Privacy 政策

This Privacy Policy provides you with information on how Infineum and our affiliates (“Infineum”, “we”, “us”, “our”) collects and processes Personal Information that we may obtain from you.

Not Covered by this Policy
This Privacy Policy does not apply to job applicants, students, interns, or to our employees and non-employee workers whose Personal Information is subject to different privacy notices, and are provided in the context of employment or upon submitting an application. Employees and non- employee workers should speak to their local HR representative, and job applicants (including students and interns) should refer to job applicant policy.

Additional Notices
We also may provide applicants with additional notices about our information collection practices (“Additional Notices”). These Additional Notices (including without limitation for the purpose of this paragraph, the Additional Information for California Residents, Brazil Residents, and Asia Pacific Addendum supplement this Privacy Policy. In the event anything in one of these Additional Notices conflicts with this Privacy Policy, the Additional Notice will prevail.

If you are a resident of Brazil, please also see the section “Additional Information for Brazil Residents” for additional information regarding the Personal Information we collect and use and the rights you have under the LGPD (as defined below).

If you are a California resident, please also see the Section “Additional Information for California Residents” at the end of this Privacy Policy for additional information regarding the Personal Information we collect and use and the rights you have under the CCPA (as defined below).

If you are a resident of Asia Pacific, please also see the section “Asia Pacific Addendum” (“APAC Addendum”) at the end of this Privacy Policy for additional information regarding the Personal Information we collect and use and the rights you have under Applicable Laws.

Definitions
“Affiliates” means any member of the Infineum group of companies having common ultimate parent entities each owning or controlling, directly or indirectly, fifty percent (50%) of the shares, voting powers or other evidence of ownership, together with the ultimate parent entity/ies. Infineum values your trust and is committed to the responsible management, use and protection of your Personal Information.

“Personal Information” means information relating to an identified or identifiable natural person, including any Personal Information or Personal Data, and sensitive Personal Information as defined under Applicable Laws.

“Applicable Laws” means the applicable privacy and data protection legislation in your jurisdiction.

What Personal Information Do We Collect?
We may collect, store and use Personal Information or categories of Personal Information such as your name, job title, business address, business telephone number, business e-mail address. This information will generally be received either from your personally or from the company with whom you are working.

We may also collect:

• Usage data: internet or other electronic network activity Information including, but not limited to, your interaction with our website or email communication.
• Geolocation data: precise geographic location information about a particular individual or device.
• Audio and or video: audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit any of our locations or participate in any live events that are recorded.
• Your dietary requirements if you are attending an event.

Why Do We Process Your Personal Information?
We process Personal Information covered by this Privacy Policy for the following purposes:

• To Manage Our Business Relationship With You - including executing our business arrangements and performance of contracts.
• To Communicate With You – where you have contacted us through our Contact Us page, sent us an email, or wish to partake in any events either in person or online.
• To Send Marketing Communications - promoting contact with existing and prospective customers, partners, stakeholders or suppliers. To notify you about updates to our websites, business or services.
• Health, Safety, Security and Environment - For visitors to our sites, we process your Personal Information to adhere to health and safety regulations, or for security reasons to keep you, and us safe.
• Legal and/or Regulatory Compliance
• For The Purposes Of Our Legitimate Interests - pursued by Infineum, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual/s; such as to measure and improve our business, services and performance, or to perform analyses on data we have collected, such as market analyses, trends and other research;
• Where We Need Your Explicit Consent - (only if legally required or where no other lawful basis will apply). In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.

Who Do We Share Your Personal Information With?

We may share your Personal Information with the following:

• Our affiliates, for the purposes of carrying out the collection and use, set out above.
• Our professional advisers, external auditors, third party agents, or to our nominated third-party service providers who support our business, in connection with the business purpose set out above for which we collect and use your Personal Information.
• Where we are obliged to disclose your Personal Information under applicable law or regulation, which may include laws outside your country of residence.
• To third parties involved with events that you register for; where we have invited you to events; to facilitate your participation in those events, and or support feedback for some events.

Security of Your Personal Information. We maintain technical, physical and organisational measures intended, as required under Applicable Laws, to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. Unfortunately, no information security system can be 100% secure. As a result, although we strive to protect your Personal Information, we cannot ensure or warrant the security of the personal information against any possible loss or unauthorised access.

Children’s Information. Our website is not designed for children, and we do not knowingly collect personal information from children under the age of 18. If you are a parent or legal guardian and you believe we have collected your child’s information in violation of applicable law, please contact us using the contact information below.

Transfer Of Your Personal Information To Other Countries. We may process or transfer your Personal Information in any country where we have facilities or in which we engage third-party agents, and you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. To find out more, please email Privacy@Infineum.com.

Your Personal Information Rights:
As a data subject, you may have a number of rights under EU/UK, and where otherwise required under Applicable Laws, which may include:

• access and obtain a copy of your Personal Information on request,
• require us to change incorrect or incomplete Personal Information,
• require us to delete or stop processing your Personal Information, for example where the Personal Information is no longer necessary for the purposes of processing,
• object to the processing of your Personal Information where we are relying on legitimate interests as the legal ground for processing,
• ask us to stop processing Personal Information for a period if the data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data, and
• to request a copy of your Personal Information in a machine-readable format and this copy can also be transmitted to a third party on your request.

Please note, however, these rights are not absolute, if you would like to exercise any of these rights, please contact us at Privacy@Infineum.com.

How Long Do We Keep Your Personal Information. We will only retain Personal Information for as long as necessary to fulfil the purpose for which it is processed or as required by applicable laws or any litigation hold, to which we are subject, including to meet any accounting or reporting requirements.

Please note that if you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing communications in the future.

The use of Cookies and similar technologies. We may use cookies and similar technologies that aim to collect and store information when you visit our website. You can control and manage your cookie preferences by clicking on cookie settings. To read more or manage your preferences, please click here.

Additional Information for Brazil Residents. Under the General Personal Data Protection Law (LGPD), individuals have certain rights related to their personal data, subject to other limitations in this law, as follows:

1. Confirmation and Access to your personal Information;
2. Correction of incomplete, inaccurate, or out-of-date information;
3. Anonymization, losing the legal protection granted by the LGPD;
4. Portability of data to another service or product provider, subject to the LGPD;
5. Delete your personal information;
6. Obtain information about entities with whom we have shared your Personal Information
7. Information about the possibility of denying consent and consequences of such denial; and
8. Revocation of consent. If you have any questions or comments about our processing activities in Brazil, please contact our Brazil Data Protection Officer (DPO) at Privacy@Infineum.com.

Contact Information and Complaints
If you have any questions or concerns regarding our use of your Personal Information, or if you wish to exercise any of your rights described in this Privacy Policy, please contact us by emailing Privacy@infineum.com.

Should you wish to raise a complaint about how Infineum processes your Personal Information, you may contact us using the contact details below. You also have the right to lodge any complaints you may have regarding Infineum’s processing of your Personal Information to us or a supervisory authority for your country or region.

Contact Us. If you have any questions about this Privacy Policy, or our privacy practices, or any concerns or complaints about our use of your Personal Information, you can contact Privacy@infineum.com. If appropriate, we shall direct your concern or complaint to our allocated Data Protection Officer in your country of residence. If you think your concern in relation to the use of your Personal Information has not been properly addressed, you may have a right to lodge a complaint with the Supervisory Authority for privacy in your country.

Changes to this Privacy Policy. This Privacy Policy may be changed over time. You are advised to regularly review this Privacy Policy for possible changes. This Privacy Policy was last updated in August 2023

Additional Information for California Residents. This section of the Policy provides additional information for California residents and describes our information practices pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (the “CCPA”).

This section applies to “Personal Information” as defined in the CCPA , whether collected offline or online. This section does not address or apply to our handling of personal information that is exempt under the CCPA, such as publicly available information or deidentified/aggregated information. We are committed to maintaining and using deidentified information in compliance with the CCPA.

What Personal Information Do We Collect? The Personal Information we collect varies depending on how you interact with us.

We may collect (and have collected in the prior 12 months) the following categories of Personal Information:

[ see table in this PDF ]

Sources of Personal Information. We generally collect personal information from the following categories of sources:

• Directly or indirectly from you;
• Our affiliates and subsidiaries;
• Our business partners;
• Customers and clients;
• Social networks;
• Internet service providers;
• Operating systems and platforms; and
• Our vendors and service providers.

Why Do We Process Your Personal Information? We process Personal Information for one or more of the following commercial or business purposes:

• To Manage Our Business Relationship With You - including executing our business arrangements and performance of contracts.
• To Communicate With You – where you have contacted us through our Contact Us page, sent us an email, or wish to partake in any events either in person or online.
• To Send Marketing Communications - promoting contact with existing and prospective customers, partners, stakeholders or suppliers. To notify you about updates to our websites, business or services.
• Health, Safety, Security and Environment - For visitors to our sites, we process your Personal Information to adhere to health and safety regulations, or for security reasons to keep you, and us safe.
• Legal and/or Regulatory Compliance
• For The Purposes Of Our Legitimate Interests - such as to measure and improve our business, services and performance, or to perform analyses on data we have collected, such as market analyses, trends and other research.

Sensitive Personal Information. Notwithstanding the purposes described above, we do not collect, use or disclose sensitive Personal Information about California residents beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(l) of the CCPA regulations).

Retention of Personal Information. We retain your personal information for as long as needed or permitted, based on the reason we obtained it (consistent with applicable law). When deciding how long to keep your personal information, we consider whether we are subject to any legal obligations (e.g., any laws that require us to keep records for a certain period before we can delete them) or whether we have taken any legal positions (e.g., issued any legal holds or otherwise need to preserve the information). Rather than delete your data, we may also deidentify it by removing identifying details. Where we have committed to maintaining and using personal information in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.

Your CCPA Privacy Rights. California residents have the following rights under the CCPA with respect to their Personal Information, subject to certain limitations and exceptions:

• Deletion: the right to request deletion of their Personal Information that we have collected about them.
• Know/access: the right to know what Personal Information we have collected about them, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about them.
• Correction: the right to request correction of inaccurate Personal Information we maintain about them.
• Opt out of sales and sharing: the right to opt-out of the “sale” and “sharing” of their Personal Information as those two terms are defined under the CCPA. However, as stated above we do not sell or share California Resident Personal Information.
• Limit use/disclosure of sensitive Personal Information: the right to request to limit certain uses and disclosures of sensitive Personal Information. However, as discussed above, we do not use or disclose California Resident Personal Information in a manner that would trigger this right.
• Non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
• Do Not Track. Currently, our website does not recognize “Do-Not-Track” requests.

Exercising Your CCPA Privacy Rights. If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

• Telephone: +1 800 654 1233
• Email: Privacy@infineum.com

Verification. Before responding to your request, we must first verify your identity using the personal information you recently provided to us. You must provide us with your full name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Changes to this Privacy Policy. This Privacy Policy may be changed over time. You are advised to regularly review this Privacy Policy for possible changes. This Privacy Policy was last updated in August 2023, and it’s effective date is 31 August 2023.

Contact Information. If you have any questions or comments about this Privacy Policy, the ways in which Infineum collects and uses your Personal Information or your choices and rights regarding such collection and use under the CCPA, please do not hesitate to contact us at Privacy@infineum.com or calling our toll number +1 800 654 1233.

APAC Addendum

This APAC Addendum applies if you reside in Mainland China, India, Japan, Singapore, or South Korea. Infineum and our Affiliates, where applicable, act as your data controller (or equivalent under Applicable Laws). In the event of conflict between this APAC Addendum and the Privacy Policy above, this APAC Addendum shall take priority. For the purposes of this APAC Addendum, reference to Mainland China excludes Hong Kong SAR, Macau SAR, and Taiwan.

Legal Basis of Processing
Infineum will obtain your consent on or before the processing of your Personal Information as required by Applicable Laws. Infineum only collects, processes, holds and discloses information that is necessary for the purposes specified above or for compliance with Applicable Laws.

Infineum will inform you and obtain your consent as required by Applicable Laws if we would like to process your Personal Information for purposes other than those stated in this Privacy Policy.

What Personal Information Do We Collect and Why Do We Process Your Personal Information?
With your consent, Infineum collects a range of Personal Information about you and process such Personal Information for purposes as described above in this Privacy Policy.

Reference to Personal Information shall, unless the context otherwise requires, be deemed to include reference to sensitive Personal Information (as defined by Applicable Laws in your jurisdiction).

You are free to decide what Personal Information you wish to provide us. However, the collection of some Personal Information is mandatory for the purposes described in this Privacy Policy. If you do not provide us with such Personal Information, or if you withdraw or restrict the scope of consent (where applicable) for our processing, we may not be able to administer and manage our relationship with you, or we may be prevented from complying with our legal obligations.

Who Do We Share Your Personal Information With?
With your consent, your Personal Information may be shared or jointly used by our Affiliates, and/or other companies outside the Infineum Group, for the purposes specified in this Privacy Policy and as described below.

[ see table in this PDF ]

Infineum also delegates processing of your Personal Information as follows:

[ see table in this PDF ]

As required by Applicable Laws, Infineum will obtain your consent on or before transferring your Personal Information to any third parties. Where we share your Personal Information within the Infineum Group, whether located locally or overseas, we take appropriate contractual, technical and organisational measures to ensure that your Personal Information is shared and treated securely and in accordance with this Privacy Policy and Applicable Laws. This means that we enter into appropriate legal arrangements with recipients of your Personal Information (e.g. requiring that service providers undertake by written contract to guarantee at least the same level of privacy protection afforded under this Privacy Policy and in accordance with Applicable Laws when processing your Personal Information).

Security of Your Personal Information
Pursuant to Applicable Laws, Infineum takes the following technical, managerial and physical measures to ensure safety:

• Managerial Measures
  • Infineum has appointed Data Protection Officers and Data Protection Representatives to ensure that data subjects' Personal Information is processed in conformity with Applicable Laws. Infineum has established and implemented an internal management plan to this end.
• Technical Measures
  • Infineum controls access to Personal Information and will restrict and manage the access right.
  • Infineum records the details of access rights to Personal Information and will retain such records for a certain period of time.
  • Infineum implements safety measures (including access control function) to prevent any unauthorized access to Personal Information. In addition, safe access measures, including a virtual private network, will be utilized to control the access from the outside.
  • Infineum establishes and applies password generation rules.
  • Infineum installs and periodically updates programs to fix security defects in software, including operating systems.
•  Physical Measures
  • Infineum takes physical access prevention measures, including restrictions on access and placing locks, to store Personal Information kept by way of hard copy in a safe manner.

You may have the right under Applicable Laws to request disclosure of the following information (although we may refuse to fulfill your request to the extent we are permitted to do so in accordance with Applicable Laws):

• • data security measures we have implemented; and
  • in case where your Personal Information has been shared with overseas companies including our subsidiaries and Affiliates and external service providers, (i) details of the measures adopted to ensure the data recipients take sufficient data security measures (the “Measures”), (ii) Measures and frequency that we audit the data recipients’ implementation of the Measures, (iii) name of the recipient country and rules of the country that could hinder the implementation of the Measures, and (iv) other obstacles that could hinder the implementation of the Measures and mitigation steps we have taken to solve such obstacles.

Transfer Of Your Personal Information To Other Countries
With your consent, we may transfer the Personal Information we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, as necessary for the purposes set out in this Privacy Policy. Where required by Applicable Laws, we will ensure there are technical and organisational measures in place to safely secure the transfer of your Personal Information.

Your Personal Information Rights
To the extent provided by Applicable Laws, depending on where you reside, you may have a number of legal rights in relation to the Personal Information about you that Infineum holds depending on your location, these rights may include:

• Request access to, and information on, the processing of your Personal Information, including how your Personal Information has been used and disclosed by us in the last 12 months or to the extent permitted under Applicable Laws;
• Nominate an individual who would be able to exercise your rights under the Applicable Laws in the event of your death or incapacity;
• Request correction or rectification of your Personal Information if it is inaccurate or incomplete;
• Request that your Personal Information be anonymized, deleted or that processing be restricted;
• Withdraw or restrict the scope of your consent to the processing of your Personal Information;
• Restrict or object to processing of your Personal Information under certain circumstances such as where the Personal Information has been used beyond the scope necessary to achieve the purposes for which they were collected, processed or obtained, or that such use could harm you rights or legitimate interest, or violate any Applicable Laws;
• Request the deregistration of any account (if applicable);
• In some circumstances, the right to request the transfer of your Personal Information which is in our control (i.e. data portability);
• Make a complaint with us or with the relevant data protection authority; and
• Appeal and request manual review of any decisions taken on the basis of automated processing that affect your interests (if applicable).

How Long Do We Keep Your Personal Information And Destruction of Personal Information
Infineum will destroy Personal Information without delay when the information becomes unnecessary, upon, including without limitation, the expiration of the retention period set forth above or attainment of the purposes of processing consented to by the relevant data subject. However, if the information is required to be preserved under other laws and regulations notwithstanding that the retention period consented by the data subject is expired or the purposes of processing Personal Information are attained, such information will be transferred to a separate database and retained for period required by other laws and regulations.

We will destroy Personal Information as follows:

• Destruction procedure: We will select the Personal Information subject to destruction and destroy it after obtaining approval from the Data Protection Officer.
• Destruction method: We will destroy Personal Information recorded and stored in electronic files in an irrevocable manner, and shred or incinerate Personal Information recorded and stored in paper documents.

Contact Information and Complaints

If you have any questions or concerns regarding our use of your Personal Information, or if you wish to exercise any of your rights described in this Privacy Policy, please contact us using the information set out below.

Should you wish to raise a complaint about how Infineum processes your Personal Information, you may contact us using the contact details below. You also have the right to lodge any complaints you may have regarding Infineum’s processing of your Personal Information to us or a supervisory authority for your country or region.

You may contact our Data Protection Officers or Data Protection Representatives from the Privacy team at Privacy@Infineum.com.

Changes to this APAC Addendum and Privacy Policy. This APAC Addendum and Privacy Policy may be changed over time. You are advised to regularly review this APAC Addendum and Privacy Policy for possible changes. We may, as required by Applicable Laws notify you and obtain your consent to any material changes to this APAC Addendum or Privacy Policy. This APAC Addendum was last updated in August 2023.

You can view and download a PDF version of our Privacy Policy here.