Privacy Policy

Welcome to www.magtrol.com (the “Site”), a website provided by Magtrol Inc., a New York corporation, (“MINC”) and Magtrol SA, a Swiss société anonyme, (“MSA”). MINC and MSA (collectively, “Magtrol”) respect your privacy, and this policy covers Magtrol’s processing, protection, transfer and use of information collected from you through the Site or other sources in the ordinary course of Magtrol’s business.

1. ACCEPTANCE

You should review this policy carefully, and be sure you understand it, prior to using the Site or otherwise providing any information to Magtrol. Your use of the Site, providing any information to Magtrol or any other indication of your assent is deemed to be acceptance by you of this policy. If you do not agree to this policy, you should not use, and should immediately terminate your use of, the Site and not otherwise provide any information to Magtrol. For purposes of this Section, accessing the Site only to review this policy is not deemed to be use of the Site.

2. DEFINITIONS

In this policy:

(a) “Analytical Data” means all Non-Personal Data obtained through the use of session and persistent cookies (or other tracking technologies) and server log files (including, but not limited to, (i) your search terms, (ii) your computer’s access date and time, browser, connection speed, Internet service provider, language, location, manufacturer, visit details, and operating system;
(b) “Collected Data” means all (i) U.S. Personal Data, (ii) European Personal Data and (ii) Non-Personal Data;
(c) “GDPR” means the General Data Protection Regulation of the European Union, enacted on April 27, 2016, as from time to time amended by the European Parliament.
(d) “Non-Personal Data” means all information collected by Magtrol, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you send to Magtrol, and (iii) other sources in the ordinary course of Magtrol’s business, that is not U.S. Personal Data or European Personal Data (including, but not limited to, any Analytical Data);
(e) “European Personal Data” means all information collected by Magtrol, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you send to Magtrol, and (iii) other sources in the ordinary course of Magtrol’s business, that relates to an individual in the European Union or Switzerland and that identifies, or can be used in conjunction with other readily-accessible information to identify, such individual (including, but not limited to, name, e-mail address, physical address, phone number and, in the case of employees and employment applicants of Magtrol, human resource information);
(f) “Sensitive Data” means all European Personal Data that specifies (i) health data, (ii) racial or ethnic origin, (iii) political opinions, (iv) religious or philosophical beliefs, (v) union membership, (vi) genetic data, (vii) biometric data or (viii) the sex life or sexual orientation of such individual; and
(g) “U.S. Personal Data” means all information collected by Magtrol, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you send to Magtrol, and (iii) other sources in the ordinary course of Magtrol’s business, that relates to an individual in the United States and that identifies, or can be used in conjunction with other readily-accessible information to identify, such individual (including, but not limited to, name, e-mail address, physical address, phone number and, in the case of employees and employment applicants of Magtrol, human resource information).

3. JURISDICTIONS

MINC, which is located in the United States, collects, processes, protects, transfers and uses U.S. Personal Data, but no European Personal Data. MSA, which is located in Switzerland, only collects, processes, protects, transfers and uses European Personal Data, but no U.S. Personal Data. In doing so, MINC and MSA comply with all law relating to U.S. Personal Data and European Personal Data, as applicable. Without limiting the generality of the immediately preceding sentence, MSA will collect, process, protect, transfer and use European Personal Data in compliance with the GDPR. For example, if MSA were to transfer European Personal Data to MINC (or a third party located in the United States), such transfer would only occur in compliance with the GDPR.

4. DATA COLLECTION

No Collected Data is obtained from you, unless it is voluntarily provided, except for any Analytical Data obtained automatically through the Site as set forth in this policy. Regardless of the method used to obtain Collected Data, Magtrol will only collect U.S. Personal Data and European Personal Data (a) that is relevant to the purposes for which it is provided by you and for other purposes permitted by applicable law, and (b) except for European Personal Data, for Magtrol’s other legitimate business purposes (including, but not limited to, marketing). You are responsible for obtaining any approvals, authorizations, consents, permissions and permits that are required in connection with your providing Magtrol with any information (including, but not limited to, any information relating to a third party).

5. ELECTRONIC COMMUNICATIONS

Whether or not you have previously sent Magtrol an e-mail message, you consent to Magtrol’s sending you e-mail messages and other electronic communications (a) in connection with your use of the Site, (b) in the ordinary course of business, or (c) for any other legitimate business purpose of Magtrol (including, but not limited to, marketing). Since Magtrol endeavors to send e-mail messages and other electronic communications only to individuals desiring to receive them, you can unsubscribe to such e-mail messages or other electronic communications at any time by contacting Magtrol as set forth in Section 22 or by following the directions contained in such e-mail messages or other electronic communications. Any request to unsubscribe to e-mail or other electronic communications will likely be effective within 2 weeks after your request is received by Magtrol.

6. ANALYTICAL DATA

When you access the Site, Magtrol will collect Analytical Data. Your browser may provide you with the ability to not accept cookies, as well as the ability to delete already-existing cookies. If you refuse, or delete previously-existing, cookies, you may not be able to enjoy some features of the Site.
Analytical Data will only be used by Magtrol (a) to record your use of the Site, (b) to diagnose problems with the Site, (c) to improve the Site and make the Site more useful to you and other users, and (d) for other legitimate business purposes of Magtrol (including, but not limited to, marketing). Magtrol will collect Analytical Data either directly or through third parties acting on its behalf.

7. SENSITIVE DATA

Any provision of this policy to the contrary notwithstanding, if Magtrol collects any Sensitive Data from you, your explicit consent (i.e. among other things, you must “opt in”) will be obtained before such Sensitive Data is (a) disclosed to a third party or (b) used for a purpose other than the purposes for which such Sensitive Data was originally collected or subsequently authorized by you. Magtrol will also treat as Sensitive Data any European Personal Data received by Magtrol from a third party if the third party identifies it in writing to Magtrol, and treats it, as Sensitive Data.

8. CONTROLLER/PROCESSOR

All electronic U.S. Personal Data is controlled or processed by Magtrol on servers located in Buffalo, New York. All electronic European Personal Data is controlled or processed by Magtrol on servers located in Rossens, Switzerland. Magtrol may transfer U.S. Personal Data and European Personal Data to a third-party sub-controller or processor only pursuant to Section 11 and applicable law (including, but not limited to, the GDPR).

9. PROTECTION

Magtrol will use commercially reasonable administrative and technical measures to protect U.S. Personal Data and European Personal Data from loss and unauthorized access, alteration, destruction, disclosure and use. Such measures shall ensure a level of protection appropriate to the specific risks identified by Magtrol and in compliance with any laws applicable to Magtrol (including, but not limited to, the GDPR). Even if Magtrol uses such measures, since no transmission of information over the Internet or electronic storage of information is completely secure, it is possible that Collected Data could be lost or accessed, altered, destroyed, disclosed or used without authorization. In providing any information to Magtrol, you must assume the risk that Collected Data could be lost or accessed, altered, destroyed, disclosed or used without authorization.

10. USE OF COLLECTED DATA

All Collected Data may be used by Magtrol for any legitimate business purpose, except that, in the case of European Personal Data, such purpose must be (a) relevant to the purpose for which such European Personal Data was provided by you or (b) subsequently authorized by you as, and to the extent, required by the GDPR. If Magtrol expressly states in this policy or in another writing that any Collected Data will only be used for a specific purpose, Magtrol will only use such Collected Data for such purpose, unless you subsequently consent to its being used for another purpose.

11. TRANSFER OF COLLECTED DATA

Any Collected Data obtained by Magtrol, whether or not for a specific purpose, may be transferred to third parties designated by Magtrol (including, but not limited to, any affiliates, customers, distributors, sub-contractors or vendors of Magtrol) for any purposes for which Magtrol could use such Collected Data, except that, in the case of European Personal Data, (a) Magtrol will notify you of such transfer, (b) such third party’s right to use such European Personal Data is limited to such purposes, (c) such third party is obligated to provide at least the same level of privacy protection of such European Personal Data as required by the GDPR, (d) Magtrol must take commercially reasonable measures to ensure that such third party processes European Personal Data in a manner consistent with Magtrol’s obligations under the GDPR (including, but not limited to, entering into data processing agreements (or other similar arrangements) with such third party requiring that such third party comply with such obligations), (e) such third party is required to notify Magtrol if such third party makes a determination that it can no longer meet its obligation to provide the same level of privacy protection as required under the GDPR, and (f) upon receiving such notice, Magtrol must promptly take commercially reasonable measures to terminate, and remediate, any unauthorized processing of any European Personal Data. In the case of any transfer of European Personal Data to third parties outside the European Union, Magtrol could be responsible for the failure of such third party to comply with the GDPR.

Magtrol may also at any time, in its sole discretion, transfer any Collected Data, whether or not you furnished such Collected Data for a specific purpose, to (a) comply with, or as permitted by, any applicable law or lawful request of a government or public authority for purposes of satisfying national security, law enforcement and other requirements, (b) cooperate with law enforcement, and other third parties, in investigating a claim of fraud, illegal activity or infringement of intellectual property rights, (c) protect the rights, property or legitimate business interests of Magtrol or a third party, or (d) transfer such Collected Data to a third party acquiring all, or substantially all, of the assets of MINC or MSA. If Collected Data is so transferred, Magtrol will have no responsibility for any action of the third party to whom or which such Collected Data is transferred.

12. DATA DELETION

Magtrol will delete European Personal Data from its servers (and servers of third parties acting on behalf of Magtrol) when it is no longer required for the purposes for which it was collected and processed, unless Magtrol has another lawful basis to continue holding it, Magtrol is legally required to continue holding it, or it is relevant to Magtrol’s interests in any judicial proceeding or other dispute.

13. THIRD-PARTY SITES

The Site may contain links to, or be accessible from, websites (including, but not limited to, social media plugins) provided by third parties (individually a “Third-Party Site”). Your use of a Third-Party Site will be subject to its terms of use and other provisions, and you are responsible for complying with such terms and other provisions. This policy does not cover the privacy policies or practices of any Third-Party Site, and Magtrol is not responsible for any information you submit to, or otherwise collected by, any Third-Party Site. Magtrol is only responsible for Collected Data obtained by it (a) through your authorized use of the Site or (b) from other sources in the ordinary course of its business. You should consult each Third-Party Site for its privacy policy or practice before submitting any information to, or otherwise using, such Third-Party Site.

14. RIGHTS

You may refuse to provide any information to Magtrol at any time by terminating your use of the Site, or in cases not involving use of the Site, by notifying Magtrol as set forth in Section 22. If you refuse to provide any information when requested to do so by Magtrol or the Site, you may not be able to access, or otherwise receive the benefits of, certain products and services from Magtrol or features of the Site.

Magtrol does not warrant or represent that any U.S. Personal Data will be accurate or up-to-date. However, upon your request, Magtrol will grant you access to your U.S. Personal Data in the possession, or under the control, of Magtrol solely for the purpose of correcting or deleting such U.S. Personal Data that is inaccurate or has been processed in violation of this policy, except when the burden or expense of providing such access would be disproportionate to the risks to your privacy or where the rights of a third party would be violated. If you desire access to any U.S. Personal Data for such purpose, you must contact Magtrol in writing as set forth in Section 22.

Magtrol endeavors to keep all European Personal Data accurate and up-to-date, but it cannot do so without your assistance. You are responsible for promptly notifying Magtrol of any changes to such European Personal Data.

With respect to all European Personal Data, you have, in certain cases, the right to (a) receive information regarding, and access to, your European Personal Data, (b) rectify your European Personal Data, (c) erase your European Personal Data (i.e. the “right to be forgotten”), (d) restrict, or object to, processing of your European Personal Data, (e) receive your European Personal Data in a commonly used and machine-readable format, and (f) transfer your European Personal Data to party designated by you.

15. CHILDREN

The Site is not intended for children under 13 years of age. However, if a parent or guardian of a child who is under 13 years of age discovers that U.S. Personal Data of such child has been submitted to Magtrol through the Site without the parent’s or guardian’s consent, Magtrol will use commercially reasonable measures to remove such information from the Site and Magtrol’s servers at the parent’s or guardian’s request. To request the removal of such U.S. Personal Data, the parent or guardian must contact Magtrol as set forth in Section 22, and provide all information requested by Magtrol to assist it in identifying the U.S. Personal Data to be removed.

16. APPLICABLE LAW

This policy shall be governed by, and construed and interpreted in accordance with, (a) in the case of U.S. Personal Data, the laws of the state of New York, without regard to its principles of conflict of laws, and (b) in the case of European Personal Data, the GDPR and any other applicable law of Switzerland, without regard to its principles of conflict of laws. If there is any conflict or inconsistency between any provision of this policy and any provision of any applicable law (including, but not limited to, the GDPR), the latter shall control.

17. COMPLAINTS

Any complaint by you regarding any Collected Data (not including European Personal Data), or otherwise relating to this policy must first be submitted to Magtrol as set forth in Section 22, and Magtrol must be given a reasonable opportunity of not less than 45 days to investigate and respond to your complaint. Upon Magtrol’s completing such investigation and so responding, Magtrol and you must then attempt, in good faith, to promptly resolve any remaining aspects of your complaint. If any aspect of your complaint remains unresolved after an additional reasonable period of time of not less than 45 days, (a) you may commence litigation against Magtrol in connection with the unresolved portion of your complaint only in a court located in Erie County, New York, and having subject matter jurisdiction over your complaint, and (b) you consent to any such court’s being, and waive any objection (including, but not limited to, any such objection based on inconvenience) to such court’s not being, a proper venue for your complaint.

Any complaint by you regarding any European Personal Data shall be addressed and resolved by you and Magtrol, in good faith, as set forth in the GDPR. Without limiting the generality of the immediately preceding sentence, you may be able to submit your complaint to the data protection authority in Switzerland or the member state of the European Union having jurisdiction of such complaint.

18. ENTIRE AGREEMENT

Except as set forth in this Section, this policy contains the entire agreement, and supersedes all prior oral and written agreements, proposals and understandings, between you and Magtrol, with respect to Collected Data. If you use the Site or otherwise have business dealings with Magtrol, such use or dealings will be subject to this policy, plus any other written agreement between you and Magtrol that is applicable thereto. To the extent there is any conflict or inconsistency between any provision of this policy and any provision of such other agreement, the former shall control.

19. SEVERABILITY

Whenever possible, each provision of this policy shall be interpreted to be effective and valid under applicable law. If, however, any such provision shall be prohibited by or invalid under such law, it shall be deemed modified to conform to the minimum requirements of such law, or if for any reason it is not so modified, it shall be prohibited or invalid only to the extent of such prohibition or invalidity without the remainder of such provision, or any other provision of this policy, being prohibited or invalid.

20. REVISIONS

Magtrol may revise any provision of this policy from time to time by posting the revised provision on the Site so long as such revision does not conflict with any applicable law. Any such revision will take effect immediately upon such posting, and will apply to all Collected Data obtained by Magtrol after such posting. It is your responsibility to periodically check this policy on the Site for revisions to this policy. The latest version of this policy will always be the one posted on the Site.

21. EXPENSES

Except as provided in this policy or required by any applicable law, you are solely responsible for all fees and disbursements of any attorney or other advisor retained by you in connection with enforcing your rights under this policy.

22. CONTACT INFORMATION

If you have any questions or complaints, desire additional information, or need to notify Magtrol of anything regarding any Collected Information or otherwise relating to this policy, please promptly contact Magtrol as follows:

If to MINC:
Magtrol Inc.
70 Gardenville Parkway
Buffalo, New York 14224
privacy@magtrol.com

If to MSA:
Magtrol SA
Attn: Data Protection Officer
Route de Montena 77
1728 Rossens
Switzerland
dpo@magtrol.com

 

Effective Date: January 28, 2019