Please note that the website Archroma.com (the "Website") is operated by Archroma Management GmbH (Archroma), with registered address at Neuhofstrasse 11, 4153 Reinach, Switzerland. More information about Archroma can be found in "About" and "Organization" section of the Website. "You" and "Your" refer to you as a user of our Website.

This Privacy Policy ("Privacy Policy") is intended to inform you of how we collect, define and use Your Information. This Privacy Policy, our Legal Notice, and our Cookies Policy, constitute the "Terms and Conditions" of our website.

Your access to and use of the Website implies your full acceptance of the Website Terms and Conditions. In this sense, if you access and use the Website you agree to comply with the provisions of the aforementioned legal documents. The provision of the Website service is limited to the period during which you are connected to the Website or to any of the services provided through the Website. Therefore, you should read this Privacy Policy carefully each time you intend to use the Website, as it may change.

1. Definitions

Personal data
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

Data controller
Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor
Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the present case, and unless otherwise indicated, Archroma Management GmbH is the data controller of the data processed in www.archroma.com

Recipient
Means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Consent
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. What information do we process in www.archroma.com?

When you browse our website you can provide us with data in a variety of ways:

1 Information you provide to us when you use the data forms on the website or when you communicate with us through means such as e-mail.

The data will be processed with the purpose specified in each form. If you send us a message, we will process it in order to manage the communications that may be established, based on your request. We may obtain your express consent for the purpose of sending you commercial. In such cases, we will always inform you in advance of all the aspects required by the applicable legislation on data protection. Also, if you no longer wish to receive commercial communications after you have given your consent, you may revoke your consent by sending an e-mail to dpo@archroma.com

2 Data that the website automatically collects during your browsing, if you have previously given your consent in the terms specified in this privacy policy.

Like most commercial websites, our website uses a technology called "cookies" (small pieces of data that your browser stores on your terminal's hard drive) and web server logs to collect information about how our website is used. For more information on how we use cookies, please see our Cookies Policy.

3. Who is the data controller?

Information on the company data controller of the personal data

Unless otherwise indicated, the entity controller is Archroma Management GmbH (Archroma) with registered address at Neuhofstrasse 11, 4153 Reinach, Switzerland

DPO contact information: dpo@archroma.com

4. Data processing responsibility of Archroma

A. Management of communications through contact forms or e-mail messages

Summary: Archroma will process your data to send a response to your request or to the comments you send us through the contact forms on the website, or through e-mail messages.

a) Data controller:
Controller: Archroma Management GmbH
DPO Contact: dpo@archroma.com

b) Categories of personal data concerned:
We will process the data you have provided us with in the contact forms on the website or via e-mail messages.

c) Purposes of the processing:
The purpose of the data processing is to manage the communications that may be established with the users of the website who send us messages through contact forms or via email.

d) Automated decision-making, including profiling:
No profile segmentation or automated decisions are made.

e) How long will we keep your data?
The data will be processed for the time necessary to process your request or comment.

f) Legal basis for the processing:
The legal basis for the processing of your data is the unequivocal consent you give by accepting the privacy policy associated with each data processing form.

g) Obligation to provide the data and consequences of not providing them:
The forwarding of messages through web forms or via email is completely voluntary.

h) Origin of the data:
The actual data subject.

i) Recipients:

  1. No data assignments will be made.
  2. Archroma has the support of information technology service providers who process the data on behalf of our company. In order to select our suppliers, we carry out a strict selection control based on the guarantees of compliance with data protection regulations, and we subscribe the relevant data processing contract with these entities.

j) International data transfers:
the following international data transfers are made:

Recipients Appropriate or adequate safeguards Purpose Legal basis
Microsoft Corporation European Commission Standard Contractual Clauses Provision of email and cloud computing services. Contract performance

B. Reception of Curriculum Vitae and participation in personnel selection processes

a) Data controller
The company data controller is the one identified in the job offer and to which you submit your application.

b) Categories of personal data concerned:
We will process the data you provide us with in your curriculum vitae.

c) Purposes of the processing:
Your data will be processed in order to manage your participation in personnel selection processes in our company. The data will not be used for any other purpose.

d) Automated decision-making, including profiling:
No profile segmentation or automated decisions are made.

e) How long will we keep your data?
The data will be processed for one year, after which they will be suppressed.

f) Legal basis for the processing:
The legal basis for the processing of your data is the unequivocal consent you give by accepting the privacy policy.

g) Obligation to provide the data and consequences of not providing them:
The submission of data is completely voluntary. However, in the event that you provide us your data via a specific data form, you may need to provide us with a minimum set of data in order to properly identify yourself in order to participate in the personnel selection process.

h) Origin of the data:
The actual data subject.

i) Recipients:

  1. No data assignments will be made.
  2. Archroma has the support of information technology service providers who process the data on behalf of our company. In order to select our suppliers, we carry out a strict selection control based on the guarantees of compliance with data protection regulations, and we subscribe the relevant data processing contract with these entities.

j) International data transfers:

Recipients Appropriate or adequate safeguards Purpose Legal basis
Microsoft Corporation European Commission Standard Contractual Clauses Provision of email and cloud computing services. Contract performance
Archroma Group Companies Personnel selection processes EU Contractual clauses

C. Information about data processing within the scope of B2B relationships

Summary: the corresponding entity of the ARCHROMA Group will process your data for managing the contractual relationships with the legal person (“Partner”) for whom the data subject provides their services

a) Data controller:
Controller: The entity of the ARCHROMA Group that has a contractual relationship with the Partner.
DPO Contact: dpo@archroma.com

b) Categories of personal data concerned:
We will process the minimum essential data so that you can be located professionally, such as your name, surnames, email address, telephone number and data about the entity where you provide your services.

c) Purposes of the processing:
Maintaining the relationships of any nature with the legal person for whom the data subject provides their services.

d) Automated decision-making, including profiling:
Decisions are not made automatically and profiles are not segmented.

e) How long will we keep your data?
The data will be processed while the contractual relationship is maintained between the Controller and the Partner and subsequently after the relationship has ended, for the period of time during which contractual liabilities between the parties may be determined.

f) Legal basis for the processing:
The legal basis for processing your data is the legitimate interest of the Controller in maintaining and managing its relationships with customer entities or suppliers.

g) Obligation to provide the data and consequences of not providing them:
The data are necessary for the maintenance and management of the commercial relationship between the companies.

h) Origin of the data:
The actual data subject.

i) Recipients:

  1. Communication of data: data are not communicated to third parties unless there is a legal obligation.
  2. Processing by third parties: the Controller has contracted, with certain suppliers, the provision of services that involve access to personal data. These services include the provision of information technology services or support services for managing collections and payments.

j) International data transfers:
The following international data transfers are made:

Recipients Appropriate or adequate safeguards: Purpose Legal basis
Microsoft Corporation European Commission Standard Contractual Clauses Provision of email and cloud computing services. Contract performance
Accenture Services Transfers are made according to adequate safeguards for the standard contractual clauses of the European Commission. Management of collections and payments, provision of information technology services. Contract performance

D. Data protection information regarding registration for events and webinars

Summary: Archroma Management will process the data of the people attending the events and webinars that it organises for the correct management of the registration applications and their subsequent management. If you expressly authorise us to do so, we will also use your data to contact you and send you information about our products and services.

a) Identity of the data controller:
Archroma Management GmbH, registered at Neuhofstrasse 11, Reinach, Switzerland.

b) Purposes of the processing:

  1. Management of your registration request for the event.
  2. If you have expressly authorized it, Archroma or any of its companies will use your personal data to contact you and send you information by e-mail about additional events, trainings and new solutions related to the textile industry.

c) Automated decision-making, including profiling: no profile segmentation or automated decisions are made.

d) How long will we keep your data? The data will be deleted after the conclusion of the event, unless you have given your permission for us to contact you for commercial purposes. In the latter case, we will keep your data until you revoke your consent.

e) Legal basis for the processing: for both purposes of the data processing, the legal basis is the unequivocal consent you give by accepting the privacy policy.

f) Obligation to provide the data and consequences of not providing them: the data marked with an asterisk must be completed in order to register for the event.

f) Origin of the data: the data subject himself.

h) Recipients:

  1. No data assignments planned.
  2. Archroma has the support of information technology service providers who process the data on behalf of our company. In order to select our suppliers, we carry out a strict selection control based on the guarantees of compliance with data protection regulations, and we subscribe the relevant data processing contract with these entities.

i) International data transfers:

  1. Microsoft Corporation, as data processor, for the provision of e-mail and cloud computing services. Appropriate or adequate safeguards: Standard Contractual Clauses.
  2. Archroma Group Companies, as data processors, for the provision of auxiliary services. Appropriate or adequate safeguards: Standard Contractual Clauses.
  3. SalesForce, as data processor, for the provision of hosting services. Appropriate or adequate safeguards: Standard Contractual Clauses

E. Data protection information regarding compliance

Summary: Archroma has a Code of Conduct for employees, signed by the Chief Executive Officer and publicly available, which sets out the binding rules and guidelines to the employees and officers of Archroma. This enables employees to rely on the Code as a navigation guide, and one another’s good judgement, to uphold a high standard of integrity for the individual and Archroma. Archroma also has a whistleblowing policy in place that allows the anonymous reporting of any suspicious situation of violations of our Code of Conduct or the law. This privacy policy details the processing of data in the contexts indicated above.

a) Categories of personal data processed:

We will process identification data, employment data if you are employed by us, business information (such as activities and business), transaction data (such as Goods Received, Goods Delivered, Compensation/Compensation and Financial Transactions) as well as any other personal information that you provide to us when you make a communication relating to our code of conduct or make a complaint through the complaints channel.

b) Identity of the data controller:

The Archroma Group company related to the communication sent through the whistleblowing channel

c) Purposes of the processing:

· The questions you submit to us in relation to Archroma's code of conduct will be handled in order to attend to your request as well as to carry out the actions arising from it.

· The personal data collected in the Complaints Channel shall be processed for the sole purpose of processing any complaints received as a result of acts or conducts that may be contrary to the applicable general regulations or Archroma's code of conduct and, where appropriate, to investigate the reality of the facts reported, in accordance to the whistleblowing policy in place that allows the anonymous reporting of any suspicious situation of violations of our Code of Conduct or the law.

d) Automated decision-making, including profiling: no profile segmentation or automated decisions are made.

e) How long will we keep your data?

· In relation with the whistleblower channel: the data of the person submitting the complaint and of the employees and third parties shall be kept in the whistleblowing system only for the time necessary to decide whether to initiate an investigation into the facts reported.

In any case, three months after the data have been entered, they shall be deleted from the reporting system, except when the purpose of their retention is to provide evidence of the functioning of the model for the prevention of the commission of offences by Archroma.

Once the period referred to in the previous paragraph has elapsed, the data may continue to be processed by the competent area to investigate the reported facts, without being retained in the internal complaints information system itself.

Reports that have not been followed up shall only be recorded in anonymised form.

· Any other queries and issues not related to the whistleblowing channel and which are processed by the Compliance Department will be dealt with during the period for which each of the parties may be held liable.

f) Legal basis for the processing:

· The legal basis for the processing of data within the scope of the Whistleblowing Channel are:

o Art. 6.1c) processing is necessary for compliance with a legal obligation to which the controller is subject.

o Art 6.1e) processing is necessary for the performance of a task carried out in the public interest.

These legal bases fall within the framework of the processing of data for the purpose of the prevention and discovery of possible conduct that contravenes both current legal regulations and Archroma's Code of Conduct; including, in particular, those classified as criminal offences which, due to the circumstances in which they occur, may entail the criminal liability of Archroma.

· The legal basis for the processing of data in the context of the other actions and competences of the Compliance department, insofar as they do not affect the whistleblowing channel is:

o Art 6.1f) processing is necessary for the purposes of the legitimate interests pursued by the controller.

This legal basis is based in fraud prevention and compliance with internal regulations.

g) Origin of the data:

a. The data subject himself.

b. Other persons within the company, or external entities that could provide information through complaints or in the course of the entity's investigative actions.

h) Recipients:

a. To Security Forces and Corps, and to Courts and Tribunals for the presentation of complaints and legal claims, in compliance with the applicable legal obligations.

b. To Archroma Management GmbH, group's parent company located in Switzerland, for the investigation of the alleged facts, under the legal basis of legitimate corporate interest in the investigation against fraud.

c. Archroma has the support of information technology service providers who process the data on behalf of our company. In order to select our suppliers, we carry out a strict selection control based on the guarantees of compliance with data protection regulations, and we subscribe the relevant data processing contract with these entities.

i) International data transfers:

a. To Archroma Management GmbH, group's parent company located in Switzerland.

Switzerland is recognised as having a level of protection equivalent to that of the European Union by Decision 200/518 of the European Commission.

b. To Microsoft, (as data processor): we use the office automation services of Microsoft, an entity located in the United States, under the guarantees of the standard contractual clauses.

5. Your rights

You have the right to access the information and have it rectified without delay if it is inaccurate or incomplete.

You can ask to have it blocked under certain circumstances.

You can also object to it, in certain circumstances, on grounds relating to your specific situation.

You can request that any of the above changes be communicated to other parties to whom your data have been disclosed.

You have also the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.

You have the right to receive your personal data in a standardized format in case you wish to transfer it to another controller (data portability).

Likewise, in the event that you consider that there is a problem or incident in relation to the processing of data, you may contact the entity through the contact address indicated in this document, and in any case, you have the right to make a complaint to the Data Protection Authority.

If Archroma is processing your personal data and you would like to exercise your data protection rights, please send us a written request by e-mail to our DPO (dpo@archroma.com).

We cannot accept verbal requests (telephone or face-to-face) as we may not be able to deal with your request immediately without first analyzing it and reliably identifying you.

Your request should contain a detailed, accurate description of the data you want access to. When there are reasonable doubts regarding your identity, you might be asked to provide a copy of a document, which help us to verify your identity. It can be any document such as your ID card or passport. Should you provide any other documents, personal details such as your name and your address should be in clear in order to be able to identify you, while any other data such as a photo or any personal characteristics, may be blacked out.

Our use of the information on your identification document is strictly limited: the data will only be used to verify your identity and will not be stored for longer than needed for this purpose.

Affiliations & memberships

Archroma are proud members and/or partners with the following organizations

View All »