This website is provided by Palram Americas, Inc. Palram is sensitive to privacy issues on the Internet and takes the protection of your personal data seriously. This policy and notice (the ‘Data Protection Notice’, also this ‘Notice’ or ‘Policy’) states the policies and practices of Palram group companies (‘Company’, also we, us, our, etc.), with respect to personal data, and is written in plain language with a view to maximal transparency and accountability. It also serves as notice to data subjects as required by EU data protection law, including advising data subjects regarding their data protection rights.
Information privacy is a continual and evolving responsibility, and so from time to time we will update this Notice as we undertake new personal data practices or adopt new policies.
You may provide data when you visit our websites, including at www.palramamericas.com (our ‘websites’), or our social media pages, or you may provide us with such data in the course of your interest in our products, business transactions, conferences, sales, and support. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
If you and your organization are a customer of Palram, please also refer to our applicable terms and conditions, which may contain further information about how we process your personal data in relation to our product sales, service, and support.
Company sometimes acts as a Data Processor or a Data Controller, and is committed to treating personal information with all due care, responsibility, and accountability, all in accordance with the EU’s General Data Protection Regulation (‘GDPR’) and other applicable laws and best practices.
Company Personal Data Processing On Our Websites and Other Marketing Sources
Where individuals communicate with us directly, including as representatives of customers, and where we know them to be EU persons, we may use such data to communicate with such individuals, including for the purposes of keeping such individuals aware of our news, or of changes to our services; and to deliver content or features.
We collect contact and related data about potential customers via our websites, at events, through social media (such as Facebook and LinkedIn), when it is given for that purpose to our professional, and through other such sources. This data is used to market our products and keep our followers up to date on Palram. We store this data with third party providers of marketing data processing (for example, Hubspot), including in the USA and elsewhere.
Data subjects may ask for such data to be accessed, moved, rectified, or erased by contacting firstname.lastname@example.org, or the Data Protection Officer, details below.
Company Personal Data Processing as Part of Its Commercial Services
Summary: we may process personal data on behalf of our customers, and do so in fulfillment of our contract with them. To the extent that we process data as a Controller, we do so based on the consent of the data subject; or based on the fulfillment of contract; or based on a legitimate interest.
Company sells a broad variety of plastics and finished goods to businesses and individuals. In the course of selling these products, customers-Controllers instruct Company to provide goods and services either to the Controller, or to the Controllers customers – who may be corporations or individuals. In so doing, the Controllers may provide Company various data, which may include Personal Data, to enable sale, delivery, service, and support to its customers. Company processes customers’ data only in accordance with the instructions of customers, and in fulfillment of the Controllers’ contracts with Company. Data Subjects may contact the Controller of their data, with questions or requests concerning their Personal Data.
Where Company is the Controller of data, it will process data only on a lawful basis, generally based on the consent of the data subject; or based on the fulfillment of contract; or based on a legitimate interest of providing information and services and support with respect to Company’s goods.
Data Held for Compliance
Summary: we may hold personal data for our own compliance and accountability needs. Personal data provided to Company may be used for our own compliance and accountability, including, to ensure we meet with applicable laws; and to detect, investigate, and avoid activities that may violate our policies, or be unethical or illegal; in connection with legal claims; where relevant for possible audits.
Summary: we will erase data once it is no longer serving its purposes. Personal data processed by Palram will be erased when it no longer serves its purposes, or is no longer needed for legal, compliance, audit, and other such needs. Data processed on behalf of our customers (the Controllers; see section 2 above) will be erased on their instructions.
Sharing Personal Data with Third Parties
Summary: we may share personal data with third parties that provide processing services to us, for those limited purposes, or as required by law. We will not share personal data with any third party except in limited circumstances, in which those third parties support our services to our customers, employees, and website users. This may include: CRM, billing, payroll, shipping, lead management, marketing services and website services, data backup services. Where commercially relevant, we may pass on such data to distributors of our goods.
We may share personal information with third parties in connection with legal or regulatory proceedings or investigation, enforcement or protection of our rights, a sale of our business or other corporate due diligence, in compliance with legal process, or in any other case where we believe in good faith that disclosure is required by law or by generally accepted best business practice. We will make reasonable efforts to obtain from such third parties assurance that they will treat all personal information in accordance with GDPR and all applicable law, and that such third parties performing services on our behalf are required to, and will in fact, use that information only for the purposes agreed with us or required by law.
When we share data with third parties, we remain liable for the treatment of such data with respect to GDPR.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Summary: we may transfer personal data from the EU to the US. Company has its headquarters in Israel, a country recognized by the EU Commission as having protection adequate under EU data protection laws. Personal information collected or received by Palram in and from the EU, may be processed in Israel, or the United States, or in other countries in which Palram has an entity, where there is need for such processing. The United States has no adequacy ruling from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we transfer personal data to the US only: to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We may also do so with consent. We may also transfer data to Privacy Shield certified third parties. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistently with your relationship with the Controller or with us, and the practices described in this Data Protection Notice. We also minimize the risk to your rights and freedoms by not collecting or storing sensitive information about you.
Data Security and Integrity
Summary: we take data security seriously. We deploy industry standard, or better, measures to ensure the security, confidentiality, integrity, and availability of personal data we process. We maintain physical, technical, and administrative safeguards, and test and update these periodically. We endeavor to restrict access to personal data on a ‘need to know’ basis for the provision of services to you. We also conduct employee training in these regards. No such measures are perfect or impenetrable. In the event of a security breach, we will take all reasonable action to minimize any harm, and will of course meet the requirements of GDPR, including with regard to notifications. Although we will do our best to protect personal data, we cannot guarantee the security of data transmitted to our site or to group companies, and transmission is at the data subject’s own risk.
Summary: we may amend this policy from time to time, and will publish changes directly to our site. Your continued use of our site means you agree to the terms of this notice. This data protection policy may be updated or modified from time to time, with or without notice to data subjects, users etc. Changes may be made to accommodate new laws and regulations, technologies, or industry practices, or for other purposes. New versions of this notice will supersede and replace prior versions. To the extent that such changes materially adversely affect our treatment of personal data, we will endeavor to provide notice to data subjects via our site. You agree that any dispute in connection with this notice and its terms, will be governed exclusively by the laws of Israel except its conflict of laws provisions.
Data Subject Rights
Summary: you have rights of access, portability, rectification, and erasure. You may contact us to help exercise those rights. Where we are the data Controller, you have, under GDPR, various rights with respect to the way we process that data. We will help data subjects exercise their rights in respect to the data. This includes various information rights, the right to correct (rectify) the record of your personal data maintained by us if it is inaccurate; you may be entitled to request that we erase that data or cease processing it, subject to certain exceptions; you may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. When technically feasible, at your request we will provide your personal data to you or transmit it directly to another controller.
Reasonable access to your personal data will be provided at no cost to our customers, and others upon request made to us at email@example.com. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. We will not be able to provide access to data where such access would lead to divulging proprietary information, or may impinge the rights of employees or others.
Employee, Job Applicant, and HR Data Protection
Summary: Palram is committed to protecting the data of its team, and of job applicants. And Palram’s employees and staff are committed to data protection. Palram staff data protection rights and obligations are detailed in the Employee procedures, and the data protection principles in this notice and policy will apply to employees too, as well as to job applicants. We collect job applicant data in pursuance of a possible contract with job applicants, and their data may be held and managed on our systems to enable us to evaluate and process the application.
Contacting Us About Data Protection Matters
Summary: you may contact us or our data protection officer, as may be required. Any access requests may be lodged with us or with our Data Protection Officer at firstname.lastname@example.org. Any complaints may be lodged with the UK ICO.
Name: Marketing Communications