Duke Extrusion Corporation - General Privacy Policy Effective August 28, 2020

1. Our commitment to protecting your privacy.

Your privacy is important to us at DUKE Extrusion.  We have developed this General Privacy Policy to address how DUKE Extrusion collects, uses, discloses, transfers, and stores your information.  To ensure that your personal data is secure, we communicate our information security and privacy guidelines to all DUKE Extrusion employees and enforce privacy safeguards within the company.

2. What information do we collect?

For visitors to our publicly available website, we collect information from you when you browse or register on our site, place an order, respond to a survey, or fill out a form.  When ordering or registering on our site, as appropriate, you may be asked to enter your name, e-mail address, mailing address and/or phone number. We also collect certain information about your session which does not identify individual users when you visit our website, including internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data. We also use cookies as described in Section 6 below. Please note that this online General Privacy Policy applies only to information collected through our website and not to information collected offline. This information is collected using cookies (See section 6).

3. What are the different types of Information?

General Information is information that does not itself reveal your identity. General Information may include, without limitation: generic business type; SIC code; information derived from publicly available databases (such as Dun and Bradstreet); user behavior on our Web site; and aggregated generic information.

Non-Public Personal Information is any non-public information you provide to us or our Partners that is proprietary or identifies or can be used to identify, contact, or locate you or someone at your business. Non-Public Personal Information may include, without limitation: name; address; phone number; e-mail address; credit card number; account information; voting behavior; spending patterns; and individual tastes and preferences.

Partners are individuals or entities we engage to help us carry out our mission.

4. What do we use web visitor’s information for?

We collect personal data for legitimate business purposes, which may include:

  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
  • To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
  • To process transactions
  • To send periodic emails (the email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions)
  • To meet government, national security, public interest, or law enforcement requirements
  • In an emergency where the health or security of an individual may be endangered

Other purposes disclosed at the time of collection or otherwise compatible with the above, the EU-U.S. Privacy Shield Framework, and the Swiss – U.S. Privacy Shield Framework

5. How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.  These precautions may include password protections for online information systems and restricted access to personal data. 

All inquiries from outside the company concerning identity, employment record, or performance of a current or terminated employee are referred to the Human Resources department (Hresources@dukeempirical.com)  and/or an attorney in the Law Department, who will verify the credentials of the agency representative before releasing information about a current or terminated employee. DUKE Extrusion takes reasonable and appropriate measures to secure your personal data. Our publicly available website is hosted on a secure server.

6. Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites’ or service providers’ systems to recognize your browser and capture and remember certain information.  Our Cookie Notice conforms to GDPR standards and provides information on the cookies we apply.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and gather information about site traffic and site interaction so that we can offer better site experiences and tools to our online visitors in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

7. Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer information to outside parties.  This excludes third parties who assist us with human capital management, in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.  We may also release your information when we believe release is necessary to comply with the law, enforce our site policies, or protect our or other’s rights, property, or safety, or share personal information as necessary to other corporate entities as part of a business transition such as a merger, acquisition, or sale of assets.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.  Because we value your privacy, we have taken the necessary precautions to comply with the California Online Privacy Protection Act.  We will not distribute your personal information to outside parties without your consent.

8. Choice, Data Integrity & Access

DUKE Extrusion takes reasonable steps to ensure that personal data is accurate, complete, and current. DUKE Extrusion provides employees the opportunity to opt out from allowing the company to disclose his or her personal information to a third party or to use it for any purpose.  DUKE Extrusion reserves the right to maintain any personal information that it is required to keep or maintain for compliance purposes or to protect itself or preserve its legal rights under pending, threatened or potential legal action. All employees are asked to inform the Human Resources or Payroll departments, or his or her manager, immediately in the event of changes in personal information.  If any information is inaccurate or incomplete, the individual may request that inaccurate information be corrected.

9. Collection of Personal Information from Children

We do not collect any information from anyone under 13 years of age.  Our website, products and services are all directed to people who are at least 13 years old or older.

10. Changes to our General Privacy Policy

DUKE Extrusion conducts an annual self-assessment in order to verify that this General Privacy Policy is published and implemented within the Company and that it conforms to the EU-U.S. Privacy Shield Framework, and Swiss – U.S. Privacy Shield Framework.  If we decide to change our General Privacy Policy, we will post those changes on this page, and/or update the General Privacy Policy modification date below.  

11.  EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield

For details on how we process the personal data of website visitors from the EEA and Switzerland, please see DUKE Extrusion’s Privacy Notice for European Economic Area Visitors to DUKE Extrusion’s Website (“EU Privacy Policy”) and DUKE Extrusion’s Privacy Shield Policy for European Economic Area and Switzerland Visitors to DUKE Extrusion’s Website (“Privacy Shield Policy”) as set out in Annex A to this General Privacy Policy below. Our EU Privacy Policy applies to the way we collect and process personal data that is covered by the EU General Data Protection Regulation. The EU Privacy Policy and Privacy Shield Policy will prevail to the extent of any inconsistency with this General Privacy Policy.

12. Inquiries/Contact Us

DUKE Extrusion commits to resolve complaints about your privacy and our collection or use of your personal information. Individuals may contact DUKE Extrusion: customerservice@dukeempirical.com

 

Date Updated: August 28, 2020

Annex A

Privacy Shield Policy for European Economic Area and Swiss Visitors to DUKE Extrusion’s Website

A. Definitions

"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of EU Personal Data.

"EU Personal Data" for the purposes of this Privacy Shield Policy means all data about an identified or identifiable individual visitor to DUKE Extrusion’s website that are within the scope of Directive 95/46/EC, or equivalent law currently in effect in the EU or Switzerland, which are received by the Company from the European Economic Area and/or Switzerland for Processing, and are recorded in any form.

"General Privacy Policy" means the privacy policy that applies generally to all visitors to DUKE Extrusion’s website, wherever located.

"DUKE Extrusion" or "Company" means DUKE Extrusion Corporation and all its subsidiaries worldwide.

"DUKE Extrusion U.S." means DUKE Extrusion Corporation and its U.S. subsidiaries.

"Privacy Shield" means the EU-U.S. Privacy Shield Framework as agreed between the European Commission and the U.S. Department of Commerce, which came into effect on July 12, 2016.

"Privacy Shield Policy" means the EU-U.S. Privacy Shield Framework as agreed between the European Commission and the U.S. Department of Commerce, which came into effect on July 12, 2016 and the Swiss-U.S. Privacy Shield Framework as agreed between the Swiss Federal Data Protection and Information Commissioner the U.S. Department of Commerce, which came into effect on April 12, 2017.

"Processing" of EU Personal Data means any operation or set of operations which is performed upon EU Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction. "Process", "Processing" and "Processed" shall be construed accordingly.

B. Scope & Application

DUKE Extrusion U.S. commits to subject to the Privacy Shield Principles and the Supplemental Principles (collectively, the "Principles" and each a "Principle") all EU Personal Data received in reliance on the Privacy Shield.

The controlled U.S. subsidiaries of DUKE Extrusion U.S., as identified in the DUKE Extrusion Corporation self-certification listing available here, also adhere to the Privacy Shield Principles.

This Privacy Shield Policy supplements the General Privacy Policy and applies to you if you are an EEA and/or Swiss visitor to DUKE Extrusion’s publicly available website. Where this Privacy Shield Policy is inconsistent with the General Privacy Policy regarding the Processing of EU Personal Data, this Privacy Shield Policy will prevail.

C. Compliance with EU-U.S. and Swiss-U.S. Privacy Shield Framework

DUKE Extrusion U.S. complies with the Privacy Shield regarding the collection, use, and retention of EU Personal Data transferred from the European Economic Area and Switzerland to the United States. DUKE Extrusion adheres to the Principles of:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, Enforcement and Liability.

If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

1) ?Notice

  • DUKE Extrusion U.S. adheres to the Notice Principle regarding all EU Personal Data received in reliance on the Privacy Shield.
  • What EU Personal Data do we collect?
    • When you visit our publicly available website, DUKE Extrusion U.S. collects and Processes the types of personal information described in section 2 of the General Privacy Policy.
  • What do we use your EU Personal Data for?
    • We collect your EU Personal Data for a range of legitimate business purposes described in section 4 of the General Privacy Policy.
  • Who do we disclose your EU Personal Data to?
    • DUKE Extrusion U.S. does not disclose your EU Personal Data to third parties except as described in section 7 of the General Privacy Policy. Further, DUKE Extrusion may transfer your EU Personal Data if the Company sells or transfers all or a portion of its business or assets (for example, in the event of a merger or reorganization, joint venture or liquidation).  DUKE Extrusion U.S. may be required to disclose EU Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
    • Your EU Personal Data may be Processed and stored in the U.S. and other countries where DUKE Extrusion’s affiliates, subsidiaries or agents are located. DUKE Extrusion utilizes a range of methods to transfer EU Personal Data across country borders. These methods include consent, contractual methods, and/or regulatory authority certifications.

2) Choice

  • DUKE Extrusion U.S. adheres to the Choice Principle and the Choice – Timing of Opt Out Supplemental Principle.
  • You have the opportunity to choose (opt out) from: (1) the disclosure of your EU Personal Data to a third party (other than DUKE Extrusion U.S. agents doing work on our instructions); and (2) the use of your EU Personal Data for a purpose materially different to that for which the data was originally collected (as set forth in the General Privacy Policy or this Privacy Shield Policy, or subsequently authorized by you). You may opt out by contacting us using the DUKE Extrusion Contact Details provided in Section 7 below.

3) Accountability for Onward Transfer of EU Personal Data

  • DUKE Extrusion U.S. adheres to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.
  • DUKE Extrusion U.S. shares EU Personal Data with third-party suppliers based on contractual arrangements which, among other things, ensure that the Principles are respected as required, that the third-party supplier acts only on its instructions and that the data are appropriately secured by the third-party supplier.
  • In the context of onward transfers, DUKE Extrusion U.S. is responsible for the Processing of the EU Personal Data it receives and subsequently transfers to a third-party agent acting on its behalf. DUKE Extrusion remains liable under the Principles if its agent Processes such EU Personal Data in a manner inconsistent with the Principles, unless DUKE Extrusion proves that it is not responsible for the event giving rise to the damage.
  • *Please also see Section 2 article C.

4) Security

  • DUKE Extrusion U.S. adheres to the Security Principle.
  • DUKE Extrusion U.S. takes reasonable and appropriate measures to protect EU Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the EU Personal Data. For additional information on the data security measures employed by DUKE Extrusion, please see section 4 of the General Privacy Policy.

5) Data Integrity and Purpose Limitation

  • DUKE Extrusion U.S. adheres to the Data Integrity and Purpose Limitation Principle.
  • DUKE Extrusion's collection and Processing of EU Personal Data is limited to the purposes for which it was collected as set forth in section 4 of the General Privacy Policy, unless further use has been subsequently authorized by you. DUKE Extrusion may also Process EU Personal Data for compliance with our legal obligations, internal and external auditing and due diligence, security. and fraud prevention, preserving or defending DUKE Extrusion’s legal rights.
  • DUKE Extrusion takes reasonable steps to ensure that the EU Personal Data it holds is accurate, complete, and current. We rely on you to update and correct your EU Personal Data, where necessary. If you wish to make a request to update or correct your EU Personal Data, please use the DUKE Extrusion Contact Details provided in Section 7 below.
  • Where DUKE Extrusion U.S. is acting as a data Controller, DUKE Extrusion may retain EU Personal Data as long as necessary for the Company to: (a) complete the purpose for which it was collected; (b) meet any applicable legal requirements; or (c) protect its legitimate interests, including with respect to actual or potential legal claims.

6) Access

  • DUKE Extrusion U.S. adheres to the Access Principle and Access Supplemental Principle.
  • You may obtain access to EU Personal Data that DUKE Extrusion holds which is relevant to you. You may also correct, amend ,or delete that information where it is inaccurate, or has been Processed in violation of the Principles. If you wish to request access to your EU Personal Data, please use the DUKE Extrusion Contact Details provided in Section 7 below.
  • DUKE Extrusion may limit or deny access as provided in the Principles, including where: (a) the rights of persons other than the requesting individual would be violated; or (b) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question.

7) DUKE Extrusion Contact Details

  • In compliance with the Principles, DUKE Extrusion U.S. commits to resolve complaints about our collection or use of your EU Personal Data. If you have queries or complaints about this Privacy Shield Policy or wish to exercise your rights under Sections 2, 5, 6 or 8, you should first contact DUKE Extrusion by: email at: customerservice@dukeempirical.com; or by telephone: 831-420-1104 (US) and ask for the DUKE Extrusion data protection officer.

8. Recourse, Enforcement and Liability

  • DUKE Extrusion U.S. adheres to the Recourse, Enforcement and Liability Principle, as well as the Verification and Dispute Resolution and Enforcement Supplemental Principles.
  • DUKE Extrusion has implemented a self-assessment procedure to verify its adherence to the Principles. If you have a query, concern or complaint about the application of this Privacy Shield Policy or the Processing of EU Personal Data by DUKE Extrusion U.S., we encourage you to first use the DUKE Extrusion Contact Details provided in Section 7 above.
  • DUKE Extrusion U.S. has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS (http://www.jamsinternational.com/) for more information or to file a complaint using the complaint submission form found here: http://www.jamsinternational.com/file-a-privacy-shield-safe-harbor-claim. The services of JAMS are provided at no cost to you. The JAMS complaint and recourse mechanism described here is available to individuals whose EU Personal Data has been collected or Processed by DUKE Extrusion under the Principles. The JAMS complaint and recourse mechanism is not available to individuals whose EU Personal Data has been collected or Processed by DUKE Extrusion under any other EU data transfer adequacy mechanism.
  • If your complaint is not resolved through DUKE Extrusion’s internal complaint procedure, or JAMS, you may be able, under certain conditions, to invoke binding arbitration pursuant to Annex I to the Principles. For further information, visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
  • DUKE Extrusion is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, which has jurisdiction over DUKE Extrusion U.S.’s compliance with the Privacy Shield.