Data Protection & Privacy Policy
January 2023
Protecting the security and privacy of your personal data is a priority for Hexel (“Hexel”). For further company details, please see “Corporate Information” below.
Hexel treats all personal data in full compliance with applicable data protection and security laws. We hope this document (“Privacy Policy”) helps you clearly understand what data we collect, how we use and protect it, and who we may share it with.
This Privacy Policy applies to all personal data handled by Hexel within our business operations. It covers visitors to our websites, clients, and any other individuals interacting with us (“Data Subjects” or “you”).
1. Purposes of Personal Data Use
(Note: This section overlaps with the previous translation, but I have included the full text here for continuity.)
The types of personal data Hexel collects, and how we collect it, depend on your relationship with us and the reason for the interaction. For example, when you provide us with your personal data, we typically use it to resolve your inquiries, process your orders, or provide you with access to specific information.
Below, we list several situations in which we may use your personal data within the context of our activities:
Client Registration: To prepare, negotiate, and execute contracts.
Inquiries: To respond to questions or requests and provide information regarding our products, services, and projects.
Contract Management: To plan and manage the contractual relationship with our clients (e.g., executing transactions and product/service orders, configuring systems, answering service calls, conducting training, processing payments, performing accounting activities, audits, billing and collections, organizing shipments and deliveries, facilitating repairs, and providing support services).
Marketing Activities: To organize and conduct market analysis, sweepstakes, giveaways, contests, or other promotional activities.
Communications: To send marketing communications (e.g., invitations to trade fairs, webinars, newsletters, and offers regarding our products and services).
Feedback: To conduct satisfaction surveys.
Legal & Compliance: To ensure compliance with legal obligations (such as record-keeping requirements), export controls, customs regulations, and compliance screening with business partners (to prevent white-collar crime or money laundering), as well as our internal policies and industry standards.
Training Certification: To facilitate the registration, enrollment, and control of certification issuance for training sessions conducted by Hexel.
Credit Analysis: To perform credit checks for the negotiation or renegotiation of contracts.
Risk Management: To fulfill compliance processes aimed at preventing conflicts of interest and ensuring the integrity of operations performed by Hexel.
Support: To provide support by responding to and fulfilling requests regarding our products and services.
Data Sources & Types Please note that the data used for the purposes mentioned above is, for the most part, obtained directly from the Data Subject or their representatives (e.g., via electronic forms). Depending on the purpose of the collection, this may include:
Registration Data: Name, ID (RG), Tax ID (CPF), nationality, gender, job title, date of birth, address.
Contact Data: Email, phone number, and social media handles.
Financial Data: Payment information, income, and credit history.
Image Usage: Videos or photographs featuring sponsors, speakers, influencers, competitors, and/or participants in events organized by Hexel.
Preferences & Statistics: Information regarding preferences and objectives at Hexel events, as well as audience statistics such as age group and gender.
Affiliation: The company, organization, or institution to which you are linked.
User Content: Information sent as part of a support request, survey, comment, or forum post.
We inform you that we do not intend to sell, or otherwise commercialize, your personal data to third parties, except within the Hexel Group companies.
2. Automatically Collected Personal Data
When you access our websites, we may automatically collect certain data, for example, via cookies (including the type of internet browser and operating system used, the domain name of the website from which you accessed our site, number of visits, average time spent on the site, and pages visited). We may use this data and share it with other Hexel Group companies located in other countries to improve the user experience and the quality of our content. To learn more about how we use cookies, please visit our Cookie Policy.
3. With whom may Hexel share your Personal Data?
Hexel works in partnership with other companies to facilitate our activities, offer products, and provide services. As such, we may share your personal data with these partner companies, always aiming to preserve your privacy to the fullest extent possible and, whenever feasible, in an anonymized format. We describe below the situations in which we may share personal data:
Our Suppliers: We rely on the assistance of suppliers who may process personal data we collect. We always strive to carefully evaluate our suppliers and establish contractual obligations regarding personal data protection and information security to minimize risks for Data Subjects. These suppliers include, for example, companies hired to assist us with data storage, website hosting, and the organization of events and trade fairs.
Public Authorities: We must comply with the law. Therefore, if an authority with legal jurisdiction requires Hexel to share certain personal data—for example, to meet regulatory requirements—we will need to share this information. We are opposed to any abuse of authority and, should Hexel deem a specific order to be abusive, we will always prioritize your privacy.
Legal Obligations and Rights Protection: We reserve the right to share any personal data we believe is necessary to comply with a legal obligation, enforce our contracts, or protect the rights of Hexel and our employees.
Affiliates: We may transfer data between Hexel Group companies for reporting purposes, service improvement, and compliance with legal obligations. All our companies are subject to contractual obligations committing them to treat your personal data with the same level of security and in accordance with applicable laws.
4. Rights of the Data Subject
Your personal data belongs to you, and Brazilian law guarantees you a series of rights related to it. We are committed to upholding these rights. In this section, we explain how you can exercise them with Hexel. Brazilian law guarantees you the following rights:
Confirmation of Processing and Access You may request confirmation from Hexel regarding the existence of the processing of your personal data so that, if confirmed, you may access it, including by requesting copies of the records we hold about you.
Correction You may request the correction of your personal data if it is incomplete, inaccurate, or outdated.
Anonymization, Blocking, or Deletion You may request: (a) the anonymization of your personal data so that it can no longer be linked to you and therefore ceases to be personal data; (b) the blocking of your personal data, temporarily suspending our ability to process it for certain purposes; and (c) the deletion of your personal data, in which case we must erase all your personal data without the possibility of reversal.
Data Portability You may request that Hexel provide your personal data in a structured and interoperable format to facilitate its transfer to a third party, provided that such transfer does not violate Hexel’s trade secrets.
Information on Sharing You have the right to know which public and private entities Hexel shares your personal data with. We maintain an indication in this Privacy Policy of our relationships with third parties that may involve data sharing. In any case, if you have questions or want more details, you have the right to request this information from us. Depending on the case, we may limit the information provided if such disclosure violates Hexel’s intellectual property or trade secrets.
Information on the Possibility of Not Consenting You have the right to receive clear and complete information regarding the possibility and consequences of not providing consent when requested by Hexel. Your consent, when required, must be free and informed. Therefore, whenever we ask for your consent, you are free to deny it—in such cases, it is possible that certain services cannot be provided.
Revocation of Consent If you have consented to a specific purpose for processing your personal data, you may always choose to revoke your consent. However, this will not affect the legality of any processing carried out prior to the revocation. If you withdraw your consent, we may be unable to provide certain services, but we will notify you when this occurs.
Opposition (Right to Object) The law authorizes the processing of personal data even without your consent in certain situations. In these cases, we will only process your personal data if we have legitimate grounds to do so. If you do not agree with a specific purpose for processing your personal data, you may present an objection to such processing.
To exercise any of the rights listed above, we recommend contacting us via the channel mentioned in this Privacy Policy.
Security Check: For your safety, whenever you submit a request to exercise your rights, Hexel may request additional information to verify your identity and prevent fraud. We do this to ensure the security and privacy of everyone, aiming to prevent the disclosure of personal data to unauthorized persons.
Exceptions: In some cases, Hexel may have legitimate grounds to decline a request to exercise rights. These situations include, for example, cases where revealing specific information could violate Hexel’s or third parties’ trade secrets, or cases where requests for anonymization, blocking, or deletion cannot be fulfilled due to Hexel’s obligation to retain data (whether to comply with legal/regulatory obligations or to defend Hexel’s or third parties’ rights in disputes of any nature).
Response Time: Furthermore, some requests may not be answered immediately, but Hexel commits to responding to all requests within a reasonable timeframe and always in compliance with applicable legislation.
5. How long will your Personal Data be stored?
Hexel follows personal data retention practices aligned with applicable legislation. Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected, unless there is any other reason for its maintenance—such as compliance with legal, regulatory, or contractual obligations, among others—provided they are supported by a legal basis. This guarantees the Data Subject’s right to request the deletion of their information, as detailed in the previous item.
We always perform a technical analysis to determine the appropriate retention period for each type of personal data collected, considering its nature, the necessity of collection, and the purpose for which it will be treated. For example, personal data related to IP addresses and the date/time of access to our websites are kept for a minimum of 6 (six) months from the date of access.
6. Security
To protect your personal data against accidental or unlawful destruction, loss, or alteration, and against unauthorized disclosure or access, Hexel adopts technical and organizational security measures.
We work to protect your privacy and personal data, but unfortunately, we cannot guarantee total security. Unauthorized entry or use of your account by third parties, hardware or software failures not under Hexel’s control, and other external factors may compromise the security of your personal data. Therefore, your participation is fundamental to maintaining a secure environment for everyone. You can help us by adopting good security practices regarding your account and data (for example, not sharing your password with third parties). If you identify or become aware of anything that compromises the security of your data, please contact us via the channel indicated below.
7. Links to Other Websites
Hexel’s websites contain links to other websites. Hexel is not responsible for the privacy practices or content of other websites.
This Privacy Policy also does not apply to situations where we only process information on behalf of our Business Partners (e.g., when we act as a web hosting or cloud provider for another service or product). We may provide links to other sites and apps that we believe may be of interest to you.
8. Changes to the Privacy Policy
As we are always seeking to improve our products and services, this Privacy Policy may undergo updates to reflect these improvements. Therefore, we recommend reviewing this page periodically so that you are aware of any modifications. If relevant changes are made, we will notify you.
9. How to contact Hexel regarding Personal Data
If you wish to exercise any right, or if you believe your data has been used in a way incompatible with this Policy, or if you have questions, comments, or suggestions related to the privacy of your data, please contact us via the email below:
Contact Email: hexel@hexel.com.br
