Privacy Policy and Data Protection

Effective Date: May 1, 2019

Actuant Corporation respects individual privacy and values the confidence of its customers, employees, vendors, business partners and others. Actuant Corporation strives to collect, store, process and distribute Personal Information in a manner consistent with the laws of the countries in which it does business, as well as the GDPR. Actuant Corporation participates in and abides by the EU-U.S. Privacy Shield Framework developed by the U.S. Department of Commerce and the European Commission. This Data Protection and Privacy Policy (the “Policy”) sets forth the privacy principles that Actuant Corporation follows with respect to Personal Information transferred to Actuant Corporation from anywhere in the world, including transfers from the European Economic Area (EEA) (which includes the twenty-eight member states of the European Union (EU) plus Iceland, Liechtenstein and Norway).

I. PRIVACY SHIELD
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under EU law that adequate protection be given to Personal Information transferred from the EU to the United States (EU-U.S. Privacy Shield Framework). To learn more about the Privacy Shield program, and to view Actuant Corporation’s certification, please visit http://www.privacyshield.gov/list.

Actuant Corporation has a Data Protection Officer who assists in ensuring compliance with this Policy and data security issues. Actuant Corporation educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance. Actuant Corporation’s Data Protection Officer, Nicholas Gemmell, and its corporate legal team are available to any of its customers, employees, business partners or others who may have questions concerning this Policy or data security practices. Relevant contact information is provided herein. Actuant Corporation is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to the Privacy Shield Framework.

II. SCOPE
This Policy applies to all Personal Information received by Actuant Corporation in any format including electronic, paper or verbal. Actuant Corporation collects, stores and processes Personal Information concerning current and former employees, as well as applicants for employment through its Internet websites, its intranet site, electronic mail and manually. Actuant Corporation will not sell or share this information with third parties in ways different than what is disclosed in this Policy. On a global basis, Actuant Corporation will establish and maintain business procedures that are consistent with this Policy. Notwithstanding the foregoing, Actuant Corporation has separate policies governing the processing of employee personal data and external personal data in those countries that are members of the EU. These policies are consistent with EU data protection law.

Actuant Corporation collects, stores, and processes Personal Information from current and past employees and applicants for employment, such as name, contact information, government identifier, financial account information, and family information. This information is maintained at the Corporate and local level by Actuant Corporation and its authorized agents, depending on the level of the position as well as the local office of the employee or applicant. Actuant Corporation collects Personal Information for employment related purposes and legitimate human resource business reasons such as personnel and job candidate administration and assessment, recruitment and staffing; payroll administration; absence monitoring; training and development; management planning; appraisal and promotion; union negotiation; production and publication of company address books and telephone and e-mail directories; managing email and other communication systems; production of employee Identity cards; monitoring the use of company resources; information to contact close relatives in case of emergency; filling employment positions; administration and operations of its benefit and compensation programs; meeting governmental reporting requirements; security, health and safety management; performance management; company network access; managing and administering the Ethics Hotline; facilitating workplace communications; workforce analytics, and authentication. Actuant Corporation does not request or gather information regarding political opinions, religion, philosophy or sexual preference. To the extent Actuant Corporation maintains information on trade union membership, medical health, race or ethnicity, Actuant Corporation will protect, secure and process that information in a manner consistent with this Policy and applicable law.

Actuant Corporation also collects, stores, and processes Personal Information from prospective customers, vendors, professional advisers and consultants, distributors, dealers, suppliers, business partners and others, such as name, contact and financial information. This information may be maintained at its corporate offices in Menomonee Falls, Wisconsin or at other Actuant Corporation facilities, and its authorized agents, consistent with local legislation. Actuant Corporation collects this Personal Information for, among other things, legitimate business reasons such as processing and fulfilling orders; customer service; the provision of services or products to Actuant Corporation, product, warranty and claims administration; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; marketing; internal marketing research; safety and performance management; financial and sales data; and contact information. All Personal Information collected by Actuant Corporation will be used for legitimate business purposes consistent with this Policy.

Actuant Corporation may process and disclose Personal Information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which an Actuant Corporation business is acquired by or merged with another business, or sells, liquidates, or transfers all or a portion of its assets.
Actuant Corporation also may process or disclose Personal Information as is reasonably necessary or legally required on important public interest grounds, to respond to lawful requests by public authorities (including to meet national security or law enforcement requests), to meet governmental reporting or records requirements, or for the establishment, exercise or defense of legal claims by Actuant Corporation or other companies within its corporate group.

III. DEFINITIONS
For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that processes Personal Information provided by Actuant Corporation to perform tasks on behalf of or at the instruction of Actuant Corporation.

“Actuant Corporation” means Actuant Corporation, its subsidiaries, divisions and groups, with subsidiaries/brands such as Enerpac, Simplex, Larzep Hydraulic, Precision-Hayes International, Milwaukee Cylinder, Hydratight, Cortland, Mirage, Maximatecc, Weasler, Gits Manufacturing Co., Crosscontrol, Power-Packer, Elliott Manufacturing and Equalizer.

“Personal Information” means any information or set of information that identifies or could be used by or on behalf of Actuant Corporation to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, trade union membership, political opinions, or religious or philosophical beliefs, that concerns health or sex life, or that contains criminal records. In addition, Actuant Corporation will treat as Sensitive Personal Information any Personal Information received from a third party where that third party treats and identifies the Personal Information as sensitive.

IV. PRIVACY PRINCIPLES
Actuant Corporation commits to subject the Personal Information covered by this policy to the following principles:

(1) NOTICE: Where Actuant Corporation collects Personal Information directly from individuals, it will inform them about the purposes for which it collects, stores and processes Personal Information about them, the types of non-Agent third parties to which Actuant Corporation discloses that information, and the choices and means, if any, Actuant Corporation offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Actuant Corporation, or as soon as practicable thereafter, and in any event before Actuant Corporation uses the information for a purpose other than that for which it was originally collected.

(2) CHOICE: Actuant Corporation will offer individuals the opportunity to choose (opt-out) whether their Personal Information is (a) to be disclosed to a non-Agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Information, Actuant Corporation will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Actuant Corporation will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.

(3) DATA INTEGRITY AND PURPOSE LIMITATION: Actuant Corporation will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Actuant Corporation will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current.

(4) ACCOUNTABILITY FOR ONWARD TRANSFER: Actuant Corporation uses third-party Agents to assist us in accomplishing the purposes described in this Policy, for example to support our customers, perform technical operations, and store and transmit data. Actuant Corporation will confirm that any third party to which it discloses Personal Information will appropriately safeguard the privacy of that Personal Information. Examples of appropriate privacy safeguards include: a contract obligating the third party to provide at least the same level of protection as is required by the relevant privacy principles, the third party being subject to EU data protection law, Privacy Shield certification by the third party, or the third party being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where Actuant Corporation has knowledge that a third party is using or disclosing Personal Information in a manner contrary to this Policy, Actuant Corporation will take reasonable steps to prevent or stop the use or disclosure. Actuant Corporation holds third parties to which it discloses Personal Information accountable for maintaining the trust our employees and customers place in the company. Actuant Corporation may remain liable under the Privacy Shield Principles if any Agent processes Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Actuant Corporation first demonstrates that it is not responsible for the event giving rise to the damage.

(5) ACCESS AND CORRECTION: Upon request, Actuant Corporation will grant individuals reasonable access to Personal Information that it holds about them. In addition, Actuant Corporation will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Any employees that desire to review or update their Personal Information can do so by contacting their local Human Resources Representative.

(6) SECURITY: Actuant Corporation will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Actuant Corporation protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal Information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. Actuant Corporation limits access to Personal Information and data to those persons in Actuant Corporation’s organization, or as Agents of Actuant Corporation, that have a specific business purpose for maintaining and processing such Personal Information and data. Individuals who have been granted access to Personal Information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.

(7) RECOURSE, ENFORCEMENT, AND LIABILITY: Actuant Corporation will conduct compliance audits of its relevant privacy practices to verify compliance with this Policy and the relevant privacy principles. Any employee that Actuant Corporation determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

V. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of Personal Information should be directed to the Actuant Corporation Data Protection Officer via the contact information below. Actuant Corporation will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy and as required by law.

VI. INTERNET PRIVACY
Actuant Corporation sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. Actuant Corporation recognizes the importance of maintaining the privacy of Personal Information collected through websites that it operates. Actuant Corporation’s purpose for operating its websites is to provide information concerning products and services to the public. In general, visitors can reach Actuant Corporation on the Web without revealing any Personal Information. Visitors on the Web may elect to voluntarily provide Personal Information via Actuant Corporation websites but are not required to do so. Actuant Corporation collects information from visitors to the websites who voluntarily provide Personal Information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, or seeking employment. The Personal Information voluntarily provided by website users is contact information such as the user’s name, home and/or business address, phone numbers and email address. Actuant Corporation collects this information so it may answer questions and forward requested information. Actuant Corporation does not sell this information.

Actuant Corporation may also collect anonymous information concerning website users through the use of “cookies” in order to provide better customer service. “Cookies” are small files that websites place on users’ computers to identify the user and enhance the website experience. Company personnel periodically audit Actuant Corporation’s commercial websites to determine what cookies are used on each. The cookies used are typically not intrusive and are not typically connected to visitors’ contact or other identifiable information. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. Visitors can learn how to control or delete cookies used on Actuant Corporation’s websites by visiting http://www.aboutcookies.org for detailed guidance. If visitors do suppress the website cookies, however, some areas of Actuant Corporation websites may not function properly.

The table below describes the cookies used on www.actuant.com and other Actuant Corporation related websites.

Session Cookies
We use a session cookie that lasts for the duration of your visit to our site and is used for load balancing. User data is linked to your contact information if you agree to the use of cookies for the purpose of enhancing your browsing experience and to personalize information to your interests.

Persistent Cookies for Site Analytics
Google Analytics – we use this to understand how the site is being used in order to improve the user experience. User data is not linked to any of your contact information.

You can find out more about Google’s position on privacy as regards its analytics service at:https://support.google.com/analytics/answer/6004245?hl=en

Adobe Site Catalyst – we use this to understand how the site is being used in order to improve the user experience. User data is not linked to any of your contact information.

You can find out more about Adobe’s position on privacy as regards its analytics service at:http://www.omniture.com/en/privacy/product

Few, if any, of Actuant Corporation’s websites are directed toward children. Nevertheless, Actuant Corporation is committed to complying with applicable laws and requirements, such as the United States’ Children’s Online Privacy Protection Act (“COPPA”)Actuant Corporation website users have the option to request that Actuant Corporation not use information previously provided, correct information previously provided, or remove information previously provided to Actuant Corporation. Those that would like to correct or suppress information they have provided to Actuant Corporation should forward such inquiries to:

Actuant Corporation
N86 W12500 Westbrook Crossing
Menomonee Falls, Wisconsin 53201-3241
Attention: Global L&E Counsel

Or:

Actuant Corporation
Bentley Road South
Darlaston, West Midlands
WS10 8LQ
United Kingdom
Attention: Data Protection Officer

The inquiries should include the individual’s name, address, and other relevant contact information (phone number, email address). Actuant Corporation will use all reasonable efforts to honor such requests as quickly as possible.

Actuant Corporation websites may contain links to other “non-Actuant Corporation” websites. Actuant Corporation assumes no responsibility for the content or the privacy policies and practices on those websites. Actuant Corporation encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of Actuant Corporation.

VII. CHANGES TO THIS POLICY
The practices described in this Policy are current personal data protection policies as of May 21, 2018. Actuant Corporation reserves the right to modify or amend this Policy at any time consistent with the requirements of the relevant principles and applicable law. Appropriate notice will be given concerning such amendments.

ACTUANT CORPORATION (U.S.) PRIVACY SHIELD POLICY
ACTUANT CORPORATION and each of its related U.S. subsidiaries, business units and other legal entities (“Actuant,” “we,” “our,” and “us”), complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from European Union member countries. Actuant has certified that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this Actuant Privacy Shield Policy (“Privacy Shield Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Definitions
“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

“Personal Data” means any information relating to an individual residing in the European Union that can be used to identify that individual either on its own or in combination with other readily available data.

“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

Scope and Responsibility
This Privacy Shield Policy applies to Personal Data transferred from European Union member countries to Actuant’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.

Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:

• Some Actuant websites have their own privacy policies.
• Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
• Employee Personal Information is subject to internal human resource policies including the Actuant Privacy Notice.

All employees of Actuant that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy. Adherence by Actuant to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of Actuant’s Executive Vice President – HR.

Actuant employees responsible for engaging third parties to which Personal Data covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.

Privacy Shield Principles
Actuant commits to subject to the Privacy Shields’ Principles all Personal Data received by Actuant in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework.

1. Notice
Actuant notifies Data Subjects covered by this Choice Privacy Shield Policy about its data practices regarding Personal Data received by Actuant in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that Actuant offers for limiting its use and disclosure of such Personal Data, how Actuant’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Actuant with any inquiries or complaints.

2. Choice
If Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Actuant will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: privacy@actuant.com.

If Sensitive Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Actuant will obtain the Data Subject’s explicit consent prior to such use or disclosure.

3. Accountability for Onward Transfer
In the event we transfer Personal Data covered by this Privacy Shield Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Actuant has knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Actuant will take reasonable steps to prevent or stop such processing.

With respect to our agents, we will transfer only the Personal Data covered by this Privacy Shield Policy needed for an agent to deliver to Actuant the requested product or service. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Actuant’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify Actuant if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

Actuant remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where Actuant is not responsible for the event giving rise to the damage.

4. Security
Actuant takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

5. Data Integrity and Purpose Limitation
Actuant limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. Actuant does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

Actuant takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. Actuant takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes Actuant’s obligations to comply with professional standards, Actuant’s business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.

6. Access
Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: privacy@actuant.com

7. Recourse, Enforcement, and Liability
Actuant’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. Actuant is also willing to cooperate with relevant EU data protection authorities regarding this Policy. In compliance with the Privacy Shield Principles, Actuant commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Actuant at: privacy@actuant.com

Actuant has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, JAMS Mediation, Arbitration and ADR Services. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Actuant agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Actuant acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.

ACTUANT PRIVACY NOTICE

1. Scope
All data subjects whose personal data is collected, in line with the requirements of the GDPR.

2. Responsibilities
2.1 The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Actuant Corporation collecting/processing their personal data.
2.2 All employees of Actuant Corporation who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.

3. Privacy notice
3.1 Who are we?
Actuant Corporation is a diversified industrial company with operations in more than 30 countries. The Actuant businesses are market leaders in branded hydraulic tools as well as highly engineered position motion control systems. Actuant business operations are divided into three segments focused on the niche markets we serve.

The Industrial segment is primarily involved in the design, manufacture, and distribution of branded hydraulic and mechanical tools to the maintenance, industrial, infrastructure and production automation markets. We provide high force hydraulic tools for use in end-market applications as diverse as positioning the roof on the Olympic Stadium in Beijing to lifting and positioning aircraft wings on today’s largest aircraft prior to attachment.

The Energy segment provides joint integrity products and services, as well as umbilical, rope, and cable solutions to the global oil and gas, power generation, and other energy markets. The key aspects of businesses in the energy segment are safety, productivity, and uptime.

The Engineered Solutions segment provides engineered position & motion control, power transmission and other industrial systems to OEMs in various vehicle markets. Our products include harsh-environment electronic controls and instrumentation, container hardware and aerospace batteries.

Our Data Protection Officer can be contacted directly here: Data Protection Contact Form

3.2 Personal Data
Under the EU’s General Data Protection Regulation (GDPR), personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data will only be processed by Actuant Corporation in a reasonable, lawful and fair manner. This means that Actuant Corporation will process personal data in compliance with applicable data protection laws and/or other laws and regulations. Examples of common types of personal data include name, address, social security number, salary details and financial information, CV’s, employee records and reviews, and references regarding employees.

The GDPR distinguishes between ordinary personal data such as name, address and telephone number and sensitive personal data including information relating to health, sexual orientation, racial or ethnic origin, political opinions, religious beliefs, and trade union membership. Under the law the processing of sensitive personal data is subject to additional and stricter conditions.

Employee personal data is processed by Actuant Corporation for the purposes of employment management and compliance with legal requirements. Individuals should note that IR will only process sensitive personal data in limited circumstances.

Where required by law, the explicit consent of the individuals to such processing will be obtained. Actuant Corporation will take appropriate security measures to safeguard sensitive personal data and to ensure its confidentiality

This Policy is intended to clarify how Actuant Corporation will process employee’s and external applicants/candidates personal data including sensitive personal data. References to employees covers external applicants/candidates where applicable.

In order to operate effectively and to meet its legal requirements, Actuant Corporation needs to process personal data for employment-related purposes. Where it does so, personal data will be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with these purposes. Processing of certain data will for some activities continue after employees have left the service of Actuant Corporation.

Examples of the main ways in which Actuant Corporation processes personal data in an employment context may include the following:
• Recruiting and staffing;
• Administration of salaries and expenses, pension, sickness benefit or other payments and contributions due under the contract of employment;
• Monitoring absence or sickness under an absence control policy;
• Administration of incentive compensation programs;
• Training and development, including performance appraisals;
• Management planning;
• Appraisal, promotion and salary progression reviews;
• Negotiations with trade unions or other employee representatives;
• Admi nistration of Actuant Corporation policies;
• Compliance with any legal requirement to provide information about employees including regarding tax payments or employee membership lists to unions;
• Administration of any applicable disciplinary and grievance procedures;
• Compilation of employee lists and contact information for both internal and external use;
• Production of employee ID cards;
• Monitoring the use of Company resources;
• In relation to the provision of company services and other services;
• To contact emergency contacts or emergency services in the event of an emergency, for example, illness or serious injury to an employee.

Employees and external candidates/applicants are asked to provide personal data at the point of application and throughout their employment for the purposes mentioned above. Actuant Corporation will inform employees of any material changes in the way in which employee personal data is used.

Employee data maintained by Actuant Corporation will be used for the purposes, as mentioned above, of supporting company operations and providing employee benefits and compensation. Actuant Corporation HR and Payroll processes include tasks and procedures to keep personal data accurate, complete and current.

3.3 Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Consent is required for Actuant Corporation to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

You may withdraw consent at any time by following the process set forth in the Withdrawal of Consent Procedure, GDPR DOC 2.7A.

3.4 Disclosure
Actuant Corporation is comprised of a group of companies worldwide. Certain employee data contained on the centralized database will be accessible to other members of the Actuant Corporation companies, such as the United States and/or other countries, for the purpose of employee management and as outlined in this Policy. Additionally, there are situations when personal data relating to employees is transmitted to third parties (EU or non-EU based) to provide HR related services for Actuant Corporation, such as payroll services, compensation, expenses, employee engagement surveys, cultural and/or employee engagement assessments, healthcare services and other employee benefits and services/information required by law.

In addition, Actuant Corporation, like many businesses, sometimes hires other companies (EU and non-EU based) to perform certain business-related functions. Examples include mailing information, maintaining databases and processing payments. When Actuant Corporation retains a non-affiliated company to perform a function of this nature, such third party will be required to take security measures to appropriately protect the data. Personal data may also be proportionately disclosed by Actuant Corporation to other third parties as required by law, for compliance with legal requirements or to defend a legal claim, in an emergency to protect the vital interests of an employee, in cases of business requirements (such as the sale of a business unit), or where the consent of the employee has been obtained

Actuant Corporation has the authority to change or terminate this policy in whole or in part at any time, without prior notice to or the consent of any employee, unless otherwise described by local and/or European legislation and requirements.

3.5 Retention period
Actuant Corporation will process personal data and will store the personal data for as described in Actuant Corporation’s Retention Period Procedure, GDPR DOC 2.3.

3.6 Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organization.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Actuant Corporation refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.

All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.

3.7 Complaints
In the event that you wish to make a complaint about how your personal data is being processed by Actuant Corporation (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Actuant Corporation’s Data Protection Officer.

3.8 Privacy statement
Read more about how and why we use your data in the Actuant Corporation privacy statement found at www.actuant.com.

Document Owner and Approval

The Data Protection Officer or designee is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the requirements of the GDPR.

A current version of this document is available to all employees on the Actuant corporate intranet (“the HUB”) and through Human Resources. It does not contain confidential information and can be released to relevant external parties.