Privacy Statement

Privacy statement regarding due diligence and other screening and risk management activities

Effective as of 8 December 2020

1. Introduction

This Privacy Statement complements the general Privacy Policy of Höganäs and is valid for due diligence and other screening and risk management activities undertaken by Höganäs by engaging a third-party supplier in order to meet our legal obligations and our legitimate business interest, and to meet global legal obligations, reduce compliance risks and support corporate social responsibility and sustainability. This Privacy Statement sets out the scope and responsibility for the processing of your personal data as part of Höganäs’ subscription to the services of a third-party supplier.

Unless otherwise stated herein, the definitions stated in the general Privacy Policy shall apply.

2. Purposes and legal grounds for processing

We have subscribed to a service provided by Dow Jones & Company Inc, and its subsidiary Factiva Limited (for further contact details, see below Section 9) (hereinafter together referred to as “Dow Jones”), whereby your company details, any details on recipients or providers, addresses involved, relevant products and destinations, will be automatically scanned against global sanctions lists and the Dow Jones data base, in order to identify transactions we would not be willing to enter into, on reasons of compliance with different legal rules and requirements, mainly with regard to anti-money laundering, anti-bribery, corruption and economic sanctions and our interest in obtaining global compliance herewith, as well as risk management, corporate social responsibility and sustainability considerations when it comes to what customers and suppliers we would like to do business with.

Thus, the legal grounds for our processing of any personal data provided by you and the responses and reports provided by Dow Jones’ services, would be that the processing is necessary to comply with a legal obligation, or when this legal obligation is not directly applicable to our relationship, our legitimate interest in performing our business in compliance with global rules and regulations, in managing our customer/supplier risks to an acceptable level and to perform business in accordance with corporate social responsibility only, with high focus on sustainability in all our actions.

We may also use your personal data to comply with applicable law or legal processes, to protect, enforce or defend our legal rights or property, to protect against fraud and other unlawful activity or for risk management purposes. The legal grounds for use of your personal data for these purposes is to comply with legal obligations and our legitimate interests in protecting our business interests and property.

3. The personal data we process and the sources of personal data

In order to use Dow Jones’ services, we might ask you to provide the data described in Section 2 above, and possibly also personal data in the form of names, nationalities and birth details of your company’s management and owners, any ultimate owners and end user’s owners in cases where we would want to further investigate any detected potential trade obstacle.

We will also process personal data contained in any response or report received from Dow Jones. The content of the data in such reports is collected from a variety of publicly available sources, including government and other official websites, governmental directories, the Dow Jones database, online newspapers and periodicals, print or online directories and company websites. The personal data that may be processed in such reports includes identifying information such as names, alias, date of birth or age, gender, place of birth, personal identification numbers; photographic images; politically exposed roles; information about relatives and close personal associations; inclusion on sanctions lists or other official lists; information about ownership of companies (ultimate beneficial ownership data is provided by Dun & Bradstreet as data controller); information from public sources about specific types of crime or criminal allegations.

The amount of personal data processed will vary depending on the publicly available

information for the individual and the reason the individual is included in the Dow Jones database.

As a result, not all of the categories listed above may be included for all individuals.

For more information on the processing performed by Dow Jones, please see Dow Jones’ Professional Information Business Content Privacy Notice.

If you are asked to provide any personal data to us, you can choose to decline. In cases where you choose not to provide information necessary to assess whether or not we can do business with you, you and the company that you represent might not be able to purchase or deliver the requested product/service or otherwise interact with Höganäs.

4. How long is your personal data processed?

We keep your personal data for as long as needed in light of the purposes stated in Section 2 above, unless a longer retention period is required or allowed by law. The criteria used to determine our retention period include (i) as long as the information is relevant for the purposes of the processing; (ii) as required by legal obligations to which Höganäs is subject; and (iii) as needed to defend or enforce Höganäs’ legal rights.

5. Your rights

In some regions, such as the European Economic Area (“EEA”), California, Brazil etc. you may have certain rights in relation to the personal data we hold about you. You are entitled to obtain information from us, confirming whether or not personal data concerning you is being processed. You are also in most cases entitled to receive a copy of the personal data that we process about you. Furthermore, you may ask us to update, correct or remove personal data we hold about you, or object to or ask us to restrict our processing of your personal data. Contact information can be found at the end of this Privacy Statement. Note that if your request relates to the processing of your personal data by Dow Jones, we will refer your request to Dow Jones. In order to ensure your identity in connection with your request, we may ask for further information from you. We will not unlawfully discriminate against you if you exercise your privacy rights.

Any request should be submitted in writing to us with clarification as to what information you wish to receive. We will respond to your request as soon as we can. If we cannot meet your request regarding access to the information your request concerns, we will provide reasons for this. Any copy of your personal data requested will be sent to your registered address unless otherwise agreed in writing.

If you believe we are unlawfully processing your personal data you may have the right to lodge a complaint with a supervisory authority. For information on supervisory authority contacts, see the Contacts section below.

 

6. Sharing information

Höganäs does not sell or trade in providing personal data to third-parties. However, we may transfer your personal data to third-parties based on our legitimate interests to manage our business and provide you with high quality products and services, purchases, marketing information and other communication, as applicable by using services of third-party companies. This means that we share some of your personal data with these selected third-parties, such as companies which provide us with servers and cloud-based services and sales representatives that are acting on our account. Höganäs undertakes in connection with such sharing or transfers of your personal data to such selected third-parties, to take appropriate technical and organizational precautions to ensure that your personal data is handled securely and safely. These selected third-parties will only process your personal data in accordance with, and to fulfill the purposes stated in this Privacy Statement.

Höganäs is responsible for the processing of your personal data performed by such third-parties and to ensure that these third-parties treat your personal data in a correct and legal manner.

We usually only process your personal data within the EEA for citizens within EEA. If personal data is transferred to any non-EEA country, Höganäs will make sure that personal data remains protected and also take the necessary actions to legally transfer personal data to non-EEA countries in accordance with applicable data protection laws. If the country is not considered by the European Commission to provide an adequate level of data protection, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission, to protect your personal data. To obtain a copy of our safeguards for such transfers, please communicate your request using the information shown below under section Contacts.

Höganäs may be required to disclose your personal data when required by law, legal processes or authority decisions. Such disclosures may, for example, be done for the police or the tax office or to other governmental authorities. We may also disclose your personal data to our professional advisers, including legal service providers and accountants in the context of taking professional advice and protecting our rights and to law enforcement agencies and authorities to protect, enforce or defend our legal rights, privacy, safety or property, to protect against fraud and other unlawful activity or for risk management purposes.

7. Safety

To protect your personal privacy, detect, prevent and limit the risk of hacker attacks, etc., Höganäs undertakes technical and organizational security measures. These measures are taken to protect your personal data against unauthorized access, abuse, disclosure, changes and disruption. Access to any personal data regarding you, provided by you or received from Dow Jones will be restricted to only a few employees within Höganäs.

8. Changes to the Privacy Statement

Höganäs reserves the right to unilaterally amend this Privacy Statement when this is necessary due to compliance with applicable laws. Such changes are mainly called for in the event of any legislative changes, due to statements from the supervisory authority or other bodies issuing opinions on the basis of applicable data protection laws. In addition, this Privacy Statement will be updated as needed as a result of changes in our products/services or as a result of changes to the services provided by Dow Jones.

When this Privacy Statement is updated, the date of the update will be shown at the top of this Privacy Statement. If Höganäs makes major changes to this Privacy Statement or changes regarding how we process your personal data, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Statement frequently to be informed of how we are protecting your personal data.

9. Controller contact information and supervisory authorities

If you have questions regarding this Privacy Statement or the processing of your personal data, or if you wish to make a request in accordance with the Privacy Statement or to report a violation of this Privacy Statement, please contact our Data Protection Officer (DPO) by email dpo@hoganas.com, or you may write to:

Höganäs AB (publ)
Attn: Group DPO
SE - 263 83 Höganäs
Sweden

Or call +46 42 33 80 00 and ask to be connected to the Data Protection Officer.

We will respond to your questions and any complaints about our processing of your personal data. If you are not satisfied with our response, depending on where you are located, you can contact a supervisory authority or your state’s attorney general. A list of supervisory authorities in the European Union, including our lead supervisory authority in Sweden, Datainspektionen/Integritetsskyddsmyndigheten/Swedish Authority for Privacy Protection, can be accessed here.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here.

Should your request concern any processing of your personal data performed by Dow Jones by way of operating and maintaining the Dow Jones database or the infrastructure for their customer use thereof, Dow Jones is the controller of your personal data. Therefore, we kindly ask you to contact Dow Jones’ Chief Privacy Officer and Data Protection Officers at riskandcompliance.support@dowjones.com

Or you may write to either:

Attention: Privacy
Dow Jones & Company, Inc.
4300 U.S. Route 1 North
Monmouth Junction, NJ 08852
United States of America

or

Factiva Limited
Attention: Data Protection Officer
The News Building, 7th Floor
1 London Bridge Street
SE1 9GF London
England

As to any reports generated by Dow Jones on our request, Höganäs and Dow Jones are joint controllers of the personal data contained therein, so you may contact any of us using the contact details above in case of any questions and/or complaints.