1. What is Bobst Group’s general attitude regarding privacy protection and the handling of personal information?
Bobst Group SA and all of its legal entities [hereinafter: Bobst Group] take data protection seriously. Bobst Group is committed to a responsible handling and protection of personal information.
Bobst Group has put in place a group-wide management organization regarding data protection and aims to be in compliance with all applicable privacy protection laws.
2. What to do if you have questions about your personal data with BOBST?
Bobst Group wants to be clear about how it uses personal data. If you have any question or concern related to Bobst Group’s handling of your personal information, please read this statement carefully. Unanswered questions may be sent to Bobst Group’s Data Protection Officer (DPO) at
BOBST GROUP
Data Protection Officer
PO Box
1001 Lausanne (Switzerland)
privacy(at)bobst.com
3. How does Bobst Group use the personal data of employees?
Bobst Group collects, uses and keeps on file personal data only if necessary, notably
- to manage the employee life cycle (hire to retire process);
- to maintain accurate personnel data;
- to protect the company sites and infrastructure (access control, video and IT surveillance) and for other security reasons;
- to optimize internal processes and to fulfil contractual or legal obligations.
Employee personal data may be accessed only by a restricted and specially trained group of people, on the basis of the “need to know” principle, and only in one or several of the following contexts:
- Account setup and administration: We use personal information such as your name, email, private address, phone number, facial picture and information about your device to set up and administer your Bobst account, provide technical support and training, verify your identity, and send important account information. Under certain circumstances, we let you manage some or all of your personal information on file with BOBST.
- Employee administration and filing processes: This includes all activities related to the management of the entire employee life cycle, including the use of facial pictures for security or internal communication purposes.
- Payroll processes, including recur, rent payroll process, annual regular salary review processes and off cycle processes.
- Time management processes, including all HR/legal requirements, specific functions or projects based requirements.
- Career development processes, including development discussions, succession planning/learning, and development activities processes.
- Performance management processes, including Group and individual objectives setting and yearly performance reviews.
- Chat rooms, messaging, and community or event forums: some internal processes might provide features including chat rooms, messaging services, and community or event forums for collaboration, peer connection, training, and information exchange purposes. Depending upon the service, the personal information you choose to post, share, upload, or make available is internally public and visible to others who use those services. These services may have their own Terms of Use and, where appropriate, their own privacy statements. We make sure these services are in compliance with our Terms of Use.
- Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as tax law; employment, social security or social protection law; the prevention, detection, or investigation of a crime; loss or fraud prevention. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
4. How does Bobst Group use the personal data of persons other than their employees?
Bobst Group collects, uses and keeps on file personal data only if necessary, notably
- to maintain accurate customer, supplier, business partner, shareholder or investor files and improve relations with these groups;
- to optimize internal processes and the delivery of goods and services;
- to protect the company sites and infrastructure (access control, video and IT surveillance) and for other security reasons;
- to fulfil contractual or legal obligations, or to make legal claims, in connection with these groups; and to respond to a court order.
Your personal data may be used in one or several of the following contexts:
- Account setup and administration: We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account with us, provide technical and customer support and training, verify your identity, and send important account, subscription, product or service information. Under certain circumstances, we let you manage some or all of your personal information on file with BOBST.
- Personalization: We use personal information to deliver and suggest tailored content such as news, research, reports, employment or business information and to personalize your experience with our services. Some of our services will ask you to share your precise geolocation so we can customize your experience and increase the accuracy of the service. If you agree to share your precise geolocation with us, you will be able to turn it off at any time by going to the privacy settings on your mobile device or online.
- Performance evaluation: We use relevant personal information to measure whether the goals defined in our contract with you are being reached.
- Marketing and events: We use personal information to deliver marketing and event communication to you across various platforms, such as email, telephone, text messaging, direct mail, and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centers for you to manage your information and marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important service information related to your contracts, accounts and subscriptions with us.
- Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide may be used for marketing or market research purposes.
- Research and development: We use personal information for internal research and development purposes and to improve and test the features and functions of our products or services.
- Chat rooms, messaging, and community and event forums: A number of our services provide features including chat rooms, messaging services, and community and event forums for collaboration, peer connection, training, games, and information exchange purposes. Depending upon the service, the personal information you choose to post, share, upload, or make available is public and visible to others who use those services. You should never post or share any information that is confidential or about others unless you have written permission to do so. We may use information you provide in community and event profiles and forums to personalize your experience and to make content and peer connection recommendations. These services may have their own Terms of Use and, where appropriate, their own privacy statements. We make sure these services are in compliance with our Terms of Use.
- Hosted services: Some of our services provide data and document storage as an integral part of the product or solution offering. If documents and data you store with us contain your personal information, that data is subject to the same protection as any other personal data on file with Bobst Group. Accordingly, it is made accessible only to those who need access for contractual reasons, such as technical support, or if required by law or a court order.
- Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as tax law; employment, social security or social protection law; the prevention, detection, or investigation of a crime; loss or fraud prevention. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
5. How is your personal data being protected?
Bobst Group applies all technical and organizational measures necessary to guarantee an adequate protection and the accuracy of the personal data on file. Our privacy protection policy is closely aligned with widely accepted international standards and is reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Below, you find a list of additional data protection measures in place at Bobst Group:
- We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data;
- We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our customers and to protect our employees;
- We place appropriate restrictions on access to personal information;
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely;
- We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies;
- We train our employees and contractors periodically on matters related to privacy protection and information classification;
- We take steps to ensure that our employees and contractors operate in accordance with the trainings they’ve received;
- We require our third-party service providers to protect any personal information with which they are entrusted in accordance with our own privacy protection policy and applicable procedures.
6. What are your rights vis-a-vis Bobst Group?
Bobst Group grants every person whose personal data it has on file the right to require access to as well as correction, completion, erasure or transfer of his/her personal data. Concerned individuals may also require that the use of their personal data be restricted or stopped. All requests shall be addressed to Bobst Group’s DPO at above mentioned address. Please note that requests are subject to any relevant legal requirements and exemptions, including identity verification procedures. Before reacting to your request, we may ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for responding to your request (except where this is not permissible under applicable law). In general, you have the right to one free inquiry per 12 months. To the extent that we provide tools permitting you to self-manage your personal data and opt out of certain usages of your personal data, we expect you to do so.
7. Does Bobst Group transfer your personal data?
Bobst Group transfers personal data to third parties only if it has the consent of the concerned person to do so, and only if the third parties are reliable partners able to guarantee the same level of data protection as does Bobst Group. If required by law or a court to transfer personal data, Bobst Group may do so without informing or seeking consent of the concerned individual. Here’s an overview of the third parties Bobst Group may share personal data with:
- Other BOBST Legal Entities, for instance in the context of a group-wide effort to run a centralized Customer Relationship or Employee Management System;
- Third party service providers, for instance external Software as a Service providers supporting BOBST services to customers, suppliers or employees; furthermore, credit card providers, banks, insurances, pension funds;
- Government authorities, such as national employment, tax, social security, or customs offices.
8. Does Bobst Group transfer your personal data into other countries?
Bobst Group is a global organization, and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Privacy Protection Statement and the requirements of applicable laws, wherever your personal data is located. Bobst Group has networks, databases, servers, systems, support, and help desks located throughout our offices around the world (click on this link for a global list of our offices: https://www.bobst.com/companies). We collaborate with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of our customers, suppliers, shareholder, investors and employees. If personal information is transferred across national boundaries, it is done so in compliance with all applicable laws.
When Bobst Group transfers personal information from Europe to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data. For example, we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact our DPO at privacy(at)bobst.com or the above mentioned postal address (see 2.).
9. How long does Bobst Group keep your personal data?
Bobst Group keeps your personal data on file only for as long as necessary, taking into account contractual agreements, legal retention requirements and national prescription rules. Personal data no longer needed is securely deleted and destroyed.
10. Does Bobst Group uses facial pictures?
Please contact privacy(at)bobst.com if you want your facial image to be removed from a BOBST website.
11. What to do if you have complaints?
If you are not satisfied with how Bobst Group manages your personal data or responds to your inquiries, please let us know by writing to our DPO (contact info above, 2.). We take your concerns seriously and will try to address them to the extent possible and reasonable. You also have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.