Privacy Policy for Uponor & More Personal Data Register

1. Controller
Uponor Corporation and its affiliates listed in Uponor Corporation’s latest financial statement available on www.investors.uponor.com/news-downloads/ir-downloads-and-reports(hereinafter together “Uponor”)

Äyritie 20
01511 Vantaa
FINLAND

2. Contact information
Marco Hornung
Uponor GmbH
Industriestrasse 56
97437 Hassfurt
Germany
T:  +49 9521 690 372
E: marco.hornung(at)uponor.com

3. Name of Personal Data Register
Uponor & More

4. Group of Data Subjects
Registered participants of the Uponor & More loyalty program (“Participant”).

5. Purpose and Legal Basis of Processing Personal Data
The register contains personal information about the Participants.

The purpose of the use of the register is to enable the handling and maintenance of Uponor & More participation in the loyalty program, such as

  • Record codes and uPoints for the uPoints account
  • Choose and order rewards provided
  • Check and maintain user account
  • Track the status of reward sending

The controller or its group company may also use the information to plan and develop marketing activities, such as:

  • Informing the Participants about ongoing campaigns
  • Informing the Participants about uPoints which would expire to the next possible date
  • Informing Participants about product new/launches or special promotions as well as new features

The legal basis for processing the Participant’s personal data is the performance of the agreement between the Participant and Uponor concerning the Uponor & More loyalty program (see article 6.1(b) of the EU General Data Protection Regulation 2016/679, the “GDPR”). In some instances, Uponor may also process the Participants’ personal data based on its legitimate interests to analyse how the Application is used, further develop it, and to market its products and services (see article 6.1(f) of the GDPR) (or based on Participant’s consent, if such consent is required).

6. Content of the Personal Data Register
The following information may be collected:

  • Company name
  • Company address (Street, Number, Post code, City)
  • Area/County
  • Country
  • CIF/NIF number
  • DNI number
  • Salutation
  • Full name of participant
  • Date of Birth
  • Telephone number
  • Mobile number
  • Email address
  • Personal password
  • Preferred Wholesaler
  • Promotion Code
  • Participant’s position within company
  • Authorisation
  • Known by (how participant was made aware of Uponor & More)
  • Number of employees of company
  • Uponor systems/products in use
  • Request for Uponor newsletter
  • Codes/products collected in the scheme via codes
  • Amount of uPoints collected
  • Shop orders

7. Regular Sources of Information
The data is primarily collected from each data subject him/herself, by Uponor personnel or through website or applications. In addition to publicly available sources, personal data may in some situations, as allowed by applicable legislation, be collected from other sources than directly from the data subject, e.g. from Uponor’s subcontractors or service providers.

Uponor informs each data subject of the data processing, including of any third party data sources and data collected from such sources, in accordance with applicable legislation.

The data is entered into the personal data register by Uponor’s personnel and by Uponor’s subcontractors or service providers.

8. Disclosure and Transfer of Personal Data Outside the EU/EEAArea
Uponor may disclose and transfer personal data outside EU/EEA in accordance with and subject to the limitations imposed by applicable legislation as follows:

  • to companies belonging to the Uponor Group in accordance with a contract entered into between the relevant Uponor entities, incorporating the European Commission’s Standard Contractual Clauses, which ensure that adequate data protection arrangements are in place as well as to authorized third parties to the extent they participate in the processing of personal data for the purposes stated in this personal data register. The personal data may be processed by such authorized third parties also outside EU or EEA in accordance with a contract entered into between Uponor and such authorized third party, incorporating the European Commission’s Standard Contractual Clauses, which ensure that adequate data protection arrangements are in place. Uponor shall oblige such third parties to keep confidential and adequately secure any such transferred personal data; or
  • based on consent; or
  • as otherwise permitted by applicable legislation.

For technical reasons and for reasons related to the use of data, the personal data may be stored on servers of external service providers who may process the data on behalf of Uponor.

Any transfers of personal data shall be made in accordance with the General Data Protection Regulation (2016/679) and any applicable mandatory legislation, as may be amended from time to time.

 

9. Rights of Data Subjects
Unless any limitations apply, each data subject has the right to access all personal data Uponor have on him/her. Each data subject also has the right to request that Uponor corrects, erases or stops using any erroneous, unnecessary, incomplete or obsolete personal data. Each data subject may also withdraw any consent previously provided by him/her, and object to all direct marketing.

Any requests should be sent using the contact details mentioned in Section 2 above. Uponor processes all requests as soon as possible. If dissatisfied with the decision or actions of Uponor, each data subject has the right to lodge a complaint with his/her country's data protection authority.

10. Principles of Securing Personal Data – Technical and Organizational Controls
Uponor shall ensure that sufficient technical and organizational personal data protection measures are implemented and maintained throughout its own organization. Further, Uponor shall ensure that any transfer or disclosure of personal data described in this personal data register to any third party is subject to Uponor having ensured an adequate level of data protection by agreements or by other means required by law.

Technical controls:
Physical material is stored in locked spaces with restricted access. Any IT systems are secured by means of the operating system’s protection software. Access to the systems requires entering a username and a password and data transfers happen via high encryption channels.

Organizational controls:

Within the organization of Uponor, the use of the personal data is instructed, and access to IT systems including personal data is limited to such persons who are entitled to access them on the basis of their work assignments or role and who are subject to confidentiality obligations regarding the personal data.