Tensar+ Global Privacy Policy

This global privacy policy applies to Tensar International Corporation and its affiliates and subsidiaries (individually and collectively referred to as “the Company,” “Tensar” “we,” “us” or “our”) and Tensar’s provision of, and your use of, Tensar+, our cloud-based design software. Tensar is the industry leader in geogrid products, systems, technologies and solutions. Our success is a result of, and depends on, our employees, customers, distributors, licensees, vendors and other business associates.  These relationships with our business associates are important to us, and we take seriously the protection of their personal information.  

When you use Tensar+, we collect and process information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual (“Personal Information”) as described in this Tensar+ Global Privacy Policy (“Policy”). This Policy applies to your use of Tensar+ under the Tensar+ Terms of Use which must be accepted by you prior to your use of our software.

 We are committed to the responsible use and protection of Personal Information. This Policy contains details about how we collect, use, maintain, and share with third parties Personal Information that we obtain from or about you, whether through use of our Tensar+, and your other related interactions with us, or otherwise as described in this Policy. 

Overview and Scope

We obtain Personal Information about you from you when you use Tensar+. If you are a California resident, please see “Your California Privacy Rights” at the end of this Policy for more information about your privacy rights under California law.  If you are a resident of the United Kingdom or the European Economic Area, please see "Your Europe Privacy Rights" towards the end of this Policy for more information about your privacy rights under applicable European laws.

Personal Information We Collect

We may collect the following types of Personal Information:

• Identifiers, such as name, title, employer, email address, physical address, telephone number, account number or name and password.
• Professional or employment-related information, such as your profession.
• Internet usage information, such as your IP addresses or cookie IDs. For more information, see “Cookies,” below.
• Commercial information, including products, technologies or services purchased, obtained or considered, order history, or other purchasing or consumer history.
• Audio, electronic, visual or similar information such as from cameras located on our premises or your attending online training, conferences or meetings, organized by us.
• Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences and to enhance your user experience.

We may also collect deidentified or aggregated information that does not identify you.

How We Collect Personal Information

We collect Personal Information about you in the following ways and from the following sources:

• From you directly. We will collect Personal Information that you provide by completing forms, applications, questionnaires, surveys, placing orders with us on behalf of customers, customer service or other information requests, conference attendance applications, or collected by other means such as email, meetings, in-person events, contests, and other interactions with us. We may also collect Personal Information provided voluntarily to us. This includes information provided at the time of registering to use Tensar+ or other Company software, subscribing to our newsletters or other services, or requesting further services or information. We may also ask you for your information when you report a problem with Tensar+ or any of our Websites or software or report another concern or issue to us.
• Through cookies. We may collect information about how you use Tensar+ or otherwise interact with us online automatically, such as IP address, information about your device, internet usage, browsing preferences, browser type, Website activity, and other technical information when you interact with us online. For more information, see “Cookies,” below.
  
  

How We Use Personal Information

We may use Personal Information for the following purposes:

• In connection with our products, technologies and services, such as to provide information regarding such items or to notify you of changes to our business.
• In connection with contractual obligations or transactions with us, such as to carry out a notification or other obligation arising from any contracts entered into between you and us, or to deliver on requested transactions with us.
• For our own internal business purposes, such as to evaluate or audit the usage, performance and other aspects of, or projects for the potential use of our products, systems technologies and services; to design new products, systems, technologies and services; to operate our software; for internal research and analytics; to evaluate the effectiveness of our advertising or marketing efforts; to evaluate and improve the quality of your interactions with us; to catalog your responses to surveys or questionnaires; or to maintain internal business records.
• For marketing, such as for contextual ad customization or to market our products, systems, technologies and services or those of our affiliates, business associates, or other third parties. We may use Personal Information we collect to send you newsletters, updates, surveys, questionnaires, promotions, contests, or information about events, or to invite or admit you to attend activities such as webinars or virtual events.

We may use deidentified or aggregated information for any legal purpose.

With Whom We Share Personal Information

We may share Personal Information with the categories of recipients described below:

• Affiliates. We may share Personal Information with our affiliates who directly or indirectly control, are controlled by, or under common control with us, which includes parents, subsidiaries and other company affiliates, their shareholders, and other business units.
• Business Associates. We may share information with our distributors, licensees or other business associates who are part of our business channel in providing (or seeking to provide) our products, systems, technologies or services to you, or with another company with whom we may partner for a particular event.
• Service providers. We may share information with service providers or subcontractors that help us with Tensar+ or other software, or perform business or administrative functions on our behalf, including completing a transaction you request or supporting our relationship with you, such as IT providers, training and communication providers, accountants, logistics providers, analytics companies, and marketing or advertising providers. Please see the paragraph entitled "Sub-Processors" below for more information.
• Law enforcement and other government agencies. We may share information with third parties like law enforcement or other government agencies and other authorities to comply with the law or legal requirements and to protect our and/or third party rights, property, safety or other legitimate interests.
• Parties to a corporate transaction. In the event that we enter into, or propose to enter into, a transaction that directly or indirectly alters the structure, ownership or control of any of our companies or businesses, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or securities, we may share Personal Information with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Information, but only in the manner set forth in this Policy, unless you agree otherwise.

Sub-Processors

(i) You consent to our appointment of the sub-processors listed in the Sub-Processing Schedule attached to this Policy to process the Personal Information under this Policy and as set out therein. You confirm we have prior written general authorization to amend the Sub-Processing Schedule in accordance herewith.

(ii) We confirm we have entered into, or will enter into as the case may be, written agreements with its sub-processors that are substantially similar to the terms set out in this Policy. As between us, we shall remain fully liable for all acts or omissions of any third-party sub-processor appointed by us pursuant to this Policy, 

(iii) Where we intend to amend the Sub-Processing Schedule, we will provide no less than thirty (30) days’ prior email notice of the appointment of any new sub-processor to you.

International Data Transfers

Where required by applicable laws, we agree to enter into the Standard Contractual Clauses or any equivalent agreement with you or another relevant entity or to provide other appropriate safeguards in order to legalize the transfer of Personal Information to a third country. Where we engage a sub-processor or transfer your Personal Information to another company in the Tensar group of companies, including Tensar’s parent company, Commercial Metals Company (“CMC”) and CMC’s subsidiaries and affiliates, and such engagement involves an international transfer of Personal Information, we shall take such measures as are necessary to ensure the transfer is in compliance with applicable laws.

Cookies

What are Cookies? A “cookie” is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. Some cookies exist only during a single browsing session and some are persistent over multiple browsing sessions. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (when it expires), and a randomly generated unique identifier. A cookie may also contain information about your computer, such as user settings, browsing history and activities conducted while using one of our Websites.

How We Use Cookies. We use Cookies to enhance your user experience with us and for other purposes as follows:

• Storing your preferences and settings. We may store settings that enable our websites to operate correctly or that maintain your preferences over time. For example, we save preferences, such as language and browser settings, so those do not have to be reset each time you return to one of our websites. We may also use cookies to power personalization of our websites.
• Sign-in and authentication. When you sign into your account on our websites, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within a particular Website without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the websites.
• Security. We use cookies to detect fraud and abuse of our websites and software.
• Interest-based advertising and communication. We use cookies to collect data about your online activity and identify your interests so that we can provide advertising or other communications that are most relevant to you. 
• Analytics. To improve your user experience on our websites, we use cookies to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a website page or to develop other statistics about the operations of our websites. This includes cookies from us and from third-party analytics providers.
• Performance. We use cookies for load balancing to ensure that our websites remain up and running.

Controlling cookies. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. For example, in most modern browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies. Instructions for blocking or deleting cookies in other browsers may be available in each browser's privacy or help documentation.

Certain features of our websites depend on cookies. Please be aware that if you choose to refuse or delete cookies, some of our website functionality may be impaired.  If you change computers, devices or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies.

Data Security

We maintain organizational, technical and administrative measures designed to protect Personal Information within our Company against unauthorized access, destruction, loss, alteration or misuse, consistent with applicable regulatory requirements and applicable published security standards. 

 However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Information, we cannot guarantee absolute security. If you have reason to believe that your Personal Information is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately as set out in the Contact Details section. 

Children's Privacy

We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly collect from or sell any information (including Personal Information) about children under 16 years of age.  Our products, systems, technologies and services are intended for individuals over 16 years of age. They are not directed at, marketed to, or intended for, children under 16 years of age. We may occasionally sponsor contests involving participation by children, for example, to submit a drawing depicting the use of our products with an award for the most creative illustration; in this situation we would request permission from a parent of the child or other adult caregiver to use any such material and to collect on a voluntary basis any minimum required Personal Information. If you believe that we have without prior authorization or otherwise inadvertently collected Personal Information from a child under the age of 16, please contact us as set out in the Contact Details section, and we will take immediate steps to delete the Personal Information.

External Links

Tensar+ may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements. We are not responsible for the privacy practices and data collection policies for such third-party services. You should consult the privacy policies of those third-party services for details.

Your Rights

We may use your Personal Information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish for us to do so.

Acceptance of This Privacy Policy

By using Tensar+ or any of our software you signify your acceptance of this Policy and any related terms of use and/or policy legal statements published on such Websites. If you do not agree to any of these, please do not use the software.

Contact Details

If you feel that the security of your Personal Information has been compromised, please contact us immediately at (855) 237-8950 (Western Hemisphere) or +44 01254 262431 (Eastern Hemisphere) or databreach@tensarcorp.com (global)

If you have questions regarding this Policy or our privacy practices in general, or if you are having trouble viewing or accessing this Policy and need it made available to you in an alternative format, please contact us at:

Western Hemisphere
Email: privacy@tensarcorp.com
Phone: (855) 237-8950
Mail: Tensar Corporation
2500 Northwinds Parkway, Suite 500
Alpharetta, GA 30009
Attn: VP Marketing

Eastern Hemisphere
Email: info@tensar-international.com
Phone: +44 01254 262431
Mail: Tensar International Limited
Units 2-4 Cunningham Court
Shadsworth Business Park
Blackburn BB1 2QX
Attn: Data Protection Co-ordinator

We may update this Policy from time to time. The current Policy will be effective when posted. Please check this Policy periodically for updates. If any of the changes that we may make are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy by posting an update on our websites.

Your California Privacy Rights

This section applies to California residents whose Personal Information is subject to the California Consumer Privacy Act of 2018 (“CCPA”).  If you are not a California resident, the rights described in this section do not apply to you.  

 Please note that the CCPA defines the term “sale” very broadly and includes the disclosure of Personal Information to third parties for which we receive “valuable consideration” (i.e., a benefit other than money), a definition that is much broader than the ordinary understanding of the term “sale.” In the preceding 12 months, we have not disclosed Personal Information to any third parties in exchange for money; however, we have disclosed Personal Information to third parties such as distributors, licensees and other business associates who may use such Personal Information to market their products and services. It is possible that this could be considered a “sale” for “other valuable consideration” under the CCPA.

 Summary of Personal Information Collected, Used, Sold or Shared

 Below is a summary of the categories of Personal Information we have shared for a business purpose or sold (as defined by the CCPA) in the previous 12 months and the categories of third parties with whom we have shared or sold such Personal Information.  Information about the categories of Personal Information we have collected from or about consumers in the previous 12 months, sources from which we collect Personal Information and the purposes for which we collect, use, share and sell Personal Information are described above in “Personal Information We Collect,” “How We Collect Personal Information” and “How We Use Personal Information,” respectively. 

Your Rights under the CCPA

Subject to certain legal limitations and applicable exceptions, California residents may exercise the following rights. 

• Right to Know.  You have the right to request that we disclose to you the categories of Personal Information we have collected about you in the preceding 12 months, the categories of sources from which we collected the Personal Information, the purposes for collecting the Personal Information, and the categories of third parties with whom we have shared or sold your Personal Information.  You may also request information about the specific pieces of Personal Information we have collected about you.  
• Right to Delete.  You have the right to request that we delete your Personal Information that we have collected from you. 
• Right to Opt Out. You have the right to opt out of the sale of your Personal Information.  

How to Exercise Your Rights

 If you have questions about our privacy policies or practices or would like to exercise your rights under the CCPA, you may contact us by either: 

• emailing us at privacy@tensarcorp.com; 
• calling us at (855) 237-8950; or  
• for requests to opt out, visiting our “Do Not Sell My Personal Information (California)” website, here. 
• writing us at:

 Tensar Corporation
2500 Northwinds Parkway, Suite 500
Alpharetta, Georgia 30009
Attn: General Counsel 

 You may also designate an authorized agent to exercise these rights on your behalf by following the process described in “Authorized Agents,” below.

 You may request access to your Personal Information twice in any 12-month period, measured from the date we receive your first request.  If you submit a request to obtain your Personal Information more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.

 In accordance with applicable law, you have the right not to receive discriminatory treatment from us as a result of your exercising these rights.

Verification 

 In order for you to exercise your CCPA rights, we will need to obtain information to locate you in our records, verify that you are a California resident and to verify your identity.  For a report of the specific Personal Information we have processed about you, you must provide us with three of the following in order that we may verify your identity:

• full name;
• email address;
• residential or business address; or
• mobile, residential or business telephone number.

You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.  For a report of the categories of Personal Information we have processed about you, or for a request to delete your Personal Information or opt out of the sale of your Personal Information, you must provide us with two of the above-referenced pieces of personal information in order that we may verify your identity (example, full name and email address).  

To the extent reasonably possible, we will use our existing account authentication practices to verify your identity. Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.  If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth in this section.

Authorized Agents

You may use an authorized agent to exercise your CCPA rights on your behalf. Authorized agents may demonstrate that the agent has authority to exercise rights on the requesting California resident’s behalf by writing our Head of Information Technology at the street address identified above or by emailing us at the email address identified above. At a minimum, we will require evidence of the agent’s identity via driver’s license or passport page, and at least one of the following documents evidencing proof of your legal authority to act on behalf of the individual who is the subject of the request:

• Written authorization signed by the California resident;
• Certified copy of a Power of Attorney granted under the California Probate Code; or
• With respect to requests made on behalf of a minor, written evidence of parental responsibility.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Information about another individual, you represent that your interactions and exchanges comply with applicable data privacy laws. You shall have sole responsibility for any violation of applicable laws as a result of a failure to obtain any necessary consent from such individual.

Timing

We will respond to Requests to Delete and Requests to Know within 45 calendar days, unless we need more time, in which case we will notify you and may take up to 90 calendar days total to respond to your request.  We will process a Request to Opt Out within 15 business days.

California Shine the Light Law

California residents may opt out of our sharing your Personal Information with third parties for the third parties’ direct marketing purposes. Please contact us at privacy@tensarcorp.com if you would like to do so.

Your Europe Privacy Rights

This section applies to individuals located in the EEA, the UK or in Switzerland and outlines additional information about your rights and choices regarding our processing of your Personal Information under the GDPR or equivalent laws in Switzerland and the UK.  

A. Legal basis

We collect and process personal data about you only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal data as follows:

• With your consent: Where appropriate or legally required, we collect and use personal data about you subject to your consent (e.g., where legally required for direct marketing activities).
• Performance or contract: We collect and use personal data about you to contract with you or to perform a contract that you have with us.
• To protect our legitimate interests: We process personal data for our legitimate interests such as to improve our website or software; deliver content; optimize your experience; market our Services; provide appropriate security; and to protect you from data breaches.
• Where necessary for compliance with laws: We may process personal data about you: (1) as required by law, such as to comply with a subpoena or similar legal process; (2) when we believe in good faith that disclosure is necessary to protect our rights or property, to protect your health and safety or the health and safety of others; (3) to investigate fraud or respond to a government request; or (4) if we are involved in a merger, acquisition, or sale of all or a portion of our assets.

B. Data Subject Rights

You have certain rights related to the Personal Information we hold about you. Some of these rights may be subject to limitations and qualifications including (1) where fulfilling your request would adversely affect other individuals, company trade secrets or intellectual property; (2) where there are overriding public interest reasons; or (3) where we are required by law to retain your personal data.

• Right of Access: You have the right to access personal data held by us.
• Right to Rectification: You have the right to rectify personal data that is inaccurate or incomplete.
• Right to Data Portability: You have the right to request a copy of certain personal data we hold about you in a structured, machine-readable format, and to ask us to share this information with another entity.
• Right to Erasure: You have the right to have personal data deleted where: (1) you believe that it is no longer necessary for us to hold your personal data; (2) we are processing your personal data based on legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; (3) you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; or (4) where you believe the personal data we hold about you is being unlawfully processed by us.
• Right to Restrict Processing: You have the right to ask us to restrict (stop any active) processing of your personal data where: (1) you believe the personal data we hold about you is inaccurate and while we verify accuracy; (2) we want to erase your personal data as the processing is unlawful, but you want us to continue to store it; (3) we no longer need your personal data for our processing, but you require us to retain the data for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
• Right to Object: You can object to our processing of your personal data based on our legitimate interests. We will no longer process your personal data unless we can demonstrate an overriding legitimate purpose.
• Objection to Direct Marketing, Automated Decision Making, and Profiling: You have the right to object to our processing of personal data for direct marketing communications, and profiling related to direct marketing. We will stop processing the personal data for that purpose. 
• Automated Profiling: In the event that we conduct automated decision making that has a legal or other significant impact we will tell you about this and you have the right to challenge such decisions and request that it is reviewed by a human.
• Withdrawal of Consent: Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us as set out in the Contact Details section.

C. Updating Your Details

If you would like to update the details that we hold about you or to change any of your preferences relating to the way in which we may use your information for direct marketing, then please contact us as set out in the Contact Details section.

D. Data Retention

We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. If your information is no longer required, we will ensure it is disposed of or deleted in a secure manner.

For further information about how long we store your personal data, please contact us as set out in the Contact Details section.

Exercising Your Rights

If you would like to exercise the rights set forth above, please contact us as set out in the Contact Details section. Before we respond to requests for personal data, we will require that you verify your identity or the identity of any data subject for whom you are requesting personal data. 

We will fulfil your request within one month of receipt unless an exception applies. If you have concerns unresolved by us, you may also address any grievance directly with the relevant Supervisory Authority or the ICO for UK-based individuals.

We will fulfil your request within one month of receipt unless an exception applies. If you have concerns unresolved by us, you may also address any grievance directly with the relevant Supervisory Authority or the ICO for UK-based individuals.

If you are dissatisfied with our handling of any complaint you also have the right to raise concerns with The UK Information Commissioner:  https://ico.org.uk or one of the EU regulatory bodies for data protection. Our largest office within the EU is Tensar International GmbH at Brühler Str. 7, 53119, Bonn (T. +49 (0) 228 91392-0).

Tensar+ Sub-Processing Schedule

Tensar+ Global Privacy Policy – Tensar WH & EH
Effective Date: July 13, 2022
Version Number: 1