TOMRA Privacy Policy
Within the TOMRA Group, the data controller will be TOMRA Systems ASA or the respective TOMRA company you interact with or have a business relationship with.
This Privacy Policy provides general information about how TOMRA processes personal data about individuals outside the TOMRA organization and does not include information on processing related to TOMRA’s employees.
The purpose of this Policy is to provide you with information about the different categories of personal data that TOMRA processes about you and the different purposes we use such data for. Below we also describe who we may share your data with, how we protect the data and your privacy rights.
What is personal data?
Personal data is any information related to an individual that can be used to identify an individual, either directly or indirectly. Personal data can for instance be a name, postal address, phone number, bank details or an IP address.
Personal data does not include data that are anonymized or non-personal information that cannot be linked to an individual.
Who do we process personal data about?
Depending on the interaction with TOMRA, we can process personal data about the following data subjects:
- Contact persons, including employees at our customers, suppliers and other business partners
- Visitors to our website
- Individuals applying for a position at TOMRA
- Others who get in contact with us, for instance by sending us an inquiry or question
What types of personal data do we process for what purposes?
Your personal data may be collected in different ways; either collected by TOMRA when establishing a business relationship, provided by you directly in relation to other interactions with you or from third parties or publicly available sources. Personal data can also be collected through use of our website or digital services.
The types of personal data we process depend on the nature of your interaction with us. Below you will find information about our processing of personal data for different purposes.
Your business relationship with TOMRA
TOMRA may process personal data about our business partners, such as our customers, suppliers and other business partners, for different purposes.
Managing our professional relationship
When handling our professional relationships, we may process different categories of personal data. Depending on the interaction and the type of relationship, this may include processing of personal data for the following purposes:
Conclusion and execution of business agreements, such as agreements on sales and services, distribution and cooperation agreements. This may involve processing of contact data and organizational information, such as full name, job title/position, work address, work phone number/mobile phone number and work e-mail address. The legal basis is execution of the agreement.
Performing and managing our contractual relationships, for instance by completing transactions and orders of our products and services, facilitating access to and ensuring authentication in relation to our digital services, processing invoices, arranging shipments and deliveries and facilitating repairs and returns. This may involve processing of contact data, username (such as business email) used in relation to login into our digital services and organizational information. We may also process billing information as necessary for invoice processing and fraud prevention. The legal basis is performance of relevant agreement or our legitimate interest in performing and managing our contractual relationships.
Communication and support. We may process personal data in dialogues about our products, services and projects, and will always strive to provide our customers with support as needed. This may include processing of personal data, depending on what types of data you provide when you interact with us with questions, inquiries, request, comments or feedback, either in-person, online, by phone or mail with company representatives, help desks or other customer support channels. The legal basis for this processing of personal data is our legitimate interest in following up on communication and ensuring sufficient support.
Integrity Due Diligence and compliance risk management
TOMRA has implemented an Integrity Due Diligence (IDD) process as part of managing and evaluating third party compliance risk. The IDD process includes collection of information related to our business partners or potential business partners to identify potential risk, for instance concerning corruption, sanctions, anti-money laundering or human rights. This to ensure that our partner’s conduct is deemed acceptable. The IDD process may, to the extent necessary, involve processing of personal data, such as political exposure. Our legal basis for processing personal data in relation to our IDD process and compliance screenings is to comply with legal obligations or our legitimate interest.
Visitors to our website
Use of our website
When you visit and use our websites, the personal data that we collect, and further handle, depends on your interaction with our site. Regardless of further interaction, we may collect some basic information, such as your IP address, operating system, browser name, browser version and browser language. The information we process is considered necessary for the purpose of ensuring the functionality and availability of our webpages. TOMRA’s legal basis for this processing of personal data is our legitimate interest in ensuring functionality, availability and security of our websites.
We may also process personal data based on your consent to the use of cookies or similar tracking technology on our websites. You can find further information on our use of cookies below in this Policy and read more about the cookies that we use on tomra.com, what we use them for and how to administer your cookie settings in our global Cookie Policy.
Contact forms and newsletter subscription
On our website you can fill out and submit contact forms for different purposes. The personal data we collect, and further process depends on the information you provide in the form. This may for instance include your name, company name and contact information. The contact forms may also include free text fields. These fields should not be used to provide us with personal data unless necessary. We will solely use the data you provide in our digital forms to follow up on your inquiries. The legal basis for the processing of your personal data for said purpose is our legitimate interest in following up on communication and your requests, or your consent.
You may also use our site to sign up to receive our newsletters. Please read more about how we may process data for marketing and communications purposes under item “Marketing and communications and social media”.
Third party services
This Privacy Policy does not apply to third-party websites or social media features that may be accessed through links we provide on websites under our control. When accessing those links, you will leave the TOMRA website, and this may result in processing of your information by a third-party. We do not control or make any representations about these third-party websites or their privacy practices. We encourage you to review the privacy statement of any site you interact with before allowing the collection and further use of your personal data.
Marketing, communications and social media
Marketing and communications
TOMRA may process your contact information (such as name and email address) for direct marketing purposes as permitted under applicable law. This may involve sending you communication based on subscriptions to our newsletters or other communication, as requested. If you subscribe to receive communications from us, we will collect and use your name and contact information to be able to send you the communications you have requested.
You always have the right to opt-out of receiving further direct marketing from us, either by following a “opt out” or “unsubscribe” link in the respective communication to you or by writing to us with instructions.
We may also process your name, other contact information and any other data that you provide when you reach out to us with questions, inquiries, comments or feedback. This may involve general communication through, for instance, chat or e-mail. The information you provide us with will be used to provide support and information, depending on the interaction.
The legal basis for the relevant processing activities is TOMRA’s legitimate interest in providing requested information and/or ensuring support, or your consent.
Social media
TOMRA has an active presence on several social media platforms, such as Facebook, Instagram and LinkedIn, to connect with you and other stakeholders. We provide certain social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature.
We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites.
Development and analysis
We always strive to improve and further develop the performance and operation of our products and services, for instance optimizing user experience and otherwise further improve and develop our website and digital products. This may involve getting your voluntary feedback on the use of our products or services. The legal basis for processing your personal data for the relevant purpose is our legitimate interest.
Depending on the service you use and your cookie settings, we may also use data collected via cookies or other tracking technologies for analytical and statistical purposes, hereunder to make aggregated statistics. We may for instance collect device and technical data, browsing and usage data, behavioural and demographic data. We will ensure to minimize any processing of personal data and will implement sufficient safeguards, ensure that data in handled in a way that minimize privacy impact.
Recruitment
TOMRA will process personal data about you if you apply for a position within the TOMRA Group of companies. You will find information about our processing of personal data in relation to our recruitment process in our TOMRA recruitment privacy notice.
Security
TOMRA has implemented various security measures for the purpose of safeguarding our buildings, systems, products, and services against illegal and unauthorized access. This may involve processing personal data. The types of personal data we process, depends on the purpose of the relevant security measure. For example, we may process data such as your name, place of work, time and date for access to our premises as part of our physical access control. The legal basis for such processing of personal data is our legitimate interests in safeguarding of our business.
Compliance with legal obligations and claims
We may need to process personal data to ensure compliance with applicable legislation, such as accounting. recordkeeping or other legal obligations. Personal data may also be processed if needed to establish, exercise or defend legal claims.
Transfer of personal data
Your personal data may be transferred within the TOMRA Group, depending on the purpose of the processing activity. TOMRA has implemented safeguards to ensure compliance with regards to intercompany transfer of personal data.
TOMRA may also engage third-party service providers to deliver services. If such service involves processing any of your personal data, TOMRA will enter a data processing agreement with said service provider to ensure that your data in processed in a secure manner and only to the extend necessary for defined purposes in relation to the services provided to TOMRA.
We may also transfer personal data to other third parties to comply with legal obligations or establishing, exercising or defending legal rights or claims.
If sharing of your personal data involves transfer from the EU/EEA to a so called third county under EU/EEA legislation, TOMRA will ensure compliance and implement sufficient safeguards, such as EU Standard Contractual Clauses.
For how long do we store and process your personal data?
We do not store or process your personal data longer than necessary to fulfil the purpose the relevant processing is based on, unless further processing is required under statutory obligation. For example, if the storing of your personal data is based on an obligation to store data for a set period under applicable accounting legislation, we will delete your data when such obligation ceases and only process your data for the relevant purpose. Your data will also be deleted if the processing was based on your consent, and you later withdraw the consent.
How do we protect your personal data?
TOMRA has implemented routines and measures to protect your personal data against loss and unauthorized access and to ensure ongoing confidentiality, integrity, and availability. This involves both technical and organizational measures, such as access control, authentication procedures and regular security and risk assessments.
Cookies and tracking technology
We may use tracking technology and so called “cookies” on our websites and digital products. A cookie is a small piece of data (text file) that our website (when it is visited by a user) asks your browser to store on your device to remember information about you.
Certain cookies are strictly necessary for the operation and functionality of our websites and digital products cannot be turned off. Any processing of personal data in relation to such purposes is our legitimate interest.
Use of other cookies are optional and subject to your explicit consent. Your consent is for instance needed for us to set cookies used for behavioral advertising, retargeting and personalization. You may at any time change or withdraw your consent to the use of optional cookies.
Amendments and translations
TOMRA may make changes or amendments to this Privacy Policy at any time and without notice. The latest version of our Privacy Policy will always be available on our website. Any changes will be effective from the times they are published on our website. The Privacy Policy was last updated on the date stated at the end of the Policy.
In case of inconsistencies between any translations of the English version of this Privacy Policy, the English version will take precedence.
Your privacy rights and contact information
TOMRA respects data protection and privacy laws in the countries it operates in. Data subjects will keep any rights they have under applicable local law.
You may under specific circumstances and subject to local laws have the right to request access, rectification, erasure and/or restriction, or object to the processing of your personal data. Where processing is based on consent, you may also have the right to at any time withdraw your consent, without it affecting the lawfulness of the processing based on consent before the withdrawal.
You can find information about individual’s privacy rights under EU/EEA law on the website of the European Data Protection Board: Respect individuals’ rights | European Data Protection Board.
If you have any questions about this Privacy Policy, your privacy rights or how your personal data is being processed by TOMRA, you may reach out via email at [email protected]. You also have the right to lodge a complaint with the relevant data protection authority.
Version Date: April 2025