Effective date: March 1, 2025
Carr Biosystems processes Personal Data that relates to the contact people of our customers, suppliers/vendors, and other stakeholders, as well as to people who browse our websites. This Privacy Notice describes what Personal Data is processed and how. The description of how we process Personal Data in recruitment can be found on our Careers site.
Personal Data may be processed for the purposes described below, under the lawful bases listed below.
We collect Personal Data directly from Stakeholders and Individuals as well as through their interactions and use of our products and services. We do not knowingly collect Personal Data about Individuals who are minors. The Personal Data we collect depends on the context of the interactions.3 In limited circumstances we may also collect Personal Data from third parties, for example for lead generation, customer/supplier due diligence or credit checks.
Personal Data may be processed for the following purposes:
For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; preferred language; information about the role and job location; billing information (including credit card data); Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing.
The processing is considered necessary for the performance of a contract to which the Stakeholder is party, or in order to take steps at the request of the Stakeholder prior to entering into a contract.4
Personal Data may be processed for marketing activities. This includes for example newsletters, tracking service or website usage for targeting purposes, and events at trade shows.
For this purpose, categories of Personal Data may typically include the following: Individual’s name, contact details and marketing preferences; the following information when using our websites or digital services: login details, information about how the Individual is using the service (for example when and which part of the service), Individual’s IP address, browser, network, device, web pages visited prior to coming to the service; preferred language; photos or videos (with prior written permission) in relation to some marketing activities; information about the role and job location; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing.
Subject to applicable legislation, the processing is based on consent, or on the legitimate interests pursued by the Company.5 Individuals can withdraw their consent or object to marketing communication at any time by clicking the “Unsubscribe” link included in marketing e-mails.
When applicable, the consent for tracking technologies can be provided in the cookie settings of the website. More information can be found in the respective Cookie Policy on the website used.
Personal Data may be processed for the following purposes:
For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; information about the role and job location; billing information; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing.
The processing is considered necessary for compliance with legal obligations to which the Company is subject.6
Personal Data may be processed for the following purposes:
For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; information about the role and job location; billing information; financial information in relation to loans to customers; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing.
The processing is considered necessary for the purpose of the legitimate interests pursued by the Company, including security, effective financial and administration management, and protection of property and rights.7
Personal Data may be processed for the following purposes:
For these purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; video/sound recordings or photos that may include the Individual in addition to machine/equipment related data; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using. Operator identifier (i.e. identifier that is created by the customer and that the machine operator uses to log in to the machine) may be linked with machine related data in order to understand how the machine is used and how operator behaviour may affect the machine, in order to better utilise the machine and make it run better.
The processing is considered necessary for the performance of a contract to which the Stakeholder is party, or in order to take steps at the request of the Stakeholder prior to entering into a contract.8
Personal Data may be processed for the following purposes:
For the above purposes, categories of Personal Data may typically include the following: Individual’s name and contact details; preferred language; the following information when using our websites or digital services: login details, information about how the Individual is using the service (for example when and which part of the service), Individual’s IP address, browser, network, device, and web pages visited prior to coming to the service; Stakeholder’s name and other information about the Stakeholder, their business and the machine/equipment/service they are using/providing.
The processing is considered necessary for the performance of a contract to which the Stakeholder is party, or in order to take steps at the request of the Stakeholder prior to entering into a contract.9
When applicable, the consent for tracking technologies can be provided in the cookie settings of the website. More information can be found in the respective Cookie Policy on the website used.
Personal Data may be processed for the following purposes:
For these purposes, information about machines, equipment and services is mainly used. However, if necessary for the purposes, Personal Data may also be used. Categories of Personal Data may typically include the following: Individual’s name; login details; information about how the Individual is using the service (for example when and which part of the service); Individual’s IP address, browser, network, device, and web pages visited prior to coming to the service.
The processing is considered necessary for the purpose of the legitimate interests pursued by the Company, including the improvement of its products and services.10
Our websites utilize cookies (small text files that a website, when visited by a user, asks the user’s browser to store on the user’s device in order to remember information about the user) as well as other tracking technologies. More information about how these are used can be found in the respective Cookie Policy on the website used.
Further, we may provide services, for example in relation to consulting or IIoT (Industrial Internet of Things), where we process Personal Data as the “data processor” on behalf of our customer. In these situations, the customer is the “data controller” and carries the responsibilities under applicable legislation, including providing a privacy notice to individuals describing how their Personal Data is processed.
Personal Data may be shared within the Company. Personal Data may be accessed and processed, when necessary for the purposes described above, by our relevant team members.
When necessary, Personal Data may also be shared with external parties, for example with external advisors (including, but not limited to, legal, tax and insurance advisors), auditors, creditors, banks, credit insurance partners or relevant authorities. Further, we may use IT third party service providers (including, for example, ERP software and application providers and cloud providers) sales agents or debt collection agencies to process Personal Data on our behalf. In some cases, Personal Data may be shared with companies specialized in services to assess Stakeholders’ reliability and to screen for risk and compliance.
Personal Data may be stored, transferred to, and processed in any country where we have team members or facilities or in which we engage service providers, including in the United States of America. The list of Barry-Wehmiller Group, Inc.’s subsidiaries and affiliates and relevant contact details can be found here: https://www.barrywehmiller.com/business.
Transfers of Personal Data to third countries in the context of the activities of an establishment of a data controller or a data Processor in the European Union are mainly based on either adequacy decision11 under art. 45 EU Reg. n. 2016/679 and/or standard data protection clauses12 under art. 46.2. (c) EU Reg. n. 2016/679.
Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer. The criteria used to determine our retention periods include:
We implement and maintain industry standard technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and the nature, scope, context and purposes of processing of Personal Data.
Individuals may contact us for more information on how their Personal Data is collected, used, and disclosed. Individuals may also request to opt out from marketing messages, when applicable. Individuals may also exercise the following privacy rights, subject to applicable legislation:
Contact details for more information and to exercise the rights described above:
We may update this Privacy Notice from time to time. Any changes will be posted on the applicable websites.
This California Addendum to the Barry-Wehmiller Group, Inc. (the “Company”) Privacy Notice describes the Company’s practices regarding the collection, use, and disclosure of the personal information of Individuals who are California residents (“California Individuals”), describes the rights of California Individuals under the California Consumer Privacy Act (“CCPA”), and explains how California Individuals may contact the Company to exercise their rights, if applicable (the “Addendum”). This Addendum supplements the Privacy Notice above.
California Individuals who have a disability may be able to use a screen reader or other assistive device to review the contents of this Privacy Notice. If you require additional disability assistance, please reach out to your contact person in the Company, or call the Barry-Wehmiller company that you have a relationship with (contact details listed at https://www.barrywehmiller.com/business). You may also contact us through the “Contact us section” of our website, advise of a request for disability assistance and request a call back.
Within the last 12 months, we have collected the following categories of personal information from California Individuals:
We do not use or disclose sensitive personal information to “infer” characteristics as defined under the CCPA, or for any purpose other than that which is necessary to provide you with our services as specific in the CCPA.
We do not sell personal information, including within the preceding 12 months.
We may share your personal information for purposes of cross-context, targeted behavioral advertising, including with the preceding 12 months.
Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer. The criteria used to determine our retention periods include:
The CCPA provides Consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
California’s “Shine the Light” Law – In addition to the rights described above, California's "Shine the Light" law (Civil Code Section §1798.83) permits California residents that have an established business relationship with us to request certain information regarding our disclosure of certain types of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year.
To exercise the right to opt-out of targeted advertising (or “sales” of personal information as that term is defined in state law), please visit the “Do Not Sell or Share My Personal Information” section, here to learn more about and to exercise this right.
To exercise any of the remaining rights described above, please submit a request to us by one of the following methods:
We may update this Addendum from time to time. Any changes will be posted on the applicable websites.
If you have any questions about this Addendum, the ways in which the Company collects and uses your information described herein and in the above Privacy Notice, your choices and rights regarding such use, or if you wish to exercise your rights under California law, please do not hesitate to contact via email at dataprotection@barry-wehmiller.com or via post as noted above.
1 The list of Barry-Wehmiller Group, Inc.’s subsidiaries and affiliates, and relevant contact details can be found here: https://www.barrywehmiller.com/business.
2 The primary “data controller” is the legal entity that has a relationship with the Stakeholder (for example in the form of a service/purchase agreement).
3 Individuals/Stakeholders are not required to provide Personal Data to us. If they choose not to provide Personal Data to us, we may not be able to provide them with either our products or services, or all of their functionalities, and/or to respond to queries they may have.
4 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (b) of EU Reg. n. 2016/679.
5 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (a) or art. 6.1 (f) of EU Reg. n. 2016/679.
6 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (c) of EU Reg. n. 2016/679.
7 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (f) of EU Reg. n. 2016/679.
8 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (b) of EU Reg. n. 2016/679.
9 In the context of the activities of an establishment of a data controller or a data processor in the European Union processing is based on art. 6.1 (b) of EU Reg. n. 2016/679.
10 In the context of the activities of an establishment of a data controller or a data processor in the European Union, processing is based on art. 6.1 (f) of EU Reg. n. 2016/679.
Get in touch with a sales representative, request support or download our free white paper.
Contact Us