Privacy Notice

RPM International Inc., and its affiliates, subsidiaries, and operating companies (the “Company," "us," "we") understands the importance of protecting your privacy, and this Privacy Policy sets out how we process personal information. It describes, among other things, the types of personal information that we collect, the purposes for which we use it, the types of third parties with whom we share it, and the rights and responsibilities you may have with respect to it.

This Privacy Policy applies to the personal information you provide us when you (i) visit any website or interact with software that we own, license, or otherwise operate and that links to this Privacy Policy (each, a “Site”), (ii) purchase or receive products, goods, or services through the Site, or (iii) visit our offices or otherwise contact or engage with us. For purposes of this Privacy Policy, the Site and all products, goods and services sold or furnished by the Company through a Site shall be referred to collectively as the “Services.”

PLEASE READ THIS PRIVACY POLICY CAREFULLY AS IT DESCRIBES YOUR RIGHTS, RESPONSIBILITIES, AND LIABILITIES. BY ACCESSING OR USING THE SERVICES OR OTHERWISE PROVIDING US WITH PERSONAL INFORMATION, YOU ARE CONSENTING TO THE TERMS OF THIS PRIVACY POLICY AND THE COMPANY’S TERMS OF USE AND ANY APPLICABLE COOKIE POLICY ON A SITE.

You must be at least eighteen (18) years of age to access the. Services. RPM International Inc. is headquartered in the United States, and the personal information you provide to the Company may be processed and stored in the United States and other jurisdictions. For more information on our data transfer practices, please see Section 9 (Data Retention and Localization).

1. Scope

In most instances this Privacy Policy will apply to personal information that the Company receives during its business operations as a “data controller”. This means we determine the purpose and means of processing such personal information. For purposes of this Privacy Policy, the term “personal information” means any information that, alone or in conjunction with other information or data, identifies or is linked to a natural person and that is subject to, or otherwise afforded protection under, a data protection law, statute, or regulation. The term “personal information” does not include anonymized or de-identified data that is not attributable to a particular individual, household, or device and that is not otherwise subject to a data protection law, statute, or regulation. The Company may anonymize or de-identify personal information, and such data is not subject to this Privacy Policy, and the Company may use such data for any purpose. In some instances, the Company may receive your personal information as a “data processor”. This means that another party determines the purpose and means of processing such personal information. In such cases the Company will process your Personal Information only on the written instructions of the data controller and to the extent reasonably necessary or appropriate for the performance of the services to which it is engaged, including the transfer of personal data to third countries, unless provided otherwise by Personal Data Protection Laws to which the Company is subject.

2. The Types and Categories of Personal Information We Collect

The Company collects personal information in order to provide our Services, comply with our legal obligations, promote our business interests, and for the other reasons set forth in this Privacy Policy. When you do not provide personal information to the Company, we may not be able to provide you the Services or to complete a transaction you requested. Generally, we collect the following types and categories of personal information during our business operations:

Personal Information
Category	Description/Examples
Personal Identifiers	Identifiers, such as your name, alias, shipping address, email address, account name, telephone number, customer identification number.
Registration Data	Information provided when you register for an account to use the Site, including usernames and passwords.
Online Identifiers (For more information, see “Technical Data” below)	Persistent identifiers that can be used to recognize you or your device over time and across different Services, including a device identifier, an Internet Protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifiers, and similar technology.
Commercial Information	Records of the Services you purchased, obtained, or considered, or your other purchasing or consuming histories or tendencies with respect to our Services.
Business Contact Data	Information related to employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we conduct, or possibly conduct, business activities.
Health Data	You may furnish us with health-related information in the event you, or a third party, suffers an injury or illness while visiting our physical locations or premises, or when using our Services.
Marketing and Communications Data	Information with respect to your marketing preferences and your subscriptions to our publications and alerts.
Internet and Electronic Network Data	Data pertaining to your access to or use of the Site, including browsing history, search history, and information regarding your interaction with the Site or advertisements embedded on the Site or other third-party websites, and information derived from any device that connects to our Wi-Fi services.
Your Feedback	Information you provide about our Services, which may include data gathered from any Company surveys or reviews submitted by you.
Visitor Information	Information an individual provides when visiting any of our physical locations or premises, including visitor logs and registries, vehicle and parking information.
Video and Images	In some circumstances, you may provide us images (e.g., your use of a Service) or we may record you via a video camera (e.g., on-premises security systems) or through video teleconferencing.
Geolocation Data	Information about the general city, state, or region in which a user of the Site resides.
Professional or Employment Data	If you apply for a job with the Company, we collect information set forth in a resumé, curriculum vitae, cover letter, and similar documentation, including contact details, employment history, skills, or qualifications, education level, job compensation and benefit preferences, criminal record, credit history and similar data, and information provided about or by your references.
Inferences	Inferences drawn from some of the personal information categories identified herein and used to create a consumer profile reflecting your purchasing and marketing preferences, characteristics, and behavior.

3. Technical Data

When you access the Site, we collect certain data automatically using technical means and tools. From time to time, the Company or its service providers may release aggregate and de-identified reports derived from this technical and usage information (for example, by publishing a report on trends in the usage of our Site or service provider’s platforms). This data relates to your device, and your experience on the Site and other websites, including the following:

Usage and Device Data. When you access and use the Site, we automatically collect details of your access to and use of the Site, including traffic data, usage logs and other communication data, and the resources that you access and use on or through the Site (e.g., browsing history, search history). We may also collect information about your device and internet connection, including the device’s unique identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Site may collect “diagnostic” data related to your use of the Site, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.

Cookies and Tracking Data. We use “cookies” and other tracking technologies within the Site. A cookie is a small file placed on your smartphone or other device. You may refuse to accept certain cookies by activating the appropriate setting on your smartphone or device or by changing your cookie preferences on a Site. However, if you disable certain cookies, some parts of the Site may become inaccessible or not function properly. In addition, the Site may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to analyze data on your use of the Site (e.g., recording the popularity of certain content and verifying system and server integrity). The Site may collect data about the advertisements you have seen or engaged. For more information, see our Cookie Policy.

Site Monitoring. We also use cookies and other tracking technologies within the Site to monitor and record any and all activities and communications to, from, and on, the Site in order to safeguard, improve, and analyze usage of, the Site, and for the other purposes listed in this Privacy Policy. For the avoidance of doubt, you hereby acknowledge, agree, and consent to, such monitoring and recording.

4. Sources of Information

First Party / Direct Collection. We collect personal information directly from you when you use our Services (e.g., account registration, completing purchases, signing-up for subscriptions), when you provide a Product Review (as defined below), or whenever you directly engage with us, such as when you visit our offices or premises or otherwise contact us.

Automated Collection. We may collect information and data, such as usage data and cookies, through automated means when you use the Site (see “Technical Data” above).

Third-Party Sources. In accordance with applicable law, the Company may collect personal information about you from third parties, such as publicly available databases, advertising companies, social media websites and applications, and combine it with information we already hold about you in order to help us improve and customize our Services and for other purposes set forth in this Privacy Policy. In addition, we may collect personal information from third-party service providers so we can assess whether to pursue a business relationship with you and for “background”, “credit” check or due diligence processes. We may also collect your contact information from your employer or other third parties to facilitate or otherwise engage in traditional business activities and similar administrative matters.

5. How We Use your Information / Purpose of Collection

We may use the personal information we collect about you in order to perform our Services, comply with our legal obligations, and promote our business interests.

How Your Personal Information Is Used

Provide, operate, maintain, improve, and promote our Services.

Enable you to access and use our Services.

Process and complete transactions, and send you related information, including purchase confirmations and invoices.

Send you messages and communications related to our Services (e.g., responses to your comments, questions, and requests, customer services).

Furnish technical notices, updates, security alerts, and support and administrative messages to you about our Services.

Provide you promotional and marketing communications (e.g., information about our Services, features, surveys, newsletters, offers, promotions, contests, and events).

Process and deliver contest or sweepstakes entries and rewards.

Monitor and analyze trends, usage, and activities in connection with our Services to promote our business interests.

Investigate and prevent fraudulent transactions, unauthorized access to or use of our Services, and other illegal activities.

Personalize our Services, including providing features or advertisements that match your interests and preferences.

Any other purpose for which we obtain your consent.

For the avoidance of doubt, you hereby agree that the Company may contact you via any means, including via SMS/text message and email and through the use of autodialing systems and services, to furnish you information regarding a product order, shipping status, warranty-related information, and similar data and information pertaining to a commercial transaction.

6. Sharing Information / Third-Party Disclosures

We may share your personal information with certain organizations and third parties in accordance with applicable law, including as set out below.

Intra-Group. The Company is composed of affiliates and operating businesses all over the world, and we may disclose your personal information to such affiliates and operating businesses to facilitate the purposes for which the personal information was collected including to provide, operate, maintain, improve, and promote our Services. For a list of the Company’s affiliates and operating businesses that may collect, process, and exchange your personal information, please see https://www.rpminc.com/leading-brands/.

Service Providers. We may share your personal information with companies that provide services on our behalf, such as hosting and analyzing the Site, conducting surveys, benchmarking and marketing on our behalf, processing transactions (including rebates and returns), tracking and responding to consumer questions or complaints, and performing analyses to improve the quality of our Services.

Payment Card Transactions. All online payments for purchases made through the Site are completed using third-party vendors’ online payment systems. The Company does not have access to your credit card information for such online payments. Any personal or financial information you provide to our online payment system is subject to the third party’s privacy policy and terms of use, and we recommend you review these documents before providing any personal or financial information. The Company may, from time to time, facilitate payment card transactions outside the Site, including (but not limited to) transactions completed over the telephone.

Distributors and Business Partners. We may share your personal information with third parties that distribute our goods, products, and marketing materials.

Marketing Partners. The Company has partnered with third-party service providers with whom we share Online Identifiers concerning your use of the Site, which are derived through the cookies, pixels, and tags we use on our Site. If you would like to opt out from this information sharing, please click on the cookie management tool to set your preferences. See the Cookie Policy, if available, on each Site for a list of our service providers who provide us cookies, pixels, and tags.

Business Restructuring. Circumstances may arise where for strategic or other business reasons the Company decides to sell, buy, divest, merge or otherwise reorganize our businesses. We may disclose your personal information to the extent reasonably necessary to proceed with the negotiation or with the completion of a merger, acquisition, divestiture or sale of all or a portion of the Company’s assets.

Legal; Compliance; Legitimate Interest. We may disclose personal information to a third party (i) if required by law or government order, or with a legal process, (ii) when necessary to defend or protect our legal, regulatory, or business interests, (iii) to protect and defend our rights or property, or (iv) in urgent circumstances, to protect the health and personal safety of any individual.

Consent. In addition to the reasons for disclosure set forth above, we may also disclose your personal information when you consent to the disclosure.

In the event that you facilitate a transaction with the Company, or request information from or otherwise engage with us, and such activities require the Company to share your personal information with a service provider or other third party, you hereby consent to such disclosure and/or direct the Company to intentionally disclose your personal information to the service provider or third party.

7. Social Media

We may engage with you on various social media platforms (e.g., Facebook, Twitter, YouTube, Pinterest, Instagram). If you contact us on a social media platform for customer support or for other reasons, we may contact you via the social media’s direct message tools. Your use of a social media platform is subject to the policies and terms of the relevant social media platform. Certain social media platforms may also automatically provide us with your personal information, and the information we receive will depend on the terms that govern your use of the social media platform(s) and any privacy settings you may have set.

The Site may, from time to time, include social media features and widgets (e.g., the “Facebook Like” button, the “Share This” button) or interactive mini-programs that run on the Site. These features may collect your IP address and which Site page you are accessing and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Site. Your interactions with these features are governed by the privacy statement of the relevant social media platform that provides them.

8. Links to Other Websites; Your Direct Third-Party Disclosures

This Privacy Policy only governs your use of our Services (as defined above), and the Company is not responsible for the content or privacy practices employed by any third party. As a resource to you, the Site may include links to third-party websites or provide you the opportunity to disclose information directly to third parties (e.g., credit card processors). Please be aware that third-party websites may include a Company logo, may be linked to the Site, or may otherwise appear to be affiliated with the Company. Our Privacy Policy does not apply to such third-party websites or organizations. You assume all privacy, security, and other risks associated with providing any data, including personal information, to third parties via the Services. For a description of the privacy protections associated with providing information to third parties, you should refer to the privacy statements, if any, provided by those third parties.

9. Data Retention

How long we keep your personal information varies depending on why it was collected. We keep personal information to provide you with our Services, to facilitate transactions you have requested, or to engage in marketing activities, and for as long as is necessary to defend our legal or business interests. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty, and liability purposes. We may also keep a record of correspondence with you (e.g., if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in the future.

10. Data Transfers

RPM International Inc. is headquartered in the United States, and the personal information that the Company collects and processes may be retained and stored in the United States. The Company uses service providers that store personal information on our behalf in the United States and in other third countries. Please be aware that the United States, and these other third countries, may not provide the same level of protection of personal information as in your country, state, or other jurisdiction of residence or nationality, and when transferred to the United States or elsewhere, your personal information may be accessible by, or otherwise made available to, local government authorities and officials pursuant to judicial and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations. By continuing to provide us such information, you hereby acknowledge and agree that your personal information will be transferred to, and stored in, the United States and in such other third countries.

11. Security

We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. HOWEVER, NO INFORMATION SYSTEM CAN BE FULLY SECURE, AND WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. MOREOVER, WE ARE NOT RESPONSIBLE FOR THE SECURITY OF PERSONAL INFORMATION YOU TRANSMIT TO THE SITE AND/OR THE SERVICES OVER NETWORKS THAT WE DO NOT CONTROL, INCLUDING THE INTERNET AND WIRELESS NETWORKS, AND YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND DATA AT YOUR OWN RISK. TO THE EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE OR OTHERWISE RESPONSIBLE FOR ANY DATA INCIDENT OR EVENT CAUSED BY A THIRD PARTY THAT COMPROMISES THE CONFIDENTIALITY, INTEGRITY, OR SECURITY OF YOUR PERSONAL INFORMATION. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access our Services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately if you have reason to believe that your username or password to our Services has been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your personal information.

12. No Data Collected from Children

The Site is not directed at, nor intended for use by, children. As a result, if you are under the age of eighteen (18), you are prohibited from accessing or using the Services (including the Site) or providing us with your personal information. If the parent or guardian of a child under the age of eighteen (18) believes that the child has, or if you are under the age of 18 and believe that you have, provided us with any information, the parent or guardian of that child should contact us if they want this information deleted from our files, and we will undertake commercially reasonable efforts to comply with the request.

13. Publicly Posted Information; Product Reviews

You may, from time to time, have the ability to submit via the Site a comment on, provide an opinion about, rate, or otherwise discuss our Services (a “Product Review”). In other circumstances, you may directly provide us feedback on our business, our business sector, or the Services (“Feedback”). Any information or content you post in a Product Review or in your Feedback may be available to other users of the Site (and our social media platforms) and may be retrievable by third-party search engines, and third parties may also be able to download or share your Product Review and Feedback to social media websites or elsewhere. We recommend that you guard your privacy and anonymity and not upload any information in your Product Review and Feedback that you wish to remain confidential. Any third party with access to your information via the Site will be permitted to use the information in the same manner as if you submitted the information directly to that third party. Publicly posting any information on the Site is entirely voluntary on your part, and we recommend you carefully consider the information you choose to make publicly available. As between you and the Company, any and all Product Reviews and Feedback shall be considered the Company’s confidential and proprietary information. In order for the Company to utilize such Product Reviews and Feedback, you grant to the Company a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license, with the right to sublicense, under all relevant intellectual property rights, to use, publish, and disclose such Product Reviews and Feedback in any manner we choose and to display, perform, copy, make, have made, use, sell, and otherwise dispose of the Company’s and our sub-licensees’ products or services embodying such Product Reviews and Feedback in any manner and via any media we choose, without reference to the source. The Company shall be entitled to use Product Reviews and Feedback for any purpose without restriction or remuneration of any kind with respect to you and/or your representatives.

14. Your Responsibilities

You are permitted, and hereby agree, to only provide personal information to the Company if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable law, statute, or regulation or infringe upon a person’s data privacy rights or privileges. IF YOU PROVIDE PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO THE COMPANY, YOU EXPRESSLY REPRESENT AND WARRANT TO THE COMPANY THAT YOU HAVE THE FULL RIGHT AND AUTHORITY TO PROVIDE THE COMPANY WITH SUCH PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) AND THAT THE COMPANY’S USE AND PROCESSING OF SUCH PERSONAL INFORMATION AS SET FORTH HEREIN WILL NOT VIOLATE ANY PERSON’S RIGHTS OR PRIVILEGES, INCLUDING RIGHTS TO PRIVACY. YOU HEREBY AGREE TO FULLY AND COMPLETELY INDEMNIFY THE COMPANY FOR ANY CLAIMS, HARM, OR DAMAGES THAT MAY ARISE FROM YOUR PROVISION OF PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO THE COMPANY.

15. Updating Your Information

It is important that the personal information that you provide to us is accurate and reliable. In certain circumstances, you may have the ability to directly edit your online account with the Company to update and change your personal information (e.g., name, telephone number, email, shipping address), and you must do so when such changes are warranted. If your account does not contain such an editing feature, then you must notify the Company directly of any changes or updates to your personal information in accordance with the “Contact Us” section listed below.

16. Email Marketing Opt-Out

You have the right to opt out of receiving email marketing communications and direct-mail marketing from us. Where required by law, the email marketing communications that you receive from us will provide you an option to “unsubscribe” from receiving future email marketing communications from us. You may also unsubscribe from email and direct-mail marketing by contacting us in accordance with the “Contact Us” section listed below. Due to production, mailing and system timelines, it may take some time to process your request. Until your requested change takes effect, you may still receive communications from us. If you send us your request by regular mail, please allow extra time for us to receive your notice. Please note: Although you may have opted not to receive communications, you may still receive business-related communications such as order confirmations, product recall notices, membership information, or other communications that are necessary to complete your transaction. You hereby agree to immediately notify the Company, in writing, in the event you no longer own, license, or use an email address to which you subscribed to receive email marketing from us.

17. Biometric Data

Where permitted by law and in certain limited circumstances, the Company may collect biometric data and biometric identifiers related to our customers, suppliers, service providers, employees, temporary workers, contractors, or agents. For example, the Company may use cameras, kiosks, and similar devices and technology to collect, retain, and use information derived from the scanning of a person’s facial geometry or thermal temperature in order to facilitate the Company’s health and safety screening programs, and for other security-related purposes. In other circumstances, the Company may collect biometric data or biometric identifiers from individuals that are accessing sensitive areas of the Company’s facilities or for other administrative (e.g., timekeeping) or security functions and purposes. The Company will retain such biometric identifiers for no longer than as is permitted by law, but in no event longer than a) one (1) year after the applicable individual’s last interaction with the Company, or b) as is necessary to fulfill its collection purpose. The Company will maintain protocols for the security and destruction, or disposal of, biometric identifiers in a manner that complies with applicable data protection law and renders such data and identifiers unreadable so as to remove any potential for its reuse or re-identification. Barring any applicable law to the contrary, the Company may disclose and disseminate biometric identifiers to third parties in the same manner as it may disclose and disseminate personal information to third parties in accordance with this Privacy Policy, and such disclosures of biometric identifiers may include to third party service providers and law enforcement or regulatory agencies, where permitted by law.

18. Do-Not-Track Signals

Some web browsers may transmit “do-not-track” signals to the Site with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Unless otherwise required by law, we currently do not take action in response to these signals.

19. Persons with Disabilities

The Company strives to ensure that every person has access to information related to our Services, including this Privacy Policy. Please contact us in accordance with the “Contact Us” section listed below if you would like this Privacy Policy provided in an alternative format, and we will seek to meet your needs.

20. Rewards Programs and Financial Incentives

We collect and use personal information, including personal information provided by a third party to administer and maintain our financial incentive, rewards, and loyalty programs (“Rewards Programs”). We use the personal information you provide in these programs to verify your identity, offer unique rewards, track your program status, and facilitate the exchange of program points for products, promotional materials, training workshops, and other items. If you consent to participate in any of our Rewards Programs, you may withdraw that consent at any time by contacting us in accordance with the “Contact Us” section listed below or in accordance with the instructions set forth in the applicable Rewards Program’s terms and conditions. The Company may use personal information gathered from, or related to, participants in our Rewards Programs for any other purpose or in any other manner set forth in this Privacy Policy.

21. Events and Video Teleconferencing

The Company hosts and uses video teleconferencing platforms to facilitate conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Google, Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and you hereby consent to the recording of such activities.

22. Canada Privacy Rights

Personal data (as the term is defined in the Personal Data Protection and Electronic Documents Act of Canada (“PIPEDA”)) shall be synonymous with personal information, where permitted, and will be collected, stored, used and/or processed by the Company in accordance with this Privacy Policy and the Company’s obligations under PIPEDA and other applicable Canadian provincial laws. Pursuant to these Canadian laws, you have a right to request access to your personal information and to request that inaccurate personal information be corrected. If you have submitted personal information to us and would like to have access to it, or have it corrected, please contact us in accordance with the “Contact Us” section listed below. When requesting access to, or correction of, your personal information, we will require that you verify our request via email, and we will request specific data from you to enable us to confirm the authenticity of the request and your identity, and to enable us to search our records and databases. We may charge you a fee to access your personal information, provided that we advise you of any such fee in advance. Your right to access personal information is not absolute, and we may not be able to allow you to access certain personal information in certain circumstances (e.g., if the information contains personal information of other persons or it is subject to legal privilege). In the event that we cannot provide you with access to, or the ability to correct, your personal information, we will use reasonable means to inform you of the reasons why, subject to any legal or regulatory restrictions. To delete your name from our electronic contact lists (text or email), please follow the applicable opt-out instructions listed above (see “Email Marketing and Your Rights”) or contact us in accordance with the “Contact Us” section listed below. If you have concerns with our data processing, you may file a complaint with the Office of the Privacy Commissioner of Canada. Please refer to the Office of the Privacy Commissioner of Canada for more information.

23. European Union (EU), Switzerland, and United Kingdom (UK)

Data Protection Rights. If you are located in the EU, Switzerland, or the UK, you have the following data protection rights:

Right to Know. The right to know about what personal information the Company collects and processes about you, including the types and categories of personal information we collect and process, the sources of such personal information, our retention criteria, with whom we share your personal information, cross-border data transfers, and how to file complaints and inquiries. Such information is set forth in this Privacy Policy.
Automated Decision Making. The Company does not engage in any activity that subjects our customers, Site users, survey participants, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them.
Access Rights. You may ask us whether we process any of your personal information and, if so, receive access to such personal information. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal information concerned as well as any other information necessary for you to exercise the essence of this right.
Rectification. You have the right to have your personal information corrected/rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal information about you and, taking into account the purposes of the processing, update any incomplete personal information, which may include the provision of a supplementary statement.
Erasure. You have the right to have your personal information erased, which means the deletion of your personal information by us and, where possible, any other controller to whom your data has previously been disclosed. However, your right to erasure is subject to statutory limits and prerequisites (e.g., where your personal information is no longer necessary in relation to the initial purposes for which it was processed, your personal information was processed unlawfully).
Restriction of Processing. You have the right to obtain the restriction of the processing of your personal information, which means that we suspend the processing of your personal information for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal information is contested, but we need time to verify the inaccuracy (if any) of your personal information.
Data Portability. You have the right to request us to provide you with your personal information in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible.
Right to Object. You have the right to object to the processing of your personal information, which means you may request us to no longer process your personal information. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see below “Legal Basis for Processing”). However, at any time (and free of charge) you can object to having your personal information processed for direct marketing purposes.
Withdrawing Consent. You also may withdraw your consent at any time if we are solely relying on your consent for the processing of your personal information. However, this will not impact our legal basis to process such personal information prior to the withdrawal of your consent.

To exercise any of these data privacy rights, please contact us, or have your designated agent contact us, in accordance with the “Contact Us” section listed below. To the extent permitted by law, we will need to verify your identity (or the identity of your agent) and ensure the authenticity of your request.

Legal Basis for Processing. We process your personal information in accordance with the legal bases set forth in law. For example, our processing of personal information (as described herein) is justified based on the following legal grounds:

Consent. Processing is based on your consent (e.g., you register to receive our marketing materials, you voluntarily contact us).
Legitimate Interests. Processing is necessary for our legitimate interests as set out herein (e.g., monitoring your use of the Site and your compliance with the terms and conditions governing the same, improving our Services).
Contract Undertaking. Processing is necessary for the performance of a contract to which you are a party (e.g., you purchase or consider purchasing our Services).
Legal Compliance. Processing is required to comply with a legal or statutory obligation (e.g., tax disclosures).

Complaints. In the event you have concerns about our data processing, you have the right to file a complaint with your data protection authority. For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html). For the data protection authority in the UK, please contact the Information Commissioner’s Office (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach a data protection authority with a complaint, and invite you to contact us in the first instance.

24. California Privacy Rights

Data Privacy Rights. If you are a resident of California you have the following data privacy rights:

Right to Know (Specific Pieces of Personal Information). You have the right to know the specific pieces of your personal information that we have collected about you.
Right to Know (Categories of Personal Information). You have the right to know (i) the categories of personal information we have collected from you; (ii) the categories of sources from which the personal information is collected; (iii) the categories of your personal information we have sold or disclosed for a business purpose; (iv) the categories of third parties to whom your personal information was sold or disclosed for a business purpose; and (v) the business or commercial purpose for collecting or selling your personal information.
Right to Delete. You have the right to request that we delete your personal information that we have collected and retained.
Right to Correct. You have the right to request that we correct inaccurate personal information that we have collected and retain.
Nondiscrimination. You have the right not to be subject to discrimination for asserting your rights under the CCPA.

Submit a Privacy Request. To submit a privacy request, you may contact us using any of the following means: (email) [email protected], (webform) https://www.rpminc.com/contact-rpm/, (telephone) 1 (800) 776-4488, or (mail) RPM International Inc., ATTN: Privacy Request, 2628 Pearl Road, Medina, OH 44256. If you would prefer, you may designate an authorized agent to submit a CCPA privacy request on your behalf. An authorized agent must be registered with the California Secretary of State to conduct business in California.

Privacy Request Verification Process. If you (or your authorized agent) make any request related to your personal information, the Company will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, the Company will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email, request certain contact information or government identifiers, and we will match at least two pieces of such personal information with data that we have previously collected from you before granting you access to, erasing, or correcting, specific pieces or categories of personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights, as amended by the CPRA, are absolute, and such rights are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA or the CPRA, please see: https://oag.ca.gov/privacy/ccpa.

Opt-Out Rights / Do Not Sell My Personal Information. California residents have the right to opt out of the “sale” of their personal information. However, the Company does not sell your personal information to third parties for profit or monetary or other valuable consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities).

Opt-Out Rights / Do Not Share My Personal Information. California residents have the right to opt out of the “sharing” of their personal information. The Company uses third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners, and such features, tools and marketing relationships involve the disclosure of your personal information to third parties and may constitute the “sharing” of your personal information. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management/settings tool (sometimes visible as a “Your Privacy Choices” or as a “Do Not Sell/Share My Personal Information”) link on the footer of the Site to set your cookie preferences. You, or your authorized agent, may also contact us in accordance with the “Contact Us” section listed below.

Children. The Site is not directed at, and should not be used by, minors under the age of eighteen (18), and therefore the Company does not knowingly sell or share the personal information of minors under eighteen (18) years of age.

Limit Use of Sensitive Personal Information. The Company does not use or disclose sensitive personal information for reasons other than those set forth in the CCPA, and therefore we do not provide individuals with the ability to limit how we use or disclose such sensitive personal information.

25. Nevada Privacy Rights

The Company does not currently conduct “sales” of personal information for purposes of Nevada law. Notwithstanding the foregoing, Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their information to others. If you would like to exercise this right, please contact us in accordance with the “Contact Us” section listed below.

26. Virginia Privacy Rights

Virginia residents are entitled to the following data privacy rights:

To confirm whether or not the Company is processing your personal information, and to access such personal information.
To request the Company correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
To request the Company delete your personal information.
To obtain a copy of the personal information that you previously provided the Company in a portable and, to the extent technically feasible, readily usable format that allows it to be transmitted to another entity without hindrance, where the processing is carried out by automated means.

Submit a Privacy Request. To submit a privacy request, you may contact us using any of the following means: (email) [email protected], (webform) https://rpminc.com/contact/, (telephone) 1 (800) 776-4488, or (mail) RPM International Inc., ATTN: Privacy Request, 2628 Pearl Road, Medina, OH 44256.

Privacy Request Verification Process. If you (or your authorized agent) make any request related to your personal information, the Company will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, the Company will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email, request certain contact information or government identifiers, and we will match at least two pieces of such personal information with data that we have previously collected from you before granting you access to, erasing, or correcting, specific pieces or categories of personal information, or otherwise responding to your request. None of Virginia’s privacy rights are absolute, and such rights are subject to legal and regulatory exceptions and exemptions. For more information about the Virginia Consumer Protection Act, please see: https://lis.virginia.gov/cgi-bin/legp604.exe?211+ful+SB1392ES1.

Privacy Requests Appeals Process. If you would like to appeal a decision the Company has made with respect to your privacy request, please email [email protected], with the subject line “PRIVACY REQUEST: APPEALS” and describe the nature of your request, and the reason requesting an appellate review. Virginia residents may file privacy complaints with the Virginia Attorney General (https://www.oag.state.va.us/contact-us/contact-info).

Opt-Out Rights / The Sale of Personal Information. Virginia residents have the right to opt out of the “sale” of their personal information. However, the Company does not sell your personal information to third parties for or monetary consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities).

Opt-Out Rights / Targeted Advertising. Virginia residents have the right to opt out of having their personal information used for targeted advertising purposes. The Company uses third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management/settings tool (sometimes visible as a “Your Privacy Choices” or as a “Do Not Sell/Share My Personal Information”) link on the footer of the Site to set your cookie preferences.

Opt-Out Rights / Profiling. Virginia residents have the right to opt out of having their personal information used for profiling in furtherance of decisions that produce legal or similarly significant effects. However, the Company does not engage in such activities.

27. Changes to the Policy

We reserve the right to amend this Privacy Policy at any time. The “Last Updated” date listed above will identify when this Privacy Policy was last amended. It is your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made since your last interaction. Your use of the Services and continued use of the Services after any amendments are made to this Privacy Policy, signifies your consent to this Privacy Policy and any amendments reflected in the most recent version. We may, in our sole discretion, provide you communications, including via email or text messages, about changes to our Privacy Policy; however, such communications do not abrogate or otherwise limit your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made.

28. Contact Us

If you have any questions or concerns about this Privacy Policy, or would like to submit a privacy request, contact us using any of the following means: (email) [email protected], (webform) rpminc.com/contact/, (telephone) 1 (800) 776-4488, or (mail) RPM International Inc., ATTN: Privacy Request, 2628 Pearl Road, Medina, OH 44256.

Last Updated: April 10, 2023

Privacy Notice

Rust-Oleum Europe - N.V. Martin Mathys S.A., and its affiliates, subsidiaries, and operating companies (the “Company", "us", "we") is committed to protecting your privacy. This Privacy Policy (“Policy”) describes how we Process Personal Data relating to you, including the types of Personal Data that we collect, the purposes for which we use it, the types of third parties with whom we share it, and any rights you may have with respect to such Personal Data. This Policy applies to the Personal Data you provide us when you access any of our websites, including www.rust-oleum.eu (collectively, referred to as “Website”), when you visit any of our business locations or facilities, or when you otherwise contact or engage with us.

For the purposes of applicable data protection laws and regulations, the Company is considered the “Data Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Policy. The Company is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or its affiliates. Before you provide us with any Personal Data or browse our Website, you must read through this Policy in full and make sure that you are comfortable with our privacy practices and agree to comply with the terms and conditions set forth herein.

Please note that our Website may contain links to other websites. These third party sites are not subject to this Policy and we recommend that you review the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the data that we collect and have no control over the actions of any third parties in relation to your Personal Data. Please refer to the Glossary below for an explanation of the defined terms in this Policy.

Whose Personal Data Do We Collect

The Company collects Personal Data from a range of individuals in the context of its business activities, including the following:

Representatives of our suppliers, customers and other business contacts.
Contractors and similar types of workers.
Individuals that use, or otherwise access, our Website.
Consumers and customers.
Individuals who visit our premises or facilities.
Job applicants.
Individuals related to, or otherwise affiliated with, our Company’s employees.
Individuals who contact us by any means.

How We Collect Personal Data

We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. For example, when individuals undertake the following activities, we generally collect their Personal Data:

Use or access our Website and/or complete one of our web forms (e.g. using our “Ask the Expert” service).
Contact our customer service centers or request information from us in any other way.
Visit our premises.
Submit an order to, or make a purchase with, the Company.
Provide us your contact information via business card or otherwise.
Complete a survey or otherwise provide us feedback.
Communicate with us via social networking websites, third party applications, or similar technologies.
Visit one of our trade counters at an exhibition.

We may also collect Personal Data from third party sources. For example, we may collect information from your employer; publicly available sources; our service providers, vendors, and other business contacts for the purposes described herein.

The Categories Of Personal Data We Collect

The Company may collect a range of Personal Data from, or about, you, during our business activities, such as the following:

Identity data, such as your name, title, company/organization name, e-mail address, telephone and fax numbers and physical address (including street, city, state, postal code, and/or country). If you visit any of our business locations in person, we may require you to sign in and provide your name, car registration number, driver’s license number, or other information.
Business contact data, such as information related to other employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we may conduct, or possibly conduct, business activities.
Marketing and communications data, including your marketing preferences and your subscriptions to our publications.
Transaction data, including inquiries about and orders for our products and services and details of payments to and from you, including purchase order history and information needed to facilitate payment transactions.
Customer Feedback, and similar comments, surveys, and recommendation, including feedback about our Website, products, services, and data Processing practices.
Usage data, including information about how you use our Website, the pages you view, the links you click, the materials you access, the date and time you access the Website, the website from which you linked to our Website, and other actions taken within the Website. We may also collect usage data if you access our internet services at a Company location or facility.
Technical data, such as your Internet Protocol (IP) address, your browser type and capabilities and language and your operating system. For information about the cookies we use on our Website, please see below. We may also collect technical data if you access our internet services at a Company location or facility.
Biometric data, as further detailed in the section on Biometric Data below.

When you do not provide Personal Data that the Company requests, we may not be able to provide you the requested service or complete a transaction, and you agree that the Company will not be liable or otherwise responsible for any actions resulting therefrom.

Data Processing Purposes

Generally, the Company Processes Personal Data for a broad range of purposes, including the following:

To provide you with information about, and to fulfil your requests for, products and services.
To answer your questions or respond to your feedback or inquiries.
To conduct research and advertising.
To contact you about improved products or product uses.
To provide you with e-newsletters; email, or other communications.
To allow you to participate in online support or “Ask the Expert” services.
To notify you of any changes to your services and to provide you with information in relation to similar goods and services that may be of interest.
To administer and manage warranties
To communicate with you and third party contacts.
To enable your participation in promotions, sweepstakes or consents.
To administer our Website and help improve our products and services.
To allow you to report problems with our Website.
To carry out analytics in relation to the use of our Website.
To comply with applicable laws, regulations, or other legal or administrative processes.
To better ensure the security of the Company’s property, locations, and premises.
To defend our legal, regulatory, and business interests.
To protect the health and safety of Company’s employees, temporary workers, contractors, agents visitors or any other individual who may visit our business locations or facilities, for instance during a pandemic or other health emergencies.
For other business-related purposes, including negotiating, concluding and performing contracts, managing accounts and records, customizing licensed content (as set forth in the Website’s Terms of Use), supporting corporate social responsibility activities, legal, regulatory and internal investigations, general business purposes and debt administration.

Please note that you cannot communicate with us through the “Contact” or support links on the Website or via e-mail without providing some Personal Data. If you contact us or our service providers, a record of that session or correspondence will be maintained in accordance with applicable policy and/or law.

Talent Management And Recruitment

When you apply for employment via our Website or otherwise, we will collect additional Personal Data about you that is specific to that employment position, such as your qualifications, career history, third party references and interview notes. We may also ask you for other information, for example your interests and the types of jobs you are interested in. Any Personal Data you provide to us in relation to an employment application will be processed in accordance with this Policy and any other privacy statement that may be included with the job announcement to which you apply.

Legal Basis For Processing

In order to comply with certain applicable data privacy laws, the Company is required to set forth the legal basis for the Processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data, as set out above, the legal basis for the Company’s Processing of your Personal Data will typically be one of the following, which are not mutually exclusive:

For the performance of a contract that we have in place with you or other individuals, or to take steps at your request prior to entering into a contract.
To support the Company or our third parties’ legitimate business interests (for example, in maintaining and promoting our business by providing customers with feedback opportunities).
To comply with our legal obligations.
With your consent.

Data Localization

The Company has its corporate headquarters in the United States and is part of a multinational group of affiliated companies that has databases in different countries, some of which are operated by affiliates and some of which are operated by third parties on behalf of the Company or one of our affiliates. We may transfer your Personal Data to one or more such databases outside your country of domicile, potentially including countries which may not require an adequate level of protection for your Personal Data compared with that provided in your country, and in which case, Personal Data may be available to government authorities under lawful orders and laws applicable in such foreign jurisdictions. The Company and its affiliates have established reasonable and appropriate controls as required by applicable law to safeguard the possession of, and transfer of, Personal Data. If you are located in the EEA or the UK, you can request a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances, using the email address provided below. By providing the Company any Personal Data, you hereby consent to its transfer across international borders in accordance with this Policy.

Sharing And Disclosure Of Personal Data

The Company may share or otherwise disclose your Personal Data within the Company, to affiliates and subsidiaries, and selected third parties in accordance with applicable law. The following are examples of how your Personal Data may be shared and the reasons and purposes for undertaking such activities:

The Company may share your Personal Data with employees and other officials and representatives within our parent company, subsidiaries and affiliates who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or to direct a query that you have submitted to the relevant department or affiliate.

We may disclose your Personal Data to third parties, including the following: law enforcement and regulatory authorities; the Company's advisors and consultants; IT service providers; third parties engaged by the Company for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from the Company's Website; for the purposes of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; or to enforce the Company's policies or Website Terms and Conditions of Use.

We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.

With your consent, we may disclose your Personal Data to third parties who offer products that may be of interest to you. These companies may then contact you directly with product or sample offers, personalized offers and information or to ask for your feedback on products and programs that may be of interest to you.

Our employees may use personal devices to access our systems containing your Personal Data, thus your Personal Data may be transferred through or to service providers who contract with our employees for cellular data everywhere in the world.

We may be required to share your Personal Data in order to comply with a court order, law, or legal process, including to respond to government or regulatory requests. We may disclose Personal Data if we have reason to believe that disclosure is necessary to identify, contact or bring legal action to enforce any of the Company’s rights, including against you or a third party, for non-payment, violation of any agreement with us, or to otherwise support our business interests. We may share your Personal Data to protect the safety of the Company, our customers or others; or to prevent injury to or interference with, our rights or property, or the rights or property of other data processors or anyone else that could be harmed by such activities.

To the extent you engage with the Company for us to provide you, or a third party, with any of the services or deliverables described herein, you hereby consent to the disclosure of your Personal Data to any third party the Company reasonable determines to be applicable to the provision of the services or deliverables, provided the third party does not also sell the Personal Data, unless that disclosure would be consistent with applicable data protection laws.

We Do Not Sell Personal Data

Without prior consent, the Company does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, Personal Data to another business or a third party for monetary or other valuable consideration.

Data Security

The Company takes reasonable technical and organizational security measures to protect Personal Data from accidental or unlawful destruction or loss and unauthorized access, destruction, misuse, modification or disclosure. However, no information system can be fully secure, so we cannot guarantee the absolute security of your Personal Data. Moreover, we are not responsible for the security of Personal Data you transmit to us over third-party operated systems or networks, including the Internet and wireless networks. You provide the Company with any and all information, including Personal Data, at your own risk and you hereby agree that, to the extent permitted by law, the Company shall not be liable or otherwise responsible for any data incidents that may compromise the confidentiality, integrity, or security of your Personal Data.

Records Retention

We will keep your Personal Data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us and the country in which the Personal Data is processed. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty, and liability purposes. We may also keep a record of correspondence with you (e.g., if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.

Your Rights And Responsibilities

You are permitted, and hereby agree, to only disclose or otherwise provide Personal Data to the Company if such Personal Data is accurate, reliable, and relevant to our relationship, and only to the extent such disclosure or provision will not violate any applicable data protection law, statute, or regulation, or infringe upon any person’s data privacy rights or privileges. Some data protection laws, such as the General Data Protection Regulation (EEA),and the California Consumer Privacy Act (United States), provide individuals with the rights described below. If you are in the EEA, a California resident, or otherwise afforded such rights and would like to exercise them in the context of any of your Personal Data the Company (or a service provider or processor acting on our behalf) has in our possession, custody, or control, please contact us, or have your authorized agent contact us, in accordance with the instructions listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose Personal Data is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request, where permitted by law. If you make, or an authorized agent on your behalf makes, any request related to your Personal Data, we will ascertain your identity, or the identify of your authorized agent, to the degree of certainty required under the law before addressing your request. For example, the Company may be required you to match at least two or three pieces of Personal Data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, Personal Data, or otherwise responding to your request. We may also request that the authorized agent provides written documentation that demonstrates his/her authorization to act on your behalf. The data privacy rights afforded under data protection laws are not absolute, and the Company may be permitted to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us.

Marketing and Unsubscribe. In accordance with applicable law, we may process your Personal Data for marketing purposes. If, at any time, you decide that you no longer want to receive commercial communications from us, whether by email, telephone or post, you can “opt-out” from receiving such communications by clicking on the “unsubscribe” link provided at the bottom of each commercial email and updating your preferences, or by contacting us at dataprotection[at]rustoleum.eu. Some jurisdictions provide individuals with the right to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To the best of the Company’s knowledge, we do not share Personal Data with third parties with whom we have reason to believe use such information for their own direct marketing purposes.

Correcting your Information. Keeping your Personal Data accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to delivery relevant services to you. Please let us know about any changes that may be required to your Personal Data via dataprotection[at]rustoleum.eu.

Accessing and Transferring Personal Data. Some data protection laws provide individuals with the right to know about, and access, the Personal Data we have collected about them, including the categories and specific pieces of Personal Data we have collected; the categories of sources from which the Personal Data is collected; the business or commercial purpose for collecting the Personal Data; the categories of third parties with whom we have shared, disclosed, or sold Personal Data and the purpose for doing so. In addition, some jurisdiction provide individuals with the right to request the Company transfer, to the extent feasible, Personal Data in certain forms and formats.

Erasing and Deleting Personal Data. Some data protection laws provide individuals with the right to request that we (and any applicable service provider or processor acting on our behalf) delete/erase your Personal Data in our possession, custody, or control.

Object to Processing. Some data protection laws provide individuals with the right to object to the manner in which the Company undertakes certain types of Processing involving your Personal Data, including where we are relying on a legitimate business interest for such Processing or engaging in direct marketing.

Restriction of Processing. You may be entitled to request that we restrict our Processing of your Personal Data, for example, in circumstances in which the accuracy of the Personal Data is contested.

Do Not Track Signals. Some web browsers may transmit “do-not-track” signals to websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

Anti-Discrimination. Some data protection laws provide the organizations are prohibited from discriminating against individuals for exercising their data privacy rights. The Company does not, under any circumstances, intend or otherwise seek to discriminate against individuals for any reason, including for exercising a data privacy right.

Persons with Disabilities. The Company strives to ensure that every person has access to information related to our products and services, including this Policy. Please contact us if you would like this Policy provided in an alternative format and we will take commercially reasonable measures to meet your needs.

Some data protection laws afford individuals the right to lodge a complaint about an organization’s Processing with government or regulatory authorities. For example, individuals in the EEA have the right to lodge a complaint with the competent Data Protection Authority, a list of which can be accessed at: edpb.europa.eu/about-edpb/board/members_en.

Children’s Personal Data

The Website and services are not intended for “children,” which may be defined differently within applicable data protection laws. We do not knowingly Process information of children under the age of sixteen (16) without the consent of their parents or legal guardians and you are hereby prohibited from providing the Company with any such information. In an instance where such information was collected, it would be purely accidental and unintentional. By using our Website or otherwise providing us with Personal Data, you hereby represent that you are over the age of sixteen (16) and the Personal Data does not relate to any person under the age of sixteen (16).

Biometric Data

Where permitted by law and in certain limited circumstances, the Company may collect biometric data and other biometric identifiers related to our customers, suppliers, service providers, employees, temporary workers, contractors, or agents, for instance, during a pandemic or other health related emergencies. The Company may use cameras, kiosks, and similar devices to collect, retain, and use information derived from the scanning of a person’s facial geometry (i.e., biometric identifiers) in order to facilitate temperature screening as part of the Company’s health and safety screening programs, and for other security-related purposes. In other circumstances, the Company may collect the same type of data from individuals that are accessing sensitive areas of the Company’s facilities or for other administrative (e.g., timekeeping) or security functions and purposes. The Company will retain such biometric identifiers for no longer than as is permitted by law, but in no event longer than one (1) year after the applicable individual’s last interaction with the Company. The Company will implement and maintain protocols for the security and permanent destruction, or disposal of, biometric identifiers in a manner that complies with applicable data protection law and renders such data and identifiers unreadable so as to remove any potential for its reuse or re-identification. Barring any applicable law to the contrary, the Company may disclose and disseminate biometric identifiers to third parties in the same manner as it may disclose and disseminate Personal Data to third parties in accordance with this privacy policy, and such disclosures of biometric identifiers may include to third party service providers and law enforcement or regulatory agencies, where permitted by law.

Non-Personal Data Information & Cookies

Non-Personal Data is information that does not identify you as an individual, either directly or indirectly. The Company, either directly or through third parties, may automatically collect certain types of Non-Personal Data from you when you are using the Company’s Website. We may also collect Non-Personal Data that you voluntarily provide, such as information included in response to a questionnaire or survey.

We may share Non-Personal Data with other third parties that are not described above. When we do so we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your household, your computer, or your device. Aggregation means that we combine the Non-Personal Data of numerous people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular person.

Except for any Personal Data the Company may collect from you as described in this Policy, any material, information or other communication you transmit, upload or post to the Website or email to the Company (“Communications”) will be considered non-confidential and non-proprietary. The Company will have no obligation to preserve the confidentiality or refrain from disclosing Communications. The Company will have no liability for and will be free to copy, disclose, distribute, incorporate and otherwise use the Communications and all data, images, sounds, tests, product ideas, suggestions or enhancements, as well as anything embedded therein for any and all commercial or non-commercial purposes.

In general, you may visit the Website without telling the Company who you are or revealing Personal Data about yourself. However, the Company and companies providing services to or on behalf of the Company may use various technologies, such as cookies and web beacons (1x1 pixels), to collect non-Personal Data discernible as a result of your visit. We will explicitly request your consent to use cookies on our Website. Cookies are used to collect general usage and volume statistical data. You may control the use of cookies at your browser (visit www.aboutcookies.org for more information); however, if you reject cookies some or all of your ability to use our Website may be limited. In addition to using cookies, we use Google Analytics to analyze trends, administer the Website, track movements around the Website and gather demographic information about our user base as a whole. To opt of out being tracked by Google Analytics across all Websites visit tools.google.com/dlpage/gaoptout. We also use tools provided by Addthis.com, and you can receive more information about its cookie and privacy policy at www.oracle.com/legal/privacy/addthis-privacy-policy.html. They may also use and disclose non-Personal Data derived from our advertising campaigns for reporting purposes, for scheduling and optimization of content delivery and, of course, they may do so if they are required to do so by law. The Company may use any information gained through its Website for any legal purpose, including without limitation, for purposes of developing, using and making available to third parties (at no charge or for a fee) aggregated information regarding trends, products, security/privacy patterns and research, internal record keeping and reporting, measuring and reporting learning, performance and other statistical information concerning any aspect of the Website except that the Company will not report aggregated data in a manner that reasonably permits such information to be identified with any user.

Social Media Features

Our Website may also include social media or lead generation features, such as Facebook or Twitter buttons and widgets, such as the “share this” button. These features may collect your IP address, which page you are visiting on our Website and may set a cookie to enable the feature to function properly. Social media and lead generation features and widgets may be hosted by a third party. Your interactions with these features and widgets are governed by the privacy policy of the company providing it. For more information, please visit any of the following www.aboutads.info/choices/, optout.networkadvertising.org, or www.youronlinechoices.eu.

Questions and complaints

If you have a concern or complaint about how the Company has used your Personal Data, or to exercise any data protection rights afforded to you under the law, please contact us at any of the following: dataprotection[at]rustoleum.eu, www.rust-oleum.eu/contact/, or at +32 (0)13 460 200.

Changes to this Policy

We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our Website. It is your responsibility to review the Policy every time you submit information to us or place an order.

Definitions

Data Controller	A party that determines the purposes and means of data processing.
Data Protection Authority	The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of Company and/or affiliate;
European Economic Area (EEA)	The EEA includes all European Union member states and Iceland, Liechtenstein and Norway. For purposes of this Policy, the EEA will include the United Kingdom in the event it leaves the European Union.
Personal Data	Information that is subject to an applicable data protection law which relates to an identified or identifiable individual and may include names, addresses, email addresses, job applications, user account information, correspondence, web browsing information (e.g. data associated with a particular cookie) and IP addresses, when such information can be linked to an individual.
Processing	Doing anything with Personal Data; this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party, or even deleting it.

Last updated September 8, 2020

Privacy Notice

Privacy Notice

About us

About us

Services

Support

Europe

United Kingdom

Rest of the world