Privacy Policy of Heraeus Customer Platform

Data protection is a subject of special importance for Heraeus Customer Platform: Heraeus collects and processes personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.

This Privacy Policy provides information of the type of personal data collected and processed by Heraeus and how Heraeus uses the personal data which are generated when Customers/Users access the Heraeus Customer Platform. This Privacy Policy applies only to the Heraeus Customer Platform and not to any other website or platform of Heraeus companies.

Background

Heraeus (China) Investment Co., Ltd.(hereinafter referred to as “HCI”), whose address is Building 5, No. 406, Guilin Road, Xuhui District, Shanghai, operates under www.shop.heraeus-elctronics.cn a B2B platform (hereinafter referred to as "Heraeus Customer Platform") exclusively for registered customers (hereinafter referred to individually as “Customer” and collectively as "Customers") in Mainland China (for the purpose of this privacy policy only, not including Hong Kong Special Administrative Region, Macao Special Administrative Region and Taiwan Region).

The Heraeus Customer Platform is a platform designed for certain Heraeus companies to offer their services and/or products. The term "Heraeus companies" means all companies which are under the common control of Heraeus Holding GmbH, i.e. companies in which Heraeus Holding GmbH holds, directly and/or indirectly, the majority of shares or equities. Heraeus Zhaoyuan Precious Metal Materials Co., Ltd. (hereinafter referred to as “HZPM”) and Heraeus Zhaoyuan (Changshu) Electronic Materials Co., Ltd. (hereinafter referred to as “HZCM”), each a Heraeus company, will act as the business partner of the Customers in the Heraeus Customer Platform, but not the operator of the Heraeus Customer Platform. The Heraeus Customer Platform is operated exclusively by HCI. HCI, HZPM and HZCM hereinafter are collectively referred to as "Heraeus".

Heraeus is committed to comply with the applicable data protection legislation in Mainland China and any other relevant jurisdictions in order to protect the personal data of Customers and of the persons activated by registered Customers (hereinafter referred to individually as “User” and collectively as "Users"). This Privacy Policy only applies to Customers who are registered and Users who have been activated by registered Customers. A registration directly via the Heraeus Customer Platform is not possible. If any individual or entity wishes to be registered as a Customer of Heraeus, please contact Heraeus at the e-mail of CS-HET-CN@heraeus.com .

Customers/Users have the right to protect their own interests as the data subject in accordance with applicable laws and regulations, including but not limited to request confirmation of whether their data is being processed, to revoke their consent for data processing if personal data is processed on the basis of consent, to object to the data processing at any time, to request the deletion, rectification and restriction of their personal data. To access for a copy of, review, rectify or delete personal data held by Heraeus, please contact Heraeus at the e-mail of CS-HET-CN@heraeus.com . While Heraeus will make reasonable efforts to accommodate this request, Heraeus also reserves the right to impose certain restrictions and requirements on such access requests, to the extent that it is allowed or required by applicable laws.

If there is any questions, comments or concerns about this Privacy Policy or the data protection/privacy practices or data processing of the Heraeus Customer Platform, please contact the Heraeus Data Protection Officer at the e-mail of dataprotection@heraeus.com .

1. How Heraeus collects data through Heraeus Customer Platform

Heraeus will collect and process data exclusively for the purpose of the Customers' registration for the Heraeus Customer Platform and for the conclusion of legal transactions with HZCM and/or HZPM on the Heraeus Customer Platform. This data includes personal data such as first names and last names of Customers and Users, their phone numbers and e-mail addresses, as well as the job title and company by whom they are employed. It may also collect and process business data, contact details and order details which a User provides when it registers as a User. For this purpose, Heraeus uses Azure Active Directory service of Microsoft Ireland Operations Ltd. and Amazon Web Services of Amazon Web Services Inc., which store and process personal data in data centers within the European Union on behalf of Heraeus. Heraeus will satisfy any and all conditions for cross-border data transmission in accordance with applicable laws and regulations.

2. How Heraeus uses the data collected

Heraeus uses the data obtained through the Heraeus Customer Platform to enable Customers/Users to utilize the services offered on the Heraeus Customer Platform and to conclude legal transactions with HZCM and/or HZPM, to enhance relevant experience with the Heraeus Customer Platform and its functions, to store login data of Customers/Users, to communicate with Customers/Users, to enforce all service conditions or other agreements in connection with the Heraeus Customer Platform, and to provide Customers/Users with the requested services.

Heraeus undertakes to use the data through the operation of the Heraeus Customer Platform only for the purpose of creating and maintaining these services. No further use is made of such data beyond what is outlined in this section.

3. How Heraeus retains and deletes the data collected

Any data collected from Customers/Users through the Heraeus Customer Platform will only be stored for as long as it is necessary for the purpose it was collected in accordance with applicable law. The data that Heraeus stores is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements.

If the data of the Customers and the Users is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to data of the Customers and the Users which must be retained for reasons relating to applicable commercial or tax law.

4. Where and to whom personal data may be transferred

4.1 Transfer of data to third parties

Heraeus transfers data to third parties exclusively in accordance with legal provisions.

(1) Heraeus may share personal data of the Customers and Users with other Heraeus companies, whether in mainland China, in Germany or elsewhere, for the purpose of creating and maintaining the services.

(2) Heraeus only transfers data to third parties that are not Heraeus companies if necessary (for example, for accounting purposes) or for other purposes necessary to meet contractual obligations to Customers/Users or legal requirements.

(3) Heraeus may also transfer any data Heraeus has about Customers and Users in connection with a merger or sale involving all or part of Heraeus or as part of a corporate reorganization or any other change in corporate control. Heraeus will take all practicable steps to ensure that personal data of the Customers and Users is treated securely and in accordance with this Privacy Policy.

(4) If, within the scope of this Privacy Policy, Heraeus uses content, tools or resources of other providers whose registered office is in a third country, it must be assumed that data are transferred to such third countries. Third countries are countries where the laws and regulations of Mainland China does not apply directly. Data may only be transferred to third countries if an adequate level of data protection is ensured, if Customers and Users have given their consent or if the transfer of such data is permitted by applicable law.

(5) There are instances where personal data of the Customers and the Users may be transferred to a country which does not have legislation offering similar level of data protection as in Mainland China. Heraeus sets out below these scenarios and how Customers/Users can avoid such data transfer.

a) Overview page of legal transactions

The page giving an overview of all legal transactions which the Customer concluded with Heraeus is not accessible to other Customers. However, each Customer may grant to other persons access to this page. If Customers or activated Users are in a country which does not offer similar level of data protection as in Mainland China, and/or if Users are employed by other companies of the Customers, personal data may be transferred to such third countries. By continuing to use this function, Customer and/or the User hereby expressly agree to such data transmission. Each Customer may avoid data transmission to such third countries and/or to other companies by not allowing activation of Users located in such third countries or Users employed by other companies. Each User may avoid data transmission to such third countries and/or other companies by deactivating his/her access.

b) Forwarding function

The forwarding function offers Customers and Users the possibility to forward questions via e-mail to other persons without access authorization while handling legal transactions on the Heraeus Customer Platform. When forwarding such questions, the e-mail addresses of the respective Customer and the persons to which the questions are forwarded are collected and stored on the system. The Heraeus employees processing this Customer's order cannot see the e-mail addresses of the persons without access authorization and that the forwarding function was used. The Customers ensure that all recipients selected by it agree to the collection and storage of their e-mail addresses. Data may be transmitted to a country which does not offer similar level of data protection as in Mainland China and/or to other companies if the recipients of the forwarded questions are located in such third countries and/or are employed by other companies. By continuing to use this function, the Customer hereby expressly agrees to such data transmission. Each Customer may avoid such data transmission and the collection and storage of the recipients' e-mail addresses by not using the forwarding function.

4.2 External references and links

References or links ("links") to the content provided by external providers must be distinguished from the content of the Heraeus Customer Platform. By embedding a link to an external website ("hyperlinks"), Heraeus does not endorse same nor adopt such an external website or its content as its own. Should any infringement caused by the external website come to the attention of Heraeus, Heraeus will immediately delete the link. Heraeus neither assumes any responsibility for the availability of such external website nor for its content. If Customers/Users access and use such other web sites, including the content, items or services on those websites, solely at own risk.

5. The Use of Cookies and Consent

Cookies are used on the Heraeus Customer Platform that are required to ensure the proper functioning of the platform's services. They provide a secure login, good performance and ensure that the login to the Heraeus Customer Platform can also be displayed on other Heraeus websites or platforms (where applicable). Customers/Users may choose to disable these cookies on the browser of device, however, if they prevent these cookies from being placed by setting browser, it may not be possible to log in and use certain functions of the Heraeus Customer Platform. If Customers/Users wish, Customers/Users can limit the storage of cookies to these necessary cookies under "Settings".

6. Google Analytics

6.1 The Heraeus Customer Platform uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies to help analyze the use of the Heraeus Customer Platform, and the information obtained through cookies is usually transmitted to and stored by Google on servers in the United States.

6.2 Google will use this information on behalf of Heraeus to evaluate the use of the Heraeus Customer Platform, to compile reports on website activity of the Heraeus Customer Platform, and to provide other services to Heraeus that are related to the use of the Heraeus Customer Platform and the internet. The data retrieved in this context may be used to create pseudonymized user profiles.

6.3 However, due to the activated IP anonymization on the Heraeus Customer Platform, Customers/User’s IP addresses will be truncated by Google within Customers/Users’ geographical region before it is transmitted to Google. Only in exceptional cases will the full IP address be transferred to a Google server located in the U.S. and truncated there.

6.4 The IP address transferred from the Customers/User’s browser will not be linked with other Google data. Customers/Users may prevent the storage of cookies by selecting the appropriate system settings in their browser. Customers/Users may also prevent the recording and processing by Google of data generated by cookies and data related to their use of the website by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en .

6.5 Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://policies.google.com/technologies/partner-sites?hl=en (“ How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.com/settings/ads (“Control the information Google uses to show you ads”).

6.6 If Customers/Users do not wish to have their personal data (including the shortened IP address) collected, Customers/Users can stop and prevent the storage of cookies by deactivating these cookies in the settings of the Heraeus Customer Platform. To do so, click on "Settings", and change and save the configuration under "Privacy Policy".

7. Security measures

7.1 Heraeus will take all reasonable steps to ensure the security of personal data of Customers/Users. To prevent unauthorized access to or disclosure of Customer’s/User’s personal data, Heraeus has implemented appropriate physical, technical and administrative measures to safeguard and secure the personal data Heraeus collects, and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.

7.2 Heraeus security measures include, in particular, the encryption and anonymization of data for transmission between the browser and server of the Customers and the Users.

8. Changes to Privacy Policy

8.1 Heraeus reserves the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in services and data processing.

8.2 Customers and Users are requested to familiarize themselves regularly with the content of the privacy policy.

8.3 If the Customers and/or the Users do not agree with any modified versions of the privacy policy, they may cancel their registration effective immediately and stop concluding further legal transactions on the Heraeus Customer Platform. Cancellation of registration will mean that the Customers and/or the Users can no longer use the Heraeus Customer Platform for any future transactions. The cancellation of registration will not affect the validity of the legal transactions which were executed on the Heraeus Customer Platform prior Heraeus' receipt of cancellation. The Customers and/or the Users may deactivate their access at any time.

9. Access by minors

This Heraeus Customer Platform and its relevant services available are not intended for minors (persons under the age of 18 years). They cannot be registered as Customers or activated as Users of the Heraeus Customer Platform.