentially enter into a contract with you, or to perform it; and/or
      • 4.3.4 based upon our legitimate interests including the evidencing of appropriate due diligence for global anti-corruption and trade sanctions related purposes, including protecting ourselves and the public from bribery and corruption. We believe our own, and the public’s, interests to prevent such conduct outweighs any prejudice to you by our practices and is not unfair. If you would like more information on how we balance the respective interests, please contact us in accordance with paragraph 12 below.

Should you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or business relationship with you.  For some processing activities, we consider that more than one lawful basis may be relevant depending on the circumstances.  If you wish to know the specific lawful basis applicable to the processing of your personal data, please contact us in accordance with paragraph 12 below.

  • In some cases where personal data is processed for due diligence purposes, some of that personal data may be used for the automated determination of risk and consequent level of additional due diligence required. This includes risk being allocated to a low, medium or high risk category based upon a number of factors including: territory of operation, potential interaction with Government Officials[1], product to be sold, contract value, nature of contractual relationship (e.g. distributor, agent or consultant), whether owned or controlled by any Government Officials1 or state-owned entities and whether there has been any involvement in any material compliance related litigation or violations (e.g. fraud, money laundering, corruption).
  • We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports (for example, to help us understand contract volume and trends).
  1. Special category personal data (including criminal data)
    • 5.1 We are required by law to treat certain categories of personal data with even more care than usual. These are called sensitive or special categories of personal data, and different lawful bases apply to them. The primary purpose for collecting any sensitive or special category personal data is the conduct of screening and/or due diligence. Our processing of your sensitive or special category personal data is for the reasons set out in paragraph 4.3 above or is otherwise necessary:-
      • 5.1.1 for the establishment, exercise or defence of legal claims; or
      • 5.1.2 for reasons of substantial public interest, on the basis of European Union or Member State law, including the United Kingdom Bribery Act 2010.
  1. Who do we share your personal data with, and why?
    • 6.1 Sometimes we need to disclose the personal data we process to other people.

Inside the Innospec group

  • 6.2 We are part of the Innospec group of companies. Therefore, we will need to share your personal data with other companies in the Innospec group for our general business, reporting to management, authorisations/approvals from relevant decision makers, and where systems and services are used or provided on a shared basis.
  • 6.3 Access rights between members of the Innospec group are limited and granted only on a need to know basis, depending on job functions and roles.
  • 6.4 any Innospec group companies process your personal data on our behalf (either as our processor or joint controller), we will make sure that they have appropriate security standards in place to protect your personal data and we will enter into a written contract imposing appropriate security standards on them.

Outside the Innospec group

  • 6.5 From time to time we ask third parties to carry out certain services for us. These third parties may process your personal data on our behalf (either as our processor or joint controller). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to protect your personal data and we will enter into a written contract imposing appropriate security standards on them.
  • 6.6 In certain circumstances we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, in particular:
    • 6.6.1 if we transfer, purchase, reorganise, merge or sell any part of our business and we disclose or transfer your personal data to the prospective seller, buyer or other third party involved in any such business transfer, reorganisation or merger arrangement (and their advisors); and
    • 6.6.2 if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers, suppliers or others.
  • 6.7 We have set out below a list of the categories of recipients with whom we may share your personal data:
    • 6.7.1 consultants and professional advisors including legal advisors and auditors;
    • 6.7.2 screening and background check providers including Thomson Reuters (in respect of their WorldCheck product (http://my.thomsonreuters.com/pages?name=gdpr_productinfo)), The Red Flag Group and The Risk Advisory Group;
    • 6.7.3 courts, court-appointed persons/entities, receivers and liquidators;
    • 6.7.4 business partners and joint ventures;
    • 6.7.5 training providers including GAN Integrity;
    • 6.7.6 translators;
    • 6.7.7 credit reference agencies including Graydon, Creditsafe, Credit Risk Monitor and Dunn & Bradstreet;
    • 6.7.8 insurance companies;
    • 6.7.9 software and IT systems and/or service providers; and
    • 6.7.10 government departments, statutory and regulatory bodies including the relevant data protection Supervisory Authority, the police and relevant tax and customs authorities.

Where they have provided us with their own privacy policy, we have included links above. If you have any questions, please contact them direct, or if you need any further information from us, contact us in accordance with paragraph 12 below.

We may also share your personal data with third parties as directed by you. Where those recipients are controllers in respect of your personal data, they will process your personal data for the purposes set out in their own fair processing notices and are directly responsible to you for their use of your personal data.

  1. Where in the world is your personal data transferred to?
    • 7.1 Screening checks are carried out by Innospec, and the results of those checks may be transferred to the relevant Innospec group company with whom you are doing, or proposing to do, business and who may be based outside of the European Economic Area (“EEA”). In addition, your data may be shared with other Innospec group companies in accordance with paragraph 6.2 above.
    • 7.2 If any of our processing activities require your personal data to be transferred outside the EEA we will only make that transfer if:
      • 7.2.1 the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
      • 7.2.2 we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient. This includes use of European Model Clause contracts which are approved by the European Commission. You can find out what these are here:  http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm;
      • 7.2.3 the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; and/or
      • 7.2.4 you explicitly consent to the transfer.
  1. How do we keep your personal data secure?
  • We will take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
  1. How long do we keep your personal data for?
    • 9.1 We will retain your personal data as required depending on a number of factors, including:
      • 9.1.1 any laws or regulations that we are required to follow including anti-bribery laws which may require personal data to be kept indefinitely;
      • 9.1.2 whether we are or could potentially in the future be in a legal or other type of dispute with each other or any third party;
      • 9.1.3 the type of information that we hold about you; and/or
      • 9.1.4 whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

Please contact us in accordance with paragraph 12 below for further details.

  1. What are your rights in relation to your personal data and how can you exercise them?
    • 10.1 Individuals have certain legal rights, which are briefly summarised at Schedule 2, in relation to any of their personal data which we hold.
    • 10.2 Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data unless there is another lawful basis we can rely on, in which case we will let you know. Your withdrawal of consent will not impact any of our processing of your personal data up to that point.
    • 10.3 Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
    • 10.4 you wish to exercise any of your rights please contact us in accordance with paragraph 12 below in the first instance. You also have the right to lodge a complaint with your local data protection Supervisory Authority.
  2. Website cookies
    • 11.1 When you use our website, the cookie policy at the following link will also apply:

http://www.innospecinc.com/index.php/cookie-policy.

  1. Where can you find out more?
    • 12.1 If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any related issues or concerns with us, you can contact us in either of the following ways:
  • By email at: Legal.Compliance@innospecinc.com
  • By post at: Legal Compliance Department, Innospec Limited, Innospec Manufacturing Park, Oil Sites Road, Ellesmere Port, Cheshire, CH65 4EY, United Kingdom

 

SCHEDULE  1
Categories of personal data
NOTE: NOT ALL CATEGORIES OF PERSONAL DATA ARE COLLECTED FROM OR PROCESSED IN RELATION TO ALL THIRD PARTIES. WE INCLUDE THIS ONLY FOR COMPLETENESS AND TRANSPARENCY TO COMPLY WITH DATA PROTECTION LAWS. PERSONAL DATA IS ONLY PROCESSED WHERE AND TO THE EXTENT REQUIRED (SEE PARAGRAPH 3 ABOVE FOR DETAILS).
Type of personal data Collected from
a)   Contact Information  
  • Name(s)
  • Address(es)
  • Email address(es)
  • Contact details including telephone number(s)
  • You2
  • Credit reference agencies
  • Publically available directories and online resources
  • Screening and background check providers
b)   Personal Information  
  • Date of birth
  • Gender
  • Nationality
  • Country of residence
  • You2
  • Credit reference agencies
  • Publically available directories and online resources
  • Screening and background check providers
c)   Identity and Background Information  
  • Job title
  • Details of education and qualifications and results
  • Career history, experience and skills
  • Directorships
  • Relationships with Government Officials 1
  • Passport information
  • Driving licence information
  • Curriculum Vitae (CV) or resume and professional profile
  • Images or photographs
  • References
  • Background check reports including (where applicable) bankruptcy, media reports, civil and criminal litigation history
  • You2
  • Credit reference agencies
  • Publically available directories and online resources
  • Screening and background check providers
d)   Financial Information  
  • Bank account details
  • National insurance number and/or other governmental identification numbers
  • Business expense and reimbursement details
  • You2
  • Screening and background check providers
e)   Special Category Personal Data  
  • Political memberships or associations
  • Criminal records checks and information relating to actual or   suspected criminal convictions and offences
  • You2
  • Publically available directories and online resources
  • Screening and background check providers
f)    Travel and Expenses Information  
  • Transaction records and mileage information
  • Flight and accommodation booking information
  • Travel itinerary information
  • You2
g)   Security, Location and Access Information  
  • Information (including image data) captured or recorded by electronic card access systems, CCTV and other security control systems
  • Dates of visits to Innospec sites
  • Time in / out records
  • Vehicle registration, make and model
  • You2
  • Innospec security control systems

 

SCHEDULE 2

  • Your rights in relation to personal data
Your right What does it mean? Limitations and conditions of your right
Right of access Subject to certain conditions you are entitled to request access to your personal data (this is more commonly known as submitting a “data subject access request”). If possible, you should specify the type of information you would like to see to ensure that our disclosure meets your expectations.

We must be able to verify your identity. Your request must not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.

Right to data portability Subject to certain conditions you are entitled to receive the personal data which you have provided to us, and which is processed by us using automated means, in a structured, commonly-used machine readable format. If possible, you should specify the type of information you would like to receive, and where we should send it, to ensure that our disclosure meets your expectations.

This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. it does not apply to paper records). It covers only the personal data that has been provided to us by you2.

Rights in relation to inaccurate or incomplete personal data You may challenge the accuracy or completeness of your personal data and have it corrected, updated or completed, as applicable. You have a responsibility to help us to keep your personal data accurate and up to date.

We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details including telephone number and email address..

Please always check first whether there are any available self-help tools to correct the personal data we process about you.

This right only applies to your own personal data. When exercising this right, please be as specific as possible.

Right to object to or restrict our data processing Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data. As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
Right to erasure Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”) e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful. We may not be in a position to erase your personal data if, for example, we need it to: (i) comply with a legal obligation; or (ii) exercise or defend legal claims.
Right to withdrawal of consent As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you withdraw your consent, this will only take effect for future processing.
Right to prevent automated decision making Subject to certain conditions, you may ask us not to take decisions by solely automated means and reconsider the decision by other means. This right only applies where the decision will have a legal or other significant effect and the original decision is based on solely automated means.

 

[1] Government Official is defined in Innospec’s Anti-Corruption Policy which is available on our website at www.innospecinc.com

[2] You means you or any other individual providing your personal data to Innospec.