Hexagon privacy notice
Effective from 30 September 2022
Hexagon AB, its subsidiaries and controlled joint ventures (“Hexagon” or “we” or “us”) respect your privacy. This privacy notice explains how we collect, store, use, disclose, retain and transfer (hereinafter “process”) your personal data on our websites and inform you about your rights. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, and your location. Our privacy notice is designed to make it easier for you to locate the information most relevant to you.
We may change this privacy notice by posting the revised version on this website and indicating the effective date of the revised privacy notice.
This privacy notice applies only to the processing on a website that links to this privacy notice and not to other websites or applications that may have their own privacy notice, or which are operated by third parties. We may provide links to other websites and applications which we believe may be of interest to you. Unless stated otherwise in this privacy notice we do not control and are not responsible for the processing on third-party websites. We encourage you to carefully read the privacy notices of any website you visit.
PROCESSING IN THE CONTEXT OF THE BUSINESS RELATIONSHIP
We may process your personal data in the context of the business relationship, for the purposes of
- entering into and terminating a contractual relationship with you or your company;
- exercising our rights and performing our contractual obligations, e.g., licensing of software products, provision of services, invoicing, responding to your service requests, enabling you to access white papers, videos, webinars and other website content, and exercising or defending legal claims;
- maintaining and protecting the security of our products, solutions, services and websites, preventing and detecting security threats;
- detecting and combating fraud or other criminal or malicious activities, e.g., protecting and enforcing our intellectual property rights;
- ensuring compliance with legal obligations (such as record keeping obligations), compliance due diligence (such as export transaction screening), and our policies or industry standards.
We may obtain personal data from you which you have actively provided by filling in our webforms or by using our online products and services, or which has been generated by us in connection with such use, or collected from third parties or public domain (e.g., integrity background and restricted party checks) and includes the following categories of personal data:
- Contact information and further personal data related to the business relationship that you provide by filling in our webforms, such as full name, job position, address, telephone number, mobile phone number, fax number and email address;
- Biographical information, which may include details of your social media presence, your education degrees, previous professional experiences, skills, and other relevant information you provide to us on our recruitment platforms by filling in our webforms or by submitting it in a free-style form;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Content information about you or provided by you, such as content of your support request, or comment or forum post;
- Further information related to the business relationship observed by us, such as personal data relating to orders placed, payments and requests made, your interests, preferences, information about how you use our products and services; and
- Personal data collected from publicly available resources, integrity data bases and credit agencies.
The legal basis for processing your personal data are:
- Contract Performance: entering into and terminating a contractual relationship with you and exercising our rights and performing our obligations under any contract with you;
- Legitimate interest of Hexagon and/or your company after balancing them with your rights and freedoms: entering into and terminating a contractual relationship with your company and exercising our rights and performing our obligations under any contract with your company; maintaining and protecting the security of our products, solutions, services and websites; preventing and detecting security threats, fraud or other criminal or malicious activities;
- Legitimate interest of Hexagon after balancing them with your rights and freedoms: identify unauthorised use and users of software, and otherwise to protect and enforce intellectual property rights, export screening;
- Compliance with our legal obligations: compliance due diligence, record retention;
- Consent: information actively and voluntarily provided by you in a free-style form or as comment or forum post.
PROCESSING IN THE CONTEXT OF MARKETING AND CUSTOMER’S SURVEYS
We may process your personal data in the context of the marketing and customer’s surveys, for the purposes of:
- Informing you via any means (including via email, telephone, text message, social media, post, or in person) about our products, services, publications and events which we think may be of interest to you and your company, e.g., based on previous purchases and interest shown in Hexagon’s products and services;
- Carrying out customer satisfactions surveys to obtain feedback on how we can improve our products and services;
- Obtaining customers testimonials, comments and reviews to provide reviews to our client base in support or otherwise, of our products, services and software.
We may obtain personal data from you which you have actively provided by filling in our webforms or using our online products and services, or provided by your company or third parties and includes the following categories of personal data:
- Contact information that you provide by filling in our webforms, or provided by your company or a third party event organiser, such as full name, job position, address, telephone number, mobile phone number, fax number and email address; and
- Content information about you or provided by you, such as content of the customer satisfactions surveys, testimonials, comments and reviews;
Unless we explicitly request your consent to process your personal data, we rely on Hexagon’s and your company’s legitimate interest to process your personal data for our direct marketing and customer’s surveys. You can opt out of processing for direct marketing purposes by clicking on the “Unsubscribe” link situated within any marketing communication sent to you. You also have the right to object to the processing at any time by exercising your rights by emailing email@example.com. Where you withdraw your consent or unsubscribe (as applicable) from direct marketing, we will not process your personal data for the purposes of direct marketing.
PROCESSING IN THE CONTEXT OF VISITING HEXAGON WEBSITES
Our websites utilize the One Trust cookie manager to automate the management of cookies and allow you to control which cookies are placed on your device. The legal basis for processing your personal data is your consent given through the One Trust cookie manager.
PROCESSING IN THE CONTEXT OF VISITING HEXAGON SOCIAL MEDIA PAGES
You may interact with us on the following social media platforms: Facebook, Instagram, LinkedIn, Twitter, Xing and YouTube. Unless stated otherwise in the following, the applicable social media platform provider is solely responsible for the processing of your personal data when you visit our company page on the social media platform. To learn more about the processing of your personal data by the social media platform providers please read their respective data privacy statements.
Facebook and LinkedIn provide us with the anonymous statistics and insights about the visitors to our company pages on their platforms (“Page Insights”). Although we obtain only anonymous data, the compilation of the Page Insights is based on the previous processing of personal data by the social media platform provider. We take part in these processing by defining the parameters of the Page Insights provided to us and are, therefore, jointly responsible with the social media platform provider for the processing of personal data for creating Page Insights. This processing serves our legitimate interest of analyzing the types of actions carried out on our page and improving our page based on these findings. We entered into agreements with Facebook and LinkedIn on processing as joint controllers for creating Page Insights. The distribution of legal data protection obligations between us and the respective social media platform provider is set out in these agreements. For more information please read the joint controller agreements: LinkedIn Joint Controller Addendum Facebook Joint Controller Addendum - Applies the processing of personal data for creating Page Insights on our Instagram and Facebook pages.
To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.
TRANSFER OF YOUR PERSONAL DATA
The following categories of recipients have, or may have access, to your personal data:
- Hexagon companies and third parties on a need-to-know basis which provide services to you/your company within the scope of the business relationship;
- Service providers, acting as processors on our behalf, where necessary in order to perform their services for us (such as our cloud service or system providers);
- Law enforcement authorities and regulators, attorneys, consultants in connection with complying with our legal obligations or establishing, exercising or defending rights or claims;
- Content published by you on our websites’ offering (such as chat rooms or forums) may be globally accessible to other registered user of the respective offering.
In the event that we transfer, including making available, your personal data outside the European Economic Area, we will only transfer it to the recipient that is either located in a country that offers an adequate level of data protection as determined by the European Commission, or has entered into EU Standard Contractual Clauses with us after we have ensured through a risk assessment and/or implementation of supplementary measures that the recipient can comply with them.
Where we transfer, including making available, your personal data outside of your home country, the transfer will comply with the applicable laws.
For transfers from the European Economic Area: we will only transfer your data to the recipient that is either located in a country that offers an adequate level of data protection as determined by the European Commission, or has entered into EU Standard Contractual Clauses with us after we have ensured through a data transfer impact assessment and/or implementation of supplementary measures that the recipient can comply with them.
For transfers from the UK: we will only transfer your data to the recipient that is either located in a country that offers an adequate level of data protection as determined by the UK adequacy regulations, or has entered into International Data Transfer Addendum to the EU Standard Contractual Clauses with us after we have ensured through a data transfer impact assessment and/or implementation of supplementary measures that the recipient can comply with them.
Unless indicated otherwise at the time of the collection of your personal data, we will retain your personal data for as long as it is necessary to fulfil the purpose of the processing, e.g., for the duration of the business relationship and any applicable statutory limitation periods thereafter, or as long as necessary to comply with our legal obligations, such as retention obligations under tax or commercial laws or the resolution of disputes.
You are entitled to know what personal data we are processing about you. You have the right to request access to your personal data and you can request that we provide a copy of such data to you. You are entitled to have incorrect personal data regarding you corrected, and in some cases you may request that we delete your personal data. You also have the right to object to certain processing of your personal data, and request that the processing of your personal data be limited. Limitation or deletion of your personal data may result in Hexagon not being able to fulfil its commitments to you. You also have the right to request data portability, where your personal data would be extracted in a machine-readable format and transferred to another controller. Hexagon may not always be obliged to comply with a request from you for deletion, restriction, objection or data portability. Additional circumstances such as exercising the right of freedom of expression and information, compliance with a legal obligation or processing for establishment, exercise or defence of legal claims can justify further processing by Hexagon. Hexagon will assess the eligibility of your request and inform you about Hexagon’s decision and reasoning. Where you have given us your consent to process your personal data, you can withdraw your consent at any time and without justification. Where you withdraw your consent, certain personal data (only to the extent that it is absolutely required), will be retained on our “do not contact” list.
You may exercise your rights by emailing firstname.lastname@example.org
OBJECTIONS AND COMPLAINTS, PRIVACY TEAM CONTACT
Our Privacy Team led by the Group Privacy Officer will support you with any data privacy related queries, concerns, comments, or complaints. You may contact our Privacy Team at email@example.com.
In addition, you have the right to lodge a complaint with the relevant data protection supervisory authority, where the applicable laws provide for such remedy, e.g., in the countries of the European Economic Area. The contact details of the data protection supervisory authorities within the European Economic Area are available here.
IDENTITY OF THE CONTROLLER
Hexagon AB, Swedish Company Registration Number 556190-4771, Lilla Bantorget 15, P.O. Box 3692, SE-103 59 Stockholm, Sweden, its subsidiaries and controlled joint ventures are the joint controllers. As such we jointly determine the purposes, scope and means of processing your personal data that takes place on our websites. In particular, we jointly decide which personal data and for which purposes to collect and which databases, platforms, applications and tools to use for the processing. All Hexagon companies have contractually agreed to comply with the appropriate technical and organisational measures to protect your
personal data and provide each other the necessary assistance for fulfilling your requests and handling data breaches. This also includes ensuring that reporting and notification obligations are fulfilled.
Although you can assert your rights against each Hexagon company, Hexagon AB was assigned the responsibility to inform you about the joint processing of your personal data and to be the central point of contact for your requests. Any Hexagon company that will be contacted directly by you will coordinate with other Hexagon companies in order to respond to your inquiry and to guarantee your rights as a data subject.
You may contact us at firstname.lastname@example.org
FOR CALIFORNIA RESIDENTS ONLY
The purpose of this section is to provide information to California residents pursuant to the California Consumer Protection Act of 2018 (CCPA). Personal data also includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a “consumer” or “household” as defined therein. We do not and will not sell your personal data to third parties.