Privacy Policy

General information

The purpose of this notice is to inform you about what personal information we collect whether this is through our website, the recruitment process or other interaction with the 2M Group of Companies. Surfachem, and its subsiduaries, are part of the 2M Group of Companies and for the purposes of this policy all references to 2M Group of Companies apply to Surfachem. We will also define how we use the information, whether the information is disclosed and the ways in which we protect your privacy.

We want you to feel secure when interacting with the 2M Group of Companies and are committed to respecting your privacy and complying with data privacy regulations, such as The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

 

Princible

Your personal data will be treated confidentially and in accordance with the statutory data protection regulations and this data protection declaration. As a rule, you can use our website completely without providing personal data. If personal data is collected on our website, this is always done on a voluntary basis as far as possible.

 

Your data and the 2M Group of Companies website

Whenever you visit this website, you consent to the collection, use and disclosure of that information in accordance with this privacy notice.
Non 2M Group of Companies websites linked to or from our website are not covered by this privacy notice and we do not accept any responsibility or liability for those websites.

How do the 2M Group of Companies collect my personal data through the website?
There are three ways in which the 2M Group of Companies websites collect your information:

  • Cookies and log files
  • Forms
  • User account

How do we use Cookies and log files?
These technologies enable us to identify what areas of the website you have visited and how you got there. We use the aggregated information from website visitors, for example aggregated information on the pages visited, to help us improve the design, performance and delivery of the website to provide a better user experience.

We use many different cookies on our website:

1. Session cookies
We use session cookies to ensure that you are recognised when you move from page to page within the website and that any information you have entered is remembered.

2. Persistent cookies
We use persistent cookies for website analytics and to improve website performance.

3. Third party cookies
We may use suppliers who also set cookies on our website on our behalf to deliver the services that they are providing.

For example, Google Analytics collect anonymised data- more information can be found at: http://www.google.co.uk/intl/en/analytics/privacyoverview.html and: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html

How to control cookies
Most browsers are set to automatically accept cookies. If you do not wish your progress through the website to be tracked then all recent versions of popular web browsers have the option to not accept cookies. However, by choosing not to accept cookies, some aspects of the website performance and user experience may be affected.

 

Cookies on this Website:

Cookie names Type of cookie First or Third party Can be blocked Session or Persistent Expiry Time Purpose

Change cookie-settings

Google Analytics

If you have agreed to this, this website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google uses so-called cookies, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

We only use Google Analytics with an anonymization function in which the IP address is shortened before it is transmitted by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to Google in the USA in exceptional cases and is only shortened there. Google analyzes the information collected and sends us reports on usage activities on our website and provides us with other services for this purpose. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.In addition to blocking all cookies by your browser, you can prevent Google from processing your data by using the browser plug-in available under the following link Download and install: https://tools.google.com/dlpage/gaoptout?hl=de. Further information on Google Analytics can be found in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=d. The legal basis for data processing for analysis purposes is your consent in accordance with. Art. 6 p. 1 lit. a GDPR.

Browser add-on to deactivate Google Analytics
The browser add-on for deactivating Google Analytics gives website visitors more control over which data is collected by Google Analytics on the websites they visit. The add-on informs the JavaScript (ga.js) of Google Analytics that no information about the website visit should be transmitted to Google Analytics. If you want to use this function, download the add-on and install it for your current web browser.

The browser add-on for deactivating Google Analytics is available for Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera.
Link: Browser add-onClick

 

Google – general information

You can find more information about data processing by Google in Google’s data protection information. There you can also change your settings in the data protection center so that you can manage and protect your data.

You can also find further information on the use of data for advertising purposes by Google, setting and objection options on the following Google websites: https://support.google.com/analytics/answer/6004245?hl=de (“Google Privacy Policy”) , https://www.google.com/intl/de/policies/privacy/partners/ (“Use of data by Google when you use our partners’ websites or apps”), https://www.google.com/policies/ technologies / ads (“data usage for advertising purposes”), https://www.google.de/settings/ads (“manage information that Google uses to show you advertisements”) and https://www.google.com/ ads / preferences / (“Determine which ads Google shows you”).

 

Google Web Fonts

We use so-called web fonts from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) to display fonts.
Google is certified for the “Privacy Shield” (https://www.privacyshield.gov/), which is intended to ensure compliance with the data protection level applicable in the EU. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://www.google.com/policies/privacy/.

 

How is my data collected through website forms?

We use forms on the website to enable you to easily contact the 2M Group of Companies about services, solutions and products that we can provide you with. We also use forms to enable access to resources or to register for events via our website. For example, we use forms to enable recorded access to white papers, videos or to register for conferences or webinars.

The information collected via forms enables us to understand what website users are interested in, which we use to improve the services, solutions, products, resources and events we provide you.

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “https: //” to “https: //” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

However, we would like to point out that data transmission over the Internet can have security gaps. A complete protection of the data against access by third parties is not possible.

 

Server-Log-Files

Each time you visit our website, your browser automatically sends certain information to the website server to enable communication between your browser and the server. This information is stored in so-called log files, which your browser automatically transmits to us. This is, for example, information about

• the browser type and version you are using,
• the operating system you are using,
• the website from which you came to the current page,
• Host name (IP address) of the accessing computer and
• the time of the server request.

These data cannot be assigned to specific persons. This data is not combined with other data sources. Subject to any statutory retention requirements, we delete or anonymize your IP address after you leave the website, unless otherwise stated in this data protection declaration and this is legally permissible.
In addition, we use the information transmitted to our server by your browser in anonymous form – i.e. without it being possible to draw any conclusions about you – to analyze and improve our services. In this way we can, for example, discover possible errors or determine on which days and at which times our website is used particularly heavily.

 

What information is collected through the 2M Group of Companies user accounts?

We have created user account functionality to enable regular users of the website to more easily download resources, register for events, access technical support or to contact us about services, solutions or products.

The information collected via user accounts enables us to understand what you are specifically interested in and to improve the services, solutions, products, resources and events we provide you. The user accounts also provide you with an easy to use management of your contact preferences and consent.

Below is the personal data collected when creating and using an account:

  • Name
  • Organisation name
  • Telephone (optional – if you wish for us to make contact via phone based on the consent provided)
  • Email (used as a unique field to create individual user accounts, to enable you to reset access to your account if required and to enable us to contact you via email based on the consent you have provided).
  • Job role – to enable us to provide you with relevant organisational role based information based on the consent and communication preferences provided.

 

How long will the 2M Group of Companies store my information?

Form data. We will hold the information provided through the forms for 12 months from collection.

 

The 2M Group of Companies use of social media

The 2M Group of Companies uses a wide range of social media channels and the processing of data within the channels is in line with the privacy policies and user agreements of each individual channel, as well as the relevant data protection regulations.

YouTube
Our website uses plugins from YouTube, operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. A connection to the YouTube servers is automatically established when you visit one of our pages equipped with a YouTube plugin. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your YouTube account. Further information on the handling of user data can be found in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies/privacy.

 

Your rights as a data subject and how you can assert them

If you have given your consent to the processing of your personal data, you can revoke this at any time with effect for the future. Such a revocation has no influence on the lawfulness of the processing before the revocation of the consent. If you object, we will no longer process your personal data, unless another (legal) legal basis allows this. However, if a revocation occurs and there is no other legal basis, we must delete the personal data immediately (Art. 17 Paragraph 2 lit. b) GDPR).

According to the applicable data protection law, you as the data subject have the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The right to information and the right to erasure may be restricted under certain circumstances according to national provisions of the applicable data protection law. You are also entitled to file a complaint with a data protection authority (Art. 77 GDPR).

Under certain circumstances, you have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data that is based on our legitimate interests (Art. 6 (1) (f) GDPR) to be filed (Art. 21 Para. 1 GDPR). In addition, if your personal data are processed for the purpose of direct mail, you have the right to object to the processing of your personal data for these purposes at any time, insofar as this is in connection with such direct mail (Art. 21 Para. 2 GDPR). In this case, we will no longer process your personal data for these purposes.

 

Recipient of the data

Processor
We can commission third parties to provide certain services for us as processors, in connection with which the third party can gain access to your personal data. This includes in particular services in the IT, e-mail, website and marketing sectors. The service providers we use are contractually obliged to take appropriate technical and organizational security measures to protect the personal data processed and to process them only in accordance with our instructions.

Other recipients
In addition, we can pass on your personal data to law enforcement and other authorities, legal advisers or other third parties in accordance with the applicable data protection law. The legal basis for this can be found in the necessity of data transmission for compliance with legal obligations (Art. 6 Para. 1 S. 1 lit. c) GDPR), to which we are subject, as well as in our legitimate interests (Art. 6 Para. 1 S. 1 lit.f) GDPR), such as the exercise or defense of legal claims.

Data transfer to third countries
Your personal data can be transmitted to recipients in third countries outside the European Economic Area (EEA) that do not guarantee an adequate level of data protection, such as the USA. Recipients in the US can post to the EU-U.S. Privacy Shield certified and thus guarantee an appropriate level of data protection from the point of view of EU data protection law. For example, data transfers to Google are based on the EU-U.S. Privacy Shields. Insofar as we transmit your personal data to third parties in countries that do not offer an adequate level of data protection from the point of view of EU data protection law, we base the transmission on suitable guarantees such as the standard contractual clauses adopted by the European Commission. You can request a copy of the relevant appropriate guarantees by contacting us using the contact details given at the end of this privacy policy. Access is restricted to recipients who need the relevant data to fulfill their tasks.

 

The 2M Group of Companies recruitment process

The 2M Group of Companies has recruitment personnel around the world looking for new people to join our wide variety of teams and disciplines, helping us to effectively and sustainably support our customers. As part of our recruitment process we advertise roles online and you can apply for these by completing the application form and providing us with your CV.

What happens to my personal data when I apply for a role with the 2M Group of Companies?

When you apply for one of the 2M Group of Companies vacancies your information is submitted to our secure applicant management systems. The data you submit will then be shared (via the system) with our HR Team, the relevant hiring manager and other people within the 2M Group of Companies who are part of the recruitment process for the role.

How long is my application information / personal information stored in the 2M Group of Companies applicant management systems?
Your personal information will be stored in the system for up to 12 months from submission. We retain your information in our system to help us maintain suitable records of how we manage the recruitment process and to help us improve and quality check the consistent approach we take.

There might also be other 2M Group of Companies roles that you would suit and by storing your application information on our secure systems we can make recommendations to you about other relevant roles. The information you submit is processed under the lawful basis of legitimate interest. You are entitled to know what information we hold about you and for this to be corrected if it is inaccurate.

 

The 2M Group of Companies business development process

Working with our suppliers, customers and prospective customers
To help deliver customers our wide range of products, services and solutions, the 2M Group of Companies maintains a customer relationship management (CRM) system. Any personal information stored in these systems is managed in line with contractual agreements, our Information Security Policy and processed on the legal basis of legitimate interest.

Marketing
We want to contact you with information about our products, services or solutions, as well as industry or regulatory information that you find relevant and useful. To manage this effectively we use consent as the lawful means for processing your personal data for marketing purposes. When requesting information from us, such as downloading technical information or through interaction with one of our employees at an exhibition or conference, we will collect your consent to do so and manage this through our secure systems.

You are entitled to know what information we hold about you and for this to be corrected if it is inaccurate.

 

General privacy questions

Can I access my personal information that the 2M Group of Companies is storing?
You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be corrected if it is inaccurate. In the next section you can find the details of how to contact us about your personal data.

How do I contact the 2M Group of Companies if I have a personal data question?
You can do this by addressing requests to: dataprotectionofficer@2m-holdings.com

How does the 2M Group of Companies store my data?
We take appropriate steps to maintain the security of your data, these are set out in our Information Security Policy.
You also have a responsibility to take reasonable steps to protect your data, for example protecting your password to your 2M Group of Companies website user account.

 

What is the legal basis for the processing of my data?

We want to enable you to have a clear understanding of the data we hold about you, how it is used and the approach we take to processing your data. Below details two approaches the 2M Group of Companies uses to process data:

Opt-in consent:
To keep you updated with information on our products, solutions, services, research and news we collect your consent at the point at which we collect your information. Your consent and the date consent is provided is stored on our secure systems to help us maintain an accurate record of how we collected and the reason for storing your information.

You have the right to withdraw your consent to the use of your data at any time. To contact the 2M Group of Companies for this purpose, please email gdpr@surfachem.com.

Legitimate interest:
There are a small number of instances where we process data under the lawful basis known as ‘legitimate interest’. When we adopt this approach, we carry out a legitimate interest test in accordance with the GDPR regulations to enable us to understand if it is an appropriate method.

Example: We use the legitimate interest approach to process your data during the recruitment process to most effectively support you in your application process when applying for a role within the 2M Group of Companies. This helps us to assess your CV and skills to match you with current and / or future vacancies within the 2M Group of Companies and provides mutual benefit, enable us to recruit efficiently and providing you with a wider range of job opportunities.

Data collection and processing on this website
We collect personal data from you when you provide it to us. This can e.g. be data that you enter in the contact form on this website, such as Your name or email address. We use this data to answer your request and do not pass the data on to third parties without your consent. The data processing takes place on the basis of your consent or our legitimate interests in processing your request in accordance with Art. 6 para. 1 sentence 1 lit. a or f General Data Protection Regulation (“GDPR”).
In addition, we collect data via our IT systems when you visit our website. This data is collected automatically as soon as you visit the website. Some of the data is collected in order to ensure that the website is error-free. Other data can be used to analyze your user behavior. We process this data either on the basis of your consent or on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with. Art. 6 para. 1 sentence 1 lit. a or f GDPR. Your data will not be passed on to third parties without your express consent, e.g. for advertising purposes.

 

What type/category of data does the 2M Group of Companies store?

As defined through this privacy notice, the 2M Group of Companies collects and manages ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

The 2M Group of Companies also collects a limited amount of sensitive personal data also known as ‘special categories of personal data’ and will collect your consent when doing so.

Will the 2M Group of Companies share my information?
The 2M Group of Companies does not sell individuals’ information. We will share it only with our authorised Data Processors, who must always act on our instructions as the Data Controller under relevant data protection laws including GDPR. An example of an authorised Data Processor is the company we use to obtain a psychometric assessment of an applicant’s working style.

Changes to this privacy notice
We may change this notice from time to time and any changes will be posted to this page.

 

 

Email Marketing

As a business, we use direct email to contact customers who have historically purchased materials, ordered samples or made enquiries.

Any emails sent will be targeted to specific markets to ensure relevance.

All users retain the right to unsubscribe from marketing emails at any time.

Email Marketing (3rd Party Processing)

As a business we use MailerLite as a third-party data processor.

MailerLite data servers are located within the European Union.

The legal basis for email marketing is Art. 6 para. 1 p. 1 lit. a DS-GVO; § 7 para. 3 UWG.

We have appointed a data protection officer in our company:

Lawyer Sascha Weller, IDR – Institut für Datenschutzrecht
Ziegelbräustraße 7
85049 Ingolstadt

Phone: +49 (0)841 – 885 167 15
E-Mail: ra-weller@idr-datenschutz.de
Web: www.idr-datenschutz.de