Privacy

1. PURPOSE AND SCOPE OF THIS POLICY

 

This Privacy Policy (the “Policy”) sets forth Trinseo’s commitment to protect the privacy of Personal Information that Trinseo collects from employees, contractors, suppliers, customers or business partners in the course of operating its business. The Policy, along with the Information Security Policy, is intended to prevent and mitigate any unauthorized disclosure of Personal Information or identity, guide the response to any such information security breaches, and establish proper destruction practices for paper and electronic records containing Personal Information.

 

Trinseo is committed to complying with all legal requirements regarding the privacy of Personal Information, including notice, transfer, security, data integrity, and access. Trinseo will periodically review its Personal Information collection, use, retention and disclosure practices, and revise as necessary, in order to assure compliance with laws and regulations.

 

In general, the “Personal Information” protected under this Policy is any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Common identifiers include a name, a Social Security number, a driver’s license number, a state identification card number, a bank account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number but will also include online identifiers and location data. Personal Information generally does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media. To the extent allowed by applicable legal requirements, employees and contractors using Trinseo computers and other devices for personal use, should have no expectation of privacy with respect to such information.

 

Notice of the Use of Personal Information

Trinseo will give notice to individuals about the purposes and legal basis for which it collects and uses their Personal Information as required in accordance with applicable law. All notices will explain the need for the information and describe: how the information will be used; how to contact Trinseo where individuals have concerns or wish to exercise their rights in relation to their Personal Information; the types of third parties with which Trinseo shares their Personal Information (including details of any international transfers and safeguards that are in place); the period for which their Personal Information will be stored; how individuals can access their rights with regards their Personal Information; how to make a complaint; whether the Personal Information has been provided as part of a statutory or contractual requirement or obligation and consequences of failing to provide it; and the existence of any automated decision-making (including profiling) and how such decisions are made, Trinseo will provide such information as soon as practicable. Trinseo will also give notice before it uses Personal Information for a purpose other than that for which it was originally obtained.

 

Trinseo will, as permitted or required by law or court order, collect, use, transfer and/or disclose Personal Information pursuant to procedures that do not require giving notice (for example, in connection with law enforcement investigations).

 

To the extent required by applicable law, Trinseo will maintain procedures to assure that if any sensitive Personal Information is collected, it is collected with explicit consent. Sensitive Personal Information is defined to include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation, data relating to criminal convictions and offences, or other information that has been classified as such under applicable laws.

 

Trinseo will collect and use Personal Information consistent with the notices that have been provided. However, Trinseo may decide to apply certain technical and organizational measures to the collected Personal Information, including removal of identifiable features (known as “pseudonymization”), so that the resulting information may then be further used for statistical, historic, scientific or other purposes, in accordance with applicable law.

 

Trinseo will maintain reasonable procedures consistent with applicable law for individuals to exercise their rights in relation to their collected Personal Information, These will include, where appropriate, rights to access, rectify, delete, object to, or restrict Trinseo from, processing their Personal Information. Individuals may also, in certain circumstances, have the right to receive their Personal Information in a structured, commonly used and machine-readable format.

 

Trinseo will also maintain reasonable procedures to keep collected Personal Information accurate, complete, up-to-date and reliable for their intended use. All employees have a responsibility to assist Trinseo in keeping their Personal Information accurate, complete and up-to-date. Trinseo will retain Personal Information for as long as is necessary, or for such longer period as may be required by law, or to satisfy a legitimate business need.

 

 

Transfers of Personal Information

In certain circumstances, Trinseo may need to transfer or disclose Personal Information to third parties, including third party service providers rendering services on Trinseo’s behalf (e.g. payroll processors), and other Trinseo affiliates. Other third parties can include regulatory authorities, government agencies, and parties in legal proceedings involving Trinseo. Some of these third parties, including Trinseo affiliates, may be located in other countries to where the individual is located.

 

Trinseo will ensure an adequate level of protection for Personal Information when it is transferred to another Trinseo affiliate, data controller or other third party and will require the receiving entity to provide sufficient guarantees regarding the level of security to be implemented. Such transfers will be carried out in accordance with local applicable legal requirements.

 

Where Trinseo is required to transfer Personal Information across borders and internationally to affiliates or third parties as described above, Trinseo will implement contractual or other measures requiring the affiliate or third party service providers to provide assurances to Trinseo that they will comply with Trinseo’s policies or will guarantee equivalent levels of protection when processing the Personal Information.

 

 

2. MEASURES TO PROTECT PERSONAL INFORMATION

 

Building Security

Trinseo’s facilities are required to have building security measures that restrict the ability of non-employees to enter Trinseo premises where Personal Information may be located, without authorization or supervision. Trinseo’s data centers are subject to additional security precautions and security arrangements to prevent any unauthorized access to, review of, or usage of Personal Information contained in those locations. Personal Information that Trinseo collects must be contained in secure cabinets or computer files, all of which are to be locked when unattended or not in use. In addition, Trinseo will make all commercially reasonable efforts to assure that any off-site storage facilities used to maintain Personal Information are secure.

 

Limitations on Disclosure and Collection of Personal Information

This Policy prohibits the disclosure of Personal Information or confidential information of any kind to unauthorized persons, and to any person for any purpose which has not been duly authorized under Trinseo’s corporate governance procedures.

 

Trinseo or its vendors also use security measures that limit access to Personal Information contained on the payroll system, in Workday, and on Company computer hard drives.

 

In addition, under this Policy Trinseo seeks to request of applicants, employees, vendors and customers only Personal Information necessary to its business purposes and to safeguard that information from unauthorized or inadvertent disclosure as set forth above.

 

 

3. COMPUTER SYSTEM AND DEVICE SECURITY REQUIREMENTS

 

In General

It is Trinseo’s policy to protect Personal Information and confidential information by an extensive range of security measures. In determining the appropriate security measures, Trinseo will take into account technological developments and assess the measures against the risk of harm that may result from any security incident. These technical and organizational measures may include, at a particular Trinseo facility, any of the following: (1) secure user identification protocols; (2) secure access control measures; (3) encryption of records and data containing Personal Information; and (4) encryption of Personal Information stored on laptops and portable devices. Trinseo’s Information Security Policy and supporting standards further provide for the development of effective standards and guidelines to protect Trinseo information assets and Personal Information and respond to security breaches. These standards and guidelines include user identification protocols, asset acceptable use and device protection standards, access control measures and virus protection and each employee and contractor are required to strictly adhere to these policies and standards.

 

Prevention of Potential Identity Theft

Trinseo, of necessity, collects some Personal Information on its employees and applicants for employment. Trinseo may, from time to time, receive and maintain at least some Personal Information concerning individual contractors, vendors or customers. Measures to prevent any such theft or misuse are set forth in Trinseo’s Information Security Policy.

 

 

4. MITIGATION OF HARM AND EMPLOYEE DISCIPLINE

 

Notices from Employees, Customers, Theft Victims or Law Enforcement

If Trinseo receives information regarding possible theft, misuse or improper disclosure of Personal Information from an employee, from another potential identity theft victim or from law enforcement officials, Trinseo will respond promptly to that notice. Trinseo will exercise all commercially reasonable efforts to prevent, alleviate or mitigate any harm that may result from the theft, misuse or improper disclosure of Personal Information. Trinseo will also comply with applicable notification or remediation requirements of the jurisdiction in which any theft or misuse occurs. To the extent any Personal Information is improperly disclosed by Trinseo, Trinseo will comply with applicable laws, rules and regulations governing such disclosure. Appropriate standards for security breach prevention and response will be provided under Trinseo’s Information Security Policy.

 

Complaints

Any complaints regarding potential deviations from its established procedures for protecting Personal Information should be immediately reported to your supervisor, the Chief Compliance Officer or your Human Resources Manager. Complaints may also be reported anonymously to the Trinseo Hotline toll free at 1-866-853-3802 in the United States or Canada. The Ethics Hotline is also available in other languages and countries, with a list available at https://secure.ethicspoint.com/domain/media/en/gui/28803/index.html. For employees located in the European Union, complaints may also be lodged with their national supervisory authority.

 

Employee Discipline

A breach or violation of this Privacy Policy may result in discipline of any employee(s) involved, up to and including termination of employment. In addition, it is possible that a breach or violation of this Policy may result in civil litigation against or criminal prosecution of the employee(s) involved.

 

 

5. DESTRUCTION OF PERSONAL INFORMATION RECORDS

 

This Policy requires the proper and effective disposal of records containing Personal Information at the end of their retention period in accordance with applicable law. Specifically, Personal Information on paper records should be redacted, burned, pulverized or shredded prior to disposal. Similarly, electronic data containing Personal Information should be destroyed or erased so that Personal Information cannot practicably be read, retrieved or reconstructed.

 

 

6. CHANGES TO POLICY AND NOTICE OF ADDITIONAL USE

 

If the terms of this Policy are modified, expanded or otherwise altered, the changes will promptly be posted on Trinseo’s Intranet and Trinseo will take other measures reasonably designed to assure that Trinseo employees receive notice of any such changes to the Policy. If Trinseo should be legally required, or determines that it is necessary and legally permissible, to use Personal Information for a purpose other than or in addition to the purpose for which the information was originally collected, Trinseo will notify and/or obtain the consent of such employee, contractor, vendor or supplier to the extent that such notice and/or consent is legally permissible and appropriate in the circumstances.

 

 

 

 

 


May 25, 2018 Version – Trinseo Restricted