MTM Industrial Limited (from now on NiTHO), together with other members of its group (NiTHO, we/us/our) are committed to safeguarding the privacy of our customers and users (you/your) and the Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.
Personal Information means information about an identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers including your Social Insurance Number and personal references, to the extent permitted by local laws.
If you are an existing customer of ours, further details about how we use your Personal Information is set out in your customer contract with us. Further notices highlighting certain uses we wish to make of your Personal Information together with the ability to opt in or out of selected uses may also be provided when we collect Personal Information from you.
Our websites may contain links to other third-party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check these policies before you submit any Personal Information to such third party websites.
(a) What Personal Information about you we may collect
(b) How we may use your Personal Information
(c) Who we may share your Personal Information with
(d) How we protect your Personal Information
(e) Contacting us & your rights to prevent marketing and to access and update your Personal Information
(f) Our Cookies Policy
Information we may collect about you
We will collect and process all or some of the following Personal Information about you:
(a) The information you provide to us: Personal Information that you provide to us, such as when using the contact form on our website, including your name, email address, and other contact details;
(b) Our correspondence: If you contact us, we will typically keep a record of that correspondence;
(c) Information about how you use our products and services: Such as information about the amount of time you use our products/services for, your typing patterns, or while logged into your account. We collect this in order to provide feedback about developing our products and services, and to understand what your usage patterns and preferences are so that our marketing is relevant to you;
(d) Survey information: We may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey;
(e) Promotions: We may request Personal Information to administer your participation in contests, sweepstakes or other promotions that we organize;
(f) Device Information: Such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
(g) Marketing preference information: Details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you;
(h) Website and communication usage: Details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, weblogs, other communication data, and the resources that you access;
(i) Activities on Social Networking Sites (SNS): If you choose to participate (for example, by “liking” NiTHO’s profile on Facebook or Instagram, posting a message, or answering a poll), we will have access to the information you divulge which may include Personal Information, depending on your SNS privacy settings.
2. Uses made of your Personal Information
In this section, we set out the purposes for which we use Personal Information that we collect via our website and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.
These “legal grounds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law
Consent: where you have consented to our use of your information
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
Please note that in addition to the disclosures we have identified below, we may disclose Personal Information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of NiTHO that perform activities on our behalf, as well as other members of the NiTHO affiliates.
(a) To provide and manage products and services you have requested: to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.
Use justifications: contract performance; consent, legitimate interests (to enable us to perform our obligations and provide our services to you or to notify you about changes to our service)
(b) To sponsor you and/or your event: To carry out our obligations arising from any sponsorship agreements entered into between you and us, to notify you about changes to the terms of our sponsorship, or to advertise the fact that you and/or your event are sponsored by us.
Use justifications: contract performance; consent
(c) To communicate with you regarding products and services that may be of interest: To provide you with updates and offers, where you have chosen to receive these. We may also use your information to market our own and our selected business partners’ products and services to you by way of in-app alerts, post, email, phone, SMS or online or social media advertisement. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option on the appropriate platform to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you.
Use justifications: legitimate interests (to keep you updated with news in relation to our products and services); consent
(d) To understand our customers and to develop and tailor our products and services: We may analyze the Personal Information we hold in order to better understand your usage patterns, preferences, and marketing requirements, as well as to better understand our business and develop our products and services;
Use justifications: legitimate interests (to ensure the quality and legality of our services and to allow us to improve our services);
Use justifications: contract performance, legal obligations, legal claims, legitimate interests (to ensure that the quality and legality of our services)
(f) To inform you of changes: To notify you about changes to our services and products;
Use justifications: legitimate interests (to notify you about changes to our service)
(g) To ensure website content is relevant: To ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers;
Use justifications: legitimate interests (to allow us to provide you with the content and services on the websites)
(e) To reorganise or make changes to our business: In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your Personal Information to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy
Use justifications: legitimate interests (in order to allow us to change our business)
(f) In connection with legal or regulatory obligations: We may process your Personal Information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justifications: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
Profiling and Automated Decision Making
The advertisements and recommendations (including online, while you are logged into your account) which we show you are chosen by analyzing the Personal Information you provide to us as described in section 2, including information about your past purchases from us, the way in which you use our products and/or services, and previous advertisements which you have clicked on. To choose advertisements which are tailored and most likely to be of interest to you, we compile and analyze information received from all our customers to gain a better understanding of your preferences from customers similar to you.
We use similar predictive techniques to combat payment fraud, as described below:
Processing of payments on our site
(a) When you submit a payment request on our site (including when making purchases from our online store), we pass your payment information (including information about your past transactions, the current transaction, your credit card details and IP address) to a third party service provider (PayPal http://www.paypal.com) which conducts anti-fraud checks on our behalf. Our online store merely queries whether the payment information provided by you satisfies the criteria set by Cashshield’s algorithm and then returns back the results. If your payment information does not satisfy Cashshield’s criteria, the payment request is declined.
This process may result in you not being able to complete a purchase on our site. You may want to check your payment information or try again using a different method of payment.
Otherwise, you may request that we provide information about our decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime but generally in these circumstances we will ask Cashshield to verify that its algorithm and source data are functioning as anticipated without error or bias.
3. Sharing your Personal Information (and transfers outside of the EEA)
Sharing outside the NiTHO: Personal Information may be provided to third parties, including anti-fraud organizations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets (for example, collection of overdue accounts).
Sharing within the NiTHO: We may share your Personal Information within the NiTHO, including locations outside of the European Economic Area where we do business, for marketing purposes, for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.
Business sale or reorganization: Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganization or other change in corporate control.
Sub-contractors and agents: We may use affiliates or other companies to provide services on our behalfs such as data processing, account administration, fraud prevention, and detection, analytics and marketing. Such companies will be given only the Personal Information needed to perform those services and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.
Where we transfer Personal Information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
Security of your Personal Information
We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.
We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.
Security over the Internet
No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Retention of your Personal Information
Our retention periods for personal data are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data.
4. Your rights & contacting us
Most of our processing is permitted by “legal grounds” other than consent. In relation to Direct Marketing, where we are required to do so, we will obtain your consent before using your Personal Information for this purpose. If you prefer not to receive our Direct Marketing Communications and/or not have your Personal Information shared among the members of the NiTHO group for the purpose of marketing, you can have your name deleted from our Direct Marketing and/or shared information lists.
Direct Marketing means our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.
We will use reasonable endeavors to ensure that your Personal Information is accurate. In order to assist us with this, you should notify us of any changes to the Personal Information that you have provided to us by contacting us as set out in the “Contacting Us” section below.
If you have any questions in relation to our use of your Personal Information, you should first contact us as per the “Contacting Us” section below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of the information that you have provided to us;
(c) update any inaccuracies in the Personal Information we hold;
(d) delete any Personal Information we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
(f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g) restrict how we use your information whilst a complaint is being investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you have any questions or concerns about our privacy practices, the privacy of your Personal Information or you want to change your privacy preferences, please let us know.
To contact the Data Protection Officer, or get in touch with him/her at firstname.lastname@example.org.
5. Cookies policy