Privacy Policy

This privacy statement should be read in conjunction with our Terms and Conditions, which are incorporated by reference herein (collectively, this “Agreement”). By accessing our website or otherwise interacting with us, you agree to be bound by this Agreement.

If you accept or agree to this Agreement on behalf of a company of other legal entity, you represent and warrant that you have the authority to bind that company of other legal entity to this Agreement and, in such event, “you” and “your” will also refer and apply to that company or other legal entity.

Croda International Plc  based at Cowick Hall Snaith Goole East Yorkshire DN14 9AA , as well as all of its corporate affiliates under its control with whom you trade or otherwise do business  (collectively, "Croda", "we" or "us") are responsible for your personal information and we take our data protection and privacy responsibilities and your rights as data owners seriously.

This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:

  • the personal information we collect, and when and why we use it
  • how we protect and store personal information
  • your legal rights subject to Applicable Laws (as defined below)
  • how you can contact us

Updates

We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on this webpage. This privacy notice was last updated on 28th October 2019. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or email. By using the website or otherwise interacting with us after such changes have been made (and notice has been given, as applicable), you are deemed to have accepted such changes. Please refer back to this privacy policy on a regular basis.

Third Party Websites

You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party website.

What personal information we collect and when and why we use it

In this section you can find out more about

  • when we collect personal information
  • the types of personal information we collect
  • how we may use your personal information
  • the legal basis for using personal information
  • with whom we may share your information

When we collect information

We collect information about you if:

  • you do business with us;
  • you are a visitor to our website;
  • you apply for a job with us;

collectively ("you" or "your").

If you do business with us

If you are one of our valued customers or suppliers (or prospective customers or suppliers, or work for or represent one of our customers or suppliers), we will collect information about your name, contact details (including email, phone and mail address), the position you have in the business you work for and the interactions you have with us.

We will use your information:

  • to manage the routine commercial transactions we have with our customers and suppliers
  • to respond to requests from you for information about us or our products
  • to address any customer / supplier related service issues, such as product queries, issues, complaints or claims
  • to keep you informed about our products and services - we explain more about this in the separate sections below relating to direct marketing and cookies.

We will collect your personal information from you if you contact us, or if you register through our online customer portal. We may also collect information about you from the business you represent or work for if they provide your details (for example as the contact point for a particular product sale), or if you or they attend a trade show.

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This will be because:

  • we need to use your personal information to perform a contract or take steps to enter into a contract with you - this will be relevant if we are transacting with you where you are a sole trader or partnership;
  • you have provided consent for us to contact you by email - we will only be sending direct marketing communications to you by email if you provide us with your consent to do this through our online customer portal. You can change your preferences at any time here.  However, we may rely instead on our legitimate interest in providing email marketing to our business contacts to the extent permitted by Applicable Laws such as contacts at incorporated business entities, but we will honor any instructions that you send to us to unsubscribe from such emails. 
  • we need to use your personal information for our legitimate interest as a commercial organisation - we routinely maintain records as a business about the commercial transactions we enter into with our customers and suppliers and to address issues relating to product development and supply, including marketing and business development (other than by email, where you have provided your consent for us to contact you). The information we hold will be because it is relevant to a transaction or our business development, for example if you are involved in helping us with our product lifecycle, placing an order with us, requesting information, or raising an issue or concern with us. In all cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Legal Rights section;
  • we need to use your personal information to comply with a relevant legal or regulatory obligation that we have. For example, if we need to retain particular records for health and safety, environmental law or tax related purposes.

If you would like to find out more about the legal basis for which we process personal information please contact us or click here for a more detailed breakdown of legal basis and legitimate interests assessment in the format in Annex A.

If you are a visitor to our website

If you are a visitor to our website, we may collect data from cookies which help us understand how you came to our site, the pages you visited on our site and your IP address. We use this information to help optimise the website experience. You can find more about cookies in our cookie policy.

If you contact us through a web form or web chat

Where you provide us your details through a web form or through web chat, we will collect information about your name, contact details and any information you supply. We will only use the information for the purposes of the conversation. As an international organisation, where required, Croda may store and process this information across international borders in line with the needs to process the conversation. All storage and processing of personal information conforms to Croda’s internal safeguards, policies and procedures.

If you apply for a job with us

If you contact us to apply for a job, we will collect information about your name, contact details and any information you supply to us in relation to the job you are interested in applying for (including your qualifications, education and employment history). We will use this information to help assess your suitability for the role you are applying for or other roles that may be appropriate for your skills and experience. Our HR team maintain a separate privacy policy which they will provide to you during the recruitment process, explaining more about how we manage personal information for our employees and prospective employees.

Sharing information with others

We share your personal information:

  • with other companies within the Croda Group of Companies, where we believe disclosure to other group companies is necessary to manage our business. Please refer to the ‘Related Undertakings’ section of the annual report for the most up-to-date list of Croda Companies, which can be accessed here.
  • service providers who help manage our business and deliver services to us, for example suppliers who provide IT and marketing support services - these organisations have all agreed to confidentiality restrictions with us and only use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us;
  • these include (but may not be limited to) Mailchimp, ON24, Adobe, Sitecore, Email Labs, Jotform, Sleeknote, SnapEngage, Survey Monkey & Doodle Survey.

We may also share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our affiliates, service provider, and other business partners.

In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this privacy policy.

More about direct marketing

We use personal information to let you know about our products and services that we believe will be of interest to you.

We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • we will only send you direct marketing by email if you have provided consent to us sending messages to your registered email address through our online customer portal;
  • you can ask us to stop direct marketing at any time. You can ask us to stop sending email marketing by following the "unsubscribe" link you will find on all the email marketing messages we send you, through our customer portal or by contacting us here. Please specify whether you would like us to stop all forms of marketing or just a particular type; and
  • you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained above or by contacting us here.

We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

More about cookies

A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.

Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your country, language and other settings. Cookies allow us to understand who has seen which webpages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier.

For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy.

Transferring information internationally

Croda is an international business. As a result, your personal information may be transferred and stored in countries outside the EU, including EEMEA, Latin America, North America & Asia Pacific, that are subject to different standards of data protection.

We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and that transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

  • we ensure transfers within our group of companies will be covered by an agreement entered into by members of the Croda Group (an intra group agreement) which contractually obliges each member of the Croda Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the Croda Group; and
  • where we transfer your personal information outside the Croda Group (for example to third parties who help provide our products and services), we obtain contractual commitments from them to protect your personal information.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

How we protect and store your information

Security

We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

Measures we take include:

  • placing confidentiality requirements on our staff members and service providers;
  • destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
  • following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it;
  • using secure communication transmission protocols

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect your User IDs and passwords, please take appropriate measures to protect this information.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Your legal rights to data privacy

You have rights to protect your interest of privacy in the data that you provide to Croda.  Those rights will depend upon the federal, provincial, state or local laws and regulations that apply to you, as the data owner, and Croda, as the party receiving, using, processing and/or storing such data (collectively, "Applicable Laws").   Although Croda cannot provide you with legal advice, and you should seek legal counsel to ensure that you fully understand how to protect your rights and how to enforce them, your rights under Applicable Laws may include:

  • To access personal information or determine what personal information Croda has in its possession or control
  • To ask Croda to rectify / erase personal information
  • To restrict the processing of your personal information
  • To transfer your personal information
  • To object to the processing of personal information
  • To object to how we use your personal information for direct marketing purposes
  • To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  • To lodge a complaint with your local supervisory authority
  • To receive timely notices of any data breaches
  • To enforce your right to certain remedies in the event of a data breach

If you wish to access any of the above-mentioned rights, or other rights that you may have under Applicable Laws, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by Applicable Laws, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which the Company is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims;

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the way in which we contact you for marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Your California Privacy Rights

We do not respond to “Do Not Track” signals or similar mechanisms as contemplated by California AB-70.

Contact us

The primary point of contact for all issues arising from this privacy notice is the Data Protection Lead who can be contacted as follows:

dataprotection.GB@croda.com

+44 (0) 1405 860551

Croda International Plc / Croda Europe Ltd
Cowick Hall
Snaith
Goole
East Yorkshire
DN14 9AA
United Kingdom

If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible, and in any event, within the timescales provided by data protection laws.

To contact your data protection supervisory authority

You have a right to lodge a complaint at any time with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement). In the UK this is the Information Commissioner's Office. We ask that you please attempt to resolve any issues with us before your local supervisory authority.

Issue Date of Privacy Notice: 28, October 2019.

ANNEX