Privacy Policy / GDPR
PRIVACY STATEMENT
Bay Corporation is a corporation registered in the State of Ohio, USA under charter number 535305
Definitions
For the purpose of this Statement the following definitions apply:
•
“Controller”: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
•
“Customer”: the natural or legal person Bay Corporation has made an offer to or concluded an agreement with.
•
“Customer Agreement”: means an agreement made between Bay Corporation and a Customer regarding the marketing, sales, service, and/or support of Bay Corporation products or services.
•
“Data Privacy Law”: means all data privacy legislation that applies to personal information that may be collected or received by the Company, including the General Data Protection Regulation EU 2016/679, and the California Consumer Privacy Act of 2018.
•
“Data Subject”: means an identified or identifiable natural person covered by Data Privacy Law. An identifiable person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
•
“Personal Data”: means personal information covered by Data Privacy Law as it relates to a Data Subject.
•
“Processing”: any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
•
“Processor”: a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
•
“Recipient”: a natural or legal person, public authority, agency or another body to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with EU or EU Member State law shall not be regarded as recipients; the processing of those data by those public authorities is in compliance with the applicable data protection rules according to the purposes of the processing.
•
“Third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
Introduction
This Privacy Statement concerns the processing of Personal Data by Bay Corporation (hereinafter: ‘Bay Corporation’ or ‘we’). Bay Corporation manufacturers and sells parts and equipment to companies in the medical gas industry. In conducting its business, Bay Corporation processes certain Personal Data. We treat Personal Data with the greatest care and, in doing so, comply with Data Privacy Law. That means, among other things, that Bay Corporation:
•
Informs you in a comprehensible and transparent manner of the ways we collect and purpose for Personal Data;
•
Processes Personal Data only for stated purposes and the processing of data is based on one of the basis referred to in the Data Privacy Law;
•
Takes appropriate security measures to protect Personal Data from loss or theft; and
•
Informs you of your rights regarding the Personal Data which are processed by Bay Corporation.
The above subjects are dealt with in this Privacy Statement. This Statement consists of three parts.
A.
In Part A, we explain how Bay Corporation acquires and processes Personal Data
B.
Part B contains a number of general provisions that show, inter alia, how we protect Personal Data.
C.
Part C describes your rights and offers company contact information with regard to your questions about this Privacy Statement.
Lawful Processing
Bay Corporation ensures that it shall only process Personal Data in a lawful way that is not incompatible with the purpose they were received for. The Personal Data must be adequate and relevant with regard to the purposes for which they are processed; and will not be processed excessively in the relation to the purpose they were collected for. (The data will only be processed by persons that have signed a confidentiality statement.
We will take appropriate measures to make sure that your Personal Data are protected and secure in compliance with Data Privacy Law. Whenever third party service providers process Personal Data subject to Data Privacy Law, our written agreement with them will include appropriate measures, usually standard contractual clauses.
Bay Corporation will not sell or rent your Personal Data to third parties.
This Privacy Statement is administered by the office of Bay Corporation’s President and Privacy Officer.
Part A – Data Collection
This section describes whose Personal Data we collect, and why we collect it.
1) Personal Data of Customers
In the course of selling and delivering Bay Corporation’s products, Bay Corporation collects the Personal Data of its Customers. Personal Data may be collected from direct Customer interactions (including personal meetings, correspondence, e-mails and other direct electronic communications, and telephone).
Bay Corporation does not collect Personal Data through social media.
Categories of Personal Data
To develop and maintain ordinary business operations, including ongoing support and maintenance for Bay Corporation Customers, Bay Corporation requests, collects, and stores in their administrative systems the following Customer Personal Data:
•
Name
•
Physical Address
•
E-mail Address
•
Telephone Number
•
Position or Job Title
•
Company Credit Card Information
•
Purchasing History
Purposes
Bay Corporation uses Customer Personal Data to respond to inquiries from Customers and potential Customers, to receive, process, and verify orders of goods, to ship goods, to perform financial processes such as invoicing, refunding, and collections, and to provide other Customer support and services. Bay Corporation shall process the Personal Data for Customer purposes only. Bay Corporation may disclose Personal Data to third parties for direct business purposes such as fulfilling Customer orders and for bill collection purposes. Bay Corporation does not sell Personal Data to third parties.
Basis
The above mentioned data processing is necessary for the implementation of the Customer orders and Bay Corporation's ability to provide basic sales and Customer account services. Bay Corporation shall not use the Personal Data of Customers for acts/conduct that are in breach of Data Privacy Law.
2) Personal Data of Vendors and Suppliers
Categories of Personal Data
If Bay Corporation enters into a business relationship with a supplier, the following Personal Data may be processed/saved of the contact person(s) of the supplier:
•
Name
•
Physical Address
•
E-mail Address
•
Telephone Number
•
Business Address
•
Position or Job Title
Purposes
Bay Corporation processes the above Personal Data for the following purposes:
•
Contacting suppliers in the ordinary course of business
•
Processing of invoices
•
Maintenance of the business network of Bay Corporation
Bay Corporation processes the above Personal Data on the basis that it is necessary for the implementation of agreements concluded with suppliers.
We will delete your Personal Data from our administrative systems upon request of the supplier (unless there is a legal obligation that requires us to keep the Personal Data) or when there is no more legal basis to process the Personal Data.
3) Personal Data of Bay Corporation Employees
We process Personal Data of our employees. Processing of that Personal Data is excluded from this Privacy Statement. Upon employment, we explain to our employees how we deal with their Personal Data in accordance with Data Privacy Law.
4) Personal Data of Visitors of the Website of Bay Corporation
We are committed to safeguarding the privacy of our website visitors. By visiting https://www.baycorporation.com/ or any related website (our "site"), you are accepting and consenting to the practices described in this Privacy Statement.
Categories of Personal Data
We may collect, store and use the following kinds of Personal Data (non-exhaustive list):
•
Personal information that you knowingly choose to disclose that is collected on an individual basis;
•
Web site use information collected on an aggregate basis as you and others browse our site;
•
E-mail information, as well as any other information you may provide which is collected if you request or submit information to us by sending us an e-mail or filling out a “Question and Comments” form; and
•
Non-identifying and aggregate information collected by using our site is used to help us make improvements on our website and helps us determine which content is most important to our website visitors.
Please note if you are entering details on behalf of others you must receive their prior consent.
How we use your Personal Data
We will process and use your Personal Data for the following purposes:
•
As required to fulfil a contract with you. This includes operations to handle orders, deliver products and services, process payments, communicate with you about your orders or products (including software updates and customer service) and generally to maintain and administer your account with us.
•
Where we are required to do so by law. This includes for the purposes of legal claims and compliance (including disclosure of such information in connection with legal process or litigation).
•
Where it is in our legitimate interests to do so and where these interests are not overridden by your data protection rights. This includes operations to know your preferences better, serve you with meaningful content and advertising or ensure the security and integrity of our website.
•
With your consent. This includes situations where you consent to the use of cookies, for example, to gather management information to form statistical and trend analysis or where you request for or consent to receiving regular e-mail updates or the Personal Data you provide when you subscribe for a Bay Corporation conference (e.g., name, contact details, shirt size).
E-mail Notices
When you subscribe to our e-mail updates, the data you have entered (name, company name and e-mail address) will be used for this purpose only. No other data will be collected. Subscribers may also be informed by e mail about circumstances which are relevant for the service or registration, for instance changes in the newsletter service or technical conditions. The data is used for the newsletter service only and will not be transferred to third parties.
Part B – Our Policies
1) Data retention
Personal Data is retained for a period appropriate to the purposes for which it was collected and is, by default, destroyed at the end of a one (1) year period of inactivity following its collection date, unless otherwise provided by law.
Please note however that appropriate data related to subscription of current services (e.g. Company newsletters) will be deleted one (1) month after you have notified us that you want to unsubscribe to such services.
2) Third Party Links
Bay Corporation’s website may contain links to third party websites for reference purposes only. We are not responsible for the content, privacy notices or practices of third party websites in these circumstances. Please contact them directly for more information.
3) Cookies
Cookies are used by most major websites including our website(s). To make the best use of our site(s), on whichever device you use, you'll need to make sure your web browser is set to accept cookies.
We use cookies and some other data stored on your device to:
•
give you a better online experience
•
allow you to set personal preferences
•
protect your security
•
measure and improve our service
•
track and measure marketing trends
Other ways we make our online service easier to use include using cookies that:
•
make the page load quickly by sharing the workload across computers.
•
make sure our pages are optimized for your browser or device by giving us technical information about the device or browser you are using.
What kind of Cookies do we use?
Bay Corporation uses session cookies on its website. These cookies are used ‘in-session’ each time you visit a website and then expire when you leave a website or shortly thereafter – they are not stored on your device permanently, do not contain any personal data, and help by minimizing the need to transfer personal data across the internet. These cookies can be deleted or you can refuse to allow their use, but this will hamper the performance and your experience in using some websites. These cookies also take time stamps that record when you access a site and when you leave a site.
Analytics
We also use an analytics tool to collect information about the use of our site. The analytics tool collects information such as how often users visit the site, what pages they visit when they do so, and what other sites they used prior to coming to our site. We use this information only to improve the site. The analytics tool collects only the IP address assigned to you on the date you visit the site, rather than your name or other identifying information. Although the analytics tools plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie can only be used by the analytics tool. You can prevent the analytics tool from recognizing your computer on return visits to the site by disabling cookies on your browser.
Can the Cookies be blocked?
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) to disable existing cookies; or (iii) to set your browser to automatically reject any cookies. However, please be aware that if you disable or reject cookies, some features and services on our site may not work properly because we may not be able to recognize and associate you with your company’s account(s). In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.
4) General Data Policies
Security
Adequate security of your Personal Data is crucial. Bay Corporation shall take, maintain, and, if necessary, adjust all reasonable and suitable and organizational measures, to secure the confidentiality and availability of your Personal Data and to protect them from theft, unlawful dissemination, unauthorized use or unauthorized access to the processed data stored. These measures shall at all times provide an adequate level of protection, in view of the current and future state of the art.
To ensure the safety of your Personal Data, the employees of Bay Corporation follow a Standard Operating Procedure (SOP). Bay Corporation shall take care that the Personal Data processed in the Software, and the Personal Data stored in the administrative systems, will be stored securely and will only be available to authorized people. We also conclude confidentiality agreements with all our employees – and any third parties or Processors that receive Personal Data. If there is a security breach despite the security measures taken, we shall take measures to limit the consequences for your privacy to the extent possible.
Data leak procedure
Despite the technical and organizational measures taken by Bay Corporation a breach relating to the Personal Data may possibly occur, in which Personal Data are destroyed, lost, amended, provided or made available in an unlawful way (hereinafter: ‘data leak’). As a Controller, Bay Corporation shall assess whether the data leak has to be reported to a data protection authority and potentially to the Data Subject. Bay Corporation has the responsibility for the correct, timely and full report to the data protection authorities and potentially to the Data Subject within any applicable statutory deadline.
Disclosure of Personal Data to Third Parties and Processors
Under certain circumstances, Personal Data can be made available to third parties and Processors (such as third party suppliers, subcontractors, and banks) for the purposes stated herein. An agreement has been concluded between Bay Corporation and the above-mentioned third parties and Processors, which includes detailed arrangements on confidentiality, integrity and security of Personal Data.
Transfer of Personal Data Subject to GDPR
We can process your Personal Data within and outside the EU because they may be ‘transferred’ to a foreign (group) company or a foreign (group) company may have access to your Personal Data. This shall happen only if necessary for the implementation of the agreement between Bay Corporation and Customer, or with your permission. Bay Corporation shall not allow your Personal Data to be processed within or outside the EU, unless the transferee agrees to comply with detailed arrangements on confidentiality, integrity and security of Personal Data in accordance with the GDPR.
The level of data protection in countries outside Europe may not be up to the standards of the GDPR in Europe. In those cases, we will take appropriate measures to make sure that your Personal Data are protected and secure in compliance with applicable data protection laws. EU standard contractual clauses are in place between all Bay Corporation entities that share and process Personal Data. Whenever third party service providers process Personal Data outside Europe, our written agreement with them will include appropriate measures, usually standard contractual clauses.
Part C – Your Rights
You have the right to make a request to us in writing concerning:
Access to Personal Data
You have the right to take knowledge of data relating to you that are processed and can receive a copy thereof. Upon request, we inform anyone – as soon as possible but not later than four weeks after receipt of the request – in writing whether Personal Data relating to him/her are processed.
If that is the case, we shall upon request provide the applicant in writing with an overview thereof including information about the purpose or purposes of the data processing, the categories of data the processing relates to, the categories of the Recipients of the data and the origin of the data. Bay Corporation may refuse to comply with a request if and to the extent necessary for the protection of the data subject(s) or the rights and freedoms of Third parties.
Correction and/or deletion and/or restriction of your Personal Data
Upon request in writing of a data subject, we shall proceed to correct, add, delete, restrict and/or block (right to be forgotten) the Personal Data of the data subject we processed, if and to the extent these data are factually incorrect, incomplete for the purpose of the processing, irrelevant, or reveal more information than necessary for the registration purpose, or are processed in breach with the statutory provisions in any other way. The request of the data subject must contain the amendments to be made. We also ask you to inform us why you disagree with the processing of the Personal Data.
We will inform you as soon as possible whether we can comply with your request. Bay Corporation shall take care that a decision pertaining to correction, addition, deletion and/or blocking is implemented within fifteen (15) business days, and if this is in all reasonableness not possible, as soon as possible thereafter.
We shall delete your data after receipt of a request to this end if:
•
The data are no longer necessary for the purpose we processed them for;
•
You no longer grant us permission to process your Personal Data and there is no legal reason to process the data for a longer period;
•
You object to processing of Personal Data and there is no reason to process the data for a longer period;
•
We should not have processed the Personal Data (unlawful processing);
•
We are required by law to delete the Personal Data.
Complaints Procedure
If you are of the opinion that the provisions of this Privacy Statement are not complied with or your rights regarding the processing of Personal Data are not being respected, you can submit your complaint to us via e-mail: privacyofficer@baycorp.com.
Changes and Implementation
We reserve the right to change this Privacy Statement. Changes shall be published on our website. It is recommended to consult this Privacy Statement regularly in order to be well-informed of the alterations. If we make significant changes to the Privacy Statement, we shall inform the clients that are registered with us with their e-mail address.
This Privacy Statement shall take effect as of November 7, 2018. The Privacy Statement can be consulted and downloaded via our website: https://www.baycorporation.com/
This Privacy Statement was last updated on November 7, 2018.
Questions
If you have any questions regarding data protection, please contact us by e-mail or letter:
Our postal address is:
867 Canterbury Road
Westlake, Ohio 44145
We can be contacted by:
•
E-mail: privacyofficer@baycorp.com or
•
Telephone: (440) 835-2212, ext. 0