Privacy Notice

Hyperion Materials & Technologies, Inc. Privacy Notice

(last update: 22 August 2023)

 

 

Hyperion Materials & Technologies is committed to protecting your privacy

The integrity of your personal data is vital for Hyperion Materials & Technologies, Inc. and its group of global subsidiaries (hereinafter referred to as “Hyperion,” as applicable), and therefore, we welcome the strict protection of your personal data, as required by applicable data protection laws. Whether you are a valued Customer, Supplier, Commercial or Administrative Intermediary, a Digital Registrant, a Physical Registrant, a Digital Visitor or finally, a Facility Visitor, it’s important to us that you feel safe about how we treat your personal data. Accordingly, we outline below what types of personal data we collect from you, why, and what happens to your data while in our care. We also explain your rights under applicable data protection laws and give you contact details in case you have questions or requests about your data. To understand what legal ground we rely on for each of the purposes described below, please refer to the notice received at the point of data collection and this Hyperion Privacy Notice. Regarding retention periods, we store personal data only as long as necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer storage period is required for legitimate reasons, by law, or to justify or defend a legal claim. If you gave your consent for the use of your data, you may withdraw that consent at any time, and we will stop using your data.

 

What types of personal data do we use and why?

 

The table below describes the categories of personal data we collect and the purposes for which we use this personal data, along with details of which of the legal bases we rely on to do so, where this is required by applicable data protection laws.

 

In the table below, we consider you:

  • A. Customer if you or the company you work for has purchased our products or services;
  • B. Supplier if you work for one of our many supplier companies from whom we purchase goods and services;
  • C. Commercial or Administrative Intermediary if you work for one of our many distributors or other intermediaries such as our agents and customs brokers;
  • D. Digital Registrant if you, for example, use our websites to: 1) request information about our products or services; 2) register for newsletters or Hyperion sponsored events; 3) apply to any Hyperion subscriptions or community forums; 4) or respond to survey or marketing communication;
  • E. Physical Registrant if you register with us in person at any of our events;
  • F. Digital Visitor if you navigate our websites without registering as described under Digital Registrant;
  • G. Facility Visitor if you visit any of our offices or facilities.

 

Please be aware that you may appear in multiple categories as described above, depending on your relationship and activities with Hyperion. For example, you may be considered a Customer, a Digital Registrant and a Facility Visitor if you purchased our products, filled in one of our web forms and visited a Hyperion site at some point in time.

 

Categories of Data

Purposes

Lawful Bases

A

B

C

D

E

F

G

Contact data (such as name, business address, email address, and phone number)

Effective and efficient communication: respond to your questions, send information about Hyperion products and services of interest to you; lead generation; fulfill our obligation to keep you informed about safety matters; communicate technical changes

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed);

Y

Y

Y

Y

Y

N

Y

Organizational data (such as which company and department you work in)

Efficient marketing: understand what products and services information you would be interested in receiving

Processing is necessary to fulfil a legitimate business interest


Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

Y

Y

N

Y

Financial data (such as credit or payment information, bank account details)

Financial control: To assess credit and payment history, facilitate payments; to fulfill anti-money laundering obligations; and to manage rebates and refunds

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

N

Contract data (such as sales/purchase orders, shipment address or return to address), billing information, and other information collected under our customer and supplier contracts

Facilitation of order management, shipment and warranty; administration of service level agreements

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

N

Video, photo, time and location of recording, car/truck license plate number

Limited cameral surveillance. Cameras are stationed at certain unmanned gates to the industrial areas for the following purposes:

•Open and close gates safely toprevent damage to vehicles and people;

•Control so no unauthorized persons gain access to the industrial area when opening gates.

•Monitor exposed areas where there is a risk that unauthorized persons gain access to the industrial area unnoticed;

• To prevent and reveal propertydamages and related crimes;

• Investigate incidents and accidents.

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

N

Y

N

Y

Learning/training records (such as training attendance, completion of learning activities, competence data, qualifications)

Administer the customer/supplier/partner relationship and to communicate and develop new training opportunities you may be interested in

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

N

Individual preferences (such as language and food preferences)

Provide effective communication in the language of your choice and cater for dietary requirements. To offer you a pleasant experience in dealing with us

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

Y

Y

N

Y

Service and warranty data (such as Repair and service history and claims)

For contract warranty fulfilment and for product development improvements and for fulfilling our/your maintenance obligations

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

N

Health and safety data (such as incidences occurring during visits to our test and manufacturing facilities, and any injuries that may occur from use of our equipment)

Fulfill legal obligations to record incidents and claims management. Improve safety in hazardous environments and to facilitate access for individuals with physical restrictions

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Processing is necessary for compliance with a legal obligation

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

Y

Travel data (such as visa and passport information, travel costs, itinerary)

Arrangement of travel to Hyperion sites and events, including arrangement of Visas

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

Y

Y

Y

N

N

N

Y

Information about the event you attended

Follow-up with you about more information regarding the product or service you showed interest in and to send you information about related products and services

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

Y

Y

Y

Y

Information about where you were on the Internet when you gave us your contact information and the material you downloaded from our website.

Follow-up with you about information regarding the product or service you showed interest in and to send you related product information

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

Y

N

N

N

Information about Hyperion newsletters or other Hyperion content related material you have subscribed to

Follow-up with you about more information regarding the product or service you showed interest in and to send you related product information

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

Y

N

N

N

Navigational data (such as IP address, cookies, session identifiers, browser type, web pages viewed and links clicked).

Operate and improve your overall web-browsing experience. Personalize your browsing experience and to allow us to deliver the type of content and product and service offerings of most interest to you. Allow us to better service you in responding to your customer service requests. Efficiently process your transactions. Administer a promotion, survey or other website feature

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

Y

N

Y

N

Location, date and time of visit information

Travel and transfer arrangements; welcome messages

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

N

N

N

Y

License plate number of vehicle

Facilitate and manage parking permits

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

N

N

N

Y

Information about Hyperion newsletters or other Hyperion content related material you have subscribed to

Follow-up with you about more information regarding the product or service you showed interest in and to send you related product information

Processing is necessary to fulfil a legitimate business interest (in jurisdictions where legitimate interest is allowed)

Data subject has given consent (in jurisdictions where consent is required)

N

N

N

Y

N

N

N

 

Cookies on Our Website

If you navigate our websites, you will find specific and applicable Cookie Information for each specific website. In an attempt to provide you with increased value, we may include third party links on our websites. These linked sites have separate and independent privacy policies. Hyperion is not responsible for the practices of these third-party websites and so your use of those websites will be in accordance with their privacy policies.

Like many other websites and online services, we are currently unable to respond to Do Not Track Signals.

To read more about our cookie policy: Cookie Policy

To update your setting. Follow this link: Cookie Settings

 

Email Communications

We may send you e-mail communications from time to time with information that may be useful to you, including information about our products and services. Our email communications will include instructions on how to unsubscribe if you decide you do not want to receive any future marketing or promotional e-mails from us, which you may do by clicking on the “unsubscribe” link located at the bottom of the email or webform or by contacting us using the information below.

 

Sharing Information with Parties Outside of Hyperion

Hyperion does not sell, trade, or otherwise transfer your personal data to outside parties except as provided below based on Hyperion's legitimate interests to provide you with the high quality, useful products and services you have come to expect from Hyperion. We do not “sell” your personal data as that term is defined under applicable data protection laws and have not done so within the past year. We may transfer your data to a foreign country only if we have assured an adequate level of protection in the receiving country, such as through the applicable governing body’s adequacy decision, the Hyperion Intra-Company Data Transfer Agreement, the applicable governing body’s Standard Contractual Clauses with third parties, or other safeguards as otherwise required under applicable data protection law. To receive a copy of any such clauses, contact us using the Contact Us information provided below.

 

  • We may share data about Digital Visitors, Customers and Registrants to our website with hosting partners and other parties who assist us in operating our websites, conducting our business, or servicing you, so long as those parties agree to keep your personal data confidential. More detail about this can be found at our specific Cookie Information pages.
  • A Hyperion company may share data about a Digital Visitor, Facility Visitor, Customer, Registrant, or Supplier with another Hyperion company if necessary, to respond to you.
  • We may share data about Digital Visitors, Facility Visitors, Customers and Digital or Physical Registrants within the Hyperion group and with Hyperion business partners like authorized resellers or distributors so they can market and sell relevant Hyperion products and services to you, and so that we may jointly host product demonstrations and other events for you.
  • We may have to release information about Digital Visitors, Facility Visitors, Customers, Suppliers, or Digital and Physical Registrants to the appropriate authorities or other relevant third parties in order to enforce our privacy policies, or to protect Hyperion’s rights, property, or safety. We may also have to release your data to government authorities when a legal obligation compels us to.

 

Blogs, Chat Rooms and the Like

Hyperion may provide blogs, chat rooms or bulletin boards on our websites. Any personal information you choose to submit in such forum may be read, collected, or used by others who visit these forums. These non-Hyperion third parties may in their own discretion send you unsolicited messages. We are not responsible for these third parties’ handling of your personal data. We post a list of customers’ references and testimonials about our products and services only upon consent of each customer.

 

How Long We Retain Your Data

We will only retain your data for as long as is necessary to fulfil the purpose that the data was collected for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the period that we retain your data for, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we have collected it and whether we can achieve those purposes through other means, and any applicable legal, regulatory, tax, accounting, reporting or other requirements.

In some circumstances you can ask us to delete your data, please see ‘Your Rights’ below for further information on this.

 

Your Privacy Rights

Depending on the applicable data protection laws in your jurisdiction, you have a range of rights in relation to how we handle your data. You may have the right to know what data Hyperion holds about you, have access to that information and have it corrected if inaccurate or out of date. You can also object to our use of data about you and/or that our use of your data be limited. In some cases, you may require us to completely erase your data from all our files. Additionally, you also have the right to receive your data in a machine-readable format and have the data transferred to another company. In addition, in certain jurisdictions, you may have the right to request details of information we share about you with third parties for those third parties’ own direct marketing activities. To exercise any of these rights, please contact the Hyperion Data Protection Officer at dpo@hyperionmt.com. If we collected personal data based on your consent, you have the right to withdraw your consent at any time.

 

Exercising Your Rights

If you are dissatisfied with our use of your data, you may have the right to contact the relevant supervisory authority charged with protecting your personal data rights and lodge a complaint with such authority. This could be:

1) the regulatory authority in the country of the Hyperion company that collected your data; or

2) the regulator in the country where you believe a violation of your personal data rights occurred.

If you make a request related to personal information about you, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If it is necessary to collect additional information from you, TA will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.

If you make a request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

We will process your request within the time provided by applicable law.

 

Controller of Your Data

The Controller of your data is the Hyperion group company that initially collected your data and decided the purposes and means for using your data. If you have questions about who the Controller of your data is or any other questions about your data, please contact the Hyperion Data Protection Officer at dpo@hyperionmt.com.

 

Your Data Collected from Other Sources

There may be times when Hyperion collects data about you from another source than yourself. This could happen, for example, when our Business Partners or Suppliers provide us with information about you. We also collect personal data from public sources such as social media. We will provide more information about the source in the specific cases where this happens.

 

If You Fail to Provide Your Data

Where we need to collect your data by law, or under the terms of a contract with you, and you fail to provide that data when requested, we may be unable to perform the contract with you (for example to provide you with goods or services). In this case, we may have to cancel the contract with you, but we will notify you if this is the case.

 

Children Under Sixteen (16) Years of Age

We do not knowingly solicit or collect any data from children under sixteen (16) years of age. If you are under sixteen (16) years of age, do not send any information about yourself to us. Please contact us as provided below in the Contact Us section if you believe we may have collected such information.

 

Changes to This Privacy Notice

We keep this privacy notice under regular review to ensure it is up to date and accurate. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

Contact Us

If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices or to exercise your data subject rights, please contact us at:

Hyperion Materials & Technologies, Inc.

6325 Huntley Rd.

Worthington, OH 43085

Attn: Data Protection Officer

Email: dpo@hyperionmt.com