Data Privacy Statement

for the Safety io Website including the Safety io Career Portal

Safety io, LLC (“Safety io”, also “we”) owns this website and its subpages (hereinafter collectively referred to as “Website”). As an MSA Safety Inc. company, safety is in our DNA. We help you make informed decisions, reinforce best practices and pursue a safety-first, injury- free workforce. As well as this, safeguarding your privacy is very important to us. We take the protection and safety of your personal data seriously and are committed to maintaining its confidentiality, availability and integrity as part of our business process. We strive to ensure that personal data collected during your use of the Website is processed by us strictly in accordance with applicable law.

Objective and Scope

This Data Privacy Statement provides transparency about any personal data that maybe processed through this Website (material scope) and the respective safeguards provided to applicants that reside in the European Union (personal scope), in line with Art. 13 of the EU General Data Protection Regulation¹ (GDPR), as well as local law based on the EU ePrivacy Directive² and the Cookie Directive³.

Definitions

The terms used in this Data Privacy Statement correspond to the definitions in the GDPR, article 4.

Controller

Safety io with the headquarter located in Franz-Ehrlich-Straße 9, 12489 Berlin, Germany, as owner and service provider of this Website, is the controller of the data processing. Gregory Lee Martin and Heiko Will are the controller's representatives.

Data Protection Officer

Safety io has appointed a Data Protection Officer (DPO). If you are an EU resident with questions or comments on how Safety io processes personal data, please feel free to contact the DPO via e-mail: GDPR@msasafety.com.

Data Processing

In General

Every time this Website is accessed, it collects various general data and information. This general data and information are stored in the log files of the server. The data collected may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our Website (known as a referrer), (4) the sub-sites on our Website which are accessed via an accessing system, (5) the date and time of an access to the Website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information aimed at risk prevention in the case of attacks on our IT systems.

When using this data, we do not draw any conclusions as to the user as the data subject. Instead, this information is required (1) to correctly display the content of our Website, (2) to optimise the content of our Website as well as the advertisements for these, (3) to ensure the ongoing functionality of our IT systems and the technology relating to our Website and (4) to provide the necessary information to law enforcement authorities to bring criminal proceedings in the event of a cyber-attack. On the one hand, we therefore analyze this data and information for statistical purposes and, on the other, for purposes of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

The personal data is erased as soon as it is no longer required for the purposes for which it was collected. If data is collected for purposes of providing access to the Website, this is the case when the respective session has ended. IP addresses of the accessing systems are stored on the web server for a period of seven days. In the backups the IP addresses of accessing systems are stored for four weeks.

“Stay informed”

You have the possibility to submit for our information service under "Stay informed". If required, we will send a demo of the Safety io grid services by using this contact data to you. If the you have permitted it, we use the contact data to ask you how we can improve our grid services.

Career Portal

Part of the Website is the Safety io Career Portal. The main purpose of the Career Portal is to support the recruitment and hiring; it is possible to apply to us via this portal. Regarding this, personal data collected during the application will be used exclusively for employment-related purposes.

Position-related Application

Personal data specifically considering you for potential employment with Safety io will be used for the position for which you apply.

In the application process that is operated via the Careers Portal we collect, process and use the data provided by you, such as contact details, content of cover letters, CV, proof of qualifications and past experience, in order to implement the application process. The data is kept confidential. Safety io will not use the information that you provide for any other purpose. Your personal data will be stored exclusively for recruitment and hiring purposes in Safety io’s applicant tracking system behind this Career Portal, and the company will evaluate your credentials for the job opportunity available at the company or for a specific job opportunity selected by you. In conducting this evaluation, your personal data may be transferred to, stored and/or processed by Safety io, its affiliates abroad, and/or third-party partners on their behalf, in countries outside of the European Union, but always under obligations of confidentiality, availability and integrity.

If you are offered a job, the data is transferred to the personnel file and subsequently erased from the application system. If you are turned down, the data is erased from the application system six months later.

Other Positions, affiliated Companies and unsolicited Application - Consent

You may want us to use your application for other positions or for positions in other affiliated companies, or you may want us to send you an unsolicited application. In these cases, we will obtain your consent for the processing and use of the data regardless of a specific position.

If you have given us your consent, the data is also used for other relevant job postings and passed on the respective company within the MSA Safety Inc. group in accordance with the consent declaration. The data is only used for the period to which the consent relates. If you are hired, the data is transferred to the personnel file and subsequently erased from the application system. If the application does not result in a job offer, the data is erased after expiry of the period to which the consent relates.

Web Analytics and Cookies

Safety io uses web analytics, cookies and tracking pixels to enhance your browsing experience. These tools are may be required for certain functionality of the site and are used to collect statistical information about the use of the site and to save preferences for your convenience. Some of these tools may also be temporarily used to serve you content regarding relevant marketing campaigns. In general, the used tools and its purpose are:

Functional (or required) tools:

▪ Remember your country and language selection
▪ Remember your login information
▪ Maintain your logged in session

Tracking tools:

▪ Collect anonymous information about the usage of our Website help us make improvements to our Website based on how our visitors interact with it

Targeting tools:

▪ Display our campaigns to you on other websites

You can prevent the storage of cookies and tracking via tracking pixels. You can prevent the storage of cookies by a corresponding setting of your browser software. Should you choose to disable or delete tools using your preferred browser's settings, please be aware that some pages or functions may not perform as intended. Please use the "Help" feature in your browser for more information.

Google Analytics

We have the Google Analytics component (with anonymization function) integrated on this Website. Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data about the behavior of visitors to websites. A web-analysis service collects, among other things, data about the website from which a data subject finds its way onto a website (known as a referrer), which sub-sites of the website are accessed or how often and for which length of time a sub-site has been viewed. A web analysis is primarily used to optimize an internet page and to carry out a cost-benefit analysis of internet advertising.

The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the web analysis via Google Analytics, Safety io uses the suffix "_gat._anonymizeIp". By means of this suffix, the IP address of the internet connection of the data subject is truncated and anonymized if our Website is accessed from a member state of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.

The purpose of the Google-Analytics component is the analysis of the flow of visitors on our Website. Google uses the collected data and information, among other things, to analyse the use of our Website, in order to compile online reports for us, which show the activities taking place on our Website, and to provide other services connected to the use of our Website.

Google Analytics places a cookie on the IT system of the data subject. The nature of cookies has already been described above. By placing cookies, Google can analyse the use of our Website. Each time one of the individual pages of this Website – which is operated by the controller responsible for the processing and on which a Google-Analytics component has been integrated – is accessed, the internet browser on the IT system of the data subject is automatically induced, by the respective Google-Analytics component, to transmit data to Google for purposes of online analysis. In the context of this technical process, Google will gain access to personal data such as the IP address of the data subject, which Google uses, among other things, to trace the origin of the visitors and clicks and to subsequently allow commissions to be calculated.

Personal information such as the time of access, the place from which the site was accessed and the number of times the data subject has visited our Website is stored via the cookie. Each time our Website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States. This personal data is stored by Google in the United States. Google may pass this personal data, which is collected via the technical process, on to third parties.

As has already been set out above, the data subject may, at any time, prevent our Website placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby object to the placing of cookies once and for all. Such an adjustment of the internet browser used would also prevent Google placing a cookie IT system of the data subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs.

Besides, the data subject has the option of objecting to the collection of the data produced by Google Analytics and related to the use of this Website, as well as objecting to the processing of this data by Google and preventing such processing. In order to do this, the data subject needs to download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics via JavaScript that no data and information about the visits of websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an objection. If the IT system of the data subject is deleted, formatted or reinstalled later, the data subject must reinstall the browser add- on again in order to disable Google Analytics. If the browser add-on is deinstalled or deactivated by data subject or any other person who is attributed to the data subject’s sphere of control, there is an option of reinstalling or reactivating the browser add-on.

For more information and the applicable data protection provisions of Google, please refer to https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html.

You can find a more detailed description of Google Analytics under this link https://www.google.com/intl/de_de/analytics/.

LinkedIn Marketing Solutions - Conversion Tracking

We have the LinkedIn Marketing Solution component Conversion Tracking integrated on this Website. This should help to capture generated leads from the Safety io career campaigns, to determine the return of invests (ROI) of the career campaigns and to optimize the application processes intelligently. To find out more, please use the following link: https://www.linkedin.com/help/linkedin/answer/87080/linkedin-marketing-solutions-and-the- general-data-protection-regulation-gdpr-?lang=en


Marketo Lead Management - Marketo Revenue Cycle Analytics

We have the Marketo Lead Management component Marketo Revenue Cycle Analytics integrated on this Website. We use the services of the company Marketo EMEA Limited to collect statistical data on the use of our web site and to optimize our offerings accordingly, as well as to operate e-mail marketing. Processing of personal data upon registration If you register for an event, request the newsletter or other information, or otherwise provide us with personal information through a registration form, the registration form will ask you to consent to the processing of your personal information. Marketo also uses cookies and tracking pixels. To find out more about Marketo and the GDPR compliance, please use the following link: https://www.marketo.com/company/trust/gdpr/

Recipients and Third Country Data Transfer

Safety io’s directors, officer, employees, agents, representatives and IT administrators of the data center provider may have access to personal data on a need-to-know basis if they need to carry out legitimate tasks.

Since the parent company MSA Safety Inc. is based in the USA and the applications may also be processed by employees of this company, data can also be transferred to the USA.

Regarding the data transfer to Google, please see “The Use of Google Analytics”. Google has submitted to the EU-US Privacy Shield framework:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Regarding the data transfer to Marketo EMEA Limited, a data transfer to Marketo, Inc., San Mateo, California, USA, and its affiliates and therefore to countries outside the EU can take place.

Regarding the data transfer to LinkedIn, a data transfer to the headquarter in Sunnyvale, California, USA and to the parent company, the Microsoft Corp. and its affiliates and therefore to countries outside the EU can take place. LinkedIn has submitted to the EU-U.S. Privacy Shield framework:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Legal Basis for Processing

We will only process your personal data:

  • if you have given your consent to the processing of your personal data for one or more specific purposes;
  • if and to the extent the processing is necessary for the performance of a contract to which you are party or in order to take steps at your specific request prior to entering into a contract;
  • if and to the extent the processing is necessary for compliance with a legal obligation to which we are subject;
  • if and to the extent the processing is necessary in order to protect your vital interests or of another natural person;
  • if and to the extent the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
  • if and to the extent the processing is necessary for the safeguard or pursuit of legitimate interests pursued by us or by a third party except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a minor.

We only process cookies subject to and in compliance with the above-named conditions based on the GDPR and with the local law based on the Cookie Directive.


Data Security

Safety io uses technical and organizational security measures to protect the data supplied by you and managed by us to ensure its confidentiality, availability and integrity. These security measures protect your data against manipulation, loss, destruction and access by unauthorized third parties. The Website security is continually being improved in line with developing technology.

Data Subject Rights

As a data subject, you have the right to request from Safety io whether and what personal data of yours has been stored by us. If you are registered as a user, we also enable you to view the data yourself and, if applicable, to delete or amend it. If incorrect information is stored, despite our efforts to ensure that data is accurate and up to date, we will correct it at your request. Safety io will respond to any such requests for information, deletion, or amendment in writing and as soon as reasonably possible.

If you have given us your consent, you can revoke it at any time with effect for the future.

To make a request about your personal data, or if you have any questions about the processing of your personal data, you can contact our Data Protection Officer (DPO) via GDPR@msasafety.com.

We appreciate your interest in our company, products and services, and we hope you find your visit to the Website worthwhile


¹ REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

² Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

³ DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.