This Data Protection Policy (hereinafter “the Policy”) accounts for the personal information collected, processed, and used by “ORBIT POLYMERS GROUP” hereinafter “the Company” or “We”) in compliance with the provisions of Regulation 2016/679 of the European Parliament and Council of the European Union (also known as the General Data Protection Regulation or GDPR, hereinafter “GDPR”).

For more information on our data protection policies and procedures, you can always directly contact us at compliance@orbitpolymers.com

Our Company processes Personal Data (as defined in GDPR) as an employer, prospective employer, as a supplier of services, for marketing related purposes and in the course of its operations, its standard business as a commercial representation, sales and distribution company. It also collects personal information when co-operating with third parties / partners and with respect to the visits of its website as well as in compliance with the Company’s legal obligations or for other legitimate reasons or for reasons of public interest.

For specific information with regard to the protection of data collected through our website, you can read our Website Use Privacy Policy

The Company collects personal information:

(i) directly from the data subject; or

(ii) indirectly, either from internal sources, including the Departments of the Company; other entities affiliated with the Company, if any; or third parties, including but not limited to agents, intermediaries, suppliers, business partners etc.

We process Personal Data that includes but is not limited to:

(a) information referring to a subject’s name, contact details (full address, email address, telephone number, IP address), date and place of birth, gender, bank or payment details, family status, ID numbers, tax and social security numbers, or other Special Categories of data as defined in the GDPR as well as information on previous experience, references, diplomas and degrees and professional certificates, correspondence with or about the data subject, the contract of employment, as well as all information needed for the performance of a contract of employment, as amended in the case of the Company’s employees;

(b) information referring to a subject’s name, gender, identity card number or passport number, tax and social security numbers, bank details, date and place of birth, mailing address, telephone numbers, email address and other contact details, CVs, educational and professional qualifications and certifications and employment references, as well as employment and training history, photos included in an application, if any, as in the case of job applicants to the Company;

(c) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, social security numbers, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our suppliers and our suppliers’ personnel and representatives, including chemicals and polymers manufacturers, machinery producers, transportation companies, technicians, lawyers, law firms, accountants, auditors and other service providers;

(d) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, social security numbers, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our clients and our clients’ personnel and representatives, including chemicals and polymers converters, lubricant blenders, etc.

(e) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function, as is the case with our agents and our agents’ personnel and representatives; etc.

Personal Data is processed by the Company, as necessary, for the performance of a contract to which the data subject is a party (as is the case with our employees, and third-party associates), as well as for the Company’s compliance with legal obligations. We also process Personal Data for the Company’s legitimate interests and for protecting the Company’s legal position in the event of legal proceedings or insurance claims or for protecting the Personal Data of the subject and consequently his or her interests.

When we need to process Personal Data:

- to pursue our legitimate business interests, for example to prevent fraud or potential crimes

- for administrative purposes

- to protect the Company’s and its affiliated entities’ assets and

- to improve our efficiency

We exercise best efforts to avoid processing a subject’s data where these interests are overridden by the subject’s own interests and we use only those procedures and technologies which are necessary, proportionate and implemented in the least intrusive manner, in a way that ensure a balance with the subject’s fundamental rights and freedoms.

When processing Personal Data, we do not collect more information than needed, to fulfil the purposes for which we process Personal Data. We hold accurate and up to date Personal Data in the appropriate manner reasonably ensuring suitable security thereof, protection against unauthorized or unlawful processing, accidental loss, destruction or damage.

We restrict physical access to authorized persons (familiar with the Company’s strict policies and procedures), we further maintain and use appropriate technical and organizational procedures and specific technological solutions as well as suitable IT systems to protect the integrity, safety, security and availability of the Personal Data we process.

A CCTV system is installed and operated in our premises as precautionary/preventive measures against crime, to protect our Company’s assets and resources; and, mainly, to ensure the safety and health of our people.

Any Personal Data (name, address, title/position, contact details or information of a sensitive nature) we send or receive in our e-mail systems or other electronic correspondence is duly processed in compliance with the GDPR and any other applicable law or regulation.

Our Company uses the Personal Data contained therein and any attachments thereto lawfully, duly and in a transparent manner, for specified and legitimate purposes at all times.

Our correspondence recipients are duly informed that they have all rights and freedoms provided for by any applicable legislation regarding their Personal Data.

A subject’s information is disclosed only to appropriate Company’s personnel.

We may also disclose Personal Data to State or other competent authorities, if this disclosure is mandatory under applicable laws or regulations.

Disclosure to tax authorities and to internal or external auditors is included.

We also disclose Personal Data to service providers as well as to our external consultants, business partners, associates and professional advisors, including but not limited to lawyers, legal counsels, law firms, insurance institutions and accountants, and to other third parties, if we are legally obliged to do.

In all such cases, we act in the most reasonable manner and in accordance with local laws, regulations and requirements. We exercise best efforts in order to ensure at all times that such third parties have been invited to adopt appropriate data processing procedures thus preserving the security and confidentiality of the subject’s data.

Due to our global activities and the nature of our business as a commercial representation, sales and distribution company, personal information may be transferred outside the E.E.A. when we need to comply with our legal and/or contractual requirements. We do so only where an adequate level of protection is ensured or where we have in place safeguards including the use of standard contractual terms, to preserve the security of a subject’s data in case of these transfers as far as it is practically possible.

We might also transfer a subject’s Personal Data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.

Where the Company relies on a third-party Personal Data Processor, to execute processing on its behalf, the Company will choose one (to the extent practically possible under the prevailing circumstances on each occasion) who provides adequate security level and procedures as well as one that undertakes reasonable steps to ensure compliance of the Personal Data processor with such procedures .

The Personal Data are stored by the Company for no more than it is necessary, solely for processing purposes as per the applicable legislation.

For as long as the Personal Data are retained by the Company, we implement and have in force at all times appropriate technical and organizational procedures as required by the law or existing regulations, in order to safeguard the rights and freedoms of the data subjects.

When we process Personal Data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be, subject to the Company’s right to maintain the Personal Data after the termination of the employment for legitimate purposes. In such case, the Company shall notify the subject accordingly (following the subject’s written request) and reasonably provide an estimate as to the time necessary for maintaining such Personal Data.

In the event that the Company will intend in the future to process Personal Data for a purpose other than the one this has been collected for, we shall make sure to provide the subject with relevant information thereto, as well as any other relevant information if such purpose is not consistent with the initial purpose.

If and to the extent that we process a subject’s Personal Data based on his/her consent, the subject may withdraw his/her consent and request the Company to stop using processing and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing, via email, to our authorized person in charge. The Personal Data Subject will have at any time access to the data, right to rectification, erasure or destruction, objection to the processing, objection to automated decision making and right to the data portability.

Upon receipt of such written request to the Company to withdraw the consent, we may require reasonable time (depending on the complexity of the request) for the subject’s request to be processed and for us to notify him or her of the consequences of our agreeing to the same, including any legal consequences which may affect his/her rights and liabilities to the Company. In general, we anticipate processing and respond to a subject’s respective request within 30 days of receiving it.

A subject is also entitled to request access to his or her Personal Data, as well as rectification, erasure, destruction or restriction of processing, as the case may be, to object to our processing, if and as the case may be.

The Company reserves its rights to make changes to this Policy from time to time.

If we make material changes to this Policy, we will promptly provide notification via prominent notice on the Company’s Website.

For more information on our Personal Data policies and procedures and for guidance on privacy related issues, as well as for requests for access, rectification, erasure, etc. as above, you can contact our data protection organizer (compliance@orbitpolymers.com) FAO Data Protection Compliance Officer), who can also answer all your queries on how the Company is processing personal data.