Privacy Policy

Milexia is committed to the protection of your personal information. This policy outlines Milexia’s management of personal data in compliance with the personal data protection laws currently in force, especially the EU General Data Protection Regulation (EU-GDPR), UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act; together termed as ‘GDPR’.

The principle behind our Privacy Policy is to maintain a transparent relationship with you regarding your personal data. Milexia will only hold personal data where there is a contractual or legitimate reason to do so; we shall only retain it for as long as it is necessary and we shall only permit those individuals in our organization, or those of our suppliers, to see the personal data where there is a contractual or legitimate reason.

This Policy applies to all personal data processing carried out by Milexia group companies and it may be supplemented by local regulations and policies if required by the country of one our companies.

Key definitions of our Policy

“Personal data”: all the information collected from you that can be used to identify an individual (telephone number, name, address, etc.).

“User” or “Subject”: this is, basically, you. The regulation uses this expression to identify a person or company whose data is processed.

“Controller”: this is, basically, a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Third party”: any entity, person, company or country who is involved in the handling of the data outside the data subject, the controller, the processor or an EU or UK entity.

“Recipient”: person or entity to whom data is disclosed.

“Consent”: A freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to you

“Personal data processing”: the collection and handling of personal data.

“Transfer”: disclosure of data to a natural or legal person, public authority, agency, or other body, whether or not they are a Third Party.

“Data Protection Officer”: individual in charge of monitoring the processing of personal data.

Key principles

1. Which personal data do we collect?

The GDPR Policy applies to automated personal data and manual filing systems. The following is a non- exhaustive list of the data we process:

  • Any data provided by you, collected from the access and use of our services or your relationship with Milexia. Such as, but not limited to: name, salutation, job title, email address, telephone number, address or location, interests (products and services),
  • Any other personal information submitted through registration forms or questionnaires such as, Security Number and financial information like IBAN;
  • Data resulting from contact forms and subsequent communications,
  • Any information that can be legally inferred from the data we process, any personal information

collected either directly, through forms or data entry fields on our website, or through passive collection by cookies, browsing history and other data collection technologies (you can find more detail in our Cookies Policy),

  • Data from public sources, displayed at accessible sources or that is part of your profile on a social network and that you have made available to us,
  • Data related to financial solvency and creditworthiness which may be checked at public credit worthiness registers with outstanding obligations, prior to or during a contract with us,
  • Information received from third parties, based on either your consent or legitimate basis.

2. How will we use your personal data?

We hold your information to manage our relationship as a customer, supplier, employee or data subject in any way linked to Milexia. We will use this data for the purposes of legitimate interests, except where such interests are overridden by the interests, rights or freedoms of the data subject. For example to process quotations, orders, contracts, invoices, sales support, credit worthiness and financial obligations, provision of services, employee benefits, training, job offers, among others as manage our communications about our products and services; performing accounting, auditing and other internal functions; identify, prevent and protect against cybersecurity and other security events, espionage, fraud and other unlawful activity, claims and other liabilities; and comply with and enforce applicable legal requirements, relevant industry standards and our policies .

In the case of sensitive data, processing will only take place under explicit consent of the data subject, unless reliance on consent is prohibited and data manifestly made public by the data subject.

3. Which is the Lawful Basis for Users in the EU and UK?

The Lawful Basis for collecting personal information from individuals in the EU/UK is necessary for our Legitimate Interests in:

  • Promoting our business and assessing the success of our promotional activities;
  • Providing products and services on a commercial basis;
  • For the performance of a contract with the data subject or to take steps to enter into a contract
  • Supporting our customers in their use of products and services;
  • Encouraging the sharing of ideas, experiences and accomplishments of customers and employees;
  • Identify, prevent and protect against cybersecurity and other security events; espionage, fraud and other unlawful activity, claims and other liabilities, and
  • Monitoring and improving our websites.

4. How do we store and secure your information?

We commit to processing your data in accordance with the applicable regulations, using the appropriate organizational and technical measures to guarantee an appropriate level of security to ensure confidentiality, integrity and availability.

5. With whom will we share your personal data?

Milexia will never sell personal data to third parties. In case we lawfully transfer or share your personal data, it will be to the following recipients, always under legitimate interest:

  • Third parties to which we are legally bounded to provide your data, for example social security or administrative and tax authorities.
  • Entities that subsidize training activities.
  • Third parties which require to process your data for the fulfilment of the relationship you have with us.
  • Financial solvency and creditworthiness registries for the compliance of financial obligations.
  • In all the cases we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual espionage, cybersecurity or security events or other fraudulent or illegal activity
  • Other Milexia group companies, where appropriate.
  • Other third parties, in the case that you have provided your consent.

We also reserve the right to transfer personal information we have on you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, acquisition, dissolution or liquidation).

6. Data Transfers

Given that we are an international business, we may store, process and/or transfer the personal information we collect about individuals to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which the individual initially provided the information. When we transfer an individual’s information to recipients in other countries (i.e. U.K.), we will protect that information as described in this Policy. If an individual is located in the European Economic Area (“EEA”), we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA.

7. How long do we retain your information?

Your data will be processed during your relationship with Milexia. Once the relationship is over, we shall keep your data duly blocked for the time-barring of the civil, criminal, commercial and/or administrative proceedings.

Milexia may retain personal information indefinitely for the following purposes:

  • If it is subject to a contract
  • Potential e-marketing opportunities
  • Ensuring data subjects preferences and request under individuals rights are maintained

8. How do we protect your data?

We take all reasonable precautions to keep your personal information secure and require any third parties that handle or process your personal information for us to do the same. Access to your personal information is restricted to prevent unauthorized access, modification or misuse and is only permitted among our employees and agents on a need-to-know basis. Milexia uses industry-standard encryption technologies when transferring and receiving data exchanged with our site. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you on our site. In case of a security breach, we will inform and cooperate with the Data Protection Authority.

9. What are your rights?

At any time, you may execute several rights concerning the processing of your personal data. We value your rights and we want you to be informed that you are entitled to:

Right to be informed: in particular about the identity of the controller, the contact details of the data protection officer, the purpose of the data processing, the data recipients to whom the personal data shall be disclosed, the rights of rectification or erasure of your data, the storage time-limits (if any), the practical modalities of exercising the rights, etc.

Right of access: By exercising this right, you can find out information about how we process your personal data.

Right to rectification: You may correct or modify your data if they are inexact or incomplete, to ensure that we have your correct details.

Right to erasure You may request that your data be deleted, always under the established cases of the applicable regulation.
Right to restriction of processing: You may request that we restrict the processing of your personal data, always under the established cases of the applicable regulation.

Right to object: You may oppose the processing of your personal data: (i) when your data must no longer be processed, except under any situation where we can demonstrate legitimate reasons not to object, and/or (ii) when processing is carried out for marketing purposes.

Right to data portability: You can request that we transfer your data to another Company, always under the established cases of the applicable regulation.

To exercise these rights, you can contact Milexia’s Data Protection Officer, attaching a copy of your legal identification document or equivalent and indicating the corresponding processing.

10. What happens if you provide us with the data of a third party?

In the event that, as a result of your relationship with us, you provide us with a third party’s personal data, we remind you that you are solely responsible for (i) having obtained his or her prior consent to communicate their personal data to Milexia in connection with the purpose about which you are informed by us each time, and (ii)for having informed said third party of the terms established in this Policy.

You are responsible for holding Milexia harmless for any liability derived from the lack of information and/or consent to or from the said third party.

11. How do we process your data on social networks?

We recommend you to not provide your personal data or that of third party when interacting with our social networks. Should you decide to include personal information, be aware that it will be processed under the rulings of this Policy.

Specifically, personal data provided though any of our social network profiles will be collected with 12. the purpose of engaging and interacting with you on our social network profiles with the sole aim to communicate and share our values, business and activities. This is not the proper channel to send us your complaint, suggestion and/or claim related to any of our companies; but in case you decide it to do it, we inform you that we will share the strictly minimum data to process your petition and enable our customer service department to contact you.

The legal basis for this data process is your user status as a friend or follower of our social network profile, or the need to give a response should you make mention thereof in comments, despite not being a follower. In such a case, the minimum personal data will be used to provide you with a response.

Additionally, be aware that, any social network has its own terms of use which are beyond our control and therefore not covered by this Policy.

Can we change the terms of our Policy?

Whenever we make changes to this Policy, we will reflect the update date at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
This Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post the updated version on our websites and intranet and indicate at the top of the notice when it was most recently updated.13

13. What are your responsibilities?

You are responsible for the data provided to us, as well for its veracity, inaccuracy, updates, validity, and authenticity and for your consent regarding the use and processing of such data. You are likewise responsible for any third-party data that you facilitate to us and for which communication you are obliged to obtain consent.

14. Does the Milexia group have a Data Protection Officer?

Yes, Milexia has a Data Protection Officer to guarantee compliance with the current data protection norm. If you have any concerns about our use of your personal information, you can contact our DPO at dpo@milexia.com.

Maria Gonzalez Müller, Chief Compliance Officer
26th May 2023