Introduction
This is the Privacy Statement of Stellar Materials International LLC (SMI). SMI has its headquarter office in the USA but also has a branch office in the Netherlands. The address of the head office of SMI is 600 Riverwalk Parkway, Suite 120, Tonawanda, New York 14150, USA and the address of the branch office is Nieuw Mathenesserstraat 39-41, unit 1b, 3029 AV, Rotterdam, The Netherlands.
You can contact our office in the U.S. at +1 (561) 330-9300 or in the Netherlands at +31 (10) 2460264 or via e-mail at [email protected].
The General Data Protection Regulation (GDPR) is law throughout the European Union (EU). Each member state has its own national version of this EU-law. The Dutch version of GDPR is called “Algemene Verordening Gegevensbescherming”or AVG, but for the purpose of this Privacy Statement we will use the English term GDPR. The information below explains how SMI is protecting personal data according to GDPR.
Our core business
SMI sells high end specialized refractory products and technology and provides full service support. SMI carries out transactions with sellers and buyers within the EU and other countries.
All commercial activities of SMI are business-to-business, so there are no private consumers nor private sellers involved in any commercial contract with SMI. SMI does not apply any means of (automated) profiling or monitoring of personal data, nor is the individual behavior of our customers or other business relations registered.
Our supporting activities
The branch office of SMI consists of a back office in Rotterdam, the Netherlands, which supports the general sales executive and his team of sales representatives throughout Europe.
Our organization
SMI is a subsidiary of Stellar Materials LLC (SM). The address of SM is: 7777 Glades Road, Suite 310, Boca Raton, Florida, 33434, USA. The employees of SM perform services on behalf of SMI such as production, purchasing, distribution, warehousing, accounting, marketing, IT, Research & Development and human resource management.
While SMI performs services regarding sales, it also exchanges commercial information including certain personal data with SM to carry out the core business. SMI also exchanges personal data of employees with SM, because SM operates both the accounting and the human resource functions of both SM and SMI.
Privacy Shield NL-USA and our internal Privacy Policy
The EU has introduced a so-called Adequacy Decision which makes it possible under GDPR to transfer personal data from the Netherlands and/or other EU-countries to the US and vice versa. SM hereby certifies compliance with GDPR as does SMI regarding the protection of personal data of EU citizens or residents of non-EU countries who do business with SM or SMI.
All internal procedures are constantly being evaluated as far as the processing of personal data is concerned. This constant evaluation has resulted in an internal Privacy Policy which is subject to continual improvement. This Privacy Statement is also part of that process.
The NL Data Protection Authority
Since we have a branch office in the Netherlands from which the EU sales team is being managed, the relevant data protection authority is the Dutch “Autoriteit Persoonsgegevens” which can be contacted via: https://autoriteitpersoonsgegevens.nl/en This organization is supervising all aspects of personal data protection regarding employees and business relations of SMI and SM within the EU.
How we want to inform you about the application of GDPR in our company
The latest version of this Privacy Statement can be found as a link on our website: www.thermbond.com/privacypolicy
Our website uses programs called “cookies” to make the website easily accessible. We also keep track of the use of the website but we do not record personal data with these cookies. In our newsletter we also have a link to the latest version of our Privacy Statement. Our new employees receive a copy of the Privacy Statement before they start working with us.
Data Controllers and Data Processors
The management of SMI and of SM determine the purpose for which and the means by which the personal data are processed. Therefore they are the joint Data Controllers. They are responsible for the proper application of GDPR in our company. Management of SMI and SM are both led by Mr. David Mintz. There is no Data Protection Officer as such. However, if you want to contact the joint Data Controllers they can be reached at:
- SMI/EU Mrs. Paula Schell [email protected]
- SM/US Ms. Monica Zea [email protected]
The joint Data Controllers see to it that personal data are processed in accordance with GDPR, which means that key principles apply in our internal privacy Policy such as transparent, fair and lawful processing, purpose limitation, data minimization and proper data retention. This means that we only use correct personal data for specific (commercial or legal) purposes. We will store these data no longer than necessary and only for the purpose for which they were collected.
The joint Data Controllers have installed appropriate technical and organizational safeguards that ensure the security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technology.
The joint Data Controllers did not execute a Data Protection Impact Assessment. However, SMI has put into place an internal register of personal data processing activities and incidents. This register will also be used by SM when applicable and is part of the internal Privacy Policy.
External Data Processors have committed themselves to our GDPR obligations by signing a Data Processing Contract with us.
Collection of personal data
We collect personal data of customers, sellers and other service providers in order to be able to deliver our products or render our services. We do so during the execution of a sale or purchase.
We collect personal data of employees during their career with us. We do so in order to be able to fulfill legal obligations and to monitor and review all activities within or company in compliance with law.
We collect personal data in a (semi)automated way as well as by hand, both digitally and in hard copy. We do not collect sensitive personal data, e.g. data on religion, medical subjects, biometrics etc.
Our grounds for processing personal data
We collect and process personal data on the following grounds: Contractual obligations towards business relations towards employees Legal obligations towards business relations towards employees.
How do we protect your personal data
Hard copy personal data are stored in our offices in compliance with our internal Privacy Policy. We protect personal data using a combination of technical, administrative, organizational and physical safeguards. Digital personal data and backups are kept behind a firewall on servers both in the EU as well as in the US. We limit access to your personal data to those who need that access in order to perform their jobs.
Retention periods
We keep all personal data of business relations for as long as necessary to comply with our contractual and legal obligations. For legal reasons we keep personal data of employees up to seven years after they have left our company. We will remove from our records the personal data of candidates who have applied for a job in our company but who have not been employed by us, within two months after rejection. However, when we feel a new vacancy may occur, we will keep the personal data of a candidate for the period of one year.
Your rights
Business relations, employees and all other relations of SMI and SM have the following rights:
- information about the processing of your personal data by SMI and SM;
- you can obtain access to the personal data held about you;
- you can ask for incorrect, inaccurate or incomplete personal data to be corrected;
- you can request that personal data be erased when it’s no longer needed or if processing it is Unlawful – you can object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
- you can request the restriction of the processing of your personal data in specific cases;
- you can ask to receive your personal data in a machine-readable format and send it to another Data Controller (e.g. a new employer). This is called Data Portability;
- you can request that decisions based on automated processing concerning you and significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
These rights apply across the EU, regardless of where the data are processed and where the company or its representatives are established. These rights also apply when you deal with non-EU companies operating in the EU.
To exercise your rights you should contact us preferably via e-mail (see e-mail address below). We will respond to your request without undue delay and at the latest within 1 month. If we intend not to comply with your request we will state the reason why. You can then file a complaint with us if you want or you can contact the NL Data Protection Authority.
You may be asked to provide information to confirm your identity first in order to exercise your rights.
Information, questions, complaints, remarks
If you have any questions or remarks about our privacy policy please contact us preferably on this address:
Nieuw Mathenesserstraat 39-41, unit 1b, 3029 AV, Rotterdam, The Netherlands
tel.: +31 (10) 2460264