Data Protection Policy
This Data Protection Policy is intended to provide assurance that any personal data which Momentive Specialty Chemicals Inc. ("the Company") receives is handled with appropriate care. The Company needs to hold and use information about its associates in connection with their employment. Some of this information is "personal data" and possibly "sensitive personal data", as these terms are defined in various laws governing the collection and processing of personal information. The Company also occasionally collects personal information about customers and suppliers for legitimate business purposes. The Company adheres to the Safe Harbour Privacy Principles issued by the U.S. Department of Commerce. As a company with business operations around the world, the Company’s subsidiaries are obliged to comply with the requirements of the local regulations governing the collection, processing and transfer of personal data and sensitive personal data. The corporate policy on data protection is a general policy and to the extent the laws in some jurisdictions may vary, the Company’s subsidiaries in such jurisdictions are expected to comply with local requirements. All of the Company’s associates and third party contractors working on the Company’s behalf must comply with this policy even if local law is less restrictive.
2. Data Protection Principles
The Company will strive to ensure that your personal data is:
collected only with your consent;
processed fairly and lawfully;
processed only for specific purposes;
adequate, relevant and not excessive;
accurate and kept up to date;
kept for no longer than is necessary;
kept in accordance with your rights;
and kept securely.
In essence, this means as a Company we aim to tell you what information we hold about you, why and for what purpose we hold it, from whom we have obtained it and to whom we will disclose it. We also aim to ensure that all your personal data is up to date and held securely and we will afford you the right to opt-out of providing data.
3. Purposes for Collection of Personal Data
As your employer, the Company will hold, use and otherwise process personal data relating to you for any purposes which reasonably arise out of and/or in connection with your employment, including without limitation, for the following purposes:
considering your suitability for employment;
administration of the payroll;
administration of incentive programs provision of employee benefits;
compliance with legal requirements;
effective management of the Company’s business;
in connection with disciplinary matters;
to establish your training and/or development requirements;
to establish a contact point in an emergency;
4. Sensitive Personal Data
Certain personal data is considered to be "Sensitive Personal Data." Sensitive Personal Data has been defined to include such things as, (i) your racial or ethnic origin; (ii) your political opinions; (iii) your religious or similar beliefs; (iv) your membership or otherwise in a trade union; (v) your physical or mental health or condition; (vi) your sexual life; (vii) your commission or alleged commission of any offence or (viii) proceedings relating to such offence. For the most part, the Company has no need for and doesn’t collect Sensitive Personal Data. However, data regarding your physical or mental health or condition is provided to our third party benefits providers (who are obligated to keep it confidential) for the purpose of administering our health plans or may be required to administer certain kinds of leave requests, etc. Information about associates’ membership in trade unions may be necessary for the Company’s performance of its obligations under trade union agreements. Data regarding racial or ethnic origin is typically only collected in connection with equal opportunity monitoring or affirmative action plans. Information regarding the alleged commission of a criminal offence may be required in connection with hiring and retention decisions. To the extent Sensitive Personal Data must be collected, we will handle it carefully and afford particular protection.
5. Obligations to Protect Personal Data
The Company’s obligation. Personal data and Sensitive Personal Data relating to you will be held by the Company both manually and on computer. Such data shall only be kept for as long as we deem necessary, in accordance with our Records Retention Policy. Personal data, particularly Sensitive Personal Data, is typically kept by the HR Department or by third party providers. Other members of staff will have access to your personal data only as required to fulfil the purposes specified above. The Company is required to ensure that all personal data and sensitive personal data which it holds is accurate and where necessary kept up to date. In order to enable us to comply with this obligation, we ask that you immediately notify your HR representative of any changes to the personal information you have provided, including any changes to your name, address, emergency contacts and bank details.
Associates’ Obligations. In the course of your duties, should you be required to process personal data which relates to other associates, you must comply with the data protection principles set out above and with any specific instructions given to you regarding such personal data. In particular, you must not, save in the proper performance of your duties, make use of, or communicate to any person (including any person working for or with the Company) or company, firm, business, or organisation any personal data or Sensitive Personal Data relating to any current or former applicant for employment, associate, former associate, agency workers, casual workers or contract workers. Breach of this requirement will be treated very seriously and, where appropriate, disciplinary action will be taken. You should also be aware that in certain circumstances by making an unauthorised disclosure of personal data you could be committing a criminal offence.
6. Disclosure of Personal Data
There are, of course, circumstances in which Personal Data must be disclosed. These are (i) When required by applicable law or regulatory requirements; or to comply with valid legal processes; (ii) To protect the rights and property of the Company; (iii) To the Company’s various subsidiaries and affiliates; or (iv) During emergency situations or where necessary to protect the safety of a person or group of persons. And, of course, personal data may be disclosed with your consent. Where Personal Data is provided to third parties, such as administrators of benefit plans, we will put in place arrangements with such providers requiring such providers to maintain similar safeguards.
7. Privacy Officer
The Company’s policy on data protection is designed to ensure that your personal data is protected. If you have any questions about this policy, would like information about your personal data which we hold or wish to update the data, please send a written request to the Privacy Officer:
Momentive Specialty Chemicals Inc
Attn: General Counsel
180 E. Broad Street
Columbus Ohio 43215
8. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Company’s Privacy Officer at the address given above. The Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between the Company and the complainant, the Company has agreed to participate in the Safe Harbor Privacy Dispute Resolution Procedures established by the Better Business Bureau.
Updated: April 10, 2006
Doc Ref: 480681v2