Products
  • Products
  • Content

    Global Internal Privacy Principles

    Gates Industrial Corporation plc

    Gates Industrial Corporation plc and its relevant affiliates (“Gates” or the “Company”) are

    committed to the highest standards of business conduct across all of the Company’s activities and

    operations. As part of this commitment, Gates takes privacy and data protection very seriously.

    Gates has, therefore, established these Global Internal Privacy Principles (“Privacy Principles”)

    which further detail how personal data will be collected, stored and processed within Gates.

     

    Further, many countries have enacted statutes and other laws that protect certain types of personal

    data. If Gates fails to comply with such laws, it may be liable towards data subjects or be subject

    to administrative and criminal sanctions. It is therefore important that each person working with

    personal data within Gates is aware of and complies with these Privacy Principles, along with the

    related policies noted below.

     

    If you have any questions regarding these Privacy Principles, or how they should be applied in

    practice, please contact the Gates Law Department. To the extent there is any conflict with or

    additional requirements mandated by any local or regional law, Gates will comply with all such

    legal requirements.

    RELATED POLICIES

    These Privacy Principles are supplemented by a number of Gates policies, including, but not

    limited to:

     

    DEFINITIONS

    In these Privacy Principles, “personal data” refers to any information concerning an identified or

    identifiable natural person (such as employees, contact persons at customers or suppliers, etc.,

    which are referred to as “data subjects”) or as such term is defined by local applicable law.

    GENERAL REQUIREMENTS

    Data Uses

     

    • Fair and lawful processing – Gates processes personal data in a fair and lawful way.

      Before implementing a new process that involves personal data processing, Gates will

      strive to verify that applicable laws allow such processing; for example, the law may

      allow it because Gates has an obligation or right to process such personal data, or

      because it is necessary for Gates' legitimate interests to process such data so long as it

      does not adversely affect the rights of the data subject. Where required by law, Gates

      will use reasonable efforts to obtain the data subject's consent before processing such

      person's personal data.

    •  

    • Purpose limitation – Gates will collect and process personal data for specified, explicit

      and legitimate purposes only. For example, Gates may collect and use personal data:

      (a) in order to perform a contract; (b) where the data subject has provided consent; (c)

      where necessary in order for Gates to carry out its legitimate business activities (for

      more detail, please see above referenced Related Policies); (d) in order to comply with

      its legal obligations; (d) where there is an urgent safety or product recall notice; or (e)

      to consider a person’s application for employment with the Company.

       

      Gates will not use personal data collected for a specified purpose in a way incompatible

      with such purpose, taking into account the data subject's reasonable expectations and

      scope of any necessary consent. Therefore, before engaging in personal data collection,

      Gates will assess the purposes for which it intends to use such data, and use reasonable

      efforts to communicate such purposes to the data subject in accordance with

      transparency requirements. In each case where Gates uses personal data for purposes

      other than those for which the data was collected, Gates will inform the data subjects

      of such use and, where required, obtain their consent.

    •  

    • Special categories of data – Gates is aware that its processing activities may involve

      special categories of data, such as medical data or other sensitive data, and that such

      types of data are often granted a more protective status under data protection laws. In

      each case where Gates processes such special categories of personal data, Gates will

      verify whether its security measures take into account the nature of such data and the

      risks, and take additional measures as necessary to ensure fair and lawful processing of

      such data.

    •  

    • Data quality and minimization – Gates will strive to only process personal data that

      is adequate, relevant and proportionate to the purposes for which the personal data is

      collected and further processed. When implementing a new personal data processing

      activity, Gates will strive to assess whether all data collected from the data subject or a

      third party are proportionate for the intended use. Gates will also use reasonable efforts

      to regularly update data so as to avoid processing of inaccurate or incomplete data.

    •  

    • Data storage – Once Gates no longer needs personal data for the purposes for which

      it was collected, Gates will use reasonable efforts to delete or anonymize such data, in

      order to ensure the natural person to which such data relates can no longer be identified.

      When implementing a new personal data processing activity, Gates will determine an

      appropriate storage term and manage the data accordingly.

    Data Subject Rights

    • Transparency – Gates will inform the data subjects of its intended personal data

      processing before commencing such processing, in such manner as is appropriate,

      given the way in which the data was collected (such notices may be provided through

      a privacy policy, privacy clauses, privacy statements or information notice, for

      example). Gates will strive to inform the data subjects of all relevant details of the

      processing activities in a clear and understandable manner. Such details will include

      the identification of the Gates entity responsible for the data processing, the purposes

      for which data is being processed, the categories of recipients of the data, the data

      subject's right to access and rectification, and such other information as may be

      appropriate given the circumstances or as required under applicable law (e.g., by GDPR

      or LGPD).

    •  

    • Access, rectification and deletion – Gates will respond to requests from data subjects

      to access their data, to receive a copy or description of the information it possesses

      about them, or to have data be updated or deleted, in accordance with any procedural

      requirements and time frames as may be imposed by applicable laws, provided Gates

      does not have any lawful reason under any applicable law to continue to use and possess

      that information. All such requests shall be directed to [email protected].

    Security and Confidentiality

    • Security – Gates will use reasonable efforts to implement appropriate technical and

      organizational measures to protect personal data against accidental or unlawful

      destruction or accidental loss, alteration, unauthorized disclosure or access, and against

      all other unlawful forms of processing, taking into account applicable law. When

      assessing which security measures are appropriate for a specific processing activity,

      Gates will take into account industry standards, the cost of implementing data security

      measures in relation to the risks represented by the processing, the nature of the specific

      types of data to be protected, and any data security measures required by applicable

      law.

    •  

    • Confidentiality – Gates will treat all personal data confidentially. When implementing

      a new personal data processing activity, Gates will assess which Gates personnel are

      required to have access to the personal data, taking into account their responsibilities

      and functions within Gates and the purposes for which the data is being processed.

    Third Party Processing and Data Transfer

    • Third party processors – For some personal data processing activities, Gates may

      need to involve a third party supplier (for example, IT providers, payroll providers,

      etc.). Gates is aware that in such case, it remains responsible for complying with

      applicable laws. Gates will therefore require through contractual provisions that such

      third party suppliers provide services in accordance with Gates’ privacy and data

      protection obligations. Gates will in any case use reasonable efforts to require that such

      suppliers only process personal data in accordance with Gates' instructions, and

      implement appropriate technical and organizational security measures.

    •  

    • Transfer of data – Gates is aware that different countries have different privacy and

      data protection rules, each offering a different level of protection to the data subject.

      Gates will use reasonable efforts not to transfer personal data across borders in a

      manner that adversely affects the rights of the data subjects (either within the Gates

      group or to external parties). More specifically, when transferring personal data from a

      country to another country that does not offer the same level of protection as the former,

      Gates will take such reasonable measures as are appropriate to continue ensuring an

      adequate level of protection for the personal data (e.g. agreed specific contractual

      provisions with the recipient of the data).

    Regulator Notification and Authorization

    • Gates is aware that in certain countries, certain personal data processing activities must

      be notified to and/or authorized by the local regulator. When implementing a new

      personal data processing activity, Gates will assess whether such notification or

      authorization is required, and act accordingly.

    Specific Processing Activities

    • Gates is conscious that certain specific activities involving personal data or affecting

      persons' privacy (e.g. CCTV, direct marketing, employee monitoring, etc.) may be

      subject to specific additional or different rules and requirements (e.g. specific notice

      obligations, works council involvement, etc.). Gates will for each such activity

      undertake to identify the relevant rules and requirements, and follow applicable legal

      requirements.

    WHO TO CONTACT:

    Gates Data Privacy Team

    Email: [email protected]

     

    Available in Other Languages:  

    中文

    Português

    ไทย

    Español - Argentina

    Español - Mexico