Introduction
Imsa Plastic (“Imsa”, “we,” “our”, “us”) respects your privacy and is committed to protecting your personal data.
This privacy policy tells you about your privacy rights and how the law protects you. It informs you as to how we look after your personal data, including when you visit the website for Imsa Plastic at [https://www.imsaplastic.com/] or any other website provided by the Imsa group of companies (together the “Websites”).
The Website is not intended for children and we do not knowingly collect data relating to children.
This privacy policy does not apply to any other third party websites that you may be able to access via the Websites and/or activities offered by third parties. Please ensure that you review any relevant policies on any third party websites before proceeding. We are not responsible for the collection or use of your personal data from third party websites.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
TOPICS COVERED
- IMPORTANT INFORMATION AND WHO WE ARE
- WHO DOES THIS POLICY APPLY TO?
- THE DATA WE COLLECT ABOUT YOU
- HOW IS YOUR PERSONAL DATA COLLECTED?
- HOW WE USE YOUR PERSONAL DATA
- DISCLOSURES OF YOUR PERSONAL DATA
- INTERNATIONAL TRANSFERS
- DATA SECURITY
- DATA RETENTION
- YOUR LEGAL RIGHTS
- COMPLAINTS
1. Important information and who we are
Controller
Imsa Plastic is the controller and responsible for processing your personal data.
This privacy policy is issued on behalf of the Imsa group of companies (“Imsa Group”). Details of the Imsa Group can be found here. So when we mention “Imsa“, “we“, “us” or “our” in this privacy policy, we are referring to all companies within the Imsa Group responsible for processing your data.
We have appointed a Data Protection Manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the Data Protection Manager using the details set out below.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Manager, by post to Imsa Plastic, Seyhli Mah. Bol Ahenk Sok. No:5 34906 Pendik Istanbul, or by email to data.protection@imsaplastic.com, or by telephone: +902167063761.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated in October 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. Who Does this policy apply to?
Unless we say otherwise, this privacy policy applies to:
Candidates: an individual who has applied for and/or attended training, exams and/or inspections with Imsa;
Members: an employee or director of a business customer, or other organisation, who registers the organisation as a member of Imsa;
Customers: a customer of Imsa, whether or not it is also a Member;
Contacts: all contacts of Imsa, for example, business contacts, suppliers and potential customers; and
Visitor: visitors to our sites and Websites.
Some sections of this privacy policy only apply to users in the EU/TR We make it clear where this is the case.
Where we refer to the “EU”, we mean the following countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.
3. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
- Contact Data includes work/billing address, home address, email address and telephone numbers;
- Member Data includes member reference number, member history, member representatives, member sector, contact details and address.
- Candidate Data includes Candidate ID number, sponsorship status and sponsoring company name and address, professional memberships, details of any disability or specific requirements, events booked and/or attended, venues and booking references, inspections and/or examination type applied for and completed, pre-certification experience and examination records, verifier details (including name, telephone number, email address, company and role, and relationship to the Candidate);
- Customer Data includes details of your orders for services, details of historical orders and payments to and from you;
- Financial Data includes bank account and payment card details, details of payments to and from you;
- Technical Data includes the internet protocol (IP) address used to connect your device, the type of device you are using, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access a Website;
- Profile Data includes your username and password and any feedback you provide including feedback received following your receipt of any training;
- Usage Data includes information about how you use our Websites and services; and
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Special category (or sensitive) personal data
We request details of any disability or medical condition or specific medical requirement you may have when you apply to attend our training courses, exams and inspections. These are referred to as “special categories” of personal data. There are additional special categories of personal data but we do not collect these (for example, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
4. How is your personal data collected?
We use different methods to collect data from and about you including through:
- Information we receive directly from you. You will provide us with your personal data when you fill in forms or correspond with us by post, phone, email or otherwise. This includes personal data you provide when you:
– purchase our services;
– apply for and receive our training, exams and inspections;
– when you access the training portal or attend training events and symposiums;
– subscribe to our publications;
– request marketing to be sent to you;
– respond to a survey; or
– give us feedback in any other way or when you contact us for any reason.
- From your member organisation/employer. Your employer will provide us with information about you when registering you for a training course, exam or inspection. This will include, for example, your name and contact details, role and previous experience.
- From another company in the Imsa group of companies. Where you wish to receive training in a country outside the TR, we will share your Candidate Data with the local Imsa Group company in order that you may receive the relevant training.
- Automated technologies or interactions. As you interact with our Websites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy here for further details as to the types of cookies we use.
- Information provided by other third parties. When you use our Websites, we may receive information about that use from other companies who provide us with services in connection with them.
5. How we use your personal data
We will only use your personal data when the law allows us to and to enable us to provide our services and operate our Websites effectively. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful basis, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one is set out in the table below.
| For Candidates | ||
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To register your training / exam / inspection application
To process your application To deliver your training |
Identity Data
Contact Data Candidate Data Financial Data
|
Performance of a contract with you
To enable us to pursue our legitimate interests to:
Appropriate processing condition: Your explicit consent is obtained for the processing of any health data provided when you apply for training or an exam or inspection |
| To collect payment from you where you are responsible for paying the fees
To collect and recover money owed to us |
Financial Data
Identity Data Contact Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to recover debts owed to us |
| To transfer your data to other jurisdictions in which companies within the Imsa Group are located in order to deliver your training | Identity Data
Contact Data Candidate Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to:
Appropriate processing condition: Your explicit consent is obtained for the transfer of any health data provided by you in connection with your application for training, or an exam or inspection |
| To share your information with the relevant examining board to enable your training/exam/inspection certificate to be produced and sent to you/your employer | Identity Data
Contact Data Candidate Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to fulfil our contract with your employer |
| To share the results of any exam or inspection, and your training record, with your employer, only where your employer has arranged such training, exam or inspection on your behalf | Identity Data
Contact Data Candidate Data |
To enable us to pursue our legitimate interests to fulfil our contract with your employer |
| To update your training, exam and/or inspection records
To send you your certificate following completion of your training/exam/inspection To send your certificate to your employer |
Identity Data
Contact Data Candidate Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to:
|
| To make suggestions and recommendations to you about services that may be of interest to you | Identity Data
Contact Data Technical Data Usage Data Profile Data Candidate Data Marketing and Communications Data |
To enable us to pursue our legitimate interests to develop our services and grow our business
Your consent (where your training has been arranged through your employer) |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Identity Data
Contact Data Candidate Data Profile Data Usage Data Marketing and Communications Data Technical Data |
To enable us to pursue our legitimate interests to:
Your consent (where your training has been arranged through your employer) |
| For Members | ||
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To process your application for membership | Identity Data
Contact Data Member Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to:
|
| To process payment of the technology access fee
To collect and recover money owed to us |
Financial Data
Identity Data Contact Data Member Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to recover debts owed to us |
| To contact you to administer your membership and/or to provide you with any updates or changes to your membership | Identity Data
Contact Data Member Data |
Performance of a contract with you |
| To make suggestions and recommendations to you about services that may be of interest to you | Identity Data
Contact Data Member Data Technical Data Usage Data Profile Data Marketing and Communications Data |
To enable us to pursue our legitimate interests to develop our services and grow our business |
| To transfer your data to other jurisdictions where companies within the Imsa Group are located (only in certain circumstances, please see section 7 International Transfers below for further information) | Identity Data
Contact Data Customer Data |
To enable us to pursue our legitimate interests in assessing and developing our business and membership services |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Identity Data
Contact Data Member Data Profile Data Usage Data Marketing and Communications Data Technical Data |
To enable us to pursue our legitimate interests to:
|
| For Customers | ||
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To process and deliver your order for services
To manage payments of charges to and from us To collect and recover money owed to us |
Identity Data
Contact Data Financial Data Customer Data |
Performance of a contract with you
To enable us to pursue our legitimate interests to recover debts owed to us |
| To transfer your data to other jurisdictions where companies within the Imsa Group are located (only in certain circumstances, please see section 7 International Transfers below for further information) | Identity Data
Contact Data Customer Data |
To enable us to pursue our legitimate interests in developing and growing our business |
| To make suggestions and recommendations to you about services that may be of interest to you | Identity Data
Contact Data Customer Data Technical Data Usage Data Profile Data Marketing and Communications Data |
To enable us to pursue our legitimate interests to develop our services and grow our business |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Identity Data
Contact Data Customer Data Profile Data Usage Data Marketing and Communications Data Technical Data |
To enable us to pursue our legitimate interests to:
|
| For All | ||
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To notify you about changes to our terms or privacy policy
To ask you to leave a review or take a survey and to enable you to complete a survey |
Identity Data
Contact Data Profile Data Marketing and Communications Data |
Performance of a contract with you
To comply with a legal obligation
To enable us to pursue our legitimate interests to:
|
| To administer and protect our business and our Websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity Data
Contact Data Technical Data |
To enable us to pursue our legitimate interests for:
Necessary to comply with a legal obligation |
| To use data analytics to improve our Websites and our services, our marketing and our relationships with you | Technical Data
Usage Data |
To enable us to pursue our legitimate interests to:
Your consent to our use of non-essential cookies on our Websites |
| To make suggestions and recommendations to you about services that may be of interest to you | Identity Data
Contact Data Technical Data Usage Data Profile Data Marketing and Communications Data |
To enable us to pursue our legitimate interests to develop our services and grow our business
Your consent where you have opted in to receive marketing information |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Identity Data
Contact Data Profile Data Usage Data Marketing and Communications Data Technical Data |
To enable us to pursue our legitimate interests to:
Your consent to our use of non-essential cookies on our Websites |
More about the information we use and why
Where we need consent to use your personal information, we will clearly ask you for this – and you can withdraw that consent at any time. For example, we may ask you to positively opt-in to us sending you marketing communications.
If you have any questions or you need any further information regarding how we use your information, please contact us.
Marketing
We may use your personal information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
We will not provide your personal information to any other third party businesses outside the Imsa Group for marketing purposes unless we have your express permission to do so.
Should you wish to opt-out of receiving marketing messages at any time, you can follow the opt-out links on any marketing message sent to you or contact us at any time.
Privacy Notice for Imsa Website Users
Imsa Platic is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR).
Imsa Plastic is a ‘data controller’ This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
Our principal activities are:
- Manufacturing
- Reselling
Our privacy policy covers Imsa Plastic’s websites:
| Organisation name: | Imsa Plastic |
| Address: | Seyhli Mah. Bol Ahenk Sok. No:5 34906 Pendik |
| City: | Istanbul |
| Country: | TURKIYE |
| Controller: | The Data Controller |
| Websites: | www.imsaplastic.com |
This privacy and cookie use policy explains how we use any personal information we collect about you when you use these websites.
Anonymous Access
You can access our websites’ home pages and browse much of our site without disclosing your personal information.
Other websites
Our websites does not include links to external websites.
Cookies
For more information about the cookies we use, please see our cookie policy.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. However, we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Disclosures of your personal data
We share your personal data with:
- carefully selected companies to operate the Websites, to provide our services to you and to support our business (for example, IT database, and services and marketing support);
- in some circumstances, to a data protection regulator or in order to comply with the law or a legal process or where we have another legitimate interest that is not outweighed by your interests and fundamental rights (for example, to maintain the security of our computer systems).
- if you are a Candidate, to:
– other companies within the Imsa Group for the purposes of delivering your training;
– your employer, if your employer is organising your training, exam and/or inspection; and
– external examining bodies for the provision of certificates;
- if you are a Customer or a Member, your information will be available to other companies within the Imsa Group. This is so that we can assess the services we provide and identify further opportunities for us to develop these and to grow the business.
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. International transfers
If you are a Contact or Visitor and you are based in the TR or the European Economic Area (“EEA”), your information will only be processed in the TR or the EEA, as applicable. (The EEA includes all the countries in the EU (listed here) and also Iceland, Liechtenstein and Norway).
We may need to share your personal data within the Imsa Group, this may involve transferring your data outside the TR and the EEA.
If you are a Candidate and you receive training outside the TR and the EEA, your information will be accessed by Imsa staff in the relevant location. Details of your training will then be transferred back to the TR where our systems will be updated.
If you are a Customer or a Member, your information is stored on our CRM database, some of which can be accessed from any company within the Imsa Group.
We take reasonable precautions to ensure that your information will be adequately protected whenever it is transferred outside the TR and the EEA, and that it will be treated in a way which is consistent with TR and European data protection laws.
We will only transfer your personal data either:
- to countries that have been deemed to provide an adequate level of protection for personal data; or
- where we have specific contracts in place, approved for use in the TR and the EU, which give personal data a similar level of protection it has in the TR and the EU.
Please contact the Data Protection Manager using the contact details here if you want further information on how and when we transfer your personal data out of the TR and the EEA.
8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Details of these are available from our Data Protection Manager.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or your employer.
To determine the appropriate retention period for personal data, we consider the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If you would like further information as to how long we retain your information, please contact the Data Protection Manager.
10. Your legal rights
Updating and accessing your information (this section only applies if you are in the TR/EU)
If you are in the EU or TR, you have the right under EU/TR data protection laws to access personal information held about you, subject to certain conditions, and to ask for it to be changed or deleted.
If you would like to access or amend the personal information which we hold about you, or if you would like us to stop using your personal information, please contact us.
To learn more about the rights you may have in relation to your personal information see Your rights.
Your rights
By law you have the following rights with regard to your personal information:
- Access. You have the right to obtain confirmation as to whether or not your personal information is being processed, and, if it is, request access to that personal information (commonly known as a “data subject access request”). We will need you to prove your identity before we release any personal information to you.
- Correction or deletion. You have the right to ask us to correct or delete any personal information that we hold about you (unless we have the legal right to retain it). You also have the right to ask us to delete your information where you have exercised your right to object to processing (see below).
- Objection. You have the right to object to processing of your information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your information for direct marketing purposes.
- Restriction. You also have the right to restrict us from processing your personal information. You can ask us to temporarily stop processing information about you, for example if you want us to establish that it is accurate or the reason for processing it.
- Change of preferences. You can change your information processing preferences at any time. For example, if you have given your consent to us to send you marketing material in a particular way, but have changed your mind, you can contact us or click the relevant link in any communication you receive (where this specifically relates to marketing messages, see Marketing).
- Data portability. In some circumstances, you have the rightto ask us transfer a copy of the personal information we hold about you to someone else.
Please note that if you ask us to stop processing your personal information in a certain way or if you ask us to delete your information, and we need to use that information to provide the Websites to you, then you may not be able to continue to use them. This does not include your right to object to direct marketing, which can be exercised at any time without restriction. If you would like to exercise any of the rights mentioned above, please contact us.
The above rights do not apply to anonymised personal information.
No fee usually required to access your personal information
You will not normally have to pay a fee to access your personal information (or to exercise any of the other rights set out above). However, we may charge a reasonable fee if your request for access is unreasonable or excessive. Alternatively, we can refuse to comply with the request.
What we may need from you
We may need to request specific information from you to confirm your identity and verify your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
Where you have consented to the collection, use or transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. Complaints (this section only applies if you are in the EU/TR)
If, for any reason, you are not happy with the way that we have handled your personal information, please contact us.
If you are still not happy, you have the right to make a make a complaint to your local data protection regulatory authority.
Document owner and approval
The DPM is the owner of this document and is responsible for keeping it up to date.
The current version of this document is available to all employees and anyone and/or organisation for whom we will process personal data in pursuit of conducting Imsa Ltd activities.
Its approval status can be viewed in the Master List of Document Approval.