<
>

ONLINE PRIVACY STATEMENT

The SGS Group is committed to the responsible handling and protection of your personal data.

We have created this statement to provide you with clear and understandable information regarding
our privacy practices when you are accessing or using our websites so that you can make informed
choices about the use of your personal data by SGS.

When accessing other services or applications through our website, please read the specific privacy
conditions which may apply to them.

SGS reserves the right to update this statement from time to time by publishing a new version online.
This statement was last updated in May 2018.

When this statement refers to SGS, it means SGS as the controller of your data, namely the SGS
Affiliates with which you had, have or will have a business relationship or that otherwise decides
which of your data is collected and how it is used, as well as SGS SA (Registration number CH-
660.0.023.919-0 Switzerland). You may obtain a list of our German SGS Affiliates by visiting
www.sgsgroup.de.


PERSONAL DATA WE COLLECT

SGS collects personal data that you provide to us directly when you request information about our
services; subscribe to our website services, email notifications and/or newsletters; make an enquiry
through our different enquiry forms and helplines such as our Integrity Helpline; or carry out a
transaction or place an order through our website. This may include:

  • Identification and contact data such as name, surname, job title, phone number, email,
    address and country
  • Financial and transactional data such as credit card details
  • Any information that you voluntarily share with us such as feedback, opinions or information
    provided via any of our helplines

SGS also collects personal data automatically when you visit our website. This may include:

  • Device information such as IP address, referring website, SGS pages your device visited and
    the time that your device visited our website
  • Internet log information and details, collected through our third parties such as Google
    Analytics, that does not specifically identify you
  • Information collected by cookies (for further information please see the Cookie Policy)

Contact form

If you send enquiries to SGS via the contact form, your data entered into the contact form, including
the stated contact information, are stored for the purpose of dealing with your enquiry and in case of
additional enquiries. Those data will not be passed on without your permission to third parties,
where third parties in this case are not the affiliated subsidiaries of SGS Holding Deutschland B.V. &
Co. KG. By submitting the contact form, you give your consent to the storage, processing and use of
your personal data from the form within the aforementioned companies. Your legal rights to
information, modification and deletion of your personal data will of course not be affected. For
further information, please see our privacy policy.

The processing of your data that you entered into the contact form is therefore exclusively based on
your consent (Art. 6 (1) lit. a EU GDPR). You can revoke this consent at any time. An informal message
by e-mail to us is sufficient. The legality of the data processing operations carried out until the
revocation remains unaffected by the revocation.

The information you provide in the contact form will remain in our contact and administration
databases until you ask us to delete it, revoke your consent to storage, or the purpose for data
storage does no more apply (for example, after your request has been processed). Mandatory
statutory provisions - especially retention periods - remain unaffected.


Server-log-files

Our web hoster automatically collects and stores information in so-called server log files which your browser
automatically transmits to us, such as:

  • browser type/version
  • used operating system
  • referrer URL
  • host name of the accessing computer
  • time of query
  • IP addresses are completely anonymized

Those data cannot be associated with individual persons. We do not merge this data with other
sources. The basis for this data processing is Art. 6 para. 1 lit. b EU GDPR, which allows the processing
of data to fulfill a contract or pre-contractual measures.


COOKIES AND HOW SGS USES THEM

What are cookies?

Cookies are small text files that SGS websites place onto your computer.

Why do we use them?

Cookies are used to help us improve your experience when using our websites – for example, storing
your preferred language setting for the next time you visit.

The information we collect from cookies enables us to:

  • Tailor our websites to your personal needs
  • Remember the notifications that you have been shown, so that you are not shown them again
  • Make improvements and updates to our websites based on the way you want to use them
  • We do not use cookies to identify you personally.

What kind of cookies do we use?

We use the following categories of cookie:

Necessary cookies

Cookies in this category enable you to use our websites and all their features, such as enabling access
to secure areas of the website. Without these cookies you may not be able to use all the features of
our websites.

The following cookies are necessary for full functionality:

Session cookie: this cookie manages your user profile information, which is anonymous by default, in
the context of your visit of this website.


HOW LONG WE KEEP PERSONAL DATA

SGS will retain your personal data for the period of time that is necessary to fulfil the original
purposes for which it has been collected. Please keep in mind that in certain cases a longer retention
period may be required or permitted by law or to allow SGS to pursue its business interests, conduct
audits, comply with our legal obligations, enforce our agreements or resolve any dispute.

The criteria used to determine our retention periods include:

  • How long is the data needed to provide you with our products or services or to operate our
    business?
  • Do you have an account with us? In this case, we will keep your data while your account is
    active or for as long as needed to provide the services to you
  • Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can
    include mandatory data retention laws in the applicable jurisdiction, government orders to
    preserve data relevant to an investigation, or data that must be retained for the purposes of
    contract or litigation

HOW PERSONAL DATA IS PROTECTED

SGS follows strict security procedures in the storage and disclosure of information which you have
given us in order to prevent unauthorized access, loss or destruction of your personal data. These
may include:

  • Physical safeguards, with locked doors and file cabinets, controlled access to our facilities
    and secure destruction of media containing your personal data
  • Technology safeguards, like the use of anti-virus and endpoint protection software, and
    monitoring of our systems and data centers to ensure that they comply with our security
    policies
  • Organizational safeguards, like training and awareness programs on security and privacy, to
    make sure employees understand the importance and means by which they must protect
    your personal data

SGS does not seek to collect sensitive personal data (also known as special categories of data). If we
do so we will always collect the data in accordance with local data privacy requirements. If you
choose to provide us with unsolicited sensitive personal data, you will be asked to consent to our
processing of such data on a case-by-case basis by using a specific express consent form.

SGS does not knowingly collect or solicit personal data from anyone under the age of 16. If you are
aged under 16, please speak to your parent/guardian to get their permission before you provide any
personal information to SGS because without this consent, you are not allowed to provide us with
your personal data. If we learn that we have collected data from a person aged under 16, we reserve
the right to delete such data with no prior notification or consent.


HOW YOU CAN ACCESS AND CONTROL YOUR PERSONAL DATA

We are committed to ensuring that you can exercise your right of access and you can control your
data.

If you have registered for an account on www.sgs.com and/or its local equivalents, you may directly
and autonomously access your online profile and other personal details and update, amend, if legally
possible, add or delete the data about yourself by logging into the applicable website or service with
your account credentials.

Otherwise, and in accordance with our internal procedures, we will respond to the following requests
as described below. All requests shall be addressed via our online privacy request form or by
contacting us in writing as described in the section “contact us”:

  • Access to personal information: you have the right to request what personal data we hold
    about you subject to our right to identity verification. If you request a copy of your data, we
    may charge you a fee, except where this is not permissible under local law.
  • Correction and deletion: in some jurisdictions, including the EU (according to data protection
    laws for data subjects in the EU), you have the right to correct or amend your personal data if
    it is inaccurate or needs to be updated. You may also have the right to request the deletion
    of your personal information, however this may not be always possible due to legal
    requirements and other obligations to keep such data. If we are asked to delete your data,
    we may keep some minimal information about you to be able to demonstrate that we have
    fulfilled our obligations.
  • Filing a complaint: Any complaints about our adherence to the practices described in this
    Statement shall be addressed as described here. In some jurisdictions, including according to
    data protection laws in the EU for complaints issued from subjects in the EU, you have the
    right to lodge a formal complaint with a data protection authority.
  • Marketing preferences: SGS may send you regular marketing communications about our
    services, via different channels such as email, phone, SMS, postal mailings and third-party
    social networks, in accordance with relevant marketing laws. When required by applicable
    law, we will obtain your consent before starting these activities.

In order to provide you with the best personalized experience, these communications may be
tailored to your preferences by using our subscription center. Our targeted emails contain email
messages which use web beacons, cookies and similar technologies to allow us to know whether you
open, read or delete the message and which links you open. When you open a link in a marketing
email you receive from SGS, we will also use a cookie to log what pages you view and what content
you download from our websites, even if you are not registered or signed into our site.

In addition, you can exercise your right to prevent marketing communications to you by opting out of
emails we send to you. In such cases, we will retain minimum personal data to note that you opted
out in order to avoid contacting you again. Please note that even if you opt out from receiving
marketing communications, you might still receive administrative communications from us, such as
technical updates for our products or services, order confirmations, notifications about your account
activities, and other important notices.


HOW YOU CAN CONTACT US

If you have questions or concerns about your privacy, please write to us:

SGS Group Germany
Legal Department
Heidenkampsweg 99
D-20097 Hamburg

t: +49 40 301 01 - 0
E-mail: privacy.de@sgs.com

User: [Not logged in] | Version: 1.1 Imprint Data Privacy Policy