Supplier Privacy Notice

This notice applies to all countries except Austria, Germany and South Africa.

View privacy notice for Germany:

• German version
• English version

View privacy notice for South Africa:

• English version

You can view this notice in the following languages: Arabic, Chinese (Simplified), German, Greek, Estonian, Finnish, French, Portuguese (Portugal), Spanish.

1. Who is responsible for the processing of your personal data?

This Supplier Privacy Notice ("Notice") applies to the Accelleron Group of companies, which means Turbo Systems Switzerland Ltd, Switzerland and each entity in which Turbo Systems Switzerland Ltd, Switzerland, directly or indirectly, has a majority holding or owns or controls the majority of voting rights. The Accelleron company that is communicating with you or to which you are providing goods or services (referred to as "Accelleron" or "we"), is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice.

Other subsidiary companies of Accelleron may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.

2. The types of information we collect and use?

We collect and use personal data that concerns you in connection with the agreements with our suppliers. We may collect the following categories of personal data:

• Identification data and business contact information, you share with us such as first name, last name, job/position/title, nationality, business email address, business address, telephone number, mobile telephone number, telefax number, private telephone number, gender, date of birth.
• Additional information you provide to us in the course of our business relations such as data concerning the fulfilment of our contractual obligations and pre-contractual measures including correspondence data, offers, tenders, resume/CV, conditions, contract and order data, invoices, payments, business partner history, records relating to queries/questions/complaints/orders, driving license number, vehicle license plate, ID/passport number.
• Electronic identification data and information collected by the communications systems, IT applications and website browser (where supplier has access or is affected by such systems or applications and in accordance with the applicable law) such as information technology usage (system access, IT and internet usage), device identifier (mobile device ID, PC ID), registration and login credentials, IP address, login data and log files, Analytics ID, time and url, searches, website registration and cookie data, sound recordings (e.g. voice mail/phone recordings, Skype recordings).

The below mentioned types of personal data are only collected and processed, if at all, in accordance with applicable local laws in your country of residence and where relevant depending on the agreements with our suppliers.

• Data about criminal convictions and offences such as criminal background information and sanction list information to the extent required for the purposes of criminal background screening, due diligence and Anti Money Laundering (“AML”) obligations.
• Health related data such as health certificate of supplier’s employees when allowed or required by local law.
• To the extent necessary to fulfil our obligations, data obtained from publicly accessible sources or which are legitimately transmitted by other third parties (e.g. a credit agency) such as commercial register data, creditworthiness data.

In case you would like to be provided with information about a specific personal data processing activity, you can request that by submitting a request at www.accelleron-industries.com/privacy.

3. Why we use your personal data?

We may use your personal data as described above for the following purposes:

• supplier and service provider management throughout the supply chain including contact interaction including tendering, engagement, processing orders, process and fulfilment of purchases, administration and management of suppliers, vendors, contractors, advisers and other professional experts;
• paying debts, supplier invoice and payment management, purchasing of direct and indirect services;
• Travel arrangements for suppliers and suppliers’ employees
• reporting and analytics including market intelligence and development and improvement of services or products through assessment and analysis of the information;
• management of process quality;
• references on documents, such as tenders, purchase orders, invoices, reports;
• contract lifecycle management;
• payment collection and insolvency processes;
• training suppliers;
• finance and shared accounting services, providing record to report and purchase to pay services;
• reorganization, acquisition and sale of activities, business units and companies;
• monitoring and auditing compliance with Accelleron’s corporate policies, contractual obligations and legal requirements including Conflict Minerals;
• carrying out audits (internal and external), reviews and regulatory checks to meet obligations to regulators;
• governance, risk and compliance, including due diligence and Anti Money Laundering (“AML”) obligations, customs and global trade compliance and sanctioned party list screening, security, including prevention, detection of crime and fraud;
• maintain and protect the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, and fraud or other criminal or malicious activities; and
• manage IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), user accounts management, software licenses assignment, security and performance testing and business continuity.

We collect only the personal data from you that we need for the purposes described above. For statistical purposes, improvement of our services and testing of our IT systems we use as much as reasonably possible anonymized data. This means that these data can no longer (in)directly identify you or single you out as an individual.

4. What happens if you do not provide us with the information we had asked you for or if you ask us to stop processing your information

Where it concerns processing operations related to the agreements with our suppliers (as described above), Accelleron will not be able to adequately establish, conduct or terminate a business relationship with you or your company and generally perform the purposes described above without certain personal data. Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect the business relationship in a negative manner, such as not being able to take requested pre-contractual measures to enter into a contract with you or to establish and continue the business relationship you have asked for.

5. The legal basis we rely on

We use your personal data for the purposes described in this notice based on one of the following legal bases, as applicable:

• We may process your personal data for the fulfilment of contractual obligations resulting from contracts with you or your company, or as part of pre-contractual measures we take;
• In some cases, we rely on our legitimate interests to process your personal data insofar as this is not overridden by your own privacy interests. Such interests may include:
  • conduct, management, development and furtherance of our business in the broadest sense possible including supply of products and services, performance of agreements and order management with suppliers, process and fulfilment of purchases, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes and reorganization, acquisition and sale of activities, business divisions and companies;
  • monitor, investigate and ensure compliance with legal, regulatory, standard and Accelleron internal requirements and policies;
  • prevent fraud and criminal activity including investigations of such activity, misuse of Accelleron assets, products and services, and as strictly necessary and proportionate for ensuring network and information security; and
  • transmitting personal data within the Accelleron group for internal administrative purposes as necessary for example to provide centralized services.

You may obtain a copy of our assessment of why we may process your personal data for these interests by submitting a request at www.accelleron-industries.com/privacy.

• In some cases, we process your personal data on the basis of legal obligations and statutory requirements, for example, on the basis of tax or reporting obligations, cooperation obligations with authorities, statutory retention periods or the disclosure of personal data within the scope of official or judicial measures may be required for the purposes of taking evidence, prosecution or enforcement of civil law claims.

With regard to personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.

6. Parties we share your personal data with (in and outside the EU and EEA or outside the country where the Accelleron company that controls your data is located)

We only share your personal data with other Accelleron affiliates or third parties as necessary for the purposes described in the table below. Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the Accelleron company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission or Standard Contractual Clauses. We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the Accelleron company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.accelleron-industries.com/privacy.

Recipient category	Recipient location	Purpose
Accelleron affiliates and subsidiaries	See the list of Accelleron subsidiaries	The purposes described in this privacy notice
Accelleron business partners, customers, distributors, and agents	EU/EEA and non-EU/EEA (global)	The purposes described in this privacy notice
Service providers such as IT services, independent agents, payment processors, rating and assessment services, professional and advisory services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agents and other advisors or service providers working on Accelleron’s behalf	EU/EEA and non-EU/EEA (global)	The purposes described in this privacy notice
Insolvency administrators or creditors	EU/EEA and non-EU/EEA (global)	For default and insolvency management
Potential or actual acquirers of Accelleron businesses or assets	EU/EEA and non-EU/EEA (global)	For the evaluation of the business or assets in question or executing the transformation/merger of the companies or for the purposes described in this privacy notice
Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc.	EU/EEA and non-EU/EEA (global)	Where required by applicable law or a legitimate request by government authorities, or a valid legal requirement

7. How long we keep your personal data

Based on mandatory legislation, Accelleron must keep certain personal data for a minimum period of time. We only keep your personal data for as long as necessary for the purposes described in this privacy notice. In general, personal data is kept for the duration of the contractual relationship and for a minimum period (typically between 5-10 years after the termination of the contract) or for longer period if required by local laws and regulatory requirements.

At the same time, applicable data protection laws require that we do not keep personal data in an identifiable form for any longer than is necessary for the purpose for which the personal data is being processed. Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted when we no longer need it.

8. Your data privacy rights

Depending on the jurisdiction in which you are located and in which your personal data is processed, you may have the following rights:

Data privacy rights	What it means
The right to access your data	You are entitled to ask Accelleron for an overview of or to obtain a copy of the personal data we hold about you.
The right to have your data corrected	You may request immediate correction of inaccurate or incomplete personal data we hold about you.
The right to have your data erased	You may request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful.
The right to restrict data processing	You have the right to restrict the processing of your personal data in specific circumstances.
The right to data portability	You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to transfer it to a third party.
The right to object to data processing	You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is either based a legitimate interest.

Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain personal data.

You may request to enforce your data privacy rights at www.accelleron-industries.com/privacy.

9. Contact and further information

If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how Accelleron processes your personal data, please contact our Group Data Protection Officer at privacy@accelleron-industries.com, or submit your complaint at www.accelleron-industries.com/privacy.

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.

10. Updates to this document

This Privacy Notice may be updated from time to time as a result of required developments. In case of such updates, we will undertake necessary actions to inform you about them depending on the importance of changes done. If and where required by applicable laws we will also ask for your consent to any material Privacy Notice changes describing our up-to-date practices.

Please check the “date of publication” to see when this Privacy Notice was updated.

Date of publication: September 27, 2022