This Privacy Statement informs you of our privacy practices and of the choices you can make about the way we collect and use information about you, including information that may be collected from your online activity. This Privacy Statement applies to all TOMRA companies as well as TOMRA-owned websites, domains, services, applications, and products.

This Privacy Statement does not apply to third-party applications, products, services, websites or social media features that may be accessed through links we provide on web platforms under our control. Accessing those links will cause you to leave the TOMRA-controlled websites and may result in the collection or sharing of information about you by a third-party. We do not control, endorse or make any representations about those third-party websites or their privacy practices, which may differ from ours. We encourage you to review the privacy policy of any site you interact with before allowing the collection and use of your personal data.

In case of inconsistencies between any translations of the English version of this Privacy Statement, the English version will take precedence.

Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of TOMRA online platforms or during conversations or correspondence with TOMRA representatives.

The personal data we collect from you depends on the nature of your interaction with us or on the services you use, but may include the following:

Information you provide directly

• Contact Data: We may collect personal and/or business contact data including your first name, last name, mailing address, telephone number, fax number, email address and other similar contact information.
• Payment Data: We collect data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.
• Account Data: We collect information such as how you purchased or signed up for TOMRA services, your transaction, billing and support history, the TOMRA products and/or services you use and anything else relating to the account you create.
• Location Data: We may collect geolocation data when you enable location-based services or when you choose to provide location-related information.
• Security Credentials Data: We collect user IDs, passwords, password hints, and similar security information required for authentication and access to TOMRA accounts.
• Demographic Data: We may collect, or obtain from third parties, certain demographic data including country, gender, age, preferred language, general educational and employment background, and general job interest data.
• Preferences: We collect information about your preferences and interests as they relate to our products, services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
• Social Media Data: We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites.
• Other Unique Identifying Information: Examples of other unique information that we may collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with company representatives, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of our services and to respond to your inquiries. You are not required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with our services, certain specialized features or be able to effectively respond to any queries you may have.
  
  

Information automatically collected about your use of TOMRA services

• Device Data: We collect information about your computer and/or browsing device such as operating system, region, language, time zone, model number, browser version, computer manufacturer, connection port, unique device identifiers, advertising identifiers and additional technical information that varies by product.
• Website Browsing Data: We collect information about your visits to and your activity on TOMRA websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior. Some of this information is collected using automatic data collection tools such as cookies. 
• Anonymous or Aggregated Data: We may collect anonymous answers to surveys or anonymous and aggregated information about how TOMRA services are used.
  
  

Information from third-party sources

We may also acquire data from third-party sources that we deem to be credible and that are either publicly-available or available on a commercial basis. Such information may include personal data such as your name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media logins (e.g., logging in to our applications using your Facebook or other social media credentials). The basic details we receive may depend on your social network account privacy settings. In addition, if you purchase TOMRA services from a TOMRA partner, we may receive certain information about your purchase from that partner. If applicable, we may also receive information from fraud prevention agencies or from credit reporting agencies in connection with credit determinations.

We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.

In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, we may link or combine the information that we collect from the different sources outlined above. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by our automatic data collection tools to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.

We collect and use personal data to manage your relationship with TOMRA and better serve you by personalizing your experience and interaction with us. TOMRA will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. TOMRA is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

Examples of how we may use your data include:

Customer experience

Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services and features that may interest you. We also use your data to deliver a tailored experience, personalizing the content you receive and creating recommendations based your use of TOMRA services.

Transaction support

Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.

Product support & improvement

Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service.

Administrative communications

Communicating with you about TOMRA services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, or applicable corporate updates related to mergers, acquisitions or divestitures.

Security

Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.

Business operations

Conducting ordinary business operations, including recruiting, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.

We may pass your personal data on to third-party service providers contracted to TOMRA in the course of dealing with you if there is a legitimate purpose for doing so, however this will only occur if we have obtained your consent, or if we are otherwise legally required to do so. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with TOMRA’s procedures.

You have the option of subscribing to communications from us related to specific TOMRA services. You can also choose to receive general communications from TOMRA and you can select how those communications are delivered – e.g., via postal mail, email, telephone, fax, mobile device or online.

You can make or change your choices about receiving either subscription or general communications at the data collection point or by using other methods, which are described in the following sections. These options do not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.

Subscription communications

Subscription communications include email newsletters, notification of company disclosures, etc. that may be expressly requested by you or which you consented to receive.

To register for our newsletter, we use the so-called double-opt-in process. This means that after you register, we send an email to the email address you gave asking for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information is locked and automatically deleted after a month. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the process is to prove your registration and, if necessary, to investigate possible misuse of your personal information.

After you request such communications, you may opt out of receiving them by using one of the following methods:

• Select the email’s “Opt out” or “Unsubscribe” link, or follow the instructions included in each email subscription communication.
• Return to the website(s) where you originally registered your preferences and follow the instructions to opt out.
• Contact our Data Protection Officer. Be sure to provide your name, contact information, and specific relevant information about the TOMRA subscriptions or marketing that you no longer wish to receive.
  
  

Integration of videos

We offer videos on our website that are integrated from one of two external third-party video platforms: TwentyThree and YouTube. No personal data is stored on the TwentyThree video platform, unless you specifically subscribe to the platform’s notification service. Videos that are hosted on YouTube are all integrated into the “extended data protection mode”, i.e. no data may be transmitted about you as a user of YouTube if you do not play the videos. It is only when you play the videos that data pertaining to your playing of the video is transmitted. We have no influence on this data transmission.

If you are logged into Google when you click on an YouTube video that is integrated on our website, data about your session can be directly associated with your account. If you do not wish YouTube to associate your data with your profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of their website. Such an evaluation takes place, in particular (even for users who are not logged in) to provide needs-based advertising and in order to inform other users in the social network about your activities on our website. You have the right to revoke the creation of these user profiles, although you must contact YouTube to exercise this right.

You can find more information about the purpose and scope of data collection and processing by YouTube in their data protection statement. Google also processes your personal data in the USA and has committed to comply with certain legal frameworks relating to transfer of data. You can also find further information on your rights and configuration possibilities to protect your privacy at https://policies.google.com/privacy?hl=en&gl=en.

Integration of Google Maps

We use the Google Maps service on this website. This enables us to display interactive maps directly on the website and to allow you convenient use of the map function.

When you visit the website, Google receives the information that you have called up the respective sub-page of our website. If you are logged into Google, your data is directly associated with your account. If you do not wish Google to associate your data with your profile, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of their website. Such an evaluation takes place, in particular (even for users who are not logged in) to provide needs-based advertising and in order to inform other users in the social network about your activities. You have the right to revoke the creation of these user profiles, although you must contact Google to exercise this right.

You can find more information about the purpose and scope of data collection and processing by the plug-in provider in their data protection statement. Google also processes your personal data in the USA and has committed to comply with certain legal frameworks relating to transfer of data. You can also find further information on your rights in this regard and configuration possibilities to protect your privacy at https://policies.google.com/privacy?hl=en&gl=en.

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access and review: you have the right to know how your personal information is used and to request a copy of the information that we hold about you in an accessible format.
• Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten (Right to erasure): in certain circumstances you can request that we erase data we hold about you from our records.
• Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
• Right of portability: you have the right to have the data we hold about you transferred to another organization.
• Right to object: you have the right to object to certain types of processing such as direct marketing or selling/sharing your data.
• Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that TOMRA refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below. All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

In the event that you wish to inquire about how your personal data is being processed by TOMRA, or how your data privacy inquiry has been handled, please contact TOMRA's Data Protection Officer via email at [email protected] or by phone at +49 151 22659374. 

You also have the right to submit a complaint to TOMRA’s Data Protection Officer or directly with the relevant supervisory authority.

Version Date: March 20, 2022