E04 - GL Policy on Data Protection and Privacy of Personal Data

(Rev:  003)

PURPOSE:

This Policy sets forth how the Company will manage the Personal Data that it collects in the normal course of business.

Scope:

This Policy is applicable to A. Schulman, Inc., each of its subsidiaries and any ventures that are controlled by the Company (collectively “ASI” or “Company”).  Specifically, this Policy applies to:

  1. all individuals who provide Personal Data, such as associates, job applicants, contingent workers, interns, retirees, contractors, customers, business partners, shareholders, and others;
  1. all locations where the Company operates, even where local regulations do not exist;

     and

  1. all methods of contact, including in person, written, via the Internet, direct mail, telephone, or facsimile.

This Policy is designed to inform all associates about their obligation to protect the privacy of all individuals (whether co-associates, independent contractors, or sub-contractors) and the security of their Personal Data.

Policy:

This Policy describes the Company’s standard global procedure governing access to and use of Personal Data across borders.  As part of this Policy, the Company will comply in all material respects with all applicable European Data Protection Directives and implementing legislation enacted by the member states of the European Union with respect to its operations in those member states; as well as such legislation as the Health Insurance Portability and Accountability Act of 1996, as amended, and other privacy laws, rules, and regulations that may apply to the Company, its associates, or its customers in those countries where the Company has operations.

This Policy does not necessarily describe how local management may handle Personal Data in order to comply with local regulations.  Local management, in conjunction with the responsible human resources manager(s), will be responsible for accessing and complying with local regulations regarding the processing of Personal Data.

Definitions: 

Controller

Refers to the Company and its authorized third parties, which determine the purposes and means of processing of Personal Data.

Data Subject

Refers to any associate or third person (e.g., consultant or independent contractor) who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

General Business

Purpose

Defined as the Processing of Personal Data for any activity related to the commercial operations of the Company’s worldwide organization.  This could include, but is not limited to, its sales, marketing, and research and development operations; protecting intellectual property; the provision of services; internal operations; information technology and general employment matters, including recruitment both internally and

externally.   Data processing for General Business Purposes includes, but is not limited to, publishing global directories, maintaining files, payroll processing, managing benefit and medical plans, conducting performance reviews, and intra-company communications

Personal Data

Defined as any information related to an identified or an identifiable person.  For example, a Data Subject’s home address, e-mail address, telephone number, or government-issued identification numbers would constitute Personal Data.

Processor

Defined as a natural or legal person, or any other entity that processes Personal Data on behalf of the Controller and under its control.  In this context, a Processor may be a payroll preparation firm that works on behalf of the Company and under its control.  The Company requires Processors to protect the privacy, confidentiality and security of Personal Data.

Processing

Defined as any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Sensitive Data

A subset of Personal Data, and refers to any Personal Data pertaining to racial or ethnic origins, trade union membership, medical or health conditions, political or religious beliefs, sex life, or criminal history.

Third Party

Defined as any natural or legal person, public authority, agency or any other entity other than the Data Subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or the Processor, are authorized to process the Personal Data.

 

Procedure:

Use of Personal Data

In the course of day-to-day business operations, authorized individuals within the Company may  from  time-to-time  utilize  and/or  transfer  Personal  Data  among  various  Company worldwide locations.  These transfers of Personal Data are necessary in order to carry out the Company’s General Business Purposes.

Specifically, Personal Data may be used as follows:

  1.   To identify a Data Subject personally;
  2.   To communicate with a Data Subject;
  3.   To comply with human resource requirements;
  4.   To comply with government regulations;
  5.   To provide associate benefits;
  6.    To manage the business.

Integrity of Personal Data

The Company will take reasonable steps that Personal Data and Sensitive Data are:

  1. Obtained, where possible, directly from the Data Subject to whom the Personal Data relates;
  2. Obtained  and  processed  fairly  and  lawfully  by  the  Company  for  General  Business Purposes;
  3. Relevant to and no more revealing than is necessary for General Business Purposes; and
  4. Kept  up-to-date  to  maintain  data  accuracy,  while  data  is  under  the  control  of  the Company, and kept only for so long as is reasonably necessary.

Notice

The Company informs Data Subjects about the purposes for which Personal Data is collected and used.  In certain situations, Personal Data may be rendered anonymous so that the names of the Data Subjects are not known by Processors.  In these cases, Data Subjects do not need to be notified.

Access to Personal Data

The Company takes steps to make sure that the Personal Data it uses is correct. The Company will allow Data Subjects reasonable access to Personal Data about themselves during normal working hours and upon reasonable request, and will be allowed to update and/or correct any inaccurate information.

Procedure for Accessing Personal Data

Questions about Personal Data and/or authorization to access such Personal Data are to be directed to Data Subject’s human resources manager.  Unauthorized access may be grounds for disciplinary actions, including termination.

Security of Personal Data

The Company will take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction.  The Company will direct its associates with responsibility for handling physical documents containing personally identifiable information that such documents (1) must be stored in locked file cabinets when not in use and (2) must not be left unsecured in plain view when in use. 

Transfer of Personal Data

Subject to this Policy, the Company may from time-to-time transfer Personal Data within and between its various worldwide locations for General Business Purposes, in compliance with country of origin regulations, European Union law, and this Policy.

The Company’s personnel, outside firms and consultants who receive Personal Data may be located in the Data Subject’s home country, the United States or any other country in which the Company or its affiliates do business.  Therefore, Personal Data may be transferred to any country in the world, including but not limited to, the United States of America and other countries where the Company does business, and where the privacy laws may be more or less protective than the privacy laws where the Data Subjects live or work.

Electronic documents containing personally identifiable information will only be shared with associates who are authorized to process such information and have a need to know such information. The Company will direct its associates with responsibility for handling electronic documents containing personally identifiable information that such electronic documents must be password protected when stored on the Company’s network or information systems, may not be stored on an associate’s local hard drive and may not be stored on removable media (e.g., flash drive).

Choice

Any Associate who’s Personal Data is to be transferred to Third Parties as described in this Policy may choose not have his or her Personal Data transferred.   A Data Subject must communicate his or her desire to “opt-out” as outlined below.  Data Subjects who exercise their right to opt-out are to be informed of the impact such opt-out will have on their employment within the Company (e.g., inability to process benefits or payroll data in a timely or appropriate fashion).  A Data Subject may not opt out of transfer of Personal Data which is transferred by the Company to a Third Party for the following purposes:

  1. Meeting applicable legal requirements;
  2. Permitting   the   legitimate   interests   of   the   Company   in   making   promotions, appointments, preparing succession planning and other employment decisions.

 

Accountability

The Company expects its associates, independent contractors, subcontractors, and partners to maintain the trust placed in the Company by those Data Subjects who provide personal information to the Company.  The Company may periodically audit privacy compliance, and where necessary, will extend by contract its privacy policies and data protection practices to the Company’ supplier and partner relationships.

Annual assessments will be performed on processes and systems for the evaluation of the security protection and privacy of personally identifiable data.

Procedure for Inquiries, Complaints and Opt-Out

A Data Subject may contact their local human resources manager, the Company’s Chief Compliance  Officer  or  the  Company’s  Ethicspoint  hotline  with  inquiries  or  complaints regarding the Company’s processing of Personal Data or to opt out of the transfer of Personal Data.  

Enforcement

The Company uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to  be  covered,  prominently  displayed,  completely  implemented  and  accessible  and  in conformity with the Principles.   The Company encourages interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.

If a complaint or dispute cannot be resolved through our internal process, the Company agrees to dispute resolution using the American Arbitration Association as a third party resolution provider.

Amendments

This Privacy Policy may be amended from time to time consistent with U.S. or international data privacy laws .  Revisions will be posted on the Company’s website(s).

Information Subject to Other Policies

The Company is committed to following the Principles for all Personal Information.  However, certain information is subject to policies of Company that may differ in some respects from the general policies set forth in this Privacy Policy.

Contact Information

Questions or comments concerning this Policy should be directed to Company via mail or email as follows:

Chief Compliance Officer

  1. Schulman, Inc.

3637 Ridgewood Road, OH 44333 Fairlawn

stacy_walter@us.aschulman.com

Access via the Web:

www.ethicspoint.com

(preferred method)

Access via telephone:

United States, Canada & Puerto Rico

1-866-ETHICSP (384-4277)

International Toll-Free Numbers:

Argentina

0-800-555-0906

Australia

1-800-339276

Austria

0800-291870

Belgium

0800-77004

Brazil

0800-8911667

China (Northern) **

10-800-712-1239

China (Southern) **

10-800-120-1239

Czech Republic

800-142-550

France

0800-902500

Germany

0800-1016582

Hungary

06-800-17199

India

000-800-100-1071

Indonesia

001-803-011-3570

Italy

800-786907

Korea

00798-14-800-6599

Luxembourg***

See calling card instructions below

Malaysia

1-800-80-8641

Mexico/M1

001-866-737-6850

Mexico/M2

001-866-737 -6850

Mexico/M3

001-866-737 -6850

Mexico/M4

001-866-737-6850

Mexico//M5

001-866-737-6850

Mexico (NEW)

001-800-840- 7907

Netherlands

0800-0226174

Poland

0-0-800-1211571

Slovakia

0800-001-544

Spain

900-991498

Sweden

020-79-8729

Switzerland

0800-562907

Turkey

0811-288-0001 x8663844277

United Kingdom

08-000328483

 

**Northern China includes: Beijing, Tianjin, Heilongjiang, Jilin, Liaoning, Shandong, Shanxi, Hubei, Henan, and Inner Mongolia

**Southern China Includes: Shanghai, Jiangsu, Zhejiang, Anhui, Fujian, Jiangxi, Hubei, Hunan, Guangdong, Guangxi, Hainan, Chingqing, Sichuan, Yunnan, Tibet Autonomous Region, Shaanxi, Gansu, Qinghai, Ningxia, Xinjiang and Autonomous Region.

***Luxembourg must access via a calling card. Please follow these instructions:

  1. Dial the AT&T Access Number: 800-201-11
  2. The AT&T operator or voice prompt will ask for the number you wish to reach.
  3. Enter the Area Code + 7 digit number: 971-250-0079.
  4. After the tone, enter the 14 digit Card Number: 887 131 6207 4989
  5. If the associate is asked for the PIN number, use 4989 (the last 4 digits of the card number)

Change Record:

Rev.

Effective Date

Expiration Date

Corporate Sponsor

Functional Lead

Reason for revision.

Original

July 30, 2012

 

J. Gingo

K. Whiteman

New policy.

 

001

March 12,

2013

 

CEO

President

Vice President of Global Human Resources

 

Country options added for EthicsPoint.

 

002

 

December 11, 2015

 

CEO

President

Vice President of Global Human Resources

 

Revision regarding electronic data.

       

003

 

May 16, 2017

 

CEO

President

Vice President of Global Human Resources

 

Revision to reflect invalidation of Safe Harbor

FOCUSED ON YOUR SUCCESS

No matter how you define success, A. Schulman has the materials expertise, processing know-how, market knowledge and application experience to help you achieve it..