Customer and Vendor Privacy Notice
EU, EEA, Switzerland and UK
Effective Date: August, 2020
As part of its business activities, Leggett & Platt, Incorporated and its EU, EEA (European Economic Area), Switzerland and the United Kingdom based companies (collectively referred to as the Company, “Leggett & Platt”, “we”, “us” or “our”) collects and processes your personal information (i.e. data which can be linked/attributed to an individual person, “Personal Data”). The privacy and protection of your Personal Data is of great importance to us.
This Customer and Vendor Privacy Notice informs you as our business partner about why and how we process your Personal Data in accordance with the high standards of applicable data protection laws and regulations. This includes information on whom we will share your Personal Data with, how long we will retain it and which rights you have in relation to the processing.
Who is responsible for the processing of your Personal Data?
The Company is the responsible data controller. That means it is the entity collecting your Personal Data and deciding why and how to process your Personal Data.
If more than one Leggett & Platt company is responsible for the processing of your Personal Data, the respective Privacy Contact Person will forward your query to the relevant Leggett & Platt company that is primarily responsible. We kindly ask you to address any queries you may have directly to the contact details as set out in Section 10.
What Personal Data do we collect?
We collect the following types of your Personal Data in connection with our business activities, providing services, entering into a contract, or maintaining business relationships:
- Personal information (such as your surname, first name, address, business telephone number, business email address, your office address);
- Information on your sales / our orders; and
- Track of records about our relation and communication with you.
For which purposes do we collect and process your Personal Data?
We collect and process your Personal Data for the following purposes:
- Manage existing and prospective client, customers, supplier, or other third-party relationships (e.g. in relation to the initiation, conclusion or fulfilment of a contract);
- Communicate about products we offer or intend to offer, the improvement of our products, and the review of our business relationship;
- Perform accounting, auditing, billing, and collection activities;
- Meet legal obligations (e.g. financial and administrative obligations); and
- Establish, enforce or defend against legal claims.
Who has access to your Personal Data?
To manage our business relationship, we might share your Personal Data internally with members of our marketing, sales, supply chain, quality assurance and finance departments, and in each case only if access to your Personal Data is necessary for the performance of their roles.
In addition, and only when necessary to fulfil the purposes mentioned above, we will disclose your Personal Data to the following recipients or categories of recipients, as the case may be:
- Third party agents, service providers and advisers (e.g. in connection with payments, legal advice or postal services);
- Law enforcement, government authorities or courts where necessary to comply with applicable laws; and
- Other parties in the event of any contemplated or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings) to the extent necessary.
We will not disclose your Personal Data to any parties who are not authorised to process them.
On which legal basis do we process your Personal Data?
We use the following legal basis for the processing of your Personal Data:
- Where the processing is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract;
- Compliance with legal obligations to which we are subject (e.g. where we are legally obliged to retain certain client or supplier related data); and
- Where the processing is necessary for our legitimate interests (e.g. to communicate about products we offer or intend to offer, the improvement of our products, and the review of our business relationship), unless we determine in a case-by-case assessment that our interests are overridden by your interests or fundamental rights and freedoms.
Where will my Personal Data be processed?
Your Personal Data may be processed both inside and outside the European Union (“EU”) and the European Economic Area (“EEA”) by The Company and its data processors working on behalf of our company.
Please note that EU / EEA Member States and other countries may have different laws regarding the protection of personal data. When your personal data is transferred from your own country to another country, the laws and rules that protect your personal data in the country to which your information is transferred may be different (or less protective) from those in your country of residence. For example, the circumstances in which law enforcement can access personal data may vary from country to country.
If you are resident of the EU or EEA and your Personal Data is transferred outside the EU or EEA, we will ensure that the recipient of the Personal Data provides for an adequate level of data protection, in particular, by implementing appropriate safeguards such as the EU Standard Contractual Clauses.
How do we protect your Personal Data?
The Company maintains appropriate technical and organizational security measures designed to protect your Personal Data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. All our employees and contractual partners are bound by confidentiality and may only process your Personal Data based on the "need-to-know" principle.
How long do we keep your Personal Data?
We will not retain your Personal Data longer than necessary to fulfil the purposes the data was collected for or to fulfil our legal obligations as:
- Customer contracts and related information will be retained for as long as the contracts are in force and for an additional period thereafter for legal obligations (e.g. defending legal claims).
- Financial and tax related data will be retained under the applicable statutory provisions (e.g. the Tax Act); and
- Marketing information (e.g. opt-ins) will be retained until the consent is withdrawn (by opting-out).
What are your rights with respect to your Personal Data?
To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your Personal Data:
- Request the update or correction of your Personal Data so that it is always accurate;
- Obtain your Personal Data in an electronic format;
- Request the deletion of your Personal Data if it is no longer needed for the purposes indicated above; and
- Restrict the processing of your Personal Data in certain circumstances, for example, where you have contested the accuracy of your Personal Data, for the period enabling us to verify its accuracy.
In the event and to the extent that we process your Personal Data based on our legitimate interests as set out in Section 5, you have the right to object to the processing on specific grounds relating to your particular situation. In such case we will no longer process your Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You may exercise the above mentioned rights by sending a request to the contact details set out in Section 10 below, providing your name, the Leggett & Platt company you are in contact with or you have business relations with, your email address as well as a description of your request.
If you believe we have not complied with our obligations under applicable data protection laws and regulations, you have the right to lodge a complaint with a competent data protection authority.
How can you contact us?
If you have any queries about this Customer and Vendor Privacy Notice or how we use your Personal Data, please contact our Privacy and Data protection team at firstname.lastname@example.org.
You may also write the Company at:
L&P Automotive Europe Headquarters GmbH
Attn: Data Protection Officer
Leggett & Platt, Incorporated
Attn: Associate General Counsel – Privacy & Data Protection
No. 1 Leggett Road
Carthage, Missouri 64836