1.Introduction
James Hardie is committed to maintaining the accuracy, confidentiality and security of personal data. This Privacy Policy describes, among other things, the categories of personal data we process, how your personal data may be processed, the purposes for which and the legal basis on which we process your data, and how your privacy is protected. Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we treat it.
Where this Privacy Policy refers to "we", "us", "our" or "James Hardie", this refers to
the company or multipile companies of the James Hardie Group processing your personal data as a data controller under the GDPR. James Hardie processes personal data from various categories of personal data in the normal course of its business. This personal data may relate to individuals working for potential and existing vendors and customers, including employees working for parties such as retailers, distributors, architects and builders. Personal data may also relate to individuals who visit our websites, download our online applications, contact us via social media or at business events, or call our phone lines.
The James Hardie Group consists of various separate companies. The controller of personal data on this website is James Hardie Europe GmbH.
Whenever it is one of our group companies, the controller of your personal data is the company that decides why and how your personal data is processed, either alone or jointly with another James Hardie entity or group company. A list of James Hardie Group companies to which this privacy notice is applicable can be found here.
In general, James Hardie collects and processes personal data only when justified by law. This includes the need to fulfill a contract or service offered by us, our legitimate interest in processing the data, or based on a given consent.
2. Data Subjects
We may collect and process data about the following categories of data subjects:
- Former, current and potential customers
- Business partners
- Former, current and prospective individuals who provide goods and services to us, including, without limitation, temporary employees, contractors, outsourcers, consultants, experts, board members, auditors, retailers, distributors, suppliers and vendors (collectively, "Suppliers") of ours;
- Participants in sponsored sweepstakes or contests;
- Complainants, correspondents and inquirers;
- Current, former and prospective shareholders;
- Plaintiffs or defendants in current or future litigation;
- Marketing contacts, journalists, trade associations and lobbyists; and
- Interested individuals who visit our websites, download our online applications, connect with us on social media or at business events, or call our phone lines,
- Applicants
The data that we may collect and process include, for example
- name
- Contact and contract information (address, phone number, fax, email) and project data on construction projects;
- The company you work for;
- Job title(s) and/or function(s);
- Department and/or business unit;
- Your signature;
- Customer records (purchase history, customer service, warranty history, purchase preferences, etc.);
- Technical data (log files, IP addresses, and generally online identifiers and data stored in cookies);
- GEO-cashing data, for example, if you log in with a mobile device and have enabled the feature on your mobile device that allows us to locate you via GPS
- Credit rating and bank details;
- Credit limit and payment terms;
- Identifying information in official identification documents, if permitted by national law;
- Sales information related to the sale of products or services, including order history;
- Image recordings (e.g. photograph)
- Correspondence or other communication with you about our products, services or business;
- Application data, such as references, resume, application photo or interview results (if religious affiliation or degree of disability is mentioned in your resume, sensitive personal data will also be processed)
4. Cookies and Tags
Cookies: This website uses cookies. Cookies are small text files that a website may place on your computer or mobile device when you visit a website or page, for example, to enable language preference, analyze website performance, and recommend content relevant to your visit. Cookies are stored in your browser. The cookie helps the website or other websites to recognize your device on your next visit. Most cookies do not collect information that identify you as an individual (personal information), but rather general information, such as how visitors get to and use our website. Cookies can be used to create a profile of the visitor's activities on the Internet.
For information on what types and categories of cookies we use and how you can manage the use of cookies by disabling, rejecting, or deleting them, please see our Cookie Banner Cookie Notice. All information about the storage period of our cookies can be found here:
Link to CMP
Tags: This website may use tags. A tag is a generic name for code elements found on our web pages. Most tags simply describe the content of the page, but certain types of tags contain programmatic elements or inject dynamic content such as video or audio files into the page. Some tags, especially those that add content or functionality to your domain from external sources, may pose privacy risks that require evaluation and management. These are third-party tags and, in most cases, add value to your website. However, you need to be aware of this so you can focus on where there are higher risks. Most of the cookies set on our websites are set through these tags, but some tags may collect data about you without the use of cookies.
5. Purpose of Processing
We use the information we hold about you for the following purposes:
- Customer service purposes, including providing products and services to customers, receiving, verifying, processing and delivering orders and returns, booking transportation and warehousing services (supply chain management), scheduling and procuring raw materials, billing and processing payments, managing credit limits, warranty, technical support or similar purposes, and establishing and maintaining customer accounts;
- Communicating with customers, including responding to requests for assistance and updating the status of their orders by mail, email, phone and/or text message;
- Administration information, including access and use of our websites (known as analytics) and social media platforms ;
- Interest-based online marketing ;
- Marketing and promotional purposes, including by email, phone or mail, to send news and newsletters, special offers and promotions and samples, or to otherwise inform customers about products, services or other topics;
- to review and execute purchase orders, purchase or sales history from suppliers; to share information, including performance indicators, about goods or services; and to organize seminars, events, training and marketing activities;
- to enable the management of corporate structure, management and management reporting and organizational contacts;
- to update, rectify, block or delete personal data as necessary; to allow data subjects to access and review their personal data;
- Research purposes, including those related to market and industry research, for day-to-day correspondence (e.g., email messages, letters, etc.)
- Comply with applicable legal obligations, including responding to a court order, and enabling risk management, compliance, legal and audit functions;
- Screening and selecting suitable candidates as part of a selection process.
- For general legal purposes including interactions with notaries , attorneys and commercial registrars to implement corporate law requirements, and for claims management and compliance purposes;
We rely on the following legal bases for processing your data:
a)Consent
We process your personal data on the basis of your consent, provided you have given us such consent (Art. 6 para. 1 lit. a) DSGVO).
If we need your consent as a legal basis for processing your personal data, you can withdraw your consent at any time by contacting us using the details at the end of this privacy policy.
We process your personal data on the basis of consent, for example, to
- Provide marketing to you, including by email, phone or mail, to send messages and newsletters, offers and promotions, or otherwise contact you about products, services or information,
- To use cookies for remarketing on our website
- To operate our corporate websites on social media platforms
- if you allow us to use your photo or video
- if you have given us access data that we want to use for business purposes.
b)Contract fulfilment
The personal data you provide may be processed if this is necessary for us to enter into or perform a contract with you or to take the steps necessary for us to enter into or perform a contract with you (Art. 6(1)(b) DSGVO).
This includes, for example (non-exhaustive):
- Supplying you with products or services; or
- contacting you about a new product or service.
- Deliveries to you and your customers;
- Establishing and maintaining customer accounts, including receiving, reviewing, processing and delivering orders and returns, and billing and processing payments;
- Placing and managing purchase orders with suppliers; processing invoices and making payments; exchanging information, including performance indicators, about goods or services;
- communicate on a daily basis with customers and suppliers by mail, email, telephone and/or text message; including to respond to inquiries and for warranty,
- technical support or similar purposes;
- If you enter a sweepstakes or promotion, to administer the sweepstakes or promotion and notify winners;
- To exercise or defend legal claims.
c)Legal obligation
We process personal data for the fulfillment of legal obligations (Art. 6 para. 1 lit. c) DSGVO).
This is the case, for example, when we process your personal data to comply with applicable law or the request of governmental or law enforcement authorities.
d)Legitimate interest
We base the processing of your data on the implementation of our legitimate interests (Art. 6 para. 1 lit. f) DSGVO).
Our legitimate interests are:
- To manage, promote and grow our business;
- Business development, marketing and market research;
- To serve and understand our customers and the market in which we operate.
- To protect the security, integrity and availability of our products, systems and services;
- To prevent fraud and other criminal activity;
- To enable the administration of corporate structure, management and management reporting and organizational contacts;
- When you visit our website, we may use essential cookies to ensure functionality;
- To exercise or defend legal claims.
7.Third party provider
The James Hardie Europe Group cooperates with various service providers. In the course of this cooperation, personal data will be shared. To the extent permitted by applicable data protection laws, your personal data may be disclosed to the following recipients or categories of recipients:
- Authorized persons working for or on behalf of us (e.g., in the areas of operations, IT, human resources, finance, marketing and customer service);
- Agents and consultants we engage (e.g., business consultants, IT services consultants, compliance review);
- Service providers (e.g., James Hardie Group companies, service providers for marketing tools, customer service, CRM systems, transportation systems, backup and analytics, application development, payment service providers, and third-party procurement providers);
- Our partners to provide you with joint products and services or when those partners sponsor our events and seminars.
- Other authorized third parties in connection with any potential sale/disposal or transfer of any James Hardie Group business or businesses (including any interest in the business) or any combination of its products, services, assets, affiliates and/or businesses.
- With third parties to enforce our terms, agreements, policies or rules to protect the security, integrity and availability of our products, systems and services; to exercise or protect James Hardie Group's rights and property (including intellectual property); to comply with legal requirements; or in other cases when we have a good faith belief that a disclosure is required by law (including in response to a lawful subpoena or other law enforcement action).
- Law enforcement or government authorities, if necessary, to comply with applicable law.
Where permitted by applicable data protection laws, your personal information may be disclosed to and processed by other members of the James Hardie Group, including. For example, this may be the case:
- When James Hardie Group companies work together to provide operational, IT, human resources, financial, marketing and customer service services to other companies in the group;
- To protect the security, integrity and availability of our products, systems and services;
- When different companies in the James Hardie Group jointly develop products and services; and
- When James Hardie Group companies combine products, services, systems, databases and businesses. This may be the case, for example, when data held in a marketing or CRM system of one James Hardie Group company is combined and/or migrated to a marketing or CRM system of another James Hardie Group company.
8.Third country transfer
When sharing data with other James Hardie Group members or third parties, your personal data may be collected and processed in a country outside of Europe. Data will be transferred to countries outside of the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other appropriate safeguards, such as certifications or proven compliance with international security standards.
- USA (standard contractual clauses)
- United Kingdom (adequacy decision)
9. Data Security
To ensure the protection of personal data, we maintain physical, technical and administrative safeguards. We continually update and test our security technology. We generally try to limit access to your personal information to those individuals working for James Hardie Group companies who have a need to know that information and always in compliance with applicable law.
In addition, we train those who work for us about the importance of confidentiality and maintaining the privacy and security of your personal information. We are committed to taking appropriate disciplinary action to enforce our employees' privacy responsibilities.
Please note, however, that despite our efforts, no security measures are perfect or impenetrable. We cannot guarantee and do not warrant that the information you submit to us will remain secure, nor do we warrant that such information will not be accessed, disclosed, altered, destroyed or used in an unauthorized manner.
If we become aware of a security breach, we may attempt to notify you electronically so that you can take appropriate protective measures. We may also post a notice on our website when a security breach occurs. Depending on where you live, you may have the right to receive written notice of a security breach.
10.Data storage and deletion
We store your data,
- if you have consented to the processing, at most until you revoke your consent;
- if we need the data to perform a contract, at most for as long as the contractual relationship with you exists;
- if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymization does not prevail;
- if there are statutory retention obligations, until the end of the retention periods.
For information on cookie retention periods, see:
Insert link to CMP
11.Data subject rights
As a data subject, you have the following rights:
- To request information about the processing of your data, as well as to receive a copy of your personal data. Among other things you may request information on the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;
- To receive personal data relating to you in a structured, common and machine-readable format or to transfer it to another person in charge;
- To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
- To have your data deleted or blocked;
- To have the processing restricted;
- To object to the processing of your data;
- To revoke your consent to the processing of your data for the future
- And to complain to the responsible supervisory authority about unauthorised data processing.
12.Obligation
Necessity of data processing
You can interact with us without providing any personal information. However, please note that if you do so, certain features or services may not be available to you.
13.Links to ther websites (only relevant for users of our website)
Our pages may contain links to other sites that are not connected to us. If you access these links, you will leave our website. We do not control such websites. These websites have their own policies and practices regarding online privacy, and we cannot be held responsible for the privacy practices or the content of these unaffiliated websites. For the avoidance of doubt, the personal information you provide to third-party unrelated websites is not covered by this Privacy Policy.
We may place advertisements placed by third parties. Such advertiser may also ask you for personal information. We are not responsible for the privacy practices of advertisers on our websites. However, we encourage our partners and advertisers to implement privacy policies that respect local legal requirements.
14.Data protection authority and data protection officer
James Hardie has established a data protection office with data protection experts in the United States, the European Union and Australia. In addition, James Hardie has appointed a data protection officer for Germany.
External data protection officer
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg
If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive request), please contact him by mail, as communication by e-mail can always have security vulnerabilities. When making your request, please indicate that your concern relates to James Hardie.
If you have any questions regarding the processing of your personal data or if you believe that your privacy has been violated, please contact us:
James Hardie Europe GmbH
Bennigsen-Platz 1
40474 Düsseldorf
Germany
Germany (exclusive): datenschutz@jameshardie.com
Europe (general):
Dpo@jameshardie.com
15.Instances
This privacy policy applies to the James Hardie Group companies listed below that process your personal data. This Privacy Policy also applies to companies not listed where reference is made to this Privacy Policy.
Name and adress of the entity
- James Hardie Europe Holdings 2 GmbH Germany, Bennigsen-Platz 1, 40474 Düsseldorf, Germany
- James Hardie Europe GmbH Germany, Bennigsen-Platz 1, 40474 Düsseldorf, Germany
- Fermacell SAS France, 30 Rue de l'Industrie, 92500 Rueil-Malmaison
- Fermacell B.V. Netherlands, Loonsewaard 20, 6606 KG Niftrik
- James Hardie Spain S.L.U. Spain, Barrio La Estración s/n, 39719 Orejo, Cantabria
- Fels Recycling GmbH Germany, Westrampe 6, 38442 Wolfsburg, Germany
- Fermacell Schraplau GmbH Germany, Bennigsen-Platz 1, 40474 Düsseldorf, Germany
- James Hardie Insurance Limited Ireland, Europa House, Harcourt Centre, Harcourt Street, Dublin 2 D02 WR20
- James Hardie Holdings Ltd. Ireland, Europa House, Harcourt Centre, Harcourt Street, Dublin 2 D02 WR20
- James Hardie Europe B.V. Netherlands, Radarweg 60, 1043 NT, Amsterdam
- James Hardie Bauprodukte GmbH Great Britain, One Fleet Place, London EC4M 7WS
- James Hardie Batiment SAS France, 6 Place de la Madeleine, 75008 Paris,
- James Hardie Building Products Inc. USA, 231 S. LaSalle Street, Ste. 2000, Chicago, IL, 60604
- JH Research LLC USA, 231 S. LaSalle Street, Ste. 2000, Chicago, IL, 60604
- CGC Products LLC USA, 231 S. LaSalle Street, Ste. 2000, Chicago, IL, 60604
Status of the Privacy Policy
Status of this privacy policy: June/2023