Novotema Website Privacy Statement

1) Scope and Introduction for all Website Visitors

The Novotema Privacy Statement (“Statement”) explains how personal data is collected, used and disclosed by Novotema  when users access and use the services and features offered on our website and any of our other websites or mobile applications that link to this Statement (the “Sites”).

This Statement is supplemented, and are incorporated herein, by the Novotema Cookie Notice , the Novotema Business Contact Privacy Notice and the Novotema Job Applicant Privacy Notice, the Novotema GDPR Privacy Addendum, the Novotema PIPL Privacy Addendum and the Novotema California Privacy Addendum.

International Users of the Sites - users from different countries and states may visit the Sites. Section 1 of this Statement applies to all users.  Depending on your place of residence, further sections may apply to you.

2) Collection of Information

We collect the following information on our website:

a) Information We Collect Automatically:

When you access or use our Sites, we automatically collect the following information which is stored separate from other data that you may provide to us. We use this information to provide the Sites to you, deduce statistical and anonymous information about the users of the Sites and for the technical administration and the security of the Sites:

• Log Information– We log information about each session and the use of the Sites, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Sites.
• Device Information– We collect information about the computer or mobile device you use to access our Sites, including the hardware model, operating system and version and mobile network information.
• Information Collected by Cookies and Other Tracking Technologies– We use various technologies to collect information, specifically cookies and web beacons. Cookies are small text files that a website or its service provider transfers to your devices, such as mobile devices or computers, through your web browser (if allowed by you), that enables the websites or service providers’ systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction. Our Website and our emails may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifts) that permit IDEX, for example, to count the number of users who have visited those pages of the Website or opened an email and for other related statistics (for example, determining the popularity of certain content and verifying server integrity). Please see our Novotema Cookie Notice for more information on our use of cookies.

b) Information You Provide to Us:

We also collect information you provide directly to us. For example, when you visit the Sites, we collect information when you request to create an account, respond to a survey, participate in any interactive features of the Sites, sign up for a newsletter or provide general feedback. The types of information we may collect include your name, company name, title, street address, telephone number, email address and any other information you choose to provide. We collect this information for offering the function that you use respectively.

3) Use of Information

We may use information about you for various purposes, including:

• Providing our Sites to the users; Maintaining and improving our Sites;
• Providing and improving our customer service, including responding to your comments, questions and requests (e.g. product queries or technical questions);
• Analyzing and managing our business;
• Establishing and managing our business relationship, e.g. when you as a customer contact us via one of the Sites and we connect this request to your business account;
• Improving our IT security;
• Defending our legal interests, e.g. when claiming remedies of attacks on our website;
• Processing employment inquiries;
• Communicating with you about services, offers, promotions, rewards, and events offered by IDEX and others; and
• Carrying out any other purpose described to you at the time the information was collected or for any other purpose with your consent.

We may also use your information to contact you about our own goods and services that may be of interest to you. If you do not want us to use your information in this way, please see the section of this privacy notice entitled “Choices About How We Use and Disclose Your Information.”

4) Recipients and Categories of Recipients of Personal Data

We do not share, sell, or otherwise disclose information about you for purposes other than those outlined in this Statement. However, we may use and disclose aggregated information about our users and other information that does not reasonably identify any individual, without restriction. We may share information about you as follows or as otherwise described in this Website Privacy Statement and in each case only in accordance with applicable law. Possible recipients or categories of recipients of your personal data are:

• Other IDEX group companies if such a transfer of personal data is required for the specific purpose (you can find a list of the IDEX group companies here);
• Vendors and channel partners such as distributors and sales representatives for the Company’ products;
• Service providers who process personal data on our behalf but have to follow our instructions on such processing; IDEX will undertake all reasonable efforts to ensure these service providers will not be allowed to use your personal data for purposes other than the purposes defined by us;
• Authorities, who we are obliged to provide your personal data to, e.g., tax authorities or healthcare authorities;
• Auditors or similar external consultants such as lawyers or tax advisors;
• Authorized third parties in response to a request for information if disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
• External investigators, consultants or authorities as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, infringement of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of the terms of our agreements, or as otherwise required by law;
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of IDEX, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
• Potential purchasers and their advisors in the context of mergers and acquisitions, to whom we may transfer your personal data subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business; and
• To other recipients with your consent or at your direction, including if we notify you through our Sites that the information you provide will be shared in a particular manner with particular people and you provide such information.

5) Social Sharing Features

On our Sites, you can interact with social networks operated by third parties as set out below.

6) Security

IDEX takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

If you have any questions about this privacy policy, the data processing practices of Novotema, or our Sites, you can contact us at novotema.privacy@idexcorp.com or privacy@IDEXcorp.com.

7) Do Not Track Signals

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us. 

8) Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Cookies. Most web browsers are set to accept cookies by default. You can block cookies by activating the setting on your web browser that allows you to refuse the setting of all or some cookies. These settings are usually found in the ‘options’ or ‘preferences’ menu of your web browser. In order to understand these settings or get further information, refer to the documentation provided by the provider of the web browser you are using. For further information about deleting or blocking cookies, please visit: www.allaboutcookies.org. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Sites or perform certain functionalities of the Sites. For additional details about the cookies used in our Sites, please visit our Novotema Cookie Notice.

Promotional Communications. You may opt out of receiving promotional emails or messages from Novotema by following the instructions in those emails or messages or by using other tools we may make available or by emailing us at novotema.privacy@idexcorp.com or privacy@IDEXcorp.com. If you opt out, we may still send you nonpromotional communications, such as those about your account or our ongoing service relationship.

9) Accessing and Correcting Your Information

General. You may at any time review or ask for the rectification or removal of your information by contacting us at the contact information shown below. However, note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.

10) Jurisdiction Specific Privacy Rights

The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these jurisdictions, please see the privacy addendum for your state that is attached to this Privacy Notice.

Your Rights under the General Data Protection Regulation (“GDPR”)

If you are a resident of the European Economic Area or the United Kingdom, you have the additional rights described in the Novotema GDPR Privacy Addendum [insert link] to this Statement

Your Rights under the Personal Information Protection Law (“PIPL”)

If you are a resident of the in the People’s Republic of China (“China”, which, solely for the purposes herein, is exclusive of Taiwan, Hong Kong and Macau), you have the additional rights described in the Novotema PIPL Privacy Addendum [insert link] to the Statement.

Your California Privacy Rights

If you are a resident of California, you have the additional rights described in the Novotema California Privacy Addendum [insert link] to the Statement.

11) Contact Information

If you have any questions, concerns, complaints, or suggestions regarding this Statement, or have any requests related to the personal information we collect about you, you may contact us the corporate affiliate that operates this Site or at our corporate headquarters:

For a contact information for our Corporate Affiliates: https://www.idexcorp.com/affiliates-list/

For our Corporate Headquarters: Novotema, Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy  novotema.privacy@idexcorp.com or privacy@idexcorp.com

GDPR Privacy Addendum

Information to Residents in the European Economic Area and the UK

Effective Date: [Insert effective Date]

This GDPR Privacy Addendum supplements our Statement and applies to residents of the European Economic Area, i.e. the European Union plus Iceland, Norway, and Lichtenstein, as well as to residents of the United Kingdom.

The data controller pursuant to Art. 4 No. 7 General Data Protection Regulation (Regulation (EU) 2016/679) and the UK General Data Protection Regulation and the Data Protection Act of 2018 (collectively, the “GDPR”) is Novotema a company with its principal place of business at Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy   will process your personal data pursuant to this Statement as a personal data handler under PIPL, and can be contacted at the following email addresses:novotema.privacy@idexcorp.com or Privacy@idexcorp.com.

IDEX may have business unit-specific Data Protection Officers when necessary to comply with the GDPR. Some of our business units may also have a representative in the European Union and/or the United Kingdom when necessary, however our business units that are European Economic Area may not be not required to appoint a representative and have elected not to do so. More information about contacting IDEX’s representative (when appropriate) and Data Protection Officer is set forth below under the “Contact Information” portion of this GDPR Privacy Addendum.

1. Processing of Personal Data

The types of information about you that we process and the purposes for that processing is described in our Statement. As described in our Statement we process personal data for different purposes. The legal bases according to the GDPR for such processing are listed below (Please see our our Novotema Cookie Notice for information about processing of data derived from cookies):

2. Social Media

a) LinkedIn

For users located in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). The privacy statement of LinkedIn Ireland can be accessed here: https://de.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. In it, you will also find information on the privacy setting options for your LinkedIn profile.

We are also jointly responsible with LinkedIn Ireland for the processing of so-called Page Insights data when people visit our LinkedIn company page. For this purpose, we have concluded a joint processing responsibility agreement with LinkedIn Ireland, which can be accessed here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn Ireland undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Page Insights Data and to comply with all obligations under the GDPR with respect to the processing of Page Insights Data. We receive non-personal information and analytics about the use of our account or interactions with our posts from LinkedIn Ireland as part of so-called Page Insights. With this information, we can analyze and optimize the effectiveness of our LinkedIn activities. For this purpose, LinkedIn Ireland processes in particular data that you have provided to LinkedIn Ireland via the information in your profile. This especially includes the following data:

• occupational data,
• country,
• industry,
• seniority,
• company size, and
• employment status.

In addition, LinkedIn Ireland will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page.

b) Twitter

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The privacy statement of Twitter can be accessed here: http://twitter.com/privacy. Further setting options can be found at https://twitter.com/personalization.

Twitter also transfers personal data to the USA and other third countries outside the European Economic Area for which there is no EU Commission adequacy decision. Further information can be found here: https://twitter.com/de/privacy.

You can change your privacy settings on Twitter in the account settings at: http://twitter.com/account/settings.

3. Retention Periods

We delete or anonymize your personal data as soon as it is no longer required for the purpose for which we processed it.

In general, we store your personal data for the duration of the usage or the contractual relationship via the website plus a period of 15 days for IT security purposes. We store general web log files for a period of one year and for analytical information, we store the data for three years.

In the event that you have given us your consent to process your data (e.g. for marketing purposes including the associated profiling), we will store your data until you revoke your consent or the processing purpose does not apply anymore.

For the retention period of cookies and other tracking, please refer to the details in our Novotema Cookie Notice.

After these periods have expired, the data will be erased unless this data is required for a longer period due to legal retention periods, alternative purposes or for criminal prosecution. Beyond these retention periods, we may retain the data for the purposes of legal defense and law enforcement for as long as is necessary for the preparation or execution of a possible legal dispute (usually up to four years, whereby the legal dispute itself may inhibit the course of this period). If data can be stored for these reasons, it will be blocked. The data will then no longer be available for further use.

4) Rights of Residents in the European Economic Area and the United Kingdom

The GDPR provides you with certain rights in relation to the processing of your personal data. These rights are subject to various conditions under the GDPR and/or your countries specific implementation of the GDPR.

All such requests to exercise these rights may be sent to privacy@idexcorp.com or to the other contact information listed below. Those rights include:

• Request access to personal data about you (commonly known as a “data subject access re-quest”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request personal data provided by you to be transferred in machine-readable format (“data portability”).
• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no valid reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
• Withdraw your consent. You may withdraw your consent at any time by sending an email request to novotema.privacy@idexcorp.com or privacy@idexcorp.com. You may also disable some types of cookies of our website directly through this site’s Advanced Cookie Settings control panel. Click the following button to access the control panel:  Advanced settings The withdrawal does not affect the lawfulness of the prior processing.
• Lodge a complaint with a supervisory authority. You have the right to make a complaint with a data protection authority.

RIGHT OF OBJECTION.  YOU HAVE THE RIGHT; FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON THE BASIS OF ART. 6 (1) (e) OR (f)  OF THE GDPR. WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

5) Obligation to Provide Personal Data

You are under no contractual or statutory obligation to provide personal data. However, if you do not provide the personal data we require to process your request (e.g. when you contact us with questions about our products), we may not be able to respond to such request.

6) Automated Decision-Making

No automated decision- making as referred to in Art. 22 GDPR occurs on the Sites.

7) International Data Transfers

Novotema is an affiliate of the IDEX Corporation which operates internationally, as such, your information may be made available to companies and/or branches within our group which may be located outside of the U.S., including in countries which may not provide the same level of protection of your information as in your home jurisdiction. In some countries, the federal, state, local, provincial, or other governments, courts, and law enforcement or other regulatory agencies may be able to obtain disclosure of your information through their laws.

If and when transferring your personal data to which the GDPR applies onwards outside the EU/EEA or the United Kingdom, we will do so using one of the following safeguards:

• the transfer is to a non-EU/EEA country which has an adequacy decision by the EU Commission and/or is covered by UK “adequacy regulations” (as applicable);
• the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EU/EEA and/or the United Kingdom;
• the transfer is to an organization which has Binding Corporate Rules approved by an EU data protection authority or the Information Commissioner’s Office in the United Kingdom (as applicable); or
• the transfer is covered by other approved safeguards in order to protect your personal data in a degree that equals the level of data protection in the European Union and/or the United Kingdom (as applicable).

International transfers within Novotema and IDEX are governed by Standard Contractual Clauses (as defined under the GDPR) approved by the EU Commission and/or the Information Commissioner’s Office in the United Kingdom.

You may request a copy of the Standard Contractual Clauses or other applicable safeguards by contacting novotema.privacy@idexcorp.com  or privacy@idexcorp.com.

8) Contact Information

If you have any questions or comments about this GDPR Privacy Addendum, the ways in which Novotema collects and uses your information described above and in the Statement, your choices and rights regarding such use, or wish to exercise your rights under the GDPR, please do not hesitate to contact us at:

To Contact Novotema

Phone: +39 035 926530

Email: novotema.privacy@idexcorp.com or privacy@IDEXcorp.com

Postal Address:  Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy

To Contact IDEX:

Phone: 1-847-498-7070

Email: privacy@IDEXcorp.com

Postal Address:  IDEX Corporation

Attn: Legal Department: Compliance/Privacy

3100 Sanders Road, Suite 301

Northbrook, IL 60062, USA

PIPL Privacy Addendum

Privacy Statement Addendum for China Residents

Effective Date: [Insert effective Date]

This Addendum applies to residents of the in the People’s Republic of China (“China”, which, solely for the purposes herein, is exclusive of Taiwan, Hong Kong and Macau). We are committed to processing and protecting your personal data under Chinese law, including the Personal Information Protection Law of the People’s Republic of China (PIPL).

Novotema, a company with its principal place of business at via San Giovanni delle Formiche 2, 24060 Villongo BG Italy will process your personal data pursuant to this Statement as a personal data handler under PIPL, and can be contacted at the following email addresses: novotema.privacy@idexcorp.com  or Privacy@idexcorp.com.

1. Collection of Information

We collect the following information on our website:

a) Information We Collect Automatically:

When you access or use our Sites, we automatically collect the following information which is stored separate from other data that you may provide to us.  We use this information to provide the Sites to you, deduce statistical and anonymous information about the users of the Sites and for the technical administration and the security of the Sites:

• Log Information – We log information about each session and the use of the Sites, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Sites.
• Device Information – We collect information about the computer or mobile device you use to access our Sites, including the hardware model, operating system and version and mobile network information.
• Information Collected by Cookies and Other Tracking Technologies- We use various technologies to collect information, specifically cookies and web beacons. Cookies are small text files that a website or its service provider transfers to your devices, such as mobile devices or computers, through your web browser (if allowed by you), that enables the websites or service providers’ systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction. Our Website and our emails may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifts) that permit IDEX, for example, to count the number of users who have visited those pages of the Website or opened an email and for other related statistics (for example, determining the popularity of certain content and verifying server integrity). Please see our IDEX Cookie Notice for more information on our use of cookies.

b) Information You Provide to Us:

We also collect information you provide directly to us. For example, when you visit the Sites, we collect information when you request to create an account, respond to a survey, participate in any interactive features of the Sites, sign up for a newsletter or provide general feedback. The types of information we may collect include your name, company name, title, street address, telephone number, email address and any other information you choose to provide. We collect this information for offering the function that you use respectively.

2. Use of Information

We may use information about you for various purposes, including:

• Providing our Sites to the users; Maintaining and improving our Sites;
• Providing and improving our customer service, including responding to your comments, questions and requests (e.g. product queries or technical questions);
• Analysing and managing our business;
• Establishing and managing our business relationship, g. when you as a customer contact us via one of the Sites and we connect this request to your business account;
• Improving our IT security;
• Defending our legal interests, g. when claiming remedies of attacks on our website;
• Processing employment inquiries;
• Communicating with you about services, offers, promotions, rewards, and events offered by IDEX and others; and
• Carrying out any other purpose described to you at the time the information was collected or for any other purpose with your consent.

We may also use your information to contact you about our own goods and services that may be of interest to you. If you do not want us to use your information in this way, please see the section of this Statement entitled “Choices About How We Use and Disclose Your Information.”

3. Legal Basis for processing

We are entitled to process your personal data because one or more of the following legal bases applies:

• You have given consent;
• Processing is necessary for the conclusion or performance of a contract with you or necessary to conduct human resources management in accordance with lawfully formulated labor rules and regulations and lawfully concluded contracts;
• Processing is necessary for compliance with legal or regulatory obligations that we may discharge;
• Processing is necessary to respond to sudden public health incidents or protect individuals’ lives and health, or the security of their property, under emergency conditions; or
• Processing is necessary to undertake news reporting, public opinion supervision, and the performance of other tasks carried out in the public interest.

4. International Data Transfers

To the extent permitted by PIPL, we may transfer your personal data outside of China to companies and/or branches within our group or to third parties as described in this Statement, and we will ensure the recipient is bound by applicable laws in its jurisdiction to provide a standard of protection for your personal data that is equivalent to that under this Statement. 

5. Retention Periods

We delete or anonymise your personal data as soon as it is no longer required for the purpose for which we processed it.

In general, we store your personal data for the duration of the usage or the contractual relationship via the website plus a period of fifteen (15) days for IT security purposes.

In the event that you have given us your consent to process your data (e.g. for marketing purposes including the associated profiling), we will store your data until you revoke your consent or the processing purpose does not apply anymore.

For the retention period of cookies and other tracking, please refer to the details in our IDEX Cookie Notice, available here Novotema Cookie Notice.

After these periods have expired, the data will be erased unless this data is required for a longer period due to legal retention periods, alternative purposes or for criminal prosecution. Beyond these retention periods, we may retain the data for the purposes of legal defence and law enforcement for as long as is necessary for the preparation or execution of a possible legal dispute (usually up to four years, whereby the legal dispute itself may inhibit the course of this period). If data can be stored for these reasons, it will be blocked. The data will then no longer be available for further use.

6. Your Rights

The PIPL provides you with certain rights in relation to the processing of your personal data.  Besides the rights listed below, you also have the right to request us to interpret this Statement for you.

All such requests to exercise these rights may be sent to novotema.privacy@idexcorp.com   or privacy@idexcorp.com or to the other contact information listed below. Those rights include:

• Request access to personal data about you (commonly known as a “data subject access re-quest”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request personal data provided by you to be transferred in machine-readable format (“data portability”).
• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no valid reason for us continuing to process it. Please note that there may be circumstances where we are legally entitled to retain personal data regardless of any such request.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
• Withdraw your consent. You may withdraw your consent at any time by sending an email request to novotema.privacy@idexcorp.com  or privacy@idexcorp.com. You may also disable some types of cookies of our website directly through this site’s Advanced Cookie Settings control panel. Click the following button to access the control panel:  Advanced settings The withdrawal does not affect the lawfulness of the prior processing.
• Lodge a complaint with a supervisory authority. You have the right to make a complaint with a data protection authority.

7. Obligation to Provide Personal Data

You are under no contractual or statutory obligation to provide personal data. However, if you do not provide the personal data we require to process your request (e.g. when you contact us with questions about our products), we may not be able to respond to such request.

8. Automated Decision-Making

No automated decision occurs on the Sites.

9. Changes to This PIPL Privacy Addendum

IDEX reserves the right to amend this PIPL Privacy Addendum at our discretion and at any time. When we make changes to this PIPL Privacy Addendum, we will post the updated addendum on the Website and update the addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

10. Contact Information

If you have any question, concerns, complaints or suggestions, or would like to exercise your rights with respect to your information pursuant to the PIPL, or otherwise need to contact us, you must contact both us and our representative in China (when applicable) at the contact information below:

To Contact Novotema:

Phone: +39 035 926530

Email: novotema.privacy@idexcorp.com or privacy@IDEXcorp.com

Postal Address:  Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy

To Contact IDEX:

Phone: 1-847-498-7070

Email: privacy@IDEXcorp.com

Postal Address:  IDEX Corporation

Attn: Legal Department: Compliance/Privacy

3100 Sanders Road, Suite 301

Northbrook, IL 60062, USA

To Contact our Representative:

Phone: +86 (21) 52415599

Email: kko@idexcorp.com

Postal Address:   IDEX Trading (Shanghai) Co., Ltd.

Attn: Legal Department: Compliance/Privacy

Rm 3502-3504, Zhao Feng Plaza, No. 1027

Chang Ning Road

Shanghai 200050

California Privacy Addendum

Privacy Statement Addendum for California Residents

Effective Date: January 2, 2023

This Privacy Statement Addendum for California Residents (the “California Privacy Addendum”) supplements the information contained in our Privacy Statement and describes  Novotema collection and use of Personal Information (as defined below). This California Privacy Addendum applies solely to all visitors, users, and others who reside in the State of California (“Consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the “CPRA”) and any terms defined in the CPRA have the same meaning when used in this notice.

Scope of this California Privacy Addendum

This California Privacy Addendum applies to information that we collect on our Website that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device (“Personal Information”). However, publicly available information that we collect from government records and deidentified or aggregated information (when deidentified or aggregated as described in the CPRA) are not considered Personal Information and this California Privacy Addendum does not apply to such information.

This California Privacy Addendum does not apply to employment-related Personal Information collected from our California-based employees, job applicants, contractors, or similar individuals (“Personnel”). Please contact your local human resources department if you are part of our California Personnel and would like additional information about how we process your Personal Information.

1. Information We Collect About You and How We Collect It

Novotema collects, and over the prior twelve (12) months have collected, the following categories of Personal Information about Consumers:

Novotema will not collect additional categories of Personal Information without providing you notice. As further described in To Whom Do We Sell or Share Your Personal Information, we do not “sell” any categories of Personal Information for monetary or other valuable consideration and we do not “share” any categories of Personal Information for cross-context behavioral advertising.

2. Sources of Personal Information

We collect Personal Information about you from the sources described in our Privacy Statement.

3. Purposes for Our Collection of Your Personal Information

We only use your Personal Information we collect, and over the prior twelve (12) months, have used the Personal Information we collected, for the purposes described in our Privacy Statement. Novotema not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

4. Third Parties to Whom Do We Disclose Your Personal Information for Business Purposes

Novotema may disclose your Personal Information to third parties for one or more business purposes. When we disclose Personal Information to non-affiliated third-parties for a business purpose, we enter a contract that describes the purpose, requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for the specific business purposes for which the Personal Information was disclosed, and requires the recipient to otherwise comply with the requirements of the CPRA.

In the preceding twelve (12) months, Novotema has disclosed the following categories of Personal Information for one or more of the business purposes described below to the following categories of third parties:

We disclose your Personal Information to the categories of third parties listed above for the following business purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• Helping to ensure security and integrity of our products, services, and IT infrastructure to the extent the use of the Personal Information is reasonably necessary and proportionate for these purposes.
• Debugging to identify and repair errors that impair existing intended functionality.
• Short–term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us. Our agreements with third parties prohibit your Personal Information from disclosure to another third-party and from using your Personal Information to build a profile about the you or otherwise alter your experience outside your current interaction with us.
• Performing services on behalf of us, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.
• Providing advertising and marketing services, except for cross-context behavioral advertising, to Consumers.
• Undertaking internal research for technological development and demonstration.
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

In addition to the above, we may disclose any or all categories of Personal Information to any third-party (including government entities and/or law enforcement entities) as necessary to:

• comply with federal, state, or local laws, or to comply with a court order or subpoena to provide information;
• comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
• cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law;
• comply with certain government agency requests for emergency access to your Personal Information if you are at risk or danger of death or serious physical injury; or
• exercise or defend legal claims.

5. To Whom Do We Sell or Share Your Personal Information

“Sale” of Your Personal Information for Monetary or Other Valuable Consideration

In the preceding twelve (12) months, Novotema has not “sold” Personal Information (including any Personal Information for minors under the age of 16) for either monetary or other valuable consideration.

“Sharing” of Your Personal Information for Cross-Context Behavioral Advertising

In the preceding twelve (12) months, Novotema has not “shared” Personal Information (including any Personal Information for minors under the age of 16) for the purpose of cross-context behavioral advertising.

6. Consumer Data Requests

The CPRA provides Consumers with specific rights regarding their Personal Information. This section describes your CPRA rights and explains how to exercise those rights. You may exercise these rights yourself or through your Authorized Agent. For more information on how you or your Authorized Agent can exercise your rights, please see Exercising Your CPRA Privacy Rights.

• Right to Know. You have the right to request that Novotema disclose certain information to you about our collection and use of your Personal Information over the past 12 months (a “Right to Know” Consumer Request). This includes: (a) the categories of Personal Information we have collected about you; (b) the categories of sources from which that Personal Information came from; (c) our purposes for collecting this Personal Information; (d) the categories of third parties with whom we have shared your Personal Information; and (e) if we have “sold” or “shared” or disclosed your Personal Information, a list of categories of third parties to whom we “sold” or “shared” your Personal Information, and a separate list of the categories of third parties to whom we disclosed your Personal Information to. You must specifically describe if you are making a Right to Know request or a Data Portability Request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.
• Access to Specific Pieces of Information (Data Portability). You also have the right to request that Novotema provide you with a copy of the specific pieces of Personal Information that we have collected about you, including any Personal Information that we have created or otherwise received from a third-party about you (a “Data Portability” Consumer Request). If you make a Data Portability Consumer Request electronically, we will provide you with a copy of your Personal Information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the Personal Information to another third-party. You must specifically describe if you are making a Right to Know request or a Data Portability request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. We will not provide any Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to your Personal Information, your account with Novotema, or the security of our systems or networks. We will also not disclose any Personal Information that may be subject to another exception under the CPRA. If we are unable to disclose certain pieces of your Personal Information, we will describe generally the types of personal information that we were unable to disclose and provide you a description of the reason we are unable to disclose it. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.
• You have the right to request that we correct any incorrect Personal Information about you to ensure that it is complete, accurate, and as current as possible. You may request that we correct the Personal Information we have about you as described below under Exercising Your CPRA Privacy Rights. In some cases, we may require you to provide reasonable documentation to show that the Personal Information we have about you is incorrect and what the correct Personal Information may be. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if the Personal Information is subject to another exception under the CPRA.
• You have the right to request that Novotema delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your Consumer Request (see Exercising Your CPRA Privacy Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies pursuant to the CPRA. Some exceptions to your right to delete include, but are not limited to, if we are required to retain your Personal Information to complete the transaction or provide you the goods and services for which we collected the Personal Information or otherwise perform under our contract with you, to detect security incidents or protect against other malicious activities, and to comply with legal obligations. We may also retain your Personal Information for other internal and lawful uses that are compatible with the context in which we collected it.
• Non-Discrimination. We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not do any of the following as a result of you exercising your CPRA rights: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CPRA Privacy Rights

To exercise the rights described above, please submit a request (a “Consumer Request”) to us by either:

• Calling us at +39 035 926530
• Emailing us at privacy@idexcorp.com or privacy@IDEXcorp.com.

If you (or your Authorized Agent) submit a Consumer Request to delete your information online, we will use a two-step process in order to confirm that you want your Personal Information deleted. This process may include verifying your request through your email address on record, calling you on your phone number on record (which may include an automated dialer), sending you a text message and requesting that you text us a confirmation, sending you a confirmation through US mail. By making a Consumer Request, you consent to us contacting you in one or more of these ways.

If you fail to make your Consumer Request in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above or provide you with information on how to submit the request or remedy any deficiencies with your request.

Only you, or your Authorized Agent that you authorize to act on your behalf, may make a Consumer Request related to your Personal Information. To designate an Authorized Agent, see Authorized Agents below.

All Consumer Requests must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Agent of such a person. This may include:
  • Name, email address, physical address, and/or the specific IDEX business unit with whom you have done business with if other than Novotema.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm which Personal Information relates to you or the individual for whom you are making the request as their Authorized Agent.

Making a Consumer Request does not require you to create an account with us.

We will only use Personal Information provided in a Consumer Request to verify the requestor’s identity or authority to make the request.

Authorized Agents

You may authorize your agent to exercise your rights under the CPRA on your behalf by registering your agent with the California Secretary of State or by providing them with power of attorney to exercise your rights in accordance with applicable laws (an “Authorized Agent”). If you authorize an Agent, we may request that your Authorized Agent submit proof of identity and that they have been authorized exercise your rights on your behalf. We may deny a request from your Authorized Agent to exercise your rights on your behalf if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.

Response Timing and Format

We will confirm our receipt of your Consumer Request within ten (10) business days of its receipt. We will generally process these requests within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

In response to a Right to Know or Data Portability Consumer Request, we will provide you with all relevant information we have collected or maintained about you on or after January 1, 2022, unless an exception applies. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability Consumer Request, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your Consumer Request unless it is excessive, repetitive, or manifestly unfounded. We reserve the right to consider more than two (2) total Right to Know or Data Portability Consumer Requests (or combination of the two) in a twelve (12) month period to be repetitive and/or excessive and require a fee. If we determine that your Consumer Request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

7. Your Choices Regarding our Use and Disclosure of Your Sensitive Personal Information

We do not collect any Sensitive Personal Information as defined under the CPRA.

8. Personal Information Retention Periods

We delete or anonymize your Personal Information when no longer required for purpose or purposes for which we collected it.

In general, we store your Personal Information for the duration of the usage or contractual relationship via the Website plus a period of [15 days] for security purposes

In the event you have given us your consent to process your Personal Information (e.g., for marketing purposes including associated profiling), we will store your Personal Information until you revoke your consent or the processing purpose does not apply anymore. Other California Privacy Rights

For the retention period of cookies and other tracking technology, please refer to the details in our Novotema cookie notice, available [@BU-please insert link to BU Cookie Notice].

After the periods described above has expired, your Personal Information will be erased unless the Personal Data is required for a longer period of time, such as for legal retention periods, alternative purposes, or for criminal prosecution. Beyond these retention periods, we may also retain the Personal Data for the purposes of legal defense and law enforcement for as long as necessary for the preparation or execution of a possible legal dispute (usually up to four years, whereby the legal dispute itself may inhibit the course of this period). If Personal Data is stored for these reasons, it will be blocked for all other uses.

9. Changes to This CPRA Privacy Addendum

Novotema reserves the right to amend this California Privacy Addendum at our discretion and at any time. When we make changes to this California Privacy Addendum, we will post the updated addendum on the Website and update the addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

10. Contact Information

If you have any questions or comments about this California Privacy Addendum, the ways in which Novotema  collects and uses your information described above and in [@BU-please insert link to your on-line privacy statement (in which this notice should be imbedded)], your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

To Contact Novotema:

Phone: +39 035 926530

Email: novotema.privacy@idexcorp.com or privacy@IDEXcorp.com

Postal Address:  Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy

To Contact IDEX:

Phone:                 1-847-498-7070

Email:   privacy@IDEXcorp.com

Postal Address: IDEX Corporation

Attn: Legal Department: Compliance/Privacy

3100 Sanders Road, Suite 301

Northbrook, IL 60062, USA

Novotema BUSINESS CONTACT PRIVACY NOTICE

1. Introduction

This Privacy Notices to Business Contacts (“Notice”) describes the steps Novotema Spa, Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy (“Company”), part of IDEX Corporation (“IDEX”), takes to protect the Personal Data that we Process about Business Contacts. The Company is committed to the protection of the Personal Data that we process about you in line with the data protection principles set out in the applicable Data Protection Law. This Notice informs you how we Process your Personal Data if you are one of our Business Contacts.

This Notice may be amended from time to time. The Company will post any change to this Notice a reasonable period of time in advance of the effective date of the change. 

2. Definitions

The following terms are used within this Notice and are defined as follows:

3. Identity and Contact Details of the Data Controller and the Data Protection Officer

The Company is responsible for Processing your Personal Data and is the Data Controller.

If you have any questions about this Notice, please contact us at

Novotema Spa

Piazza Filippo Meda 3, 20121 Milano MI Italy

novotema@idexcorp.com

You can contact our Data Protection Officer at novotema.privacy@idexcorp.com, Novotema Spa, Via San Giovanni delle Formiche 2, 24060 Villongo BG Italy.

4. Categories and Sources of Personal Data Processed

The Company Process different categories of Personal Data of our Business Contacts. These may include: [@BU: Please verify and add or delete as needed]

• Identity details, including name; information about your job title and hierarchical position; and educational level or work experience.
• Business contact details, including company address, business telephone number and e-mail address.
• Information you provide us during the course of our business relationship, including in response to corporate surveys or questionnaires; or other correspondence.
• Data from initiation, maintenance and execution of our business relationship, including performed and planned orders and related data such as delivery modalities or insurance coverages; user login and subscription data; use of our web services or newsletters; and data about your budget.
• Company data of our Corporate Partners, such as company name and company business registration number; information from our due-diligence or other onboarding procedures; or our Corporate Partner´s business needs.
• Data relating to the assertion or defense against legal claims, including the prevention of misconduct; compliance checks or investigations; and information regarding compliance violations or other infringements.

Most of the Personal Data we Process, you have provided directly to us.  Other Personal Data may be provided by your employer, our Corporate Partners or other instances involved in the initiation of your business relationship and/or the execution of contracts with our Corporate Partners.  In addition, we may process Personal Data which we permissibly obtain from publicly accessible sources (such as LinkedIn) or that are legitimately transmitted to us by third parties (such as credit agencies).

5. Purposes of Data Processing

The Company Processes Personal Data of Business Contacts for various business purposes in connection with your business relationship with the Company or our Corporate Partner: [@BU: Please verify and add or delete as needed]

• For the initiation, performance and execution of a contract with you or our Corporate Partners, including to meet our contractual obligations; necessary due diligence and other onboarding requirements in regard to our Corporate Partners.
• For market analysis, including through surveys, to better understand the markets in which we do business; and for product and service development.
• For business communication and promotion of our products and services.
• For the fulfilment of legal obligations, including local tax and commercial law, as well as audits by governmental and regulatory authorities.
• For security control of the IDEX' physical premises or for IT security and data breach procedures.
• For asserting or the defense of legal claims or the prevention of misconduct, compliance violations or other infringements, such as routine inspections; internal investigations; or dispute resolution cases.
• For customer services activities, such as responding to queries; or investigating and resolving complaints.
• For customer relationship management, including listing important contacts for our business; connecting individuals with accounts of our Corporate Partners; listing important stakeholders; and for customers surveys.
• For business process optimization, such as account management, including establishing and on-going management of business relationships; maintenance of a supplier or customer database; risk management; and activities geared toward preventing or detecting crime.

6. Legal Bases for Processing Personal Data

The Company Processes Personal Data relating to its Business Contacts based on multiple different legal bases:

• Once you have been informed about the intended Processing of your Personal Data and you have provided your consent. You may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal. Article 6 GDPR.
• If the Processing of your Personal Data is necessary in order to carry out the contract concluded between you and us. Article 6 GDPR.
• If the Processing is necessary for the Company to comply with an applicable legal obligation. g., a court orders the release of certain information for legal proceedings). Article 6 GDPR.
• If the Processing is necessary for purposes of the legitimate interests pursued by the Company or by a third party except where overridden by Employee interests or fundamental rights and freedoms of a Data Subject which require protection of Personal Data. Article 6 GDPR.  These legitimate interests can include:
  • Management of our business relationships with our Corporate Partners, including meeting our contractual obligations; and corresponding communications in relation to our business relationship.
  • The optimization of our business processes, including the implementation of optimized customer service and/or customer management systems, including with regard to you as an employee of our Corporate Partner.
  • For the security of our property and infrastructure, such as IT Security and Data Breach Procedures; and measures to ensure operational, building and plant safety and for business management;
  • For the assertion and defence of legal claims and the prevention of compliance violations or other infringements;
  • To grow the Company’s business by networking and market research and analysis of potential business opportunities as well as through direct marketing, including marketing activities and communications or in regard to product or service development processes.

7. Your Rights

The GDPR provides you with rights relating to the Processing of your Personal Data.  These rights include:

• Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive information about the Personal Data we hold about you and to check that we are lawfully Processing it.
• Request rectification, correction, or updates to Personal Data that we hold about you. This enables you to correct any incomplete or inaccurate information. 
• Request Personal Data to be transferred in machine-readable format (“data portability”) to the extent this right is relevant in the employment context.
• Request erasure of Personal Data. This enables you to request deletion or the removal of Personal Data where there is no legitimate reason for us to continue to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).
• Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you if you want us to establish its accuracy or the reason for Processing it.
• Withdraw consent you have given at any time without affecting the lawfulness of processing based on consent before its withdrawal.

These rights are not absolute and are subject to various conditions under Data Protection Law and any other applicable laws and regulations.   

You may exercise these rights by contacting your Privacy Lead (see Section 3).  You also have the right to lodge a complaint with a Supervisory Authority.

8. Data Sharing and International Data Transfers: Intra-Group and External Third Parties

Intra-group transfers

As a member of a multinational enterprise operating under a decentralized management structure, the Company may share Employee Personal Data with IDEX affiliates / BUs listed here, for the purposes set out in this Notice.  Please note that the Company only shares Employee Personal Data with those listed companies where this is covered by a lawful basis for such Processing. 

These transfers are protected by the obligations set out in intra-group agreements that we have entered into between the various IDEX legal entities.  International transfers within the IDEX are governed by EU Commission-approved Standard Contractual Clauses for Data Controllers and, where relevant, for Data Processors.  You may receive a copy of these Standard Contractual Clauses used in our intra-group agreements by contacting the Privacy Lead (see Section 3).   

External Third Parties

The Company may share Personal Data with external vendors whom we engage to perform services or functions on our behalf and under our instructions. Where applicable, their Processing of your data will be subject to the GDPR requirements. The Company will also ensure that its contracts with these parties ensure they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of the Personal Data entrusted to them, in line with the GDPR requirements. 

For the purposes set out in this Notice, we may also disclose your Personal Data to our IT service providers, auditors, lawyers, consultants, law enforcement, courts and tribunals and other public authorities, such as tax and social security bodies.  Some of these recipients are themselves responsible to determine the purposes and means of the Processing and for the lawfulness of the Processing on their end. Where necessary, we will ensure that appropriate contractual measures are in place to ensure the protection of your Personal Data.  

Some of the vendors we engage to Process your Personal Data are located outside the European Economic Area. We will ensure that these transfers are either:

• To countries, which fall under an adequacy decision by the EU-Commission and have been deemed to provide an adequate level of protection, currently including Switzerland, Uruguay, Argentina, Japan, Israel, Isle of Man, New Zealand, Guernsey, Canada, Andorra, Faroe Islands and Jersey; or are
• Governed by one of the following safeguards: EU Commission-approved Standard Contractual Clauses; GDPR-compliant Data Processor clauses where the US vendor is certified under the EU-US Privacy Shield Framework; or Binding Corporate Rules approved by an EU data protection authority. You may receive a copy of these data protection safeguards by contacting us at the contact details given in Section 3 above.

9. Retention of Personal Data

The Company will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected or for legal obligations. Such legal obligations may arise particularly under tax and commercial law. If your data is no longer necessary for the fulfilment of contractual or legal obligations it will be deleted; unless they are needed to secure, assert or enforce legal claims. In this case, we will retain them in accordance with the regular limitation period. During this period, this data is blocked and is no longer available for any other use.

10. Statutory/Contractual Requirements

You may choose to not provide us with your Personal Data and/or provide incomplete Personal Data. However, please be aware that, in certain cases, we may not be able to engage in, or continue a business relationship with you, as your Personal Data is required for administrative purposes and/or to fulfill statutory requirements.

11. Automated Decision-Making and Profiling

Your Personal Data will not be used for automated decision-making and/or profiling.

NOVOTEMA JOB APPLICANT PRIVACY NOTICE

1. Introduction

This Job Applicant Privacy Notice (“Notice”) describes the steps that Novotema Spa, via San Giovanni delle Formiche 2, 24060 Villongo BG Italy (“Company”), part of IDEX Corporation (“IDEX”), takes to protect the Personal Data that we Process about job applicants. The Company is committed to the protection of the Personal Data that we Process about you consistent with the data protection principles set out in all applicable Data Protection Law. This Notice informs you how we Process your Personal Data if you apply for a position with Novotema Spa.

In regard to the Processing of Personal Data of website users, please see our Website Privacy Notice, which you may access here [please insert clear link to Website Privacy Notice on your BU website]. Please note that in the course of the application process data may also be processed by the respective operator of the network or platform through which you came across one of our job postings, such as LinkedIn. For such Processing, the respective operator of the network or platform is the Data Controller.  Please consult the privacy policy of the respective operator of the respective network or platform for details.

This Notice may be amended from time to time. We will post any change to this Notice a reasonable period of time in advance of the effective date of the change. 

2. Definitions

The following terms are used within this Notice and are defined as follows:

3. Identity and Contact Details of the Data Controller and the Data Protection Officer

The Company is responsible for Processing your Personal Data and is the Data Controller.

If you have any questions about this Notice, please contact us at

Novotema Spa

Piazza Filippo Meda 3, 20121 Milano MI Italy

novotema@idexcorp.com

You can contact our Data Protection Officer at novotema.privacy@idexcorp.com, Novotema Spa, via San Giovanni delle Formiche 2, 24060 Villongo BG Italy.

4. Categories and Sources of Personal Data Processed

The Company Processes different categories of Personal Data that is provided to us through your application and during your application process. These may include: 

• Contact and identity details, including name; marital status; gender; nationality; date of birth; home address; and contact details.
• Your application documents and any information contained therein, including your CV, cover letter and certificates; other documentation about your previous work experience, education or similar; and pictures.
• Information about your employment history and work related experiences and abilities, including hire date; termination date and reason; employment status; current level of remuneration; any other supporting data submitted by candidates or employees; information obtained during reference checks; previous job applications; evidence of skills/qualifications; and relocation information.
• Information relating to character and job interests, including work-related and personal interests; knowledge or skills; and awards or memberships.
• Other personal data you provide during the recruitment process, including our notes from interviews with you or with other about you; and all correspondence you have with us or a recruitment agency during the application process.
• Information on your work authorization status.
• Sensitive Data, in certain circumstance, including your racial or ethnic origin; trade union membership; religious beliefs; or information concerning your health, such as information about a disability for which the Company needs to make reasonable adjustments during the recruitment process.

We may also obtain the above data about you from other sources, including recruitment agencies, the references you provide, websites and other publicly available information on the Internet. This includes, for example, Personal Data that you have made public in the context of an online profile. We may also receive information that you submit to us through third-party websites, such as LinkedIn.

5. Purposes for Data Processing

The Company Processes Personal Data of job applicants for various business purposes that are necessary: 

• For carrying out your recruitment process, including to process your application; to evaluate your aptitude for the job opening in regard to capabilities and qualifications; to conduct reference checks as allowed or demanded by local laws; to respond to your inquiries; and to communicate with you and to structure the recruitment process based on your needs, g. in regard to possible health issues.
• To carry out the employment relationship, including in regard to HR and performance management upon hire.
• For the purposes of business process execution and internal management, including for equal opportunity monitoring and ensuring a disabled-accessible workplace.
• For IT security and data breach procedures;
• For compliance with legal obligations including tax regulation; and in relation to obligations addressed to employers in relation to the work relationship such as confirming the applicant´s eligibility to work in the respective country of the Company;
• For business process optimization, including to improve our application process or to optimize other recruitment processes or diversity programs.
• For the assertion and defense of legal claims.

6. Legal Basis for Processing Personal Data

The Company Processes Personal Data of its job applicants based on multiple different legal bases:

• Once you have been informed about the intended Processing of your Personal Data and you have provided your consent This may include foremost your consent to the Processing of your Personal Data by us for future recruitment activities, such as your inclusion in our internal Talent Pool. The scope of Processing is then determined by the content of the respective consent.  You may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal. Article 6 GDPR.
• If the Processing of your Personal Data is necessary in order to carry out the contractual relationship between you and us, which might include a pre-contractual employment relationship. Article 6 GDPR.
• If the Processing is necessary for the Company to comply with a legal obligation.  g., a court orders the release of certain information for legal proceedings). Article 6 GDPR.
• If the Processing is necessary for purposes of the legitimate interests pursued by the Company or by a third party, except where overridden by your interests or fundamental rights and freedoms which require protection of Personal Data. These legitimate interests can include:
  • Management of the recruitment process, including to enable the recruitment process; assessment and confirmation of suitable candidates for employment; and towards the procurement of a suitable recruitment strategy and corresponding implementation.
  • Administrative and management optimization purposes, including business process execution; internal management optimization; aggregate management reporting or internal training; working climate and equal opportunities monitoring.
  • The procurement of evidence for legal proceedings, including the defence against legal claims asserted against us; the assertion of our legal claims; and prevention of compliance or other legal violations.
• In accordance with Article 9 paragraphs  2 or 4 GDPR regarding Sensitive

7. Your Rights

The GDPR provides you with rights relating to the Processing of your Personal Data.  These rights include:

• Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive information about the Personal Data we hold about you and to check that we are lawfully Processing it.
• Request rectification, correction, or updates to Personal Data that we hold about you. This enables you to correct any incomplete or inaccurate information. 
• Request Personal Data to be transferred in machine-readable format (“data portability”) to the extent this right is relevant in the employment context.
• Request erasure of Personal Data. This enables you to request deletion or the removal of Personal Data where there is no legitimate reason for us to continue to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).
• Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you if you want us to establish its accuracy or the reason for Processing it.
• Withdraw consent you have given at any time without affecting the lawfulness of processing based on consent before its withdrawal.

These rights are not absolute and are subject to various conditions under Data Protection Law and any other applicable laws and regulations.   

You may exercise these rights by contacting your Privacy Lead (see Section 3).  You also have the right to lodge a complaint with a Supervisory Authority. 

8. Data Sharing and International Data Transfers: Intra-Group and External Third Parties

Intra-group transfers

As a member of a multinational enterprise operating under a decentralized management structure, the Company may share Personal Data of job applicants with other IDEX affiliates/BUs listed here, for the purposes set out in this Notice. Please note that the Company only shares Personal Data of job applicants with those companies where this is covered by a lawful basis for such Processing. 

These transfers are protected by the obligations set out in intra-group agreements that we have entered into between the various IDEX legal entities.  International transfers within the IDEX are governed by EU Commission-approved Standard Contractual Clauses for Data Controllers and, where relevant, for Data Processors.  You may receive a copy of these Standard Contractual Clauses used in our intra-group agreements by contacting and requesting same from the Company.      

External Third Parties

The Company may share Personal Data with external vendors whom we engage to perform services or functions on our behalf and under our instructions. Where applicable, their Processing of your Personal Data will be subject to the GDPR requirements. The Company will also ensure that its contracts with these parties ensure they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of the Personal Data entrusted to them, in line with the GDPR requirements.

For the purposes set out in this Notice, we may also disclose your Personal Data to our IT service providers, auditors, lawyers, consultants, law enforcement, courts and tribunals and other public authorities, such as tax and social security bodies.  Some of these recipients are themselves responsible to determine the purposes and means of the Processing and for the lawfulness of the Processing on their end.  Where necessary, we will ensure that appropriate contractual measures are in place to ensure the protection of your Personal Data.  

Some of the third parties we engage to Process your Personal Data are located outside the European Economic Area. We will ensure that these transfers are either:

• To countries, which fall under an adequacy decision by the EU-Commission and is deemed to provide an adequate level of protection, currently including Switzerland, Uruguay, Argentina, Japan, Israel, Isle of Man, New Zealand, Guernsey, Canada, Andorra, Faroe Islands and Jersey; or are
• Governed by one of the following safeguards: EU Commission-approved Standard Contractual Clauses, GDPR-compliant Data Processor clauses where the US vendor is certified under the EU-US Privacy Shield Framework or Binding Corporate Rules approved by an EU data protection authority. You may receive a copy of these data protection safeguards by contacting us at the contact details given in Section 3above.

9. Retention of Personal Data

The Company will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected or for legal obligations. Such legal obligations may arise particularly under tax and commercial law. If your data is no longer necessary for the fulfilment of contractual or legal obligations, it will be deleted; unless it is needed to secure, assert or enforce legal claims. In this case, we will retain the date in accordance with the regular limitation period. During this period, this data is blocked and is no longer available for any other use.

In general, application data will be deleted three months after the application proceeding has ended at the latest.

10. Statutory/Contractual Requirements

You may choose to not provide us with your Personal Data and/or provide incomplete Personal Data. However, please be aware that, in certain cases, we may not be able to proceed with your application process as your Personal Data may be required for administrative purposes and/or to fulfill statutory requirements.

11. Automated Decision-Making and Profiling

Your Personal Data will not be used for automated decision-making and/or profiling.