Location

Privacy Notice

LEARN MORE

Candidate Privacy Notice

LEARN MORE

Hempel Privacy Notice

  • 1. INTRODUCTION

    Thank you for visiting our website and this privacy notice. The purpose of this privacy notice is to describe how we process your personal data. This privacy notice applies to our business partners, suppliers, customers, visitors and other external parties engaging with us as described in this notice. The data controller of your personal data is in the Hempel affiliate that you are in contact with for the different purposes as stated in this privacy notice. If another Hempel entity is acting as a data controller of your personal data for a specific purpose, you will be informed hereof directly. Please see our affiliates here.

     We will process your personal data according to applicable legislation, including the European General Data Protection Regulation, (EU) 2016/679 (“GDPR”) and/or local legislation in the relevant country of our affiliates. In this privacy notice, you can read more about what personal data we process about you, including how we receive your personal data, for which purposes, for how long we store your personal data, if we share it with any data processors or third parties and your rights.

    If you have any questions on how we process your personal data – please reach out to our Privacy Team. Please see contact details in ‘Contact Information’ section in this privacy notice.

  • 2. OUR PROCESSING OF PERSONAL DATA

    When

    The categories of personal data we process about you

    The purpose of the processing

    The legal basis of the processing activity

    When you visit our operated websites

    Information such as your IP address

    This data is used for security purposes, especially the prevention of online threats like data breaches and denial of service assaults, as well as to deter the submission of multiple unauthorized applications.

    While you access our website, our server may execute a reverse DNS lookup on your IP address. This method does not identify you personally, but it helps us gain general insights about the entities related to that IP address.

    The legal basis is our legitimate interests to protect our website, users and infrastructure as well as to gain insights into the types of organizations engaging with our websites GDPR art. 6(1)(f). It is our assessment that our legitimate interests do not override your rights and interests.

    When you visit our operated websites, we place necessary cookies

    Information such as your IP address

    We use necessary cookies to enable the functionality of our website

    The legal basis for the processing of necessary cookies and your IP address is Hempel’s legitimate interest such as to enable you to navigate in our website, making available different website functions such as forms that are essential for you to browse the website. We believe that our legitimate interest as described above does not override your legitimate interests and freedoms,  GDPR art. 6(1)(f).

    When you accept the use of cookies on our operated websites

    Information such as your IP address, device details, behavior on the website depending on your choices and similar

    We use cookies to personalize content and ads, customize our website and its content to your preferences based on a record of your selected preferences or on your use of our website.

    We also use cookies for retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended.

    We also use cookies for marketing such as to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    The legal basis for the processing of your personal data is consent GDPR art. 6(1)(a).

    When you contact us by the contact forms, mail or by phone.

    Your contact information such as name, email and phone as well as what your request is about.

    We collect this information directly from you.

    We collect and use your information to be able to communicate with you and provide the information that you have requested.

    The legal basis is our legitimate interests to be able to communicate with you and provide any requested information and service, GDPR art. 6(1)(f). It is our assessment that our legitimate interests do not override your rights and interests.

    When you have accepted marketing materials from us

    Your contact information such as name, e-mail, phone number, country and other.

    We collect this information directly from you or third parties to whom you have provided your consent.

    We collect and use your information to be able to communicate with you and provide information on our business and products via commercial campaigns, such as sales, marketing campaigns, and newsletters 

    If you are not already an existing customer with us, our legal basis for the processing is your consent GDPR, Article 6(1)(a).

    If you are an existing customer with us and have purchased from us our legitimate interests GDPR article 6(1)(f) to promote our business activities and products that you might find interesting.
    It is our assessment that our legitimate interests do not override your rights and interests.

    When you are a potential  customer, supplier, or business partner.

    We process information such as your name, work place, job title, email and phone number as well as information concerning the potential agreement.

    The purpose of the processing is for us to be able to enter into an agreement with you.

    The legal basis of the processing activity is the following; 

    GDPR article 6(1)(b) as the processing is necessary for the performance if a contract us and the company you represent.

    GDPR article 6(1)(c) as the processing may be necessary due to our legal obligations to conduct audits or checks of the company that you represent before contracting.

    GDPR article 6(1)(f) as the processing is necessary due to our legitimate interests in communicating with you on the potential business relation.

    When you are a customer,  supplier or business partner.

    We process information such as your name, work place, job title, email and phone number as well as information about your requests, orders, deliveries etc. related to our agreement. 

    We also process billing information such as VAT number and purchase/delivery history. 

    We collect this information directly from you.

    We process the personal information about you to fulfil the contract that we have entered with you, to manage our business relation, to communicate with you and to comply with our legal obligations.

    The legal basis is GDPR article 6(1)(b) as the processing is necessary for the performance of a contract to which we are party or in order to take steps at the request of you prior to entering into a contract, as well as GDPR article 6(1)(c) as the processing is necessary for compliance with a legal obligation to which we are subject.

    When you are a customer and create an account on ‘MyHempel’

    Contact information, such as your name, business phone number, mobile phone number, e-mail address, address. 

    We collect this information directly from you.

    We register and use the information to create and manage your ‘MyHempel’ account with us.

    The legal basis is Hempel’s legitimate interests in offering our customer’s a self-service platform as the ‘MyHempel’ account, incl. managing such account, so we can deliver the best services to our customers, as well as your legitimate interest in the using the account. We believe that our legitimate interest as described above does not override your legitimate interests and freedoms, GDPR art. 6(1)(f).

    When you visit our facilities

    Name, host of your visit, organization that you represent and/or potential photos from on our surveillance cameras

    We register and use the personal data to create a guest-access card for you, register our visitors and safeguard our facilities.

    The legal basis is our interest in keeping our facilities and data up to our security standards and having basic information on any guests who visit us. We believe that our legitimate interest does not override your legitimate interests and freedoms, cf. GDPR art. 6(1)(f).

  • 3. RETENTION
    We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • 4. HOW WE MAY DISCLOSE, SHARE AND/OR TRANSFER YOUR PERSONAL DATA

    Please note that we may share information with relevant affiliates in the Hempel Group if necessary for e.g. the production or delivery of ordered products and services, or if a Hempel entity is acting as a data processor to another Hempel entity.

    Hempel may also share information with external parties when relevant for the specific services. This could for example be as part of the delivery of necessary IT services such as data hosting under our instructions or if delivery of products is handled by an external freight company. When we engage data processors, we always ensure to comply with applicable legislation and enter a data processing agreement.

    In the above mentioned situations, we might transfer personal data to countries outside the European Economic Area (“EEA”) which is not deemed as an adequate country by the European Commission.  If such transfers are conducted, we will comply with the requirements to such transfers and ensure adequate transfer mechanisms, such as the European Standard Contractual Clauses and conduct transfer impact assessments.  You can obtain a copy of the relevant transfer basis by contacting our Privacy Team at Privacy@hempel.com.

  • 5. KEEPING YOUR PERSONAL DATA SECURE

    We have implemented appropriate technical and organizational security measures to prevent personal data from being accidentally lost or used or accessed in an unauthorized way. We limit access to the personal data we process to those who have a genuine business need to know it. Our processing of your personal data is subject to confidentiality clauses.

  • 6. YOUR RIGHTS AS A DATA SUBJECT

    Subject to the applicable restrictions in relevant local data protection regulation and the GDPR, you have the following rights:

    Right of access
    You have the right to request access to the personal data that we process about you.

    Right to rectification
    You have the right to rectify inaccurate and inadequate personal data about you.

    Right to erasure (right to be forgotten)
    You have the right to request us to erase the personal data we process about you. You can either request the ‘right to be forgotten’ in your profile in our recruitment system or by contacting us using the contact information in section 10 of this policy.

    Right to restriction
    You have the right to restrict our processing of your personal data and thereby ask us to suspend the processing of your personal information.

    Right to data portability
    Where our processing of your personal data is based on your consent and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another data controller without hindrance from us, where technically feasible.

    Right to object
    You have the right to object – on grounds relating to your particular situation – to processing personal data where the legal basis for our processing is legitimate interests. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  • 7. QUESTIONS AND COMPLAINTS

    If you have any questions, comments, or complaints concerning our processing of your personal data, please contact our Privacy Team at Privacy@hempel.com.

    You also have the right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Authority. You will find the contact information the Danish Data Protection Authority on https://www.datatilsynet.dk/You can also read more about your rights as a data subject on https://www.datatilsynet.dk/

  • 8. CONTACT INFORMATION

    Hempel Global Privacy Office
    Hempel A/S
    Address: Lundtoftegårdsvej 91, 2800 Kgs. Lyngby, Denmark
    Phone: +45 4593 3800
    Mail: Privacy@hempel.com

    DPO for our German affiliates:
    J.W. Ostendorf Gmbh & Co. Kg, FLT HANDEL & SERVICE GMBH
    Address: Rottkamp 2, 48653 Coesfeld, Germany
    Phone:  +49 2541 744-0
    Data Protection Officer: André Korte (akorte@dsb-ms.de)

    Please find contact information on our affiliates here.

    Latest update of this policy: January 2023

Hempel Candidate Privacy Notice

  • 1. INTRODUCTION

    When you choose to create a job profile, a job alert and/or apply for a specific position in the Hempel Group, your personal data will be registered in our recruitment system, and Hempel A/S and/or the Hempel affiliate relevant to your job application, will as the data controller receive and process personal data about you as a job candidate.  

    Your privacy is very important to us, therefore, we will process your personal data according to applicable legislation, including the European General Data Protection Regulation, (EU) 2016/679 (“GDPR”) and/or local legislation in the relevant country of our relevant affiliate. Below you can read more about what personal data we process about you, including how we receive your personal data, for which purposes, for how long we store your personal data and if we share it with any data processors or third parties. If you have any questions on how we process your personal data – please reach out to our Privacy Team. Please see contact details in section 10.
  • 2. DATA CONTROLLER AND DATA PROTECTION PRINCIPLES

    If you choose to create a job alert with us, Hempel A/S will act as the data controller of your personal data. If you choose to apply for a specific position, the data controller of your personal data will be the legal entity in the Hempel Group, which has the vacant position to be filled. Please note that your personal data may be shared with authorized Hempel personnel within the Hempel Group. Please find more about Hempel companies here. 

    Hempel A/S and each of our affiliated companies are hereinafter collectively referred to as “Hempel”, “we” or “us”.

     

  • 3. WHEN AND HOW DO WE PROCESS YOUR PERSONAL DATA

    The categories of personal data we process about you

    The purpose of the processing

    The legal basis of the processing activity

    How long do we keep your personal data ?

    Name, contact information and your interests in vacant positions with us.

    The purpose of the processing is to be able to contact you if you have registered a job alert with us.

    GDPR art. 6(1)(f) (“legitimate interest): It is our assessment that the processing of your personal data is necessary to provide you with information on vacant positions with us, as you have requested in our job alert-function.

    We will, as a general rule, not store your personal data for longer than 6 months from the day you submitted your application.

     

    Name, contact information and other personal data included in your CV, application and other attachments, such as details of your education, qualifications, experiences, employment history, etc.

    The purpose of the processing is to hire new employees in Hempel by carrying out a fair recruitment process, evaluate your application and qualifications for the vacant position, arrange and hold interviews, and inform you of the outcome at all stages.

     

    GDPR art. 6(1)(f) (“legitimate interest): It is our assessment that the processing of your personal data is necessary to carry out a fair recruitment process and assess whether we can offer you a position with us.

    We will, as a general rule, not store your personal data for longer than 6 months from the day you submitted your application.

    If we offer you a position and you become an employee at Hempel, we will process and keep your personal data in accordance with our privacy policy for employees.

    Your name, e-mail address and test-results from your personality assessment and/or test, if you have been invited to a second interview and conducted a personality assessment and/or test.

    The purpose of the processing is to make an assessment of your suitability for the vacant position and Hempel as workplace and thereby to assess whether you will be a good fit for the vacant position.

    GDPR art. 6(1)(f) (“legitimate interest): It is our assessment that the processing of your personal data is necessary to carry out a fair recruitment process and assess whether we can offer you a position with us.

    We will, as a general rule, not store your personal data for longer than 6 months from the day you submitted your application.

    If we offer you a position and you become an employee at Hempel, we will process and keep your personal data in accordance with our privacy policy for employees.

    Legitimate and necessary information about your previous employment history to assess your suitability for the position, e.g. information on your previous work-tasks and responsibilities. If this processing is relevant in your recruitment process, you will receive further information of this processing.

    The purpose of the processing is to make an assessment of your suitability for the vacant position and Hempel as workplace and thereby to assess whether you will be a good fit for the vacant position.

    GDPR art. 6(1)(a) (“consent): We will only contact your previous employer and process your personal data and information about your previous employment history if you have given us your explicit consent.

    We will, as a general rule, not store your personal data for longer than 6 months from the day you submitted your application.

    If we offer you a position and you become an employee at Hempel, we will process and keep your personal data in accordance with our privacy policy for employees.


  • 4. SOURCES

    The personal data we process about you as described above are collected directly from you and public sources such as LinkedIn.

  • 5. DATA PROVIDED ON A VOLUNTARY BASIS

    When we collect personal data directly from you, you provide us the personal data on a voluntary basis. The consequences of not providing us with the personal data mentioned above will be that we cannot pursue the specific purposes of our processing activities as set out above, which for example means that we cannot assess your application for a vacant position in Hempel.

    If you have provided us with your consent to a specific processing activity, you have the right to withdraw such consent without any consequences for you. However, please note that a withdrawal of consent will not affect any processing based on your consent given before the withdrawal. If you wish to withdraw your consent, please contact us using the contact information in section 10 of this policy.
  • 6. HOW WE MAY DISCLOSE, SHARE AND/OR TRANSFER YOUR PERSONAL DATA

    We will not disclose your personal data to any external third parties, but the reference person that you have allowed us to contact, if relevant. In such case, we will only disclose information on your interests in a job with us.

    We may share your personal data to authorized Hempel personnel in the Hempel Group, if relevant.

    We may also share your personal data with our third-party service providers, such as hosting providers or providers of personality assessments/tests. Such third parties will act solely on our behalf and upon our instructions as data processors and are not allowed to use the data for their own purposes.

    In some cases, we may transfer your personal data as set out above to countries outside EU/EEA. We ensure that such transfers will be carried out in accordance with chapter 5 in the GDPR to adequately safeguard your personal data. If the country outside EU/EEA is not subject to an adequacy decision from the European Commission, the legal transfer tool will be the Standard Contraction Clauses (based on the European Commission’s decision (EU) 2021/914 of 4 June 2021) and the transfer will be subject to supplementary and appropriate safeguards in accordance with the recommendations 01/20200 adopted by the European Data Protection Board (“EDPB”). If you have any questions to our transfer of your personal data, please contact us using the contact information in section 10 of this policy.

  • 7. KEEPING YOUR PERSONAL INFORMATION SECURE
    We have implemented appropriate technical and organizational security measures to prevent personal data from being accidentally lost or used or accessed in an unauthorized way. We limit access to the personal data we process to those who have a genuine business need to know it. Our processing of your personal data is subject to confidentiality clauses.
  • 8. YOUR RIGHTS AS A DATA SUBJECT

    Subject to the applicable restrictions in relevant local data protection regulation and the GDPR, you have the follow rights.

    Right of access

    You have the right to request access to the personal data that we process about you.

    Right to rectification

    You have the right to rectify inaccurate and inadequate personal data about you.

    Right to erasure (right to be forgotten)

    You have the right to request us to erase the personal data we process about you. You can either request the ‘right to be forgotten’ in your profile in our recruitment system or by contacting us using the contact information in section 10 of this policy.

    Right to restriction

    You have the right to restrict our processing of your personal data and thereby ask us to suspend the processing of your personal information.

    Right to data portability

    Where our processing of your personal data is based on your consent and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another data controller without hindrance from us, where technically feasible. 

    Right to object

    You have the right to object – on grounds relating to your particular situation – to processing personal data where the legal basis for our processing is legitimate interests. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  • 9. QUESTIONS AND COMPLAINTS

    If you have any questions, comments, or complaints to our processing of your personal data in relation to the recruitment process, please contact our Privacy Team at Privacy@hempel.com.

    You also have the right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Authority. You will find the contact information the Danish Data Protection Authority on www.datatilsynet.dk. You can also read more about your rights as a data subject on www.datatilsynet.dk.

  • 10. CONTACT INFORMATION AND MOST RECENT UPDATE

    Hempel Global Privacy Office
    Hempel A/S
    Address: Lundtoftegårdsvej 91, 2800 Kgs. Lyngby, Denmark
    Phone: +45 4593 3800
    Mail: Privacy@hempel.com.

     

    DPO for our German affiliates:
    J.W. Ostendorf Gmbh & Co. Kg, FLT HANDEL & SERVICE GMBH
    Address: Rottkamp 2, 48653 Coesfeld, Germany
    Phone:  +49 2541 744-0
    Data Protection Officer: André Korte (akorte@dsb-ms.de)

     

    Latest update of this policy: August 2022