Brazil – Data protection
Privacy statement that applies in Brazil
Jotun A/S and its Group Companies (Jotun) are committed to the protection of personal data of Jotun employees and other individuals.
This Privacy Statement (the "Privacy Statement") describes the information that Jotun collects from or about you ("Personal Data"), and how we use and to whom we disclose such data. Jotun A/S or the Jotun company which controls the Personal Data is the so-called “data controller” for the Personal Data that is processed about you. Country specific versions of the Privacy statement may be downloaded below.
This Privacy Statement is developed to state the processing activities of Jotun and inform Data Subjects of their rights related to protection of Personal Data.
“Jotun” includes the parent company, Jotun A/S, and its subsidiaries. All references in this Privacy Statement to "Jotun", "we", "us", "our" and like terms should be interpreted accordingly. This Privacy Statement applies to the Personal Data of all individuals that is either a Customer, an employee of a Customer, a Supplier or an employee of a Supplier or individuals registering their personal data on www.jotun.com (the “Data Subject”).
The Jotun Group has entered a set of data protection rules and policies, binding for all companies. The so-called Jotun Binding Corporate Rules (“BCR”), with corresponding policies, procedures and guidelines are worked out in order to be compliant with the General Data Protection Directive, (EU) 2016/679 ("GDPR"). The BCR application is submitted to, and is currently being handled by the Norwegian Data Protection Authority as a lead authority. With common data protection rules across Jotun, we ensure an adequate level of protection for all Data Subjects including when Personal Data is transferred between different Group companies to different countries. It is Jotun's obligation to comply with the privacy law within each country in which we operate. Sometimes this legislation and/or a Data Subject's right to data protection are different from one country to another. Data Subjects keep any rights they have under local law. This Privacy Statement shall apply only where it provides additional protection. Where local law provides more protection than this Privacy Statement, local law shall apply.
Personal Data is any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).
Personal Data of Data Subjects, shall be collected, used or otherwise Processed for one (or more) of the following Business Purposes:
Providing, development and improvement of products and/or services purposes.
Jotun collects and maintains different types of Personal Data in respect of Data Subjects. This includes e.g. the Personal Data contained in:
We may use the information stated in article 7 to inform and promote our products and/or services. If we choose to promote such information we will ask for your explicit consent and give you an “opt out” option for being contacted. This information will not be disclosed to any other third parties outside of Jotun. Without consent we may use the information stated under article 7 to inform and promote information related to products and/or services purchased from Jotun.
We may share your Personal Data with our Employees, contractors, consultants and other parties (including other members of the Jotun group) who require such information to assist us fulfilling the business purposes of Jotun. This includes parties that provide products or services to us or on our behalf. In some instances, such parties may also provide certain information technology and data processing services to us so that we may operate our business. We may share Personal Data with such parties both in and outside of your home jurisdiction, and as a result, your Personal Data may be collected, used, processed, stored or disclosed in Norway or any other country where Jotun is present.
Personal Data is only transferred to external parties, outside the Jotun Group if this is required or permitted under the applicable privacy legislation. When we share Personal Data with external parties we require that the external party enters into a Data Processing Agreement (DPA) with Jotun in compliance with the GDPR. Such parties may only use or disclose Personal Data in a manner consistent with the use and disclosure provisions of this Privacy Statement. Further, your Personal Data may be disclosed in the following situations:
Privacy laws do not generally require to obtain your consent for the collection, use or disclosure of Personal Data for the purpose of conducting the business purposes of Jotun. In addition, we may collect, use or disclose your Personal Data without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so. In some situations, however, it might be that your consent is required for our collection, use or disclosure of your Personal Data. In such cases you may at any time, subject to legal or contractual restrictions and reasonable Statement, withdraw your consent. If you choose to withdraw your consent, please send an email to your contact person in Jotun or to email@example.com.
Jotun endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the Personal Data in question. These safeguards are designed to protect your Personal Data from loss and unauthorised access, copying, use, modification or disclosure.
Except as otherwise permitted or required by laws or regulations, Jotun endeavours to retain your Personal Data only for as long as we believe is necessary to fulfil the purposes for which the Personal Data was collected. We may, instead of destroying or erasing your Personal Data, make it anonymous so that it cannot be associated with or tracked back to you.
It is important that the Personal Data in our records is both accurate and current. If your Personal Data happens to change, please keep us informed of such changes.
You have the right to access information about your Personal Data. If you want to review, verify, correct or delete your Personal Data, please send an email to firstname.lastname@example.org. We will take necessary steps to confirm the data subject’s identity before providing any information regarding personal data. The request will, when the requestor's identity is confirmed, be answered within 30 days. In some instances, the request may take longer, but we will inform you accordingly and send an answer at the latest within 90 days.
Your right to access the Personal Data is not absolute. There are instances where law or regulations allow or require us to refuse to provide some of the Personal Data. It may also be statutory requirements preventing us from deleting some Personal Data. In the event that we cannot adhere to your request, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
If you have any questions about this Privacy Statement or concerns about how we manage your Personal Data or if you wish to file a complaint, please contact our Global Data Protection Officer at email@example.com. We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you at our earliest convenience and at the latest within one month after your request was made.
If you wish to file a complaint regarding compliance with this Privacy Statement or violations of your rights, you may send the complaint to: firstname.lastname@example.org; Global Data Protection Officer; Lodge a complaint at your local supervisory authority in the EU/EEA member. State where you have your habitual residence, place of work or the place where the alleged violation took place (e.g. Datatilsynet, P.O. 8177 Dep., 0034 Oslo, Norway); or lodge a complaint before the competent court where Jotun has an establishment.
Jotun may from time to time make changes to this Privacy Statement to reflect changes in our legal obligations or in the manner we deal with your Personal Data. We will communicate any revised version of this Privacy Statement. The at all times applicable and updated Data Protection Statement is available on www.jotun.com. Any changes to this Privacy Statement will be effective from the time they are communicated. Any change that relates to why we collect, use or disclose your Personal Data, that require your consent, will not apply to you until we have obtained your consent.
This Privacy Statement includes examples but is not intended to be restricted only to such examples. Therefore, where the word 'including' is used, it shall mean; including but not limited to.
Privacy statement that applies in Brazil
Privacy statement that applies in the Czech Republic
Privacy statement that applies in Hungary
A video is being shown
An image is being displayed
A brochure is being displayed