Effective date: April 23, 2020

1. Introduction

This Privacy Notice describes how Afinitas, and its subsidiaries and affiliates, including the ultimate parent company Barry-Wehmiller Group, Inc., (together “the Company”, “we” or “us”) processes Personal Data of Individuals who browse our websites or who represent our current, former or future customers, suppliers/vendors or other stakeholders (“Stakeholders”). The description of how we process Personal Data in recruitment can be found in our Careers site. In this Privacy Notice, Personal Data refers to any information relating to an identified or identifiable person.

We collect Personal Data directly from Stakeholders and Individuals as well as through their interactions and use of our products and services. We do not knowingly collect Personal Data about Individuals who are minors. The Personal Data we collect depends on the context of the interactions. In limited circumstances we may also collect Personal Data from third parties, for example for lead generation, customer/supplier due diligence or credit checks.

2. How Personal Data is Used

2.1 Daily Business Purposes

Personal Data may be processed for the following purposes: Providing products and services; logistics and customs; billing, debt collection, financial and tax reporting and analysis; insurance; Stakeholder due diligence; customer and Individual financial checks in relation to loans to customers; Stakeholder relationship management; sales and marketing activities (including newsletters and events at trade shows); corporate compliance; compliance with contractual or legal obligations; to protect against legal liability; to protect and defend the rights or property of the Company; to prevent and investigate wrongdoings in connection with the property or services; litigations; to protect the health and safety of our team members, external stakeholders and the public; privacy, information security and operational and information technology management; or any other related purposes.

For these purposes, categories of Personal Data may typically include the following: Individual’s name, contact details and marketing preferences; preferred language; photos or videos (with prior written permission) in relation to some marketing activities; information about the role and job location; billing information (including credit card data); financial information in relation to loans to customers; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing; or any other type of information that is necessary for the purposes above.

2.2 Customer Support

Personal Data may be processed for the following purposes: Machine/equipment installation; machine/equipment monitoring, diagnostics, fault analysis and debugging in order to optimize machine operations and to reduce support response times and costs; production and service team management (including applying for visas that are needed in customer’s location) and training; customer care and support activities; analyzing data for offering predictive and preventive maintenance; to facilitate spare parts ordering; backups and recovery as part of normal maintenance practice for the service; providing notifications internally and/or to the customer for certain alarm conditions or status/fault updates; auditing the machine/equipment remotely to verify the condition of the machine/equipment to determine if changes or adaptations are needed; or any other related purposes.

For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; sound recordings or photos that may include the Individual in addition to machine/equipment related data; or any other type of information that is necessary for the purposes above, along with Stakeholder’s name and information about their machine/equipment/service and business.

Operator identifier (i.e. identifier that is created by the customer and that the machine operator uses to log in to the machine) is linked with machine related data in order to understand how the machine is used and how operator behavior may affect the machine, in order to better utilize the machine and make it run better.

2.3. Services (Including Digital Services and Websites)

Personal Data may be processed for the following purposes: Access permission control (to provide and manage access to the service); tracking usage to monitor how service is used and to develop it; technical and security management and handling issues; providing a contact form and communicating to users; to enable ordering of machines, services, equipment or spare parts; or any other related purposes.

For these purposes, categories of Personal Data may typically include the following: Individual’s name, contact details and marketing preferences; preferred language; login details; information about how the Individual is using the service (for example when and which part of the service); Individual’s IP address, browser, network, device, web pages visited prior to coming to the service; or any other type of information that is necessary for the purposes above, along with Stakeholder and machine/equipment/service related data.

2.4 Product Development

Personal Data may be processed for the analysis and improvement of machines, equipment and services, or for other related purposes. For these purposes, information about machines, equipment and services are mainly used. However, Personal Data, as listed above in 2.1 – 2.3, may also be used if necessary for the purposes.

2.5 Cookies

Our websites utilize cookies (small text files that a website, when visited by a user, asks the user’s browser to store on the user’s device in order to remember information about the user) as well as other tracking technologies. More information about how these are used can be found in the respective Cookie Policy.

2.6 Consulting and IIoT Services

Further, we may provide services, for example in relation to consulting or IIoT (Industrial Internet of Things), where we process Personal Data as the “data processor” on behalf of our customer. In these situations, the customer is the “data controller” and carries the responsibilities under applicable legislation, including providing a privacy notice to individuals describing how their Personal Data is processed.

3. Sharing and Transfer

Personal Data may be accessed and processed, when necessary for the purposes described above, by our relevant team members. When necessary, Personal Data may also be shared with, for example, external advisors including, but not limited to, legal and tax advisors, auditors, creditors, banks, credit insurance partners or relevant authorities. Further, we may use third party service providers (including, for example, software and cloud providers, sales agents or debt collection agencies) to process Personal Data on our behalf.

Personal Data may be stored, transferred to, and processed in any country where we have team members or facilities or in which we engage service providers, including in the United States of America. We implement appropriate safeguards to protect Personal Data as required when transferred, including transfers outside the European Union (EU) and European Economic Area (EEA).

4. Legal Basis and Retention

Processing of Personal Data is mainly based on a performance of a contract or legitimate interests of the Company.

Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer.

5. Security

We implement and maintain industry standard technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and the nature, scope, context and purposes of processing of Personal Data.

6. More Information

Individuals may contact us for more information on how their Personal Data is collected, used, and disclosed. Individuals may also request copies of or rectification or deletion of their Personal Data or to opt out from marketing messages, when applicable. Depending on the applicable legislation, Individuals may also have the right to lodge a complaint with an applicable supervisory authority regarding how their Personal Data is used.

Contact details for more information and requests:

By email: dataprotection@barry-wehmiller.com
By post: Group Data Protection Officer
Legal Team
Barry-Wehmiller Group
8020 Forsyth Blvd
St. Louis, MO 63105
United States of America

7. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on the applicable websites.