Privacy policy
Introduction to Thule Group Privacy policy.
The term data protection refers to laws and regulations imposed by countries to ensure that personal data (or information relating to a natural person) is collected, made available, and otherwise processed in a fair and lawful way.
Data protection laws prohibit the processing of certain categories of personal data other than in exceptional circumstances, and set out prerequisites which must be fulfilled in order for the processing of personal data to be lawful.
The purpose of this manual is to provide the Company’s employees with a basic understanding of situations which typically are governed by data protection laws, and thereby enable the Company’s employees to comply with those laws.
This manual applies to everyone at the Company – all employees, managers, executive officers, and members of the board of directors (all of whom are included in the term “employees” as used in the remainder of this manual).
This manual is based on the fundamental principles set out in the EU General Data Protection Regulation* (GDPR) which came into force on 25 May, 2018 and then replaced local data protection laws within the EU. In addition to the general guidelines set out herein, detailed requirements in local data protection laws must, as applicable, be followed by employees who are responsible for activities involving processing of personal data.
Executive Summary
- Data protection laws set out limitations on the categories of personal data which may be collected, under which circumstances that data may be collected, how the personal data may be used, and for how long the data may be retained.
- Proposed acts of collection (such as collection of employee or customer personal data, purchase of customer data for marketing or profiling purposes, and collection of personal data through websites) must be analysed closely to ensure they would not result in violation of data protection laws.
- The need for proportionality and transparency is key, and individuals must be informed of the Company’s processing of their personal data.
- Personal data may only be disclosed to third parties (including the Company’s affiliates) when a legitimate basis for doing so has been established, and only provided that appropriate measures have been undertaken, such as a data processing agreement.
- Transfers of personal data to entities outside the European Economic Area (EEA) or access to personal data by entities outside the EEA should occur only when the exporting entity has received assurances, recognized under applicable data protection laws, that the personal data will be adequately protected by the importing entity.
- Violations can result in damage claims or imprisonment, as well as administrative fines and/or other sanctions imposed by the supervisory authority.
--
* Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Thule Group Whistleblowing line
We urge employees, suppliers or any other external business partner to report any suspected violation against the Thule Group Code of Conduct.