;



Privacy Statement

 

Effective as of July 2024To the Candidate Privacy Statement

Introduction

ROCKWOOL B.V. (“ROCKWOOL”) is committed to safeguarding your privacy. The protection of personal data is important to us and we only process personal data in compliance with the applicable data protection requirements, in particular the General Data Protection Regulation (“GDPR“). For that reason ROCKWOOL has implemented a set of Binding Corporate Rules (“BCRs“), introducing data protection requirements to be complied with by the ROCKWOOL Group worldwide.

In connection with our business activities we, as data controller, process the personal data of our customers, job applicants, suppliers, users of our websites and apps as well as visitors and other third parties as described further in Section. C.

This Privacy Statement will inform you on what personal data we process, how we collect it and for which purpose(s) we may use it. Furthermore, we will inform you about your rights as data subject.

This Privacy Statement is provided in a layered format so you can navigate to the specific areas set out below.

 

  1. The data controller
  2. Contact
  3. Information on the processing of personal data.
  4. Transfers within the ROCKWOOL Group
  5. Disclosure and transfer to third parties
  6. Security
  7. Your rights as data subject
  8. Links to other websites
  9. Changes to this Privacy Statement

A. The data controller

ROCKWOOL B.V.
Industrieweg 15
6045 JG Roermond
The Netherlands

Email: dataprotectionBNL@rockwool.com 
Company reg. no.: 13014428 

 

B. Contact

In case of any questions regarding this Privacy Statement and/or our processing of your personal data please feel free to contact us on: 

T: + 31 475 35 35 35

Email: dataprotectionBNL@rockwool.com 

C. Information on the processing of personal data

Depending on your relationship with entities from the ROCKWOOL Group, we will process different categories of your personal data for various purposes. Below you will find an overview of what kind of personal data we process, for which purposes, on what legal grounds and for how long we keep it in our systems.

Who?

Categories of personal data

Purposes of processing

Legal basis

Retention periods

Customers and their employees           

           

           

           

First and last name, gender, address, phone number, e-mail address, job title, and place of work.

To carry out ordinary customer relationship i.e.: administration of payments, general communication, management of day-to-day operations in accordance with legitimate and fair business practice (incl. planning, execution. and management of the cooperation; statistics, analyses).

Performance of a contract (Article 6 (1) (b) GDPR).

 

2 years after the last purchase of our products or services.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As long as the claim is active until 20 years thereafter.

To provide general customer service and support (including follow-up surveys).

Performance of a contract (Article 6 (1) (b) GDPR)

 

Legitimate interests in ensuring customer satisfaction and improving our products and services (Article 6 (1) (f) GDPR).

To gain customer insights and knowledge of how our products and services are used (e.g., by sending satisfaction surveys or market surveys).

To prevent fraud.

Legitimate interests in protecting interests of the company (Article 6 (1) (f) GDPR).

To establish, defend or assert legal claims.

Prospective Customers and their employees

First and last name, gender, address, phone number, e-mail address, title, and place of work.

To create business leads.

 

Consent (Article 6 (1) (a) GDPR).

Until consent is withdrawn or there has been no contact for a period longer than 2 years.

 

For statistical purposes.

Consent (Article 6 (1) (a) GDPR) .

To pursue business leads.

Consent (Article 6 (1) (a) GDPR) .

Suppliers and their employees

First and last name, company phone number, e-mail address, title, and place of work

To carry out ordinary supplier relationship, i.e. administration of payments, general communication, management of day-to-day operations in accordance with legitimate and fair business practice (incl. planning, execution, and management of the cooperation, performing credit ratings, as well as carry out statistics, and analyses).

Performance of a contract (Article 6 (1) (b) GDPR) – if you are self-employed, legitimate interest in performing the contract concluded with your employer (Article 6 (1) (f) GDPR).

7 years from the end of the financial year to which the data relate if the data is considered accounting material. 

5 years from obtained for non-accounting materials if there was no activity with the supplier.

To source and locate suppliers.

Legitimate interest in fulfilling business needs and conducting regular business activities (Article 6 (1) (f) GDPR).

Visitors to physical locations

First and last name, phone number, e-mail address, place of work, license plate, if applicable, date and time of your visit.

To ensure the safety of our physical locations and to prevent and solve crime in our physical locations.

Legitimate interest and in some cases legal obligation in ensuring safety on premises and to protect employees, visitors and property (Article 6 (1) (f) GDPR).

30 days from the registration or, in case of incidents, as long as necessary in relation to the handling of the incident.

CCTV recordings (photos and videos) of your activity at our physical locations.

Legitimate interest in ensuring safety on premises/physical locations and if necessary, protecting ROCKWOOL’s interests in criminal offence cases (Article 6 (1) (f) GDPR).

4 days from the day of the visit or, in case of incidents, as long as necessary in relation to an ongoing case.

Receiver of e-mail and/or SMS - direct marketing.

First and last name, gender (salutation), job title, place of work, e-mail address and/or phone number.

 

To distribute marketing communication based on collected information and consent given.

Consent (Article 6 (1) (a) GDPR) .

Until the marketing consent has been withdrawn. A copy of the marketing consent will be stored 2 years after withdrawal for evidentiary purposes.

Users of contact forms

First and last name, email address, phone number, what your inquiry is about, date of your inquiry.

To communicate with you to market, promote and sell ROCKWOOL products and services, as well as to provide support.

If your inquiry concerns a (potential) formation of contract, the legal basis will be taking steps necessary to enter into an agreement or execute an existing one (Article 6 (1) (b) GDPR).

If your inquiry does not concern a contract, the legal basis will be our legitimate interest in handling your inquiry, communication with you, marketing, promoting, and developing our products and services (Article 6 (1) (f) GDPR).

2 years after obtained or from your last interaction if your personal data has not been used in connection with a purchase of our products or services.

Website visitors, Account users

First and last name, e-mail address, username, IP-address digital footprints, password as well/and as your profile activity.

To deliver our services on the/our websites or apps to you.

Performance of a contract for the provision of electronic services (Article 6 (1) (b) GDPR).

Until closing of the account.

To manage created user accounts; for statistical and analytical purposes.

Legitimate interest in conducting statistics and analyses for the purpose of improving the user experience (Article 6 (1) (f) GDPR).

Until closing of the account.

Visitors of social media profiles     

Information available on your profile, including your name, gender, civil status, workplace, interests, image, and your city; whether you “like” or have applied other reactions to our profile; comments you leave on our posts; content your shared with ROCKWOOL with intention of interacting;
that you have visited our profile; IP address.

To improve our products and services, including our social media profiles and pages;
for statistical and analytical purposes;
to communicate with you if you engage with our content (comments, reviews, messages); to reshare content shared with us.

* platform providers may process your personal data for their own purposes – please keep in mind this is outside of our control

Legitimate interests in being able to communicate with and direct marketing communication to you on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6 (1) (f) GDPR).

Retention periods are set out by social media platform providers and can be found in their privacy policies:

Meta (Instagram, Facebook)

Google (YouTube)

LinkedIn

X (formerly Twitter)

D. Marketing and Advertising practices

Description

When?

Categories of personal data

Purposes of processing

Legal basis

Retention periods

Cookies, pixels, social media tools and other technologies

When you visit our websites or apps and have provided us with your cookie consent.

IP-address, MAC address, type of browser and devices, webpage that led you to the website or app, search terms entered in a search engine which led you to our website, browsing history, click-behaviour and use and navigation of websites and apps*

* the categories depend on the consent given in the cookie banner. This can be changed at any time here

To run marketing activities, especially to facilitate your use of the websites and apps; for service development, statistics, and analysis; to deliver personalised content and search

Legitimate interests in providing a website and app that works, marketing, developing, and providing statistics, evaluating, promoting and selling our products and services through first-party cookies, (Article 6 (1) (f) GDPR).

Consent for the processing of personal data in relation to marketing cookies and third-party statistical cookies (Article 6 (1) (a) GDPR).

In addition, we always obtain a valid cookie consent with exemption of strictly necessary cookies and other technologies.

Personal data obtained through cookies, pixels, similar technologies, and social media tools are deleted as described in the Cookie Declaration.

Facebook custom / lookalike audiences

When you sign up for our newsletters, create a user account and accept our cookies, pixels, or similar technologies, we will in some cases send non-reversible hashed information to Facebook (Meta).

E-mail address and in some cases, information about your interest in one or more of our products

To create audiences for subsequent advertising via Facebook.

Legitimate interest in spreading awareness of our products and services, including to other persons who may have similar interests in our products and services (Article 6 (1) (f) GDPR).

Until you object to the processing of your personal data.

You can change settings in your Facebook account here.

Tracking of e-mail

E-mails that we forward for marketing purposes based on your marketing consent or for events you have signed-up for may include tracking technologies that tell us whether you have received or opened the email or clicked a link in the e-mail.

Tracking information on your interaction with our e-mail.

To deliver personalised content, analysis, and statistics.

Legitimate interests in developing, evaluating, promoting, and selling our products and services (Article 6 (1) (f) GDPR).

If you consented to marketing: until the marketing consent has been withdrawn. A copy of the marketing consent will be stored 2 years after withdrawal for evidentiary purposes.

If you did not consent to marketing: 2 years after the/your last interaction (e.g., from participating in the event or when clicking on e-mail).

E. Transfers within the ROCKWOOL Group

Personal data collected may be transferred internationally between entities in the ROCKWOOL Group for the purposes for which they were gathered, provided that such transfer is not prohibited or restricted by law. All transfers between EU/EEA and non-EU/EEA ROCKWOOL entities are legalised by the ROCKWOOL Binding Corporate Rules.

An overview of the ROCKWOOL Group is available at https://www.rockwool.com/group/privacy-statements-of-rockwool-companies/.

 

F.  Disclosure and transfer to third parties  

To achieve the purposes described above, we may give third parties, who provide services to ROCKWOOL entities based on a contractual relationship, access to your personal data. Those service providers are regarded as data processors and include:

  • IT suppliers,
  • Social media suppliers,
  • Email suppliers,
  • Hosting suppliers,
  • Cookie suppliers,
  • Webinar vendors,
  • Customer learning platform vendors,
  • Customer support platform vendors,
  • Customer relation platform vendors,
  • Website vendors.

In addition to what is described above, your personal data is generally not transferred to third parties without your consent. However, in certain circumstances and under the law, it may be necessary to transfer your personal data to e.g. the following categories of data controllers:

Categories of recipients

Type of personal data

Legal basis

Public authorities, law enforcement authorities, courts, lawyers, and external auditors.

Relevant information in relation to a specific dispute, including in some cases purchases made.

Article 6(1)(f) GDPR (legitimate interest).

Article 6(1)(c) GDPR (legal obligation).

Payment acquirers.

Payment information.

Article 6(1)(b) GDPR (performance of a contract).

Personal data may also be transferred to third parties with your prior cookie consent as set out in our Cookie Declaration and the cookie consent wording.

If we transfer your personal data to recipients (both controllers and processors) whose registered offices are located in a third country, for which the European Commission has not adopted an adequacy decision, such transfer is based on the Data Privacy Framework (for companies based in the USA) or the EU Commission’s Standard Contractual Clauses (for other countries), which you may obtain a copy of by contacting us as stated above.

ROCKWOOL commits to have in place the appropriate security measures to safeguard the security of your personal data and our website has security measures in place to protect against the loss, misuse and/or alteration of the personal data under our control.

Cooperation with social media platform providers.

Facebook, Instagram and LinkedIn

For Facebook and Instagram (owned by Meta), ROCKWOOL together with the social media providers are joint data controllers for the processing of personal data collected in connection with your interactions with the profiles, including postings on an interaction with the ROCKWOOL page profiles’. However, Meta acts as data processor on behalf of ROCKWOOL when Meta processes your personal data for the purpose of creating target groups (lookalike and custom audiences).

For LinkedIn, ROCKWOOL together with the platform provider are joint data controllers for the processing of personal data for statistical purposes.

ROCKWOOL and the providers of LinkedIn, Instagram and Facebook have entered into agreements on the allocation of the data protection tasks. According to these agreements, the entities (such as ROCKWOOL) and the social media providers are each responsible for the tasks associated with the processing undertaken. The overview of the division of responsibilities can be found here:

·        LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

·        Meta: https://www.facebook.com/legal/controller_addendum/.

YouTube

ROCKWOOL also uses Google as a data processor in connection with its use of YouTube and in this connection also shares certain information about your interactions, interests, etc. with YouTube for the purposes of optimizing marketing and the service, including our videos, on YouTube.

Twitter

ROCKWOOL is the data controller for the processing of personal data in the context of the management of its account on X (Twitter), and X (Twitter) is a separate data controller for the personal data which it processes. However, in certain situations X (Twitter) will be acting as data processor for ROCKWOOL, for example when uploading custom audiences to the platform.

G. Your rights as data subject

  1. Right to access (Article 15 GDPR), i.e. right to obtain confirmation whether we process your personal data and what information it concerns.
  2. Right to rectification (Article 16 GDPR), i.e. right to receive the rectification of inaccuracies of your personal data and completion of incomplete personal data.
  3. Right to erasure ( Article 17 GDPR), i.e. the right to erasure of your personal data without undue delay. Please keep in mind that this is not an absolute right and certain exemptions apply.
  4. Right to restriction of processing (Article 18 GDPR), i.e. right to restrict further processing of your personal data if one of the conditions specified in Article 18 (1) GDPR applies.
  5. Right to data portability (Article 20 GDPR), i.e. right to receive your personal data in structured, machine-readable format for your own use or to have it transmitted by us directly to another controller.
  6. Right to object (Article 21 GDPR) gives you a possibility to object to processing of your personal data whenever the legal basis for such processing is our legitimate interest (Article 6 (1) (f) GDPR). This is not an absolute right and in certain cases we may override your request and inform you about the reasons. This applies, among other things, when we process your information for marketing purposes based on the legitimate interest rule.
  7. Right to withdraw consent (Article 7 (3) GDPR) whenever the processing is based on it. If you withdraw your consent, we will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations.
  8. Right to lodge a complaint (Article 77 GDPR) with a competent supervisory authority, if you deem we have infringed your right to personal data protection.

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ DEN HAAG

The Netherlands

Phone: +  31 (0)88-1805250

https://klachten.autoriteitpersoonsgegevens.nl/

H. Changes to this Privacy Statement

Due to technical developments, new processing activities, and/or amendment of legal requirements we reserve the right to adjust this Privacy Statement. To the extent the changes of the Privacy Statement are regarded as material and significant, you will be informed hereof on our website or/and through our e-mail signatures when corresponding with one of ROCKWOOL’s employees. An up-to-date version of this Privacy Statement will always be available at https://rain.rockwool.com/uk/privacy-statement/.

Candidate Privacy Notice

Effective as of July 2024

To the Privacy Statement

Introduction

ROCKWOOL B.V.  (“ROCKWOOL”) is committed to safeguarding your privacy. The protection of personal data is important to us and we only process personal data in compliance with the applicable data protection requirements, in particular the General Data Protection Regulation (“GDPR“).

ROCKWOOL Group has implemented a set of Binding Corporate Rules (BCRs), introducing a global standard of data protection requirements to be complied with by all ROCKWOOL entities. The BCRs provide you with sufficient guarantees that personal data are protected in accordance with the requirements of the Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), even when they are transferred between the different ROCKWOOL companies within the ROCKWOOL Group. In cases where national legislation requires a higher level of protection for personal data than granted by the BCRs, the national legislation will take precedence.

This Candidate Privacy Notice describes what kind of personal information we collect about you in the course of the recruitment process, how we use them and how long we store them in our systems.

A. The data controller

ROCKWOOL B.V.

Industrieweg 15

6045 JG Roermond

The Netherlands

E-mail: dataprotectionBNL@rockwool.com   

Company reg. no. : 13014428

B. Contact

In case of any questions regarding this Candidate Privacy Notice and/or our processing of your personal data please feel free to contact us on: 

T: + 31 475 35 35 35

Email: dataprotectionBNL@rockwool.com 

C. Information on the processing of personal data

ROCKWOOL B.V. will collect and process personal data, which is necessary for conducting the recruitment process. Some personal data you can choose to provide voluntarily. We will always let you know which personal data is necessary (e.g. via the use of an asterix (*)) and the consequences of not providing such data to us.

We recommend that you do not disclose sensitive personal data, such as information revealing racial or ethnic origin, religion, trade union membership, sexual orientation, health, etc. in your application, unless it is relevant for the position you are applying for.

Categories of personal data

Personal data elements

Purposes of processing

Legal bases

Retention periods

Personal information

First and last name, age, gender, citizenship, place of birth, date of birth, marital status, nationality, signature, contact information (home address, phone number)

To conduct the recruitment process

 


To agree on conditions and to make an offer

 

 


To verify your skills and qualifications

 

 

To consider you for future recruitment processes

Legitimate interest in running the recruitment process (Article 6 (1) (f) GDPR)

Upon making the offer – taking necessary steps to enter into a contract (Article 6 (1) (b) GDPR)

Legitimate interest in assessing if you fit the requirements (Article 6 (1) (f) GDPR)

 

Consent for keeping your personal data in our database to be used for future recruitment processes (Article 6 (1) (a) GDPR)

If you are offered a position with ROCKWOOL, your personal data obtained during the recruitment process will be stored in your employee file.

If you are not offered a position, we will delete your data  four (4) weeks  after the end of your recruitment process, unless you give your consent to keep it in our portfolio for future recruitment options, in which case we will retain the information for max. one (1) year.

Education & Skills

Academic transcripts, education and training history, educational degrees, grade, languages, results of assessments (e.g., personality tests, skills and abilities, etc.)

References from previous and/or current employers

Notes on competences, performance, as well as your general appearance related to the interview

Financial

Back account information

To reimburse you for agreed costs incurred in relation to the recruitment

Consent for processing your personal data (Article 6 (1) (a) GDPR)

Seven  (7) years from the date of reimbursement

Other

Photo and other non-mandatory information you include in your application

 

 

 



Certificate of good conduct (only if required by the position you are applying for)

To conduct the recruitment process

 

 

 



To comply with (legal) requirements for the position

Consent for processing your personal data (Article 6 (1) (a) GDPR)

 

 



Legitimate interest in assessing if you fit the requirements (Article 6 (1) (f) GDPR)

Legal obligation (Article 6 (1) (c) GDPR)

If you are offered a position with ROCKWOOL, your personal data obtained during the recruitment process will be stored in your employee file.

If not, we will delete your data four (4) weeks after the end of the recruitment process, or, with your consent, one (1) year after the end of the recruitment process.

D. Transfers within the ROCKWOOL Group

Personal data collected may be transferred internationally between entities in the ROCKWOOL Group for the purposes for which they were gathered, provided that such transfer is not prohibited or restricted by law. All transfers between EU/EEA and non-EU/EEA ROCKWOOL entities are legalised by the ROCKWOOL Binding Corporate Rules.

An overview of the ROCKWOOL Group is available at https://www.rockwool.com/group/privacy-Statement/rockwool-group-companies/.

E. Disclosure, transfer and making available of personal data to third parties

Our disclosure and transfer of your personal data to third parties (entities outside the ROCKWOOL Group) is kept to a minimum and is subject to the existence of an adequate level of data protection. We may disclose or make personal data available to third parties under the following circumstances:

  • Third parties who carry out services on our behalf, such as hosting, IT-support, marketing services, and administrative services. Third parties are only allowed to process the personal data in accordance with our instructions and subject to a written data processing agreement.
  • To establish, exercise or defend our legal rights.
  • If you have provided your prior consent to the disclosure of personal data to a third party.

If the recipient of the personal data is located in a country outside the EU/EEA not subject to an Adequacy Decision issue by the European Commission, we will only transfer your personal data to such recipient under a written transfer agreement based on the EU Commission’s Standard Contractual Clauses or the EU-US Data Privacy Framework.

Your consent

If any of our processing activities are based on your consent you will have the right to withdraw your consent at any time. If you withdraw your consent, we will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations.

Please note that the withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal. Further, as a consequence of your withdrawal of your consent, we may not be able to satisfy your requests.

Security

ROCKWOOL undertakes to have in place the appropriate technical and organisational security measures to ensure adequate level of protection for your personal data.

F. Your rights as data subject

  1. Right to access (Article 15 GDPR), i.e. right to obtain confirmation whether we process your personal data and what information it concerns. 
    Right to rectification (Article 16 GDPR), i.e. right to receive the rectification of inaccuracies of your personal data and completion of incomplete personal data.
  2. Right to erasure ( Article 17 GDPR), i.e. the right to erasure of your personal data without undue delay. Please keep in mind that this is not an absolute right and certain exemptions apply.
  3. Right to restriction (Article 18 GDPR), i.e. right to restrict further processing of your personal data if one of the conditions specified in Article 18 (1) GDPR applies.
  4. Right to data portability (Article 20 GDPR), i.e. right to receive your personal data in structured, machine-readable format for your own use or to have it transmitted by us directly to another controller.
  5. Right to object (Article 21 GDPR) gives you a possibility to object to processing of your personal data whenever the legal basis for such processing is our legitimate interest (Article 6 (1) (f) GDPR). This is not an absolute right and in certain cases we may override your request and inform you about the reasons.
  6. Right to withdraw consent (Article 7 (3) GDPR) whenever the processing is based on it. If you withdraw your consent, we will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations.
  7. Right to lodge a complaint (Article 77 GDPR) with a competent supervisory authority, if you deem we have infringed your right to personal data protection.

 

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
The Netherlands

Phone: + 31 (0)88-1805250
https://klachten.autoriteitpersoonsgegevens.nl/

Contact

If you have a request, questions or complaints about the processing of personal data carried out by ROCKWOOL, please reach out to the Recruiter you have been in contact with or contact us at dataprotectionBNL@rockwool.com. The same contacts will assist if you are unable to digitally access any of the information mentioned in this notice.