ERIKS Global Privacy Statement

When ERIKS process your personal data, we apply two key principles:

Keep it safe

Keep it private

Personal data needs to be well protected. Keep it safe.

Personal data can only be shared on a need-to-know basis. Keep it private.

You can download the privacy statement for customer, supplier and business partner data here.

You can download the privacy statement for job applicant data here.

These privacy statements do not address the processing of personal data of employees in the context of their employment relationship with ERIKS.

PRIVACY STATEMENT FOR CUSTOMER, SUPPLIER AND BUSINESS PARTNER DATA

Last updated: 29 May 2024

1.  INTRODUCTION – WHO WE ARE

The local ERIKS entity is the company responsible for the processing of your personal information (data controller). The local Eriks entities are https://eriks.com/country-select/ which make use of

Local websites:

The local ERIKS entity may share your personal information with ERIKS N.V., Mariaplaats 21, 3511 LK Utrecht, The Netherlands and/or with SHV Holdings N.V. Rijnkade 1, 3511 LC Utrecht, The Netherlands.

The relevant local ERIKS entities ERIKS Country Selector  and ERIKS N.V. and Zamro B.V. trading as Eriks Digital are referred to as “ERIKS” and “we”, “our” or “us”.

This Privacy Statement is applicable to the processing of your personal data when you -as a (prospective) customer, supplier or other business partner- do business with us, when you use our websites or apps or when you interact with us (“you” or “your”).

Please note that specific services may be subject to a separate privacy statement referenced in the respective terms, like the processing of your personal information when you are using a mobile app. 

2. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

    A. Business communication

We collect your information when you contact us for example, via one of our online contact forms, when you send us questions, suggestions, compliments or complaints, or when you request a quote for our Services. 

For this purpose: we process – to the extent applicable – your name, (business) contact details, and any other information that you provide to us.

We engage in these activities with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest.

    B. When you use our websites or apps

Depending on the country you live in, we provide webshops, online portals and apps that have a number of functionalities. For example, through our websites and apps you can find information about our products, services and applicable terms, view your orders, change your name, contact details and other personal information and contact us.

When you use our websites or apps, we process technical data about your device to offer you functionalities and to allow us to manage and improve the performance of our websites and apps. If you enter data on our websites or apps, such as a product preference or your location to receive relevant information or functionalities, we process this data to provide you with the requested information or functionalities. Further, we process your personal data to allow you to create a user account (which you can access with your username and a password created by you), to allow you to save your data (such as preferences and products) to your saved items and to allow you to share these with others using the sharing options you have configured on your device.

For this purpose: we process the personal data you have entered into our websites and apps, such as your name, e-mail address, title, telephone number, address or any other information you have added to your account, log-in data, or the personal data generated by the functionalities you have used on our websites and apps, and the technical data from your device such as its IP address, the internet browser you use, the pages you have visited on our websites, your click- and surf behavior and the length of your session. 

We engage in these activities with your consent (e.g. when using marketing and social media cookies on our websites and apps) and/or because we have a legitimate interest (e.g. when offering technically adequately working websites and apps and to improve their performance).

 C. Analytics solutions

Our website utilizes analytical cookies to gain insights into user behavior and preferences,  thereby enhancing website performance and personalizing content to your specific needs. To fulfill this objective, we gather both statistical aggregated user data to comprehensively analyze user interactions and behaviors across our website. With Analytics solutions like, Google Analytics and Hotjar, these platforms enable us to extract valuable insights into user preferences, trends, heatmaps and patterns, empowering us to improve and optimize the overall user experience and our online services

Google Analytics

We use Google Analytics 4 as our chosen analytics solution to determine which parts of the website are most interesting for our visitors. With Google Analytics we measure how many visitors come to our website every day, what visitors click on, and which pages are viewed best. With this information we can improve and update our website. The data from Google Analytics are aggregated data. This means that personal data, such as IP-addresses, names and emails has been encrypted to ensure that individual user identities are protected.

Google's ability to use and share information collected by Google Analytics 4 about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. 

Google Consent Mode and Google EU User Consent Policy Compliance

To enhance user privacy and provide more control over data preferences, we have implemented Google Consent Basic Mode V2. This allows us to tailor user experiences based on their consent choices, ensuring that our website aligns with the Google EU User Consent Policy and respects individual consent preferences for data collection and processing when using any of Google’s products and services.

Hotjar

We use Hotjar to listen to your feedback and gain analytics insights to help improve our website and online services. With Hotjar we use features such as heatmaps, session recordings as well as facilitating the creation and deployment of customizable feedback surveys and polls, enabling us to understand user behavior and optimizing user experience. With this information we can tailor and personalize your online experience and measure the effectiveness of optimizations. For more information see Hotjar privacy policy.

    D. Sociale media connections

Our websites may contain various social media sharing functionalities, such as Facebook, Instagram, WhatsApp, Twitter, YouTube or LinkedIn buttons, which, with your consent, you may use to share information provided on our websites with the social media selected by you. Our websites may also contain links to our own social media pages, such as our ERIKS Facebook, YouTube or LinkedIn pages or our Twitter feed, which you may choose to use to post feedback.

Likewise, various social media websites, such as Instagram, Facebook, Twitter or LinkedIn, may contain ERIKS advertisements containing links to our websites. This is based on your searches or topics you have shown an interest in or when you have participated in our events. These social media websites may, with your consent, share information provided by you with us when you choose to follow a link to one of our websites.

For this purpose we process your name, email address, IP-address, photo, list of social media contacts and any other information that may be accessible by us when using social media functionalities, such as liking the ERIKS social media page.

We engage in these activities with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest.

    E. Assessment and acceptance of a Business Partner

We will process your personal data for our assessment and acceptance processes, for example confirming and verifying your identity, due diligence, possible preliminary credit checks and screening against publicly available government and/or law enforcement agency sanctions lists.

For this purpose:

• we process your contact details such as your (business) address and email address, personal details of Individuals such as your name and date of birth, payment and credit information and details of your correspondence with us
• we are required by law to conduct certain checks on our business partners, for example, in the context of the prevention of fraud, terrorism financing or money laundering. To comply with our legal obligations, we (or our service providers) may need to process your criminal data, including data relating to criminal behaviour, criminal records or proceedings regarding criminal or unlawful behavior, and we need to identify and authenticate business partners (including confirming and verifying the identity of relevant Individuals).

We engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

    F. For the conclusion and execution of agreement

When you have purchased a product or service from us as a customer, or when you work together with us as a supplier or business partner, we process your personal data for  the digital signing of contracts and documents or for administrative purposes such as sending invoices and making payments. We also use your personal data in order to deliver or receive and administer our or your products or services, including related customer services. 

For this purpose: we process your contact details such as your (business) address and email address, personal details of Individuals such as your name , IP address (in case of digital signing), details of your correspondence with us and other information which is relevant for the contract and account.

We engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

    G. Relationship management and marketing

We use your information, including your possible preferences you have shared with us,  to send you offers, newsletters, other relationship management or marketing communications, including promotions or invitations to events, administering events or promotions, providing customer services, perform account management, and communicate recalls. We also use your personal data for developing, executing and analyzing marketing strategies.

Based on your visit to a website of ERIKS, we can show you personalized advertisements outside the ERIKS website. To understand what is relevant to you, we can use manual and automatic tools to analyze your personal information.

For this purpose:

• we process your contact details such as your (business) address and email address, personal details such as your name, IP Address, contact preferences and topics you may be interested in (as may be indicated by you on our website).
• In addition, we process personal data by using cookies (see paragraph 3 below) on our websites and apps, based on your consent. 

Opt-out: If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in our communication or contact your local ERIKS entity via the webform on the relevant local website or via your regular contact person. You can also choose to contact us by using the contact details below in this privacy statement. 

We engage in these activities with your consent, to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.

    H. Development and improvement of products and services

We process your personal data for assessing, analyzing and improving products and (customer) services. We do this by using and combining customer data to analyze customer behavior and to adjust our products and services accordingly. In addition we do this by compiling analytics reports on the use of company websites or apps, assessing (online) campaigns and adjusting products and services accordingly, to ensure that it is relevant to customers, including analyzing how often customers read newsletters, how often customers visit company websites or apps, which pages customers click on, what goods or services customers purchase through company websites or apps.

For this purpose:

• we process your contact details such as your address and email address, personal details such as your name, and correspondence with us. In addition, we process the personal data you entered into our website or app or that were generated by the functionalities you used on our website or app and the technical data from your device such as its IP-address, the pages you visited on our website, your click- and surf behaviour and the length of your session
• If you choose to participate in our surveys, we may ask you to provide us with personal data. We may also use the personal data that you have provided in the survey for this purpose.

We engage in these activities with your consent and/or because we have a legitimate interest.

    I. Management reporting for our business purposes including analysis and development

We process personal information for reporting on general management, order management and asset management to support various ERIKS business-related purposes, such as leveraging central processing facilities in order to work more efficiently, conducting audits and investigations, implementing business controls, conducting business partner surveys, managing and using business partner directories, finance, accounting, archiving, insurance, legal and business consulting, dispute resolution, data analysis, developing new products, enhancing, improving or modifying our services, operating and expanding our business activities, such as in the context of mergers, acquisitions and divestitures and in order to manage such transactions.

For this purpose: we process your contact details such as your address and email address, your name, gender, place of residence, digits of your zip code and any other information mentioned in this Privacy Statement or otherwise provided to us by you, if such is compatible with the purposes mentioned in the previous paragraph. We apply aggregation or anonymization to personal data to prepare and perform management reporting and analysis.

We engage in these activities because we have a legitimate interest.

    J. Investigating compliance and quality improvement

Subject to applicable laws, we may conduct short term carefully controlled monitoring of your activities, such as in emails, text messages or other communications we have with you. We may do this for instance where we have reason to believe that fraud or other crime is being committed, where offences are suspected and where the monitoring is proportionate to the type of the disciplinary offence, or where we suspect non-compliance with anti-money laundering regulations or anti-terrorism screening obligations to which we are subject.

We may perform investigations in the interest of protecting the security of our communication systems and procedures or for quality improvement and staff training purposes.

For this purpose:

• we process your name, your contact information, your correspondence with us, your use of any of our products and services, recorded phone calls and any other information mentioned in this Privacy Statement or otherwise provided to us by you.
• to comply with our legal obligations, we (or public and government authorities) may need to process your data, including data relating to criminal behaviour, criminal records or proceedings regarding criminal or unlawful behavior, with respect to criminal offences that have been or, given the relevant circumstances are suspected to be or have been, committed.

We engage in these activities to comply with a legal obligation, as appropriate or necessary under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g. counterparty due diligence, anti-money laundering, compliance with competition and tax laws, anti-terrorism screening, financing of terrorism or in relation to the (detection) of fraud or other crimes) or to comply with legal process. In specific situations we may be required to respond to requests from public and government authorities including public and government authorities outside your country of residence. Only if we are required to do so by law or sectorial recommendation to which ERIKS is subject, the relevant personal information will be provided to supervisory agencies, fiscal authorities or investigative agencies. 

We engage in these activities because we have a legitimate interest, such as to enforce our terms and conditions and other applicable policies, to protect our operations, to protect our rights, privacy, safety or property, and/or that of yours or others or to allow us to pursue available remedies or limit the damages that we may sustain or for quality improvement. Where suitable we engage in these activities with your consent, e.g. when we record a phone call with you for quality improvement or staff training purposes. 

    K. Protecting health, safety, security and ensuring integrity

We process your personal data in order to safeguard our employees, customers, suppliers and business partners and our assets, such as, via access controls to ERIKS’s systems and premises.

For this purpose:

• we process your name and your contact information
• when you visit our premises we process additional information [as set out in the next paragraph L].

We engage in these activities to comply with a legal obligation and/or because we have a legitimate interest. 

    L. When you visit our premises

We process your personal information when you visit us on our premises for the purpose of ensuring appropriate access controls and security. 

For this purpose:

• we process your name, your contact information and the person you are visiting and your visiting history to our premises.
• when visiting our premises we may also process your car registration number or CCTV footage about you. In some countries photo and video images (such as for instance CCTV) (could) qualify as special categories of data. Our processing hereof is limited to the aim of protecting the safety and security of our assets.
• if your biometric data are required for secure access to our premise or if you have to show a form of ID, the biometric data or the ID is used for verification purposes only. We don’t record this information.

We engage in these activities because we have a legitimate interest (safety and security of our assets).

3. COOKIES

Any processing of your personal data via cookies and/or similar technologies will take place in accordance with our Cookie Statement available on the website of the relevant local ERIKS entity.

4. HOW LONG WE RETAIN YOUR PERSONAL DATA

We will retain your personal information for as long as necessary or permitted in light of the purposes outlined in this Privacy Statement and consistent with applicable law.

The criteria used to determine our retention periods include:

• the length of time we have an ongoing relationship with you (for example when we provide products and services to you);
• whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• whether retention is advisable in light of our legal position (such as in light of an applicable statute of limitations, litigation or regulatory investigations). 

After the applicable retention period has ended, ERIKS will apply the  procedures we have in place for data deletion, de-identification, anonymization or archiving. 

5. INTERNATIONAL DATA TRANSFERS AND ACCESS TO YOUR PERSONAL DATA

Due to the global nature of our organization and in order to offer you a complete package of products and services, your personal information may be stored and/or processed in a country other than the one you reside in.

For international data transfers we have put in place adequate measures, such as through contractual arrangements between ERIKS’s legal entities, including our shareholder, and through contractual arrangements put in place with third parties (for example for transfers from the EEA to countries not considered adequate by the European Commission we have entered into EC Standard Contractual Clauses; you may obtain a copy of these measures by contacting us via the below contact details).

Access to your personal data within ERIKS 

Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

Access to your personal data by third parties

Third parties may have access to your personal data where relevant for the provisioning of their products or services to us and to the extent that such processing is necessary for the purpose of processing agreed with us.

Examples of third parties:

• Banks, insurance companies, accountants and advisors in the areas of finance, tax or legal.
• Service Providers that support us in: 1) assessing and accepting our business partners 2) concluding and executing agreements with our business partners 3) relationship management and marketing 4) running our IT processes, for example to help us maintain our IT network and related infrastructure and security, including forensic specialists; 5) transport related services, for delivering our products to you; 6) performing any other purpose mentioned in this privacy statement.
• In other cases, your personal data will not be supplied to third parties, except when required by law. In specific situations we may be required to respond to requests from public and government authorities including public and government authorities outside your country of residence. Only if we are required to do so by law or sectorial recommendation to which ERIKS is subject, the relevant personal information will be provided to supervisory agencies, fiscal authorities or investigative agencies. 

6. SECURITY

We seek to use reasonable organizational, technical and administrative measures to protect personal information within our organization.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the contact details provided in this Privacy Statement.

7. YOUR RIGHTS AND CONTACTING US

If you would like to access, correct, update, restrict or remove your personal data processed by us, object to the processing of personal data, or if you would like to transmit an electronic copy of your personal data to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us with your request to exercise your rights.

In your request, please make as clear as possible what personal information your request relates to. We may request you to provide verification of your identity before responding to your request. If you added information to your user account yourself, then you can also access your user account to access, correct or remove it yourself.

We will try to respond to your request as soon as reasonably practicable and in any event within any applicable legally required timeframes. We will deal with your request in a manner as prescribed by law. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that began prior to your request for correction, updating or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed. If we do not grant your request, we will explain to you why.

Questions?

If you have any questions or complaints regarding the processing of your personal data about this Privacy Statement, please refer to the relevant contact in your location (see below), or alternatively you can contact privacyoffice@eriks.com . Because email communications are not always secure, please do not include sensitive information in your emails to us.

Where more ERIKS entities are involved in the data processing (joint controllers), we have arranged for a coordinated or central handling (for example where data is processed in a global IT system). You may obtain the essence of this arrangement upon request to our privacy office via de e-mail address above.

In some countries (e.g. in the EU) you may also lodge a complaint with a supervisory authority of your country or region or where an alleged infringement of applicable data protection law occurs.