(EXAMPLE: 'PACKAGING AUTOMATION')

WestRock Privacy Notice火狐体育APP下载|首页

The WestRock group (“WestRock” or “us”), comprised of the WestRock Company of 1000 Abernathy Road NE, Atlanta, GA 30328, USA, and all of its subsidiaries, respects your privacy. This Privacy Notice (“Notice”) describes the personal data we collect, how and why we collect it, and what we do with it. It also informs you of steps you may take to access, update or otherwise control your personal data.

If you have any questions about this Notice or about WestRock’s data privacy practices, please contact the WestRock Global Privacy Office (the “Privacy Office”) by post to 501 S. 5th Street, Richmond, Virginia, USA, or by email to WestRock_Global_Privacy_Office@westrock.com. You may also call the WestRock Compliance Line (+1 800-457-6435). The Compliance Line is available 24 hours/day, seven days/week. Translators are available. Callers outside the USA can reach the Compliance Line from every country where we operate. Click here for country-specific, toll-free phone numbers.

Index火狐体育APP下载|首页

 

Personal Data and How We Collect It火狐体育APP下载|首页

Personal data is any information relating to an identified or identifiable natural person.

We collect personal data from you that is necessary and appropriate based on the type of relationship we have with you. This data may include your name or other identifier, your contact information and the content of any requests or other communication from you to us. For example, a job applicant may provide details about their education or employment history.

We collect some personal data through your interactions with us, such as completing a visitor log when you visit one of our facilities.

Some personal data may be created by WestRock itself. Examples may include an employee identification number, department name/number, and WestRock email address.
WestRock may obtain some information, where lawful to do so, from public sources or third parties, including benefit providers, other colleagues, government, tax or law enforcement agencies, customers, suppliers, reference and vetting service providers and others.

Finally, we collect some personal data through our IT equipment, software and communications systems which may be used by you, as well as software used to assist with the performance and administration of human resources, benefits, staffing and other related functions.

We do not knowingly collect any personal information from children under the age of 18 without parental consent, unless permitted by law. If we learn that a child under the age of 18 has provided us with personal information, we will delete it in accordance with applicable law.

Our Legal Basis for Collecting and Processing Personal Data火狐体育APP下载|首页

We will only collect and process personal information where we have a lawful basis to do so. This is particularly important under the European Union’s General Data Protection Regulation (GDPR). The legal basis under GDPR may be different for different types of processing of personal data, and may fall into one of the following categories:

  • “Legitimate Interests” – Those pursued by WestRock as a business, except where such interests are overridden by the interests and fundamental rights of the data subject. For example, we may rely on this legal basis when processing personal information to ensure IT security, or to communicate with business contacts.
  • “Performance of a Contract” - We may rely on this legal basis in dealing with the personal information of employees with an employment contract, for example. It also applies to pre-contractual data exchanges such as job application information.
  • “Compliance with WestRock’s Legal Obligations” - For example, we are usually required by law to report employee payroll information to the relevant tax authority.
  • “Vital Interests” – We may process some health-related personal information in order to protect the data subject or another person, such as during an epidemic.
  • “Consent of the Data Subject” – We may process some personal data based on the specific, freely given and clearly documented consent of the data subject.

Transfer of Personal Data Within WestRock 火狐体育APP下载|首页

The WestRock group operates in many countries and may share your information among its affiliate companies including those that operate in countries outside your own. WestRock has put in place standard contractual clauses between these companies to ensure your personal information is protected, as described in this Notice.

Transfer of Personal Data Outside WestRock 火狐体育APP下载|首页

Personal data may be transferred to our outsourced service providers, including those located in another country. In these circumstances WestRock will, as required by applicable law, put in place appropriate technical, organizational, contractual and/or other lawful measures to protect your personal data.

WestRock may transfer personal data to public authorities when we are required by law to do so.

WestRock does not, and will not, sell personal data.

Retention of Personal Data火狐体育APP下载|首页

We will retain your personal data for as long as is reasonably necessary for the purposes provided in this Notice or to meet other legal, regulatory, tax or accounting requirements.

We may keep an anonymized form of personal data, which will no longer refer to an individual person or have personally identifying information, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

Security of Personal Data火狐体育APP下载|首页

WestRock is committed to protecting the personal data you share with us or that we process. We have implemented technical and organizational measures to ensure a level of security appropriate to the risk. The measures include:

  • Logical Access Control
  • Personnel Security
  • Network Security
  • Physical Access Control
  • Hardware Management
  • Back-up and Recovery
  • Vendor Security
  • Security Reviews

Monitoring火狐体育APP下载|首页

WestRock may monitor use of its physical facilities, its informational and communications systems and other assets. ‘Monitoring’ includes without limitation intercepting, blocking, recording or otherwise accessing systems and processes whether on a full-time or occasional basis, as permitted by applicable law. It may also include the use of CCTV cameras at various physical locations on and around our facility premises, as permitted by applicable law.

Your Rights Regarding Your Personal Data火狐体育APP下载|首页

If you are covered by the European Union’s General Data Protection Regulation (GDPR) or the Californian Consumer Protection Act (CCPA) you have the right to view your personal information, change it, or request to have it deleted. In particular, you may:

  • request copies of your personal data. To do so, please contact the WestRock Global Privacy Office. We reserve the right to request that you provide proof of your identity.
  • request that we correct any inaccurate and/or incomplete personal data.
  • withdraw consent to the processing of personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your prior given consent. Please note that if consent is withdrawn, you may not be able to benefit from certain service features for which the processing of personal data is essential.
  • request that we stop processing, including automated processing and profiling, of your personal information. In the case of computerized or technology driven automated processing, you may request human intervention.
  • request that we erase your personal data. We will comply with such requests unless there is a lawful reason for not doing so. For example, we may be required to keep some payroll information for tax reporting purposes.
  • lodge a complaint with the relevant data protection authority. We suggest contacting us about any questions or complaints in relation to how we process personal information. However, based on applicable law you may also have the right to contact the relevant data protection authority in your country, state or jurisdiction directly.

WestRock will not discriminate against you based on your decision to exercise your rights.

Changes to WestRock’s Privacy Notice火狐体育APP下载|首页

If we change our privacy policies, we will update this Notice.

Effective Date of this Notice: April 10, 2020火狐体育APP下载|首页

 

Website Visitors火狐体育APP下载|首页

Types of Data, Purpose of Processing and Legal Basis火狐体育APP下载|首页

The table below provides the categories of personal data we collect, the purpose of processing, and the legal basis of processing.

Data

Purpose

Basis

Name and Related Information

Identification

Legitimate Interest in Business Communications

Contact Information

(email address, telephone number, postal address, etc.)

Enable communication

Legitimate Interest in Business Communications

Details of Communication (contents of forms, emails, faxes, etc.)

Make and respond to requests, exchange information, etc.

Legitimate Interest in Business Communications

 

This site contains links to sites not owned by WestRock. Those sites may be subject to their own privacy notice. This Notice applies only to information collected by this site and not to any other sites.

See WestRock’s Cookies Notice for information about our use of cookies.

Transfer of Personal Data火狐体育APP下载|首页

External suppliers may provide infrastructure, hosting services and data analytics. Personal data will be processed by these providers subject to requirements described in this Notice.

Retention of Personal Data火狐体育APP下载|首页

In some cases, a website visitor becomes a job applicant, employee or business contact. In those cases, see the appropriate category for details.

 

Customers, Suppliers and their Representatives (current, former or prospective)火狐体育APP下载|首页

Types of Data, Purpose of Processing and Legal Basis火狐体育APP下载|首页

The table below provides the categories of personal data we collect, the purpose of processing, and the legal basis of processing.

Data

Purpose

Basis

Name and Related Information

Identification

Legitimate Interest in Business Communications

Contact Information

(email address, telephone number, postal address, etc.)

Enable communication

Legitimate Interest in Business Communications

Details of Communication (contents of emails, faxes, invoices, purchase orders, etc.)

Make and respond to requests, exchange information, etc.

Legitimate Interest in Business Communications

User Account Information

(user name, password, etc.)

Use WestRock website, IT systems

Legitimate Interest in Business Communications

Employer Information

(name of employer, job title, names of managers and associates, transactional information, etc.)

Associate business contact with correct business, conduct business

Legitimate Interest in Business Communications

Health-related information
Protect the data subject or another person, such as during an epidemic
Vital Interests

Transfer of Personal Data火狐体育APP下载|首页

External suppliers may provide procurement/sales systems, IT infrastructure and hosting services, and Accounts Payable/Accounts Receivable and other accounting services. Personal data may be processed by these providers.

Retention of Personal Data火狐体育APP下载|首页

Because the business contact’s information may appear in certain business records (invoices, for example) we may be required to retain the information for a longer period.

 火狐体育APP下载|首页

Job Applicants火狐体育APP下载|首页

Types of Data, Purpose of Processing and Legal Basis火狐体育APP下载|首页

The table below provides the categories of personal data we collect, the purpose of processing, and the legal basis of processing.

Data

Purpose

Basis

Name and Related Information

Identification

Legitimate Interest in Business Communications

Contact Information

(email address, telephone number, postal address, etc.)

Enable communication

Legitimate Interest in Business Communications

Application Information (resume/CV, application form, letter of application, supporting documents, etc.

Evaluate job candidate

Performance of a Contract (for those jobs which involve an employment contract); otherwise Legitimate Interests in Administering Human Resources

Details of Communication (Offer and Acceptance letters, contents of emails, faxes, etc.)

Make and respond to requests, exchange information, etc.

Legitimate Interest in Business Communications

Special Data

(Age, Disability, National Origin, Religion, Race/Ethnic Background, Sexual Orientation, etc.)

Complete legally-required reporting; collected only where required

Compliance with WestRock’s Legal Obligations

Collecting Personal Data火狐体育APP下载|首页

WestRock uses external recruiters and other external providers of pre-employment services. We may collect personal data from these service providers.

Transfer of Personal Data 火狐体育APP下载|首页

An external supplier provides WestRock’s applicant tracking system. Where legally allowed, external suppliers provide background check services. Personal data will be processed by these providers.

WestRock may be required to provide certain personal data to government agencies or authorities.

Retention of Personal Data火狐体育APP下载|首页

For successful applicants, see the employee category for details.

Personal data of unsuccessful applicants will be retained as long as legally required.

 

Employees and Former Employees火狐体育APP下载|首页

WestRock has policies that address the collection and use of data relating to employees and former employees. These policies cover privacy, information security, acceptable use of IT resources, social media and CCTV. WestRock provides notice (“WestRock Employee Data Privacy Notice”) of these policies upon commencement of employment with the Company, makes the notice available on request by local HR management and provides the notice as necessary to comply with relevant data privacy laws. Copies of the policies are available on the Company’s intranet site.

 

Network and IT Security Data火狐体育APP下载|首页

Types of Data, Purpose of Processing and Legal Basis火狐体育APP下载|首页

The table below provides the categories of personal data we collect, the purpose of processing, and the legal basis of processing.

Data

Purpose

Basis

Network and IT Security Data

Secure the Company’s IT and knowledge assets, along with those belonging to other parties

Legitimate Interest in Network and IT Security

Transfer of Personal Data

External suppliers provide infrastructure, hosting services and data analytics. Personal data will be processed by these providers.

Retention of Personal Data火狐体育APP下载|首页

The data is generally kept in logs for one year.