PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS (“Privacy Notice”) supplements the information contained in the Privacy Policy of Heraeus, its affiliated companies, and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers”, “you,” or “your”). This notice complies with the California Consumer Privacy Act of 2018, as amended (the “CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.

Information We Collect

To carry out our business, operate this website, comply with the law, and for other purposes described in the CCPA, we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. X
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. X
C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). X
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. X
E. Biometric information An individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. X
F. Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. X
G. Geolocation data. Physical location or movements. X
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. X
I. Professional or employment-related information. Current or past job placements, locations, roles, addresses, telephone numbers, electronic mail addresses, job history or performance evaluations. X
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. X
K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. X
L. Sensitive Personal
Information 		Sensitive Personal Information includes: social security number, driver’s license, state identification card, or passport number; log-in, financial account, debit card, or credit card number, in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication; genetic data; biometric information; personal information collected and analyzed concerning a consumer’s health; or personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. X

We retain your personal information for as long as necessary to process your order, perform our obligations, comply with applicable law, and in accordance with our data retention schedule. We may retain your personal information for longer if it is necessary to comply with our legal or reporting obligations, to resolve disputes, or as permitted or required by applicable law. We may also retain your personal information in a deidentified or aggregated form so that it can no longer be associated with you. To determine the appropriate retention period for your personal information, we consider various factors, such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we collect or process your personal information; and applicable legal requirements.

Personal information does not include:

  • Publicly available information from government records, meaning information that is lawfully made available from federal, state, or local government records.
  • De -identified or aggregated consumer information.
  • Information excluded from the CCPA's scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data subject to the Federal Policy for the Protection of Human Subjects;
    • or personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We may alter the categories of personal information we collect and/or the purposes for which we use it, and will inform you in the event we do so.

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our customers, or their employees, representatives, or agents. For example, from documents that our customers provide to us related to the products or services for which they engage us.
  • Indirectly from our customers, or their employees, representatives, or agents. For example, through information we collect from our customers in the course of providing products or services to them.
  • Directly from our suppliers or business partners, or their respective employees, representatives, or agents. For example, from documents that our suppliers provide to us related to the products or services for which we engage them.
  • Indirectly from our suppliers or business partners, or their respective employees, representatives, or agents. For example, through information we collect from our supplier in the course of them providing products or services to us.
  • Directly and indirectly from activity on our website (www.heraeus.com). For example, from submissions through our website portal or website usage details collected automatically. For information regarding our use of cookies and other tracking technologies, please refer to our general privacy policy and privacy policy or US-residents located at:  https://www.heraeus.com/en/group/heraeus_group/privacy_policy.html
  • From third-parties that interact with us in connection with the products or services we perform. For example, from government agencies when we prepare readiness assessments for projects that receive government funding.
  • From other third party data or information sources. For example, news outlets, social media, and data brokers.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business or commercial purposes:

  • To fulfill or meet the reason for which the information is provided. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To provide you with information, products or services that you request from us.
  • To create, maintain, and secure your account, if any, with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with email alerts, correspondence, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • •To improve our website and present its contents to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To carry out or process employee benefits related matters or offerings.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without first updating this Privacy Notice to reflect those changes and, where required by law, obtaining your consent.

Disclosure Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose to the following categories of third parties:

Category Category Description Categories of Third Parties
A Identifiers Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
B California Customer Records personal information categories Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
C Protected classification characteristics under California or federal law Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
D Commercial information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
E Biometric Information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
F Internet or other similar network activity Our affiliates.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
G Gelocation Information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
H Sensory Data Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your
personal information in connection with products or services we provide to you.
I Professional or employment-related information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your
personal information in connection with products or services we provide to you.
J Non-Public Education Information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
K Inferences drawn from other personal information Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
L Sensitive Personal
Information 		Our affiliates or subsidiaries.
Service providers or contractors.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Our affiliates or subsidiaries.
  • Service providers or contractors.
  • Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, accounting, and insurance services.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

In addition to the CCPA, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by certain members of our company to third parties for the third parties’ direct marketing purposes. Consumers who have provided their personal information to us may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such request must be submitted to us by calling us at the toll-free number or reaching us by email at the email address set forth under “Exercise Right to Know or Right to Delete” below. Please mention in your call or email that you are making a "California Shine the Light" inquiry. Within 30 days of receiving such a request, we will provide a list of the categories of such personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.

Sale or Sharing of Personal Information

In the preceding twelve (12) months, we have not sold or shared personal information, and we have no actual knowledge of having sold personal information of minors under 16 years of age.

Your Rights and Choices

The CCPA provides natural persons who are California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Request to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information for a period of time set forth in such verifiable consumer request commencing from a date not earlier than January 1, 2022 through and including our receipt of your verifiable consumer request, subject to exceptions as permitted by applicable law. Specifically, you may submit a verifiable request for any or all of the following:

  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting selling, or sharing that personal information, if applicable.
  • The categories of third parties with whom we sold or disclosed for a business purpose that personal information.
  • The categories of third parties with whom we share that personal information.
  • The categories of personal information about you that we sold or disclosed for a business purpose The specific pieces of personal information we collected about you.

Request to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records and direct our service providers and contractors to delete your personal information from their records, unless an exception applies. We may deny your deletion request if maintaining your personal information is necessary for us or our service providers or contractors to:

1. Complete the transaction for which we collected the personal information, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

3. Debug products to identify and repair errors that impair existing intended functionality.

4. Exercise free speech, ensure the right of another consumer to exercise that consumer’s free speech rights, or exercise another right provided for by law.

5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Cal. Penal Code § 1546) of Title 12 of Part 2 of the Penal Code.

6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of information is likely to render impossible or seriously impair the research's achievement, if you previously provided informed consent.

7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

8. Comply with a legal obligation.

9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

The Site is not directed to children as the products and services on this Site are intended for persons 18 years of age and older. We do not knowingly collect, use or disclose any personally identifiable information from children. If you are concerned about your child’s use of the Site, you may use web-filtering technology to supervise or limit access to the Site.

Request to Correct

You have the right, subject to certain limitations, to request that we correct any inaccurate personal information we maintain about you. Once we receive and confirm your verifiable request, and as required by the CCPA, we will take appropriate steps to respond to your request.

Right to Limit Use or Disclosure of Sensitive Personal Information

Please note that we do not collect or process your sensitive personal information for the purpose of inferring characteristics about you. If we collect or process your sensitive personal information, we do so only for the purposes described in Section 7027 of the CCPA regulations.

Exercising Right to Know, Right to Delete, or Right to Correct

To exercise the right to know or right to delete described above, please submit a verifiable consumer request to us by either:

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. When you submit a request to know or delete, unless you have provided the authorized agent with a qualifying power of attorney, you must provide your authorized agent written permission (signed by you) to act on your behalf and verify the authorized agent’s identity with us. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request to know or delete twice within a 12-month period. In general, we will attempt to verify your request by asking that you provide identifying information that we already maintain about you, or through use of a third-party verification service. As part of this process, we will ask that you:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include.
    • Consumer Name
    • Consumer Address
    • Consumer Email Address
    • Company/Employer Name
    • Company/Employer Telephone Number
    • Proof of authorization by Consumer to act on Consumer’s behalf (if requestor is an authorized representative)
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to confirm receipt of requests to know, requests to correct, or requests to delete within 10 business days and to respond to such requests within 45 calendar days of the date of receipt. If we require more time (45 additional calendar days, or a total of 90 calendar days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover period contained in the request preceding our receipt of the verifiable consumer request, commencing from a date not earlier than January 1, 2022, subject to exceptions as permitted by applicable law. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For requests to know, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non -Discrimination

Unless otherwise permitted by the CCPA, we will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Changes to Our Privacy Notice

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated Privacy Notice on our website homepage and update the Privacy Notice’s last updated on date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

United States Privacy Policy

Heraeus’s United States Privacy Policy may be accessed at:

 https://www.heraeus.com/us/group/heraeus_group/privacy_policy.html

Contact Information

If you have any questions or comments about this Privacy Notice, our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact Heraeus at  vincent.magyar@heraeus.com or +1 215-944-9278 or, for California law purposes, at the contact options described above under Exercising Right to Know or Right to Delete. You may also write to Heraeus at: 770 Township Line Road, Suite 300, Yardley, Pennsylvania 19067.

This Privacy Notice was last updated on January 5, 2023.