Introduction
This Privacy Policy explains how Hillcon collect, use, share and safeguard Personal Data and Non-Personal Data on Hillcon’s website www.hillcon.nl, microsites, mobile applications, Hillcon profiles on social media sites and any other digital services and platforms officially operated or used by Hillcon from time to time (“Sites”), as well as by phone or by paper.

Changes to the Privacy Policy
As Hillcon, its customers, products, and services change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be indicated by the “Effective Date” at the bottom of the last page of this Policy.

Types of Data We Collect
Personal Data
We collect information (whether online, by phone, or by paper) that enables Hillcon to identify or contact you (“Personal Data”) to carry out its business purposes. Hillcon Sites collect this information for a variety of business reasons, including but not limited to, applying for employment, purchasing Hillcon products or services, or otherwise interacting with Hillcon.
The types of Personal Data we collect include, but are not limited to:

• General data (e.g., names, dates of birth, home and business addresses, email addresses, Internet protocol addresses, and mobile/landline business/personal telephone numbers that are provided by our members/customers);
• Professional data (e.g., technical or professional qualifications of our labor force or counterparties);
• Government-issued identification numbers (e.g., social security numbers, national identification numbers, and tax identification numbers), for example from employees and independent contractors;
• Other identification information (e.g., photographs);
• Financial information (e.g., bank account and credit card numbers, credit reports, passwords, and PIN numbers) for internal administration, external sales, or employment or contracting purposes.

Hillcon also receives Personal Data from third parties for Hillcon’s use in the administration of its business units, such as information concerning the identity and qualifications of our business counterparts.

Non-Personal Data
We collect information (whether online, by phone, or by paper) that does not directly identify you as you interact with our Sites (“Non-Personal Data”). The types of Non-Personal Data we collect may include, but is not limited to:
• Site usage (e.g., browsing history, number of clicks, referring/exit pages, date/time stamp, time on Site);
• Site pages viewed;
• Computer type, operating system, and platform type;
• Internet service provider.

How We Use Your Data
In addition to the uses described above, we use your Personal Data, sometimes combined with Non-Personal Data, in a variety of ways including, but not limited to the below, in order to:

Personal Data
• Identify you when you visit our Sites;
• Provide service communications such as emails, invoice reminders, contract confirmations, and customer service messages;
• Provide products, information, and services you request or that we think you may be interested in;
• Respond to your emails or other requests for products, services, or information;
• Improve the usability of the Sites;
• Fulfill and/or deliver Hillcon products and services.

Non-Personal Data
We use Non-Personal Data to improve the usability of our Sites and for other business reasons. We do not provide Personal Data to third parties with whom we might share your Non-Personal Data. Please note that, when you select a news story link or another link that takes you to sites not operated by Hillcon, you may be subject to the privacy policies of these third-party sites.

How We Share Your Data
We may share your Personal Data in a variety of ways including, but not limited to, the below:
• Share data with third parties to fulfill service requests and to perform business functions (e.g., Hillcon contracts with third parties to provide services on our behalf such as data hosting services and customer support and consulting services).
• Share data with third parties as required by law or to protect Hillcon in the good-faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process served on Hillcon; (b) protect and defend Hillcon’s rights or property; or (c) protect the personal safety of Hillcon personnel or members of the public in appropriate circumstances.
• Share data with third parties if Hillcon and/or its assets (or a portion of its assets) are sold, assigned, transferred, or merged, or if Hillcon undergoes some other change including a change to its corporate form as part of a bankruptcy proceeding or otherwise; information may be transferred as part of that transaction or change.
• Share data with third parties in order for us to improve our ability to offer you products and services that may be of interest to you.
• Share data with third parties under other unanticipated situations, but only with your consent.
• Share your email address, but only as permitted by Hillcon’s Email Policy, as follows: Your email address will be used only by Hillcon and Hillcon -related parties or subcontractors who are actively involved in performing or offering Hillcon’s services or products. Hillcon does not sell or rent email addresses to anyone outside Hillcon, nor does Hillcon share email addresses with unrelated third parties. Hillcon may also share your email address with third parties to enable Hillcon to take security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. Finally, Hillcon may share email addresses with third parties to respond to your service requests.

How You Can Manage the Processing of Your Data
You can manage your profile and email preferences, including “opting out” of emails from us, by contacting us using the information in the “Contact Information” section below.
Our processing of your data is based upon your consent, contract performance (e.g., your purchase of Hillcon products or services), legitimate business interest (e.g., the direct marketing of our goods and services), or compliance with the law. You have the right to object to our processing of your data or to restrict our processing of your data. In addition, if you have consented to the processing of your Personal Data, you have the right to withdraw your consent at any time.

EU’s General Data Protection Regulation (GDPR) and UK GDPR
Hillcon guarantees the confidentiality of personal data provided by customers, suppliers, partners, employees, and website users, in accordance with the legislation in force regarding personal data, such as the General Data Protection Regulation (GDPR) and UK GDPR.

Your rights
Under the General Data Protection Regulation and the UK GDPR, you have a number of important rights:
• access to your personal data and certain other supplementary information that this Privacy Notice is already designed to address;
• require us to correct any mistakes in your information which we hold;
• require the erasure of personal data concerning you in certain situations;
• receive the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations;
• object at any time to processing of personal data concerning you for direct marketing;
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
• object in certain other situations to our continued processing of your personal data;
• otherwise, restrict our processing of your personal data in certain circumstances;
• claim compensation for damages caused by our breach of any data protection laws.
If you would like to exercise any of those rights, please:
• contact us using our contact details below,
• let us have enough information to identify you,
• let us have proof of your identity and address, and
• let us know the information to which your request relates.

How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation and the UK GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular (under the GDPR) in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

California Privacy Rights
In addition to the rights as explained in this Privacy Policy, under California’s recent and evolving “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. Since Hillcon’s products and services are not designed or used for personal, family, or household use, we consider the above inapplicable at this time. (However, if applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year; e.g., requests made in the current year will receive information about the prior year.)

Canada Anti-Spam Law
Hillcon complies with the Canada Anti-Spam Law. Persons who provide us a Canadian mailing address will not receive unauthorized Commercial Electronic Messages (as defined under the Canada Anti-Spam Law) unless these individuals have “opted-in” to receive Commercial Electronic Messages.

Children
We do not knowingly collect Personal Data from or market to children under the age of 14.

How We Protect Personal Data
Hillcon implements commercially reasonable security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. Except for the sharing of information as set forth in this Privacy Policy, we restrict access to Personal Data to certain companies or individuals who need the data to operate, develop, or improve our services or compliance systems (e.g. employee-related compliance matters). These persons are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations. Unfortunately, no data transmission over the Internet or electronic storage is fully secure. Accordingly, and despite our reasonable efforts to protect your Personal Data from unauthorized access, use, or disclosure, Hillcon cannot guarantee or warrant the security of the Personal Data you transmit to us.

User ID and Password
Certain areas of our Sites (for example, shared folders hosted on our web platform) require the use of a user ID, email address, or password as an additional security measure that helps protect your Personal Data. To help you protect your privacy, these Sites have tools to help you log in and log out.

Linking to Other Internet Sites
You should be aware that other Internet sites that are linked from the Hillcon Sites or a Hillcon email message may contain privacy provisions that differ from the provisions of this Privacy Policy. To ensure your privacy is protected, we recommend that you review the privacy statements of these other linked sites, applications, or other digital platforms.

How You Can Access, Change and Delete Your Personal Data
We rely on you to update and correct your Personal Data. If you are a user of our Sites, the purchaser of Hillcon products or services, or a Hillcon member or employee, you can review, update and correct your information by contacting us using the “Contact Information” section below. Typically, we retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This may include retaining your Personal Data indefinitely, even after you are no longer a Hillcon member or counterparty, in order to provide you with future marketing opportunities and other purposes, as well as to comply with our legal obligations, resolve disputes, or enforce any of our agreements. Please note that you can request, at any time, that we delete your Personal Data. All requests must be directed to the contact in the “Contact Information” section below. We can decide to delete your Personal Data if we believe that the data is incomplete, inaccurate, or that our continued use and storage are contrary to our legal obligations or the rights of other individuals or third parties. When we delete your Personal Data, it will be removed from our active databases or anonymized so that the data is no longer identified with you, but the data may remain in our archives if Hillcon determines that it is not practical or possible to delete it, or if it required to be maintained for compliance purposes.

Cookies and Other Web Devices
Our website sends cookies (e.g., pieces of code or text placed on your computer by us when you browse our Sites) to your web browser (if your browser’s preferences allow it) to collect data when you browse our Sites. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. If you view our website without changing your cookie settings, you are indicating your consent to receive all cookies from our Sites. If you do not allow cookies, some features and functionality of our Sites may not operate as expected. In addition to cookies, we may place technological tools such as tags and beacons (e.g., code scripts that are primarily used to track visitors’ activities on our Sites by web analytics software), Internet Protocol (IP) addresses, and other tools, to collect your data for the purposes listed in this Privacy Policy.

Transmission of Data to Other Countries
Your Personal Data is processed principally in The Netherlands. By submitting your Personal Data to us, you agree to the transfer, storage, and processing of your Personal Data in The Netherlands, as well as in the other countries where Hillcon and its subsidiaries are located.
For EU and UK residents, Hillcon will mostly transfer your data within the European Economic Area. Hillcon may transfer your data to countries outside the European Economic Area on restricted and strictly necessary circumstances for the purposes described in this document and in accordance with the GDPR. If you would like to know the measures we have in place to secure personal information transferred outside the European Economic Area and the locations where your data has been transferred, please contact us using the details on the “Contact Information” section below

Right to Complain to Supervisory Authority
You, as the data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data does not comply with legal requirements.

Breach Notification
In the event we determine the occurrence of a data security incident, we will notify you by email, postal mail, telephone, or other means as permitted by law.

Contact Information
If you have questions, comments, or complaints concerning our privacy practices or if you wish to change, access, or remove your Personal Data, please contact us as indicated below. We will attempt, where practical, to respond to your requests and to provide you with additional privacy-related information.

Hillcon
Romhof 5
9411 SB Beilen
The Netherlands
Telephone: +31(0)593 540 470
Email: info@hillcon.nl

Effective date: February 18, 2022