PPG Privacy Statement for Europe
At PPG we are committed to protecting your privacy. This privacy statement sets out how the European entities of the PPG Industries, Inc. group (hereafter “PPG”, “we”, or “us”) use and protect any of your personal data (“Personal Data”) that you may have provided to us through your use of our websites or apps, by social media (collectively “Sites”), by phone, in writing or otherwise. This statement will apply whenever you are located or your Personal data is processed by a PPG entity established in the European Union (EU), the European Economic Area (EEA) or Switzerland. However, for certain products and services specific privacy notices may apply instead of this statement.
By reading this privacy statement, you will learn about the bases on which we process your Personal Data when you access our Sites or otherwise interact with us. Any Personal Data that you provide will be treated as set forth below.
Who is responsible for the processing of Personal Data?
The PPG entity which is providing the respective Site you are visiting or which you interact with is the controller, and therefore responsible for the processing, of the Personal Data that you provide in course of such visit or interaction.
What Personal Data do we collect?
We may collect the following information when you visit our Sites or interact with us:
- Personal information such as name, job title, and date of birth;
- Contact information including home, office and email address;
- Areas of interests;
- Other information relevant to customer surveys/feedback;
- Information on products, equipment, and devices from PPG or competitors used by you;
- Payment information including credit/debit card number or other financial information;
- Account information including username and encrypted password;
- Information collected automatically while you visit our Sites, including IP addresses, generic locations, service providers, time of activity, technology and device identifiers, and information gathered through cookies/tracking pixels (please also see “How we use cookies and similar technologies” section below).
All of which you submit to us, for example, by:
- Purchasing, ordering and paying for products or services;
- Completing forms on our Sites;
- Signing up to our newsletters;
- Participating in our promotions, offers, surveys, quizzes, questionnaires, and/or contests;
- Creating a user account at our Sites;
- Providing us with your feedback or leaving a product review;
- Contacting PPG with questions and comments.
How we use cookies and similar technologies
PPG uses browser cookies, Flash cookies, tracking pixels, social media/network plug-ins, and Google Analytics. Certain vendors may place and read cookies on our Sites to help PPG deliver marketing messages on the Sites and on other online locations you visit after you leave the Sites.
- Browser cookies are small pieces of information that a site stores on a user's/visitor's computer, smartphone, or similar device that may be used to store/remember user preferences, save data, track a user's online activity, and/or remind the site about the user/visitor the next time he/she visits the site. Cookies may also be used to customize the user’s/visitor’s experiences on sites and gather information about the user’s/visitor’s navigation of the sites. PPG and third parties we work with use browser cookies for targeted marketing activities and web site analytics. Browser cookies are placed on PPG Sites by PPG as well as third parties. The information that PPG collects and shares does not contain any Personal Data (such as customer or consumer names, addresses, telephone numbers, or email addresses).
- Flash cookies are files storing information on your computer or other device similar to browser cookies. PPG uses them on certain Sites for purposes such as map functionality and animations, but PPG does not collect Personal Data through this process.
- Tracking pixels are small image files which are included within the recipe for a web page (just the same as any other content request) or contained in emails. PPG uses tracking pixels to help manage online advertising and Sites traffic analysis. These image files are provided by third parties for external ad management, search marketing tracking, affiliate marketing, and analytics. In all such instances, the tracking pixels are programmed to collect your computer's IP address and certain other limited information when you are on our Sites. PPG does not collect your name, e-mail address, or telephone number using this technology. For example, with online advertising campaigns, tracking pixels enable third parties to recognize a cookie on your web browser, which in turn enables us to learn which advertisements bring unique users to PPG Sites from other locations on the internet.
- Social media/network plug-ins
- AddThis: Our Sites use AddThis plug-ins provided by Oracle America, Inc. (“Oracle”). These plug-ins enable you to share content with other users, for example, via social media/networks. This helps us to improve our content and to make it more interesting for you as a user. Through these plug-ins, your browser establishes a direct connection with the Oracle servers and, as the case may be, with the selected social media/network service. The recipients get the information that you have visited the respective Site along with related information such as IP address, date and time of request, browser, the Site from which the request originated, transmitted data volume, and operating system used. This information is processed on Oracle servers in the U.S. If you share content from our Sites, for example, via social media/networks, your visit of our Sites may be associated with your user profile on the respective social network. We do not have any influence or further information on the processing of your data. Oracle stores your data in user profiles and uses them for purposes of marketing, market research, and/or demand-based design of its website. Even with regard to users not logged in, such analysis especially serves the provision of demand-based advertising and to inform other users of the respective social network about your activities on our Sites. Additional information is available at http://www.addthis.com/privacy.
- Social media/network providers: Generally, the above also applies to other social media/network plug-ins we use on our Sites provided directly from social media/network providers, namely Facebook, Instagram, Pinterest, and Twitter. You can identify the respective provider by the name and/or logo on the plug-in button. Depending on the PPG website, by using these plug-ins, you can either share content or you will be simply redirected from our website you are visiting to our respective social media/network page. Additional information is available at https://www.facebook.com/policy.php, https://help.instagram.com/155833707900388, https://policy.pinterest.com/en/privacy-policy, and https://twitter.com/en/privacy.
- Google Analytics: Our Sites use Google Analytics, a web analysis service of Google LLC (“Google”). This includes the “Universal Analytics” operating mode which makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across multiple devices. Google Analytics uses cookies which enable analyzing your use of our Sites. The information on your use of our Sites generated by the cookie are usually transferred to a Google server in the U.S. and stored there. However, we have activated IP anonymization for Google Analytics on our Sites in order to ensure anonymous collection of IP addresses (so-called IP masking). Therefore, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area prior to such transfer. Only in exceptional cases the full IP address will be transmitted to a Google server in the U.S. and shortened there. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. Additional information on terms of use and data protection is available at http://www.google.com/analytics/terms/us.html and https://policies.google.com/privacy?hl=en.
On our behalf, Google will use the information to analyze your use of our Sites, to compile reports on website activity, and to provide us with additional services related to the use of our Sites and the internet. We use Google Analytics to analyze the use of our Sites and to regularly improve them. With the statistics gathered, we are able to improve our content and make it more interesting for you as a user. Transfers of your Personal Data to the U.S. will take place under the EU-U.S. Privacy Shield, on the basis of the EU Commission's adequacy decision, for which Google is certified (https://www.privacyshield.gov/EU-US-Framework). The data sent by us which is linked to cookies, user identifiers (e.g. user IDs) or advertising identifiers will be retained for 14 months. Once a month, data that has reached the end of its retention period is automatically deleted.
Opt-out of cookies or similar technologies
You have choices about whether certain information collected on websites, including PPG Sites, is used, for example, to customize advertising based on predictions generated from your visits over time and across different websites. Please keep in mind that refusing cookies may affect your experience on PPG Sites.
- Browser cookies: You have the right to object to the collection and storage of your Personal Data as described above by deleting or preventing placement of browser cookies. You can do so by following the instructions contained in the help section of your browser. For certain browser cookies that target advertising, you may visit the European Interactive Digital Advertising Alliance at http://www.youronlinechoices.com/ and opt out of the behavioural advertising delivered by the EDAA's member companies. Also, most browsers can be set to notify you when a browser cookie is being placed on your computer or other device.
- Flash cookies: You have the right to object to the collection and storage of your Personal Data as described above by removing Flash cookies. You can do so by managing your Flash Player settings with Adobe. To delete or prevent placement of Flash cookies, you will need to visit the Adobe Flash Player Help site at http://www.adobe.com/support/documentation/en/flashplayer/help/, click on the hyperlink for "Website Privacy Settings panel" on the left hand side of the screen, and follow the instructions for preventing third party Flash content from storing data on your computer.
- Tracking pixels: Because tracking pixels are included within the recipe for a web page or contained in emails, you cannot opt out or refuse them. However, where they are used in conjunction with cookies, they can be rendered ineffective by either opting out of cookies or by changing the cookie settings in your browser. In other instances, such as in the case of emails, tracking pixels are not used in conjunction with cookies and if you are unhappy with the use of tracking pixels in such manner, then you should not use the Sites or subscribe to receive emails.
- Google Analytics: You have the right to object to the collection and storage of your Personal Data as described above by preventing that cookies are stored like you can with other browser cookies (please see above). Moreover, you can prevent collection of the data generated by the cookie and relating to your use of the Site and the processing of such data by Google by installing a browser add-on which can be downloaded at https://tools.google.com/dlpage/gaoptout?hl=en. Opt-out cookies will prevent future collection of data when visiting our Sites. If you would like to prevent collection across multiple devices through Universal Analytics, you need to opt-out on all devices you use.
Why do we process Personal Data?
We may process your Personal Data for the following purposes (the legal bases for our processing are highlighted in bold characters):
- To pursue our legitimate interests which include, for instance:
- Providing you with customer service;
- Handling and attending to your complaints;
- Understanding your needs and providing you with a better service and understanding you better as our customer;
- Improving the content, general administration and customization of our Sites, for example, by customizing user experience, measuring effectiveness of communications and Sites’ performance, and optimizing Sites’ performance;
- Improving our products and services;
- Providing you with offers, products, samples, invitations to events and training courses, and other advertisement information which we have reason to believe you may find interesting based on your previous requests or based on similar products you have bought or expressed your interest in before;
- Compiling market insights;
- Setting up and administering user accounts on our Sites;
- Activating PPG software you want to be provided with; and
- Troubleshooting software issues, security and operational problems;
- Where you have given us your consent, for example, to periodically contact you via email about promotions, new products or services, or events or to provide you with other advertisement information;
- To perform our obligations under a contract between you and us in relation to our products or services, that is to respond to your queries and fulfil your requests or orders, process payments, administer and process surveys, quizzes, questionnaires, and/or contests;
- To comply with our legal obligations which include, for instance:
- Maintaining our business records;
- Preventing fraud; and
- Complying with requests of public authorities.
Where we ask you for your Personal Data due to statutory or contractual requirements, we will indicate which information is voluntary. However, if you do not provide us with certain information voluntarily, we may not be able to provide you with the respective products or services, or respond to your requests, for which we need that information.
How long do we retain Personal Data?
Your Personal Data will only be retained by PPG for as long as it is required: (i) for the purpose(s) for which it was collected; (ii) to be retained by law; and/or (iii) to address any issues that may have arisen at a later date (in which case we will provide you with any further information as required by law).
Categories of recipients of Personal Data
We may transfer your Personal Data to third parties as follows:
- PPG group entities may be recipients of your Personal Data, so that we can benefit from our corporate structure to facilitate quicker and more efficient service to you by sharing within the group information systems, financial administration or other administrative tasks and customer service.
- Processors and service providers are sometimes engaged by PPG to assist us with their services and may, in course of their engagement, receive, or have otherwise access to, your Personal Data. These processors and service providers include: (i) media, design, printing, promotional, and event agencies in order to conduct promotional and marketing activities or execute communications on PPG's behalf; (ii) survey and market research companies, in order to obtain market intelligence; (iii) IT and other technical providers in order to obtain hosting, storage, or recovery services in case PPG's computer systems were ever damaged, destroyed, or inaccessible; (iv) shipping entities and logistics service providers (e.g., courier, postal services) to ship to you products and other materials on PPG's behalf; (v) payment processing service providers; and (vi) customer services agencies for providing service to you where you ordered online.
- In case of a legal requirement, We may also disclose your Personal Data and other information to relevant third parties if we are required to do so by law or that disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with PPG; or (iii) to avoid imminent physical harm to any person or to protect PPG's rights, safety, or property. We may also disclose your Personal Data to relevant third parties (e.g., forensics investigators, external legal counsel, law enforcement) to investigate, respond to, and/or to prevent a security/data breach, or to cooperate with government or law enforcement authorities pursuant to other legal matters.
- In the course of corporate transactions, PPG may share your Personal Data and other information with a third party (and its attorneys, accountants and other relevant parties) in the event that PPG merges with, acquires, is acquired by, or becomes a legal affiliate with, such third party, or should such a transaction be proposed.
Except as described above, your Personal Data is not transferred to any person or entity. Where we transfer your Personal Data to third parties (as described above), we always ensure that all required contractual arrangements will be agreed between us and the third parties. This may include contractually requiring them to only act on our instructions, to implement appropriate measures for the protection of your Personal Data and not to use it for their own purposes.
International transfers of Personal Data
In general, we use your Personal Data within your country or another member state of the European Union. However, as an international company, PPG may transfer your Personal Data throughout PPG’s worldwide organization or engage third party service providers based in countries outside the European Union. Some of these countries may not ensure an adequate level of protection with regard to the processing of your Personal Data. In such cases, we do not transfer your Personal Data unless we have provided appropriate safeguards such as data processing agreements on the basis of standard data protection clauses adopted by the EU Commission (which PPG has implemented for transfers to its group entities in the U.S., for example). You may request a copy of any such safeguards in place concerning the processing of your Personal Data by contacting us as described in the “How to contact us” section below.
How we protect Personal Data
PPG takes appropriate steps to protect your Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access by using a range of physical, operational and technological safeguards. When your Personal Data is no longer required (as described in this privacy statement), it is destroyed, anonymized, or otherwise disposed of using secure methods.
Your rights
You have the following rights:
- Right to access: You may require us to provide you with confirmation as to whether we process your Personal Data and, where that is the case, obtain from us access to your Personal Data and information on how we process it.
- Right to rectification: You may require us to correct inaccurate Personal Data concerning you or complete any such data which is incomplete.
- Right to erasure (“right to be forgotten”): Under certain circumstances, you may obtain from us erasure of your Personal Data.
- Right to restriction of processing: Under certain circumstances, you may obtain from us restriction of the processing of your Personal Data.
- Right to data portability: Where our processing of your Personal Data is based on your consent or on a contract between you and us, you may require us to provide you with your Personal Data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from us or, where technically feasible, to have the data transmitted directly from us to another controller.
- Right to object: You may object to our processing of your Personal Data (i) for direct marketing purposes at any time; or (ii), on grounds relating to your particular situation, where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.
Where you have given us your consent to process your Personal Data, you can withdraw your consent at any time and at no cost with effect for the future. If you do, we will stop the respective processing of your Personal Data based on that consent. However, this may, for example, prevent us from providing you with certain services for which we processed your Personal Data.
If you would like to exercise any of the above rights, please contact us by using the contact details provided in the “How to contact us” section below.
In any case and at any time, you may lodge a complaint with the data protection authority.
How to contact us
Should you have any questions about this privacy statement or how we process your Personal Data or if you like to exercise your rights, please contact us at dp-eu@ppg.com, or write to us using the contact information provided for the relevant European PPG entity on its respective website or in any of its communication you may have received.