Website Privacy Notice – For The rest of the world
Thank you for visiting our website. At PHINIA we take data protection very seriously. We have developed this Notice in particular to clearly inform you about how we collect, use, disclose and otherwise process Personal Data as required by applicable law or as we require in the course of fulfilling our professional responsibilities and operating our business as well as about your rights under GDPR, APPI and other applicable laws. Please find descriptions of all definitions used in Annex 1 of this Notice.
1. For whom is this Notice?
This Notice covers our processing of Personal Data under applicable data protection law and regulations with respect to our website.
Should you apply online for a position at PHINIA or one of its Affiliates the Candidate Privacy Notice available here will specifically address how PHINIA processes your Personal Data for recruitment purposes.
By making this Notice available to you, we comply with our information obligations under such law or regulation. In certain cases, the information provided in this Notice is only applicable based on your location (e.g., within Japan, Taiwan or the EEA/UK); where this is true, we will address which information is applicable to you expressly in the Notice. Please note that this Notice shall not confer upon you any rights or obligations that are not conferred upon you by law and regulations.
In this Notice we inform you of the personal information categories we collect and the intended use purposes for each category. Your personal information may be used by our Affiliates and by third party processors in accordance with such use purposes as explained below. We will also notify you (and obtain your consent, where required by applicable law) if we collect additional personal information categories or use personal information for unrelated purposes.
2. Who are we and how can you contact us?
The controller of your Personal Data is PHINIA Technologies Inc., 3000 University Drive, Auburn Hills, MI 48326, United States of America.
In any case, you may always contact PHINIA´s Compliance Office with respect to questions about this Notice, the processing of your Personal Data in general and to exercise your rights towards PHINIA as outlined below under no. 8.
3. Where do we collect your data and what types of data are collected?
With your consent (where required by applicable law), we collect your Personal Data when you use, navigate through, search on, contact us via or register as a potential supplier on the Website. This concerns the following categories of Personal Data:
- Identification details (should you contact us or register as a potential supplier), such as first name and last name;
- Contact details (should you contact us or register as a potential supplier), such as email address, phone number, fax number and address (among others ZIP code, city state, country);
- Message details, i.e., data related to your messages sent to PHINIA via the Website, such as the company you work for/on behalf of which you contact PHINIA, country in which you are located, area of interest on which your message is based and the contents of your message;
- Supplier registration details, i.e., data related to registration as potential supplier, such as company name, country, and job title;
- Press distribution list details, i.e., data related to registration to the press distribution list, such as position, company name, publisher website and region;
- Website activity data, such as your IP address, the name of your internet service provider, the operating system and the browser you use, browser language the date, time and duration of your visit to the Website, the name(s) of the visited pages and the Internet address of the website from which you accessed the Website;
- Location information, such as general location information (e.g., city/state and/or postal code associate with your IP address);
You are generally not required to provide your Personal Data to us. However, in order to facilitate access to the Website and features provided via the Website, we require certain Personal Data (e.g., contact details if you contact us as we are otherwise unable to respond). Hence, if you do not provide such Personal Data, we might not be able to provide all features available via the Website to you (e.g., contacting PHINIA via the Website, registration as potential supplier).
APPENDIX 1:
How is your data used (purposes and legal bases)?
4. General
We process your Personal Data for the purposes set forth in the table below. With respect to some specific purposes of processing (e.g., provision of newsletters) you will find additional information below the following table. We do not sell your Personal Data to any other company.
With respect to Website users in the US, the legal bases for such processing are in accordance with the CCPA and other relevant US laws and regulations.
With respect to Website users in Taiwan, the legal bases for such processing are in accordance with the PDPA and other relevant Taiwan laws and regulations.
For Website users within the EEA/UK we rely on the legal bases listed in the table below. Where relevant, the legitimate interest we pursue is included in the table below as well. The relevant legal bases for users within the EEA/UK are:
- Performance of a contract (including processing necessary to take steps at your request prior to entering into a contract) (Art. 6 (1) (b) GDPR);
- Compliance with legal obligations (Art. 6 (1) (c) GDPR);
- Legitimate interests (Art. 6 (1) (f) GDPR); and
- Consent (Art. 6 (1) (a), Art. 7 GDPR).
Purpose of processing Legal basis (EEA/UK) Legitimate interest (where relevant) (EEA/UK) Categories of Personal Data To provide the Website Legitimate interests We have a legitimate interest in making an Internet site available in order to present and develop our business. Website activity data, location information To provide a protected website area for suppliers (i) Performance of a contract if you are contractual partner of PHINIA or (ii) legitimate interest (e.g., if you are a contact person at a supplier)
We have a legitimate interest in providing a protected website area to suppliers.
Identification details, contact details, supplier registration details
To contact you and provide you with information, which you have requested Performance of a contract or - where this is not the case - legitimate interests
We have a legitimate interest in communicating with you upon your request. Identification details, contact details, message details, supplier registration details, press distribution list details To improve our services, goods and the Website Legitimate interests
We have a legitimate interest in developing and improving our services, goods and the Website in order to preserve and grow our business. Website activity data, location information To collect statistical information about the use of this website (web analytics) Legitimate interests
We have a legitimate interest in analyzing the usage of the Website in order to improve it. Website activity data, location information To determine disruptions and to ensure the security of the Website and our systems, including the detection and tracing of (the attempt of) unauthorized access to our web servers (i) Compliance with our legal obligations regarding data security or (ii) - where no such obligations exist - legitimate interests
We have a legitimate interest in resolving disruptions and ensuring the security of the Website and our systems. Website activity data, location information, identification details To provide you with direct marketing communication (such as a newsletter) regarding products and/or services we offer (including via email) (i) Consent or (ii) – where lawful under applicable national direct marketing rules – our legitimate interests
We have a legitimate interest in marketing our products and/or services. Identification details, contact details, supplier registration details, press distribution list details, location information To enable corporate transactions (including sale of all or part of our asset(s) and/or activity(ies)) Legitimate interests We may have a legitimate interest in disclosing information to (potential) buyers or acquirers and their external counsels in certain scenarios. Identification details, contact details, message details, supplier registration details, press distribution list details To safeguard our rights Legitimate interests We have a legitimate interest in the establishment, exercise and defense of legal claims. Identification details, contact details, message details, supplier registration details, press distribution list details, website activity data, location information To comply with legal obligations to which we are subject (e.g. deriving from tax law, or foreign trade law) Compliance with legal obligations N/A Identification details, contact details, message details, supplier registration details, press distribution list details, website activity data, location information Sanction list screenings (i) Compliance with our legal obligations or (ii) - where no such obligations exist - legitimate interests We have a legitimate interest in complying with sanction regulations applicable to the PHINIA group in various jurisdictions. Identification details, contact details, supplier registration details To carry out compliance investigations Legitimate interests We have a legitimate interest carrying out compliance investigations to safeguard that we comply with our legal obligations. Identification details, contact details, message details, supplier registration details, press distribution list details, website activity data, location information For any of the above listed purposes it might be necessary to transfer data to our Affiliates (i) consent where the relevant processing activity listed above relies on consent or (ii) legitimate interests We, as part of the PHINIA group, have a legitimate interest in transferring your Personal Data within the group for internal administrative purposes. The data categories correspond to those listed with respect to the relevant purpose for processing. In some cases, for example for Website users within PRC and Singapore, your Personal Data may be collected, used, disclosed, and processed for the above mentioned purposes based on your consent. Where we process your Personal Data for purposes not mentioned in this Notice, we will obtain your consent for such processing (as may be required by applicable law). Website users within the EEA/UK be informed about the purposes of such processing prior to being asked to give consent
5. Log files
As indicated in the table above, we save log files including website activity data for the purpose of determining disruptions and ensuring security of the Website and our systems.
We also use such log files for website analytics by means of cookies; for further information on our use of cookies please visit our Cookie Notice.
6. Direct Marketing and Newsletter
As mentioned above, we may use your Personal Data to let you know about our products and services that we believe will be of interest to you and/or provide you with our newsletter. We may contact you by email or through other communication channels that we think you may find helpful.
If you subscribe to a newsletter, we will process your Personal Data in order to dispatch the newsletter based on your consent. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you. You may ask us to stop direct marketing and withdraw your consent at any time, without affecting the lawfulness of processing based on such consent before its withdrawal, by cancelling the subscription by clicking on the respective link provided in each newsletter or contacting PHINIA`s Compliance Office.
7. Cookies
PHINIA uses cookies to improve Website performance and enhance the user experience for those who visit the Website.
Cookies which are not strictly necessary for the provision of the Website will only be stored on your device and accessed based on your consent. You may withdraw such consent at any time, without affecting the lawfulness of processing based on such consent before its withdrawal, by accessing our consent management platform available here. Further information on our use of cookies can be found in our Cookie Notice.
8. Who has access to your information (recipients)?
Within PHINIA, only authorized PHINIA employees with appropriate responsibilities have access to your Personal Data. In addition, we may share your Personal Data with the categories of recipients mentioned in this section.
9. With your consent (where required by applicable law), we may share your Personal Data with service providers that process Personal Data on our behalf in the jurisdictions mentioned below, and subject to our instructions as so-called processors, for the purpose of providing their professional services to us:
- IT service providers (hosting services) (EEA, USA, UK, Taiwan)
- Newsletter service provider (handling and dispatch of newsletter) (EEA)
- Provider of website analytics tools (website analytics) (EEA, USA)
- Web agency developing functions and maintaining operation of website (EEA)
Where we share your Personal Data with these service providers, we will – as required by law - put in place contracts to ensure they process your Personal Data in accordance with our instructions and to adopt security measures to protect your Personal Data.
10. With your consent (where required by applicable law), we may share your Personal Data with the following third parties:
- Other entities of the PHINIA Group: We may share your Personal Data with Affiliates for the purposes listed in no. 4 above. For Website users within Japan, PHINIA Inc. is responsible for management of your Personal Data jointly used within PHINIA group. The name of the representative persons of PHINIA Inc. is available at PHINIA.com/company/leadership .
- Other third parties (data controllers):
- State authorities (including tax authorities and law enforcement agencies) for the purpose of compliance with laws and regulations applicable to us
- Consultants (lawyers and auditors) for the purpose of compliance with legal obligations, corporate transactions and safeguarding our rights
- Courts for the purpose of safeguarding our rights
- Potential buyer or acquirer of all or part of our asset(s) and/or activity(ies) for the purpose of corporate transactions
For Website users within the EEA/UK the legal bases relevant for the transfer of Personal Data to third parties can be found in no. 4 above.
11. Do we transfer your data internationally (third country transfers)?
Some recipients of Personal Data may be located outside the EEA/UK and/or outside of the countries which you reside in (e.g. outside of Japan, China, Singapore) and these countries may not offer a level of protection equivalent to the one granted in your jurisdiction.
Where Personal Data of Website users from the EEA/UK is transferred to locations outside the EEA/UK, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 45 GDPR) or the transfer is subject to appropriate safeguards provided by entering into standard data protection clauses of the European Union or the UK equivalent with the recipient (Art. 46 GDPR) unless GDPR provides for an exception or you have given explicit consent (Art. 49 GDPR). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.
Where Personal Data of Website users from Japan is transferred to locations outside Japan, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 28.1 APPI) or the transfer is subject to appropriate safeguards provided by entering into an appropriate data processing agreement (Art. 28.1 APPI) APPI provides for an exception or you have given explicit consent (Art. 28.1 APPI). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.
For Website users from PRC or Singapore, where your Personal Data is being transferred or shared outside of your country of residence, we will, as required by applicable law, put in place contractual and other measures to ensure your Personal Data is provided with protection that is at least comparable to that required under applicable law in your jurisdiction.
Where Personal Data of Website users from Taiwan is transferred to third parties or to locations outside Taiwan, we will, as required by law, ensure that your privacy rights are adequately protected by undertaking contractual supervision of such third-party recipients.
A copy of the standard data protection clauses of the European Union can be found at: https://www.PHINIA.com/legal/euscc. If you would like to know which of the clauses apply to a specific transfer or for copies of other safeguards please contact PHINIA`s Compliance Office.
12. How long do we store your data?
General
Your Personal Data will generally only be stored until the Personal Data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed).
As an exception, Personal Data may be stored longer where their processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defense of legal claims.
Log Files
We save log files including website activity data for the purpose of determining disruptions and ensuring security of the Website and our systems for a period of 7 to 10 days and deleted them thereafter; log files which need to remain stored for evidence purposes are excluded from deletion unless the respective incident has been resolved and may be forwarded to investigating authorities on a case-by-case basis.
Newsletter
With respect to newsletters your Personal Data actively provided by you when registering to the newsletter will be stored as long as the newsletter subscription is active; your consent will be stored for up to three further years, depending on the respective standard limitation period.
Cookies
Cookies not deleted by you will expire after the time span indicated in the CMP.
What rights do you have with respect to your Personal Data?
8.1 Rights of users located in the EEA/UK
You have the following rights under GDPR provided that the legal requirements therein are met:
Right of access. You may request information about the processing of your Personal Data and a copy of the Personal Data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
Right to rectification. You may request correction of your Personal Data that is inaccurate and/or completion of such data which is incomplete.
Right to erasure. You may request deletion of your Personal Data, in particular where (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your Personal Data has been unlawfully processed or (iv) your Personal Data has to be erased for compliance with a legal obligation to which we are subject. The right to deletion, however, does not apply in particular where the processing of your Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
Restriction of processing. You may request restriction of processing (i) for the period in which we verify the accuracy of your Personal Data if you contested the accuracy of the Personal Data, (ii) where the processing is unlawful and you request restriction of processing instead of deletion of the data, (iii) where we no longer need the Personal Data, but you require the data for the establishment, exercise or defense of legal claims or (iv) if you objected to processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.
Right to data portability. You may request to receive your Personal Data, which you have provided to us, in a structured, commonly used machine-readable format and transmit those data to another controller without hindrance from us, where the processing is based on consent or a contract and the processing is carried out by automated means; in these cases you may also request to have the Personal Data transmitted directly to another controller where this is technically feasible.
Right to withdraw consent. You may withdraw your consent at any time for the future where processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to object You have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data which is based on our or a third party’s legitimate interest. We then will no longer process your Personal Data for the purpose to which you have objected unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Where we process your Personal Data for direct marketing purposes, you have the right to object at any time to processing of your Personal Data for such direct marketing. We then will no longer process your Personal Data for direct marketing purposes. |
---|
You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of an alleged infringement if you consider that the processing of your Personal Data infringes the GDPR.
A list of the European supervisory authorities can be found here.
France – Right to digital legacy. Should you be located in France, you additionally have the right to define (general or specific) directives regarding the fate of your Personal Data after your passing.
Please address your requests to exercise your rights to PHINIA´s Compliance Office (except for the right to lodge a complaint with a supervisory authority).
8.2 Rights of users located in Japan
Right to access. You may access your Personal Data and record of transfer we are keeping about you, if applicable.
Right to correct, add and delete incorrect or incomplete Personal Data. If the Personal Data we have pertaining to you are incorrect or incomplete, you are entitled to have the Personal Data corrected, added or deleted.
Right to erase and cease of processing. You have the right to request deletion of or cessation of processing of your Personal Data if your Personal Data has been used beyond the scope necessary to achieve the purpose for which they were collected, processed or obtained by deceit or in violation of the APPI, if our use of your Personal Data triggers illegal acts, are no longer necessary in relation to the purposes for which they were collected, compromised or otherwise processed in a manner which could harm the rights or legitimate interest of you. We may be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.
Right to cease of transferring to third parties. You have the right to request cessation of transferring of your personal data if your personal data is transferred to a third party in violation of the APPI or the transfer could harm your rights or legitimate interest.
Other rights. If you have any complaints regarding our processing of your Personal Data, questions on the this Notice, our use of your Personal Data or our data protection measures implemented, and/or want to confirm the measures to exercise your privacy rights above, please contact PHINIA´s Compliance Office.
8.3 Rights of users located in the US
You have all rights as set forth in this Notice, which include the following rights:
To opt-out of collection and use of Personal Information (PI)
Disclosure of or access to your PI
To data portability
To delete and correct your PI
To restrict/object to processing
To object to automated decision-making
To non-discrimination
Please address your requests to exercise your rights to PHINIA´s Compliance Office.
8.4 Rights of users located in the PRC
You have certain rights as set forth in this Notice, which include the following rights:
To access and obtain a copy of your Personal Data
To request details of processing and of handling rules
To limit/withdraw your consent at any time
To correct your Personal Data
To delete your Personal Data, in certain circumstances
To transfer your Personal Data to a designated third party, where technically feasible in doing so
To de-register your account, if you have registered for an account
To lodge a complaint with us or the relevant authority
Please address your requests to exercise your rights to PHINIA´s Compliance Office.
8.5 Rights of users located in Singapore
To withdraw your consent at any time
To request access to any of your Personal Data that we may hold, and how your Personal Data has been used and disclosed by us in the 12 months prior to your request
To lodge a complaint
8.6 Please address your requests to exercise your rights to PHINIA´s Compliance Office. Rights of users located in Taiwan
You have all rights as set forth in this Notice, which include the following rights:
the right to make an inquiry of and to review your personal data
ii. the right to request a copy of your personal data;
iii. the right to supplement or correct your personal data;
iv. the right to demand the cessation of the collection, processing or use of your personal data; and
v. the right to request erasure of your personal data.
Please address your requests to exercise your rights to PHINIA´s Compliance Office.
- No automated decision-making
In the context of this Website no automated decision-making takes place.
Changes to this Notice
We reserve the right to amend or modify this Notice at any time to ensure compliance with applicable laws. Please check regularly whether this Notice has been updated. We will obtain your consent to any material changes to this Notice, as required by applicable law.
This Notice has been updated last in June 2023.
Annex 1 – Definitions
The terms and expressions in capital letters used in this policy have the meanings set forth below. Additionally, the definitions included in Art. 4 of the GDPR shall apply.
“Affiliate” shall mean PHINIA Inc. and any entity which directly or indirectly controls, or is controlled by, PHINIA Inc. ‘Control’ means direct or indirect ownership or domination of more than 50% of the voting interest of the respective entity.
“APPI” shall mean the Act on the Protection of Personal Information.
“PHINIA” shall mean PHINIA Inc., 3850 Hamlin Rd., Auburn Hills, MI 48326, United States of America.
“CCPA” shall mean the California Consumer Privacy Act.
“CMP” shall mean the consent management platform integrated into the Website where required by applicable law.
“Controller”, “we”, “us”, “our” shall mean the PHINIA entity which is controller of your Personal Data according to no. 2 in the Notice.
“EEA” shall mean European Economic Area.
“GDPR” shall mean the General Data Protection Regulation (Regulation (EU) 2016/679) or UK GDPR where UK GDPR is relevant.
“Notice” shall mean this website privacy notice (EEA).
“Personal Data” shall mean any information relating to an identified or directly or indirectly identifiable living individual, or otherwise as defined in applicable law.
“Personal Identifiable Information” or “PII” shall mean any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
“PDPA” shall mean Personal Data Protection Act in Taiwan.
“PRC” shall mean People’s Republic of China, excluding for the purpose of this Notice, Hong Kong SAR, Macau SAR, and Taiwan.
“UK” shall mean United Kingdom.
“UK GDPR” shall mean the GDPR as transposed into UK national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 and other data protection or privacy legislation in force from time to time in the UK.
“US” shall mean the United States of America.
“Website” shall mean the website you are visiting on which you accessed this Notice.