Business Partner Contact – Data Privacy Notice

Allied Telesis International BV

Allied Telesis International BV with its primary place of business at Incheonweg 7, 1437 EK Rozenburg, Netherlands and its affiliated companies (hereinafter ATI BV) have a strong commitment to protecting the security and privacy of Personal Data of contact persons (hereinafter, Business Partner Contact) who we interact with at our customers, prospects, suppliers, vendors, associates and partners (hereinafter, Business Partner).

ATI BV processes personal data in compliance with Regulation (EU) 2016/679 (hereinafter, GDPR).

I. Legal Basis for processing of Personal Data.

When Personal Data of the Business Partner Contact is collected and processed by ATI BV during the course of performing business, contractual, regulatory and/or legal obligations with Business Partners; then unless explicitly stated otherwise the primary legal basis for the processing of said Personal Data is –

1. Articles 6 (1) (b) or (f) of GDPR; or
2. Article 6 (1) (a) of GDPR, when consent is explicitly provided by the Business Partner Contact.

When Personal Data of the Business Partner Contacts is not collected by ATI BV, other legal basis may apply.

II. Categories of Personal Data which may be processed.

ATI BV may process the following categories of Personal Data -

1. Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number, work email address, etc.;
2. Payment information such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
3. Other information exchanged in course of the contractual relationship with ATI BV and/or provided by the Business Partner Contact, such as orders placed, payments made, inquiries, and schedules;
4. Communications information such as Email, Voice Mail, Video Mail, etc.;
5. Business development and marketing information such as business cards, sales leads, marketing preferences, etc.;
6. Information collected from publicly available sources;
7. Information collected from government and regulatory sources;v
8. Information collected from credit agencies;
9. Information required for legal compliance; and
10. Information required for legal proceedings.

III.Purpose for processing of Personal Data.

In the context of the Business Partner’s relationship with ATI BV, we may collect and processes personal data of Business Partner Contacts for the following purposes:

1. Communications about, including but not limited to - offerings, promotions,events, marketing information and pricing - of products and/or services offered by Allied Telesis BV and/or its other Business Partners. These communications may be proactive or may be in response to inquiries;
2. Activities related to the planning, performance and management of the contractual relationship with Business Partners. These activities may include but are not limited to – executing transactions, processing of orders for products or services, processing payments, accounting, auditing, billing and collection, logistics, shipments, deliveries, facilitating repairs and providing support services;
3. Administering and performing customer surveys, marketing campaigns, market research, market analysis, sweepstakes, contests, and/or other promotional activities and/or events;
4. Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
5. Ensuring compliance with legal obligations (such as record keeping), Business Partner compliance, ATI BV policies and procedures, or industry standards; and
6. Resolution of disputes, enforcement of contractual agreements and in legal proceedings.

IV. Transfer and Disclosure of Personal Data.

ATI BV may transfer personal data within affiliates and subsidiaries – IF AND ONLY IF – and then only to the extent that such transfer is strictly required for one or more of the purposes mentioned above.

If legally permitted to do so, ATI BV may transfer Personal Data to courts, law enforcement authorities, regulators or attorneys as necessary to comply with the law or for the establishment, exercise or defense of legal claims.

IF AND WHEN, ATI BV decides to use contractors and service providers (hereinafter, Data Processors), they will only act upon instructions from ATI BV and will be contractually bound to act in compliance with GDPR.

We may transfer Personal Data to recipients in non EU countries IF AND ONLY IF –

1. The recipient is in a country deemed by the EU to offer adequate data protection;
2. The recipient has executed EU Standard Data Protection Contract Clauses with ATI BV;
3. The recipient has implemented Binding Corporate Rules (BCR) within its organization: or
4. In case of recipients in the United States of America, the recipient is certified under the Privacy Shield.

Business Person Contacts may request further information on these safeguards from the Contact Person listed below.

V. Personal Data Retention Period.

collection of Personal Data from Business Partner Contact, we erase said Personal Data if

1. Retention is no longer required under the purpose for which it was collected and processed;
2. Retention is no longer required to meet obligations under applicable laws; or
3. Retention is no longer required to meet legal obligations between ATI BV and the Business Partner.

VI. Rights of the Business Partner Contact.

Every Business Partner Contact has the following rights with respect to his/her Personal Data which is collected by ATI BV –

1. Right to withdraw consent
   Where Business Partner Contact has consented to the collection and processing of his/her Personal Data by ATI BV, the Business Partner Contact has an absolute right to withdraw consent at any time. Such withdrawal of the consent does not affect the lawfulness of the processing done prior to withdrawal. In the case where consent is withdrawn, ATI BV will only further process said Personal Data IF AND ONLY IF there is other valid legal grounds for the processing.
2. Right of access to, rectification and erasure
   Upon the satisfaction of certain legal preconditions, the Business Partner Contact may have the right to
3. Right to restrict processing
   Upon the satisfaction of certain legal preconditions, the Business Partner Contact may have the right to have ATI BV restrict the processing of his/her Personal Data.
4. Right to object to processing
   Upon the satisfaction of certain legal preconditions, the Business Partner Contact may have the right to object to ATI BV processing his/her Personal Data, on grounds of their particular situation.
5. Right to portability
   Upon the satisfaction of certain legal preconditions, the Business Partner Contact may have the right to obtain from ATI BV a copy of the Personal Data which he/she has provided, in a structured, commonly used and machine-readable format. Business Partner Contact may also request ATI BV to transmit said Personal Data to another recipient selected by him/her.

VII. Contact Person for Data Privacy related matters and inquires

Please direct all your questions, comments and concerns about ATI BV GDPR compliance issues to:

Mr. Richard Lardner
Privacy Coordinator
Allied Telesis International BV

VIII. Primary European Union Data Protection Authority

The primary data protection authority for ATIBV is the Data Protection Authority of the Netherlands and they can be contacted at -

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG