Website and Mobile Privacy Notice
Rebuilders International, LLC and its subsidiaries and affiliates (collectively, “Rebuilders”) are responsible for this website, including its mobile versions. Except as described below, this notice describes our practices related to personal information we collect through Rebuilders websites and mobile versions. By using this website voluntarily, you consent to the practices described in this statement. In situations where your express consent is required, the particular website will provide you with an opportunity to provide or withhold your consent.
Does this Notice apply to all Rebuilders websites?
This Privacy Notice applies to visitors of Rebuilders websites that link to this Privacy Notice. Individual websites for Rebuilders entities, services and products may adopt different privacy notices because the transactions taking place on those websites may be different. If a Rebuilders website has its own privacy notice, the provisions of that notice apply to that website.
Rebuilders encourages you to review the privacy statements of websites you choose to link to from Rebuilders so that you can understand how those sites collect, use and share your information. Rebuilders is not responsible for the privacy statements or other content on sites apart from this website or any other Rebuilders websites.
For Personal Information collected in the European Union (“EU”), this policy is intended to address compliance with the EU’s General Data Protection Regulation (“GDPR”), effective May 25, 2018.
For individuals in the United States:
- In accordance with the law of the State of California, U.S.A., California residents may request and obtain information (if any) that Rebuilders shared within the prior calendar year with other businesses for direct marketing use (as defined by California’s “Shine the Light Law”), using the contact information provided in the policy.
- In accordance with Connecticut, U.S.A. law, Rebuilders protects the confidentiality of, prohibits unlawful disclosure of, and limits access to Social Security numbers (“SSNs”). Rebuilders does not collect SSNs through this website. Rebuilders does, however, collect Social Security Numbers where required by law, such as tax and payroll purposes for its employees. When Rebuilders collects and/or uses Social Security Numbers, Rebuilders will take proper care by protecting confidentiality, limiting collection, ensuring access on a need-to-know basis, implementing appropriate technical safeguards, and ensuring proper disposal.
- Rebuilders complies with the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) to the extent that it is a “covered entity,” as defined below. HIPAA applies only to Rebuilders entities operating in the United States. Questions regarding Rebuilder’s compliance with HIPAA should be directed to the company’s Human Resources organization.
For individuals in Canada:
- Rebuilders is committed to compliance with Canada’s Anti-Spam Legislation (CASL) and the CAN-SPAM Act. If you visit any site that solicits your personal information, we will not use this information to send you commercial electronic messages without your express or implied consent. If you have an existing business or non-business relationship with us or if you voluntarily provide your electronic contact information without indicating that you don’t want to receive communications, we will infer that you have consented to such communications. You may contact us to opt-out at a later time.
What personal information does Rebuilders collect on its websites?
Rebuilders collects personally identifiable information, such as your e-mail address, name, home or work address or telephone number. Rebuilders also collects anonymous demographic information, which is not unique to you, such as your postal code, age, gender, preferences, interests and favorites. Rebuilders does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your prior explicit consent.
The collection of any personal information will be transparent to you – you will be asked for it and will have the opportunity to decide whether or not to provide it. If you choose not to provide any of the information requested, Rebuilders may be unable to complete the transaction you have requested.
There is also information about your computer hardware and software that is automatically collected by Rebuilders. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by Rebuilders for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of our websites.
Please keep in mind that if you directly disclose personally identifiable information or other sensitive data through Rebuilders public message boards, this information may be viewed and used by others. Note: Rebuilders does not read any of your private online communications.
How does Rebuilders use the personal information it collects?
Rebuilders collects and uses your personal information to operate the Rebuilders website and deliver the services you have requested. Any personal information collected will only be used to:
- conduct basic business operations, such as communicate with customers and business planning, including updating your contact information to ensure it is accurate and current;
- provide the information, item, or service you have requested;
- communicate with you about products, services and events relating to Rebuilders, and inform you of other products or services available from Rebuilders and its affiliates;
- contact you directly on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party;
- share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Rebuilders, and they are required to maintain the confidentiality of your information;
- contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered;
- track the websites and pages our customers visit within Rebuilders, in order to determine what Rebuilders services are the most popular. This data is used to deliver customized content and advertising within Rebuilders to customers whose behavior indicates that they are interested in a particular subject area;
- improve our products, services and websites;
- verify your identity to ensure security for one of the other purposes listed here;
- respond to a legitimate legal request from law enforcement authorities or other government regulators;
- investigate suspected or actual illegal activity;
- support the sale or transfer of all or a portion of our business or assets; and/or
- conduct investigations to ensure compliance with, and comply with, legal obligations.
Except where used in support of a contract with you or to fulfill a legal obligation, our use of your personal information will be only for legitimate business interests as set forth above.
Rebuilders websites use “cookies” to help you personalize your online experience. This website may also use web beacons.
Cookies are small text files sent to and stored on users’ computers that allow websites to recognize repeat users, facilitate users’ access to websites and allow websites to compile aggregate data that will allow content improvements. Cookies do not damage users’ computers or files. A web beacon is usually a pixel on a website that can be used to track whether a user has visited a particular website to deliver targeted advertising.
The primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the website that you have returned to a specific page. For example, if you personalize Rebuilders pages, or register with Rebuilders site or services, a cookie helps Rebuilders to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Rebuilders site, the information you previously provided can be retrieved, so you can more easily, accurately, and swiftly use the Rebuilders features that you customized.
For information about cookies and other tracking technologies, click here.
How does Rebuilders protect information it collects?
Rebuilders secures your personal information from unauthorized access, use, or disclosure by storing it on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number, bank account information, etc.) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Where does Rebuilders store your information?
Rebuilders is a global company with locations in many different countries. Accordingly, we may transfer your information from one legal entity to another or from one country to another in order to accomplish the purposes listed above. These countries include, at a minimum, the United States, the many of the member states of the European Union, Canada and other countries, including some in Asia.
We will transfer your personal information consistent with applicable legal requirements and only to the extent necessary for the purposes set forth above. Rebuilders relies on available legal mechanisms to enable the legal transfer of personal information across borders. To the extent that Rebuilders relies on the standard contractual clauses (also called the model clauses) to authorize transfer, Rebuilders will comply with those requirements, including where there may be a conflict between those requirements and this Notice.
Your personal information may also be maintained and processed by our service providers in countries other than the one in which it was collected, such as the United States, member states of the European Union, Canada and other jurisdictions.
Does Rebuilders share the information it collects with third parties?
Rebuilders may share your Personal Information with our subsidiaries and affiliated companies.
Rebuilders will not sell or otherwise share your personal information outside the Rebuilders group of companies, except to:
- service providers Rebuilders has retained to perform services on our behalf. Rebuilders will only share your personal information with service providers whom Rebuilders has contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements;
- comply with legal obligations, including but not limited to in response to a legitimate legal request from law enforcement authorities, courts or other government regulators;
- investigate suspected or actual illegal activity, as part of an internal investigation of a suspected or actual violation of company policy, or for audit purposes;
- prevent physical harm or financial loss; or
- support the sale or transfer of all or a portion of our business or assets.
How long does Rebuilders retain personal information?
Rebuilders will retain personal information only for as long as needed to comply with its contractual and legal obligations. If the personal information is not subject to contractual or legal obligations, Rebuilders will retain the data for as long as is required for the original purpose for which it was collected.
What should you understand about the third-party links that may appear on this website?
In some instances, Rebuilders may provide links to non-Rebuilders controlled websites, which Rebuilders will make reasonable efforts to identify as such. Rebuilders does not control such third-party websites, however, and cannot be responsible for the content or the privacy practices employed by other websites.
What additional information should specific users know?
- Parents, Guardians and Children:This website is intended for visitors who are at least 18 years of age and the age of majority in their jurisdiction of residence. Rebuilders does not knowingly solicit information from, or market products or services to, children. If you do not meet the age requirements set out above, please do not enter your personal information on this or any other Rebuilders website.
- Users from the European Union:You have the right to lodge a complaint with your national or state data protection authority, which may also be known as a supervisory authority. You also have the right to request access to and correction or erasure of your personal information, seek restrictions on or object to the processing of certain personal information, and seek data portability under certain circumstances. To contact Rebuilders about a request to access, correct, erase, object or seek restrictions or portability, please use the contact methods indicated at the end of this notice.
How might Rebuilders change this policy?
As Rebuilders expands and improves this website, we may need to update this policy. This policy may be modified from time to time without prior notice. We encourage you to review this policy on a regular basis for any changes. Substantive changes will be identified at the top of the policy.
How can you contact Rebuilders?
Rebuilders welcomes your comments regarding this Notice. If you believe that Rebuilders has not adhered to this Notice, please contact us and we will use commercially reasonable efforts to promptly determine and remedy the problem.
If you have any comments or questions or if there are other things we can do to maximize the value of this website to you, please email us.
If you wish to access, correct or update your personal information, or if you have questions about Rebuilder’s privacy practices in general, please email us at [email protected].
You can also contact us:
Rebuilders International, LLC
654 Columbine Ct.
Louisville, CO 80027 USA
Policy Regarding the Protection of Personal Information
EFFECTIVE: May 21, 2018
1.0 PURPOSE OF THIS POLICY
1.1 Rebuilders International, LLC (“the Company”) will follow the principles in this Policy regarding the collection, use, storage, transfer, and destruction of “Personal Information” by the Company or its agents (as defined below). The Company will adhere to legal and contractual requirements for protecting Personal Information.
2.0 SCOPE OF THIS POLICY
2.1 This Policy applies to Rebuilders as well as all of its operating companies, employees, agents and contractors working on its behalf worldwide. The Company will extend this Policy to third parties that access and/or process Personal Information on its behalf.
2.2 For Personal Information collected in the European Union (“EU), this Policy is intended to address compliance with the EU’s General Data Protection Regulation (“GDPR”), effective May 25, 2018.
2.3 In accordance with the law of the State of California, U.S.A., California residents may request and obtain information (if any) that the Company shared within the prior calendar year with other businesses for direct marketing use (as defined by California’s “Shine the Light Law”), using the contact information provided in this Policy.
2.4 In accordance with Connecticut, U.S.A. law, Rebuilders protects the confidentiality of, prohibits unlawful disclosure of, and limits access to Social Security numbers (“SSNs”). The Company does not intentionally communicate SSNs to the general public, print SSNs on any document required for an individual to access products or services, require an individual to transmit SSNs over an unencrypted electronic connection, or require an individual to use SSNs to access a Rebuilders Internet or Intranet web site unless a password or other unique identifier is also required.
3.0. TERMS USED IN THIS POLICY
3.1 “Agent” means any third party that controls or processes Personal Information to perform tasks on behalf of and under the instructions of Rebuilders .
3.2 “Data Breach(es)” is any set of circumstances that involves actual or a reasonable possibility of unauthorized access to or possession of, or the loss or destruction of Personal Information. The circumstances contributing to a breach may be unintentional or accidental and the access, loss, or destruction may be confirmed or only suspected. Personal Information can be lost or destroyed in many ways, such as by stolen computer hardware (e.g., laptops), physical destruction or compromise due to natural disaster or accidents (e.g., flood of an office, destroying the only copy of certain records); and inability to access the only copy of data on a server if there is no anticipated resolution or the inability to access lasts for more than a week. Data Breaches can include unauthorized access, possession or denial of service at a third party.
3.3 “Personal Information” means information relating to an identified or identifiable natural person, regardless of the medium in which the information is collected, processed, or transferred. The term includes Sensitive Personal Information. The term includes information about a Rebuilders director, employee, contractor, contract laborer, customer, supplier, or other third party. Anonymous, pseudonymized, or aggregate information used for statistical, historic, and scientific or other purposes is excluded. The term includes information collected, processed, and/or transferred in any format, including but not limited to hard copy, electronic, video recording, and audio recording.
3.4 “Sensitive Personal Information” is a subset of Personal Information and means information relating to an identified or identifiable person that involves racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health; sexual preference; sex life; or the commission or alleged commission of any crime.
4.0 REBUILDER’S PRIVACY COMMITMENTS
4.1. Compliance with Laws and Regulations: Rebuilders complies with laws and regulations applicable to its operating units worldwide that relate to the protection of Personal Information. Local laws, regulations, and other pertinent restrictions will apply to the extent of any conflicts with this Policy. The GDPR shall govern in the event of any conflict with this Policy.
4.2 Collection, Use, and Retention of Personal Information:
4.2.1 Rebuilders collects, uses, and retains Personal Information only as necessary and appropriate for legitimate business and legal purposes, ensuring that the collection, processing, and transfer of Personal Information are adequate, relevant, and not excessive in relation to the purpose or purposes for which the information is processed.
4.2.2 Collection and uses by the Company of the Personal Information of directors, employees and third parties include the collection and use of Personal Information described in detail in Exhibit 1. In some cases, such as with human resources data, the data are necessary in order for Rebuilders to manage employment relationships and contractual agreements regarding pay and benefits.
4.2.3 The Company does not keep Personal Information for longer than needed for the purpose(s) for which it was collected, unless otherwise required by law or with the data subject’s consent;
4.3.1 When Rebuilders collects Personal Information directly from individuals, it informs them about the purposes for which it collects and uses Personal Information about them, the types of agents to which the Company discloses that information, and the choices and means it offers for limiting its use and disclosure. The Company identifies the purposes for which it is collecting Personal Information and does not process the Personal Information for any incompatible purpose(s) unless supported by consent of the individual data subject, a legal obligation, a threat of physical harm, or another legitimate interest recognized by law.
4.3.2 Notice is provided in clear and conspicuous language when individuals are first asked to provide such information to Rebuilders, or as soon as practicable thereafter, and in any event before the Company uses the information for a purpose other than that for which it was originally collected. Privacy notices shall be accessible to data subjects and posted online, whenever practicable;
4.3.3 Rebuilders provides appropriate notices regarding individuals’ rights of access, correction, and updating. The Company ensures that an individual is given the chance to discuss the results of any automated decision-making (such as employee background checks) before any negative action is taken based on that decision-making;
- The Personal Information that is collected;
- The purpose(s) for which that Personal Information is collected;
- The ways that Rebuilders uses Personal Information;
- Use of “cookies” or other tracking devices by external-facing websites and, if used, how to reconfigure the browser to decline the cookies;
- Third parties with whom Rebuilders shares the information;
- The choices provided to individuals, the means for limiting collection, use, and disclosure of Personal Information, and the consequences of those choices; and
- How to contact Gerber with questions or complaints about privacy matters concerning the website or to correct/update Personal Information already provided.
4.3.5 Each privacy notice is reviewed by the system owner at least once every three years to ensure that it is current and accurate. Where required by law, Rebuilders ensures that Sensitive Personal Information is collected online only with an individual’s explicit consent, via a meaningful opt-in approach, and is appropriately protected against improper use.
4.4.1 Depending on the location in which the data subject lives, local laws may require that the data subject give specific consent for the collection, use and disclosure of Personal Information for some of the purposes described in Exhibit 1. Individuals who opt-in are notified of the process to follow in exercising this choice.
4.4.2 Where required, Rebuilders asks for consent by appropriate and permitted means. The Company offers individuals the opportunity to opt-out of providing Personal Information if it is to be (1) disclosed to an Agent, or (2) used for a purpose other than the purpose for which it was originally collected or subsequently authorized. It may occasionally inform individuals of offers available from selected non-agent third parties. For Sensitive Personal Information, it gives individuals the opportunity to affirmatively and explicitly opt-in prior to (1) disclosing the information to a non-agent third party, or (2) using the information for a purpose other than the purpose for which it was originally collected or subsequently authorized. The Company offers appropriate opportunities to opt-out when using Personal Information for direct marketing;
4.5 Access & Correction:
4.5.1 Rebuilders takes reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.
4.5.2 As described in Exhibit 2, Rebuilders grants individuals reasonable access to their Personal Information. In addition, the Company takes reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. In addition, the data subject has the right to object to the data processing as well as the right to data portability. If explicit consent has been provided for the processing of data, then the data subject has the right to withdraw that consent at any time.
4.6 Data Security:
4.6.1 Rebuilders takes reasonable precautions to protect Personal Information in its possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. The Company’s computer networks and systems, including Internet and Intranet-based applications, are designed to protect Personal Information from unauthorized access, loss, disclosure, or use. Personal Information is made available within the Company only to those persons who possess a business need-to-know.
4.6.2 Rebuilders maintains systems and procedures to assure the security and integrity of Personal Information, whether provided by employees, generated by the Company and its operating companies, or otherwise provided by agents or third parties. These measures include reasonable restrictions upon physical access to hard copy records containing Personal information and the storage of such records in locked facilities, storage areas, or containers.
4.6.3 The security program identifies and assesses reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any records containing Personal information, and evaluates and improves, where necessary, the effectiveness of the current safeguards for limiting such risks. The program includes:
- Ongoing employee (including temporary and contract employee) training;
- Means of ensuring employee compliance with security program policies and procedures;
- Means for detecting and preventing security program failures;
- Security policies for employees relating to the storage, access and transportation of records containing Personal information outside of business systems or premises;
- Disciplinary measures for violations of security program rules;
- Means of preventing terminated employees from accessing records;
- Regular monitoring to ensure that the security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Personal information, and upgrading information safeguards as necessary to limit risks;
- Annual reviews of the scope of security rules and more often when there is a material change in business practices that may reasonably implicate the security or integrity of Personal information;
- Documentation of responsive actions taken in connection with any incident involving a breach of security, and mandatory post-incident review of events and actions taken, if any, to make changes in business practices relating to protection of Personal information; and
- Procedures for sanitization and destruction of storage or other media removed from service, prior to disposal.
4.6.4 Rebuilders periodically reevaluates these measures to ensure they remain current, reasonable, and appropriate.
4.6.5 Rebuilders does not transfer Personal Information from one country to another or from one legal entity to another unless properly supported by law and under appropriate security measures for the data while in transit and in storage;
4.6.6 Rebuilders ensures that handling of employees’ and third parties’ Personal Information is consistent with the relevant Privacy Notice for the information in question, subject to local supplement or amendment to ensure compliance with local law.
4.6.7 Rebuilders takes proper care of personal government-issued identification numbers by protecting the confidentiality, limiting collection, ensuring access on a need-to-know basis, implementing appropriate safeguards, including but not limited to encryption, and ensuring proper disposal in accordance with Rebuilder’s document and data retention policies and practices;
4.7 Data Breaches:
4.7.1 Rebuilders maintains and implements a Data Breach response plan to respond to and remediate any actual data breaches, and discloses breaches involving Personal Information, as appropriate and as legally required.
4.8 Transfers of Personal Information To Third Parties:
4.8.1 Personal Information is used by and shared among Rebuilders entities, agents (e.g., IT and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation, or court order. Rebuilders shares Personal Information with companies Rebuilders acquires and transfers and to effect the divestiture of companies Rebuilders divests.
4.8.3 Rebuilders and its operating units execute and maintain the model clauses (also called the standard contractual clauses) adopted by the European Commission as an authorization for the transfer of Personal Information from the EEA to the U.S. Rebuilders and its operating units comply with the requirements of the model clauses for intra-company transfers.
4.8.4 Where Rebuilders has knowledge that a transferee is using or disclosing Personal Information in a manner contrary to this Policy, Rebuilders takes reasonable steps to prevent or stop the use or disclosure, up to and including termination of our contractual or other business relationship with the agent.
4.9 Privacy Risk Assessment:
4.9.1 Rebuilders maintains an effective privacy risk assessment process to evaluate Company-wide risks and to develop appropriate mitigation plans. The Privacy Risk Assessment process reviews Rebuilders overall collection, processing (including storage and destruction), and transfer of Personal Information and is updated as needed.
4.9.2 Whenever Rebuilders or an operating unit seeks to implement a new or modified system, or use a new or modify the use of a third party to collect, process, or transfer Personal Information, a written Privacy Impact Assessment is completed before adoption of the new or modified process or new or modified use of the third party. A Privacy Impact Assessment must be completed only for systems or service providers that collect, process, or transfer Personal Information and for the launch of a new system or service provider or substantial modification of a system or use of the service provider involving Personal Information.
4.10 Governance & Training:
4.10.1 Rebuilders ensures that individuals who in any material way are involved in the collection, use, and storage of Personal Information, including designing, modifying, or managing automated systems, are trained to identify privacy concerns, to receive privacy complaints, and to forward both to the appropriate resources for review and resolution. Rebuilders privacy compliance governance is exercised as described in Exhibit 3.
4.10.2Rebuilders ensures that all professional staff and employees who handle Personal Information as an integral part of their responsibilities receive periodic training on data privacy and security.
4.10.3Education and training are provided to all employees on the proper use of the computer security systems and the importance of information security, e.g., limiting collection and storage of unneeded information; use of encryption; restricting access to drives, folders, and files; recognizing risks to information security posed by file sharing programs.
4.10.4 Rebuilders has a strategic communications plan to raise awareness and educate employees and third parties, as appropriate, regarding data privacy and security.
4.10.6Rebuilders enforces this Policy and any implementing procedures. Failure to adhere to this Policy or its implementing procedures may lead to disciplinary action for employees, up to and including dismissal, and termination of its contractual relationship with Rebuilders for third parties.
5.0 QUESTIONS & DISPUTES
5.1 Questions or concerns from persons regarding a particular website or system should be addressed to the contact listed in the privacy notice provided on that website or system.
5.2 Requests for access or correction from employees should be addressed to their local Human Resources representative, in accordance with Exhibit 2.
5.3 Complaints or questions regarding compliance with this Policy should be directed to:
- By mail:
Rebuilders International, LLC
654 Columbine Ct.
Louisville, CO 80027
- Telephone: +1.860.870-2804
- Via email to [email protected]
- Information requested under the California “Shine the Light” law should be requested via email to [email protected]with “California Shine the Light Privacy Request” in the subject line as well as in the body of the message.
6.0 CHANGES TO THIS POLICY
- Rebuilders amends this Policy as needed to conform to changes in pertinent laws or regulations. Appropriate notice of amendments is provided.
Exhibit 1 – Types of Personal Information We Collect & Use
The types of Personal Information Rebuilders collects and shares depend on the nature of the individual’s relationship with Rebuilders (e.g., officer, employee, applicant for employment, website visitor, customer, supplier, other third party) and the provisions/restrictions of applicable laws. Examples of this information and its uses include:
- Management and employee communications and notices;
- Maintenance of employee biographies, curriculum vitae, and similar information;
- Emergency contacts;
- Global enterprise headcount and demographics;
- Career development, performance feedback, and progression;
- Succession planning;
- Compensation and benefits;
- Establishment and administration of employee benefits and benefit plans;
- Rewards and recognition;
- Travel and expense reimbursement, including travel and/or credit card administration;
- Tax reporting and withholdings;
- Payroll administration, including deductions, contributions, etc.;
- Enterprise Resource Planning (ERP) systems;
- Planning and provision of health services, including drug screening, processing of workers’ compensation or similar health and safety programs;
- Personal security, including access controls and security for computer and other systems;
- Reporting and statistical analyses;
- Personnel transactions, including tenure with the Company, hire/start date of employment, termination date, and other transaction dates such as promotion, salary increase, etc.;
- Legal and regulatory reporting and other requirements, including right-to-work screening, workplace environment, health and safety reporting, and administration;
- Visas, licenses and other right-to- work authorizations;
- Management of litigation and related discovery/e-discovery issues;
- Import, export, and other trade compliance controls, including automated information technology controls;
- Sanctions screening, including screening of the U.S. Entity List, Specially Designated Nationals and Blocked Persons List, Denied Persons List, and the Unverified List, and similar lists maintained by the U.S. and other countries;
- Internal and external investigations, including management reviews and audits of the status of Rebuilders compliance with laws and regulations in all the places in which we do business; audits and reviews of the status of employee’s compliance with laws, Rebuilders Code of Ethics and Business Conduct and Company policies; online and telephonic contacts with Rebuilders reporting hotline;
- Internet, intranet, e-mail, social media, and other electronic screening;
- Law enforcement and other government inquiries;
- Business planning, including prosecution of mergers, acquisitions, and divestitures, including acquisition of Personal Information from an acquired company and transfers of Personal Information to a divested company;
- Identification of persons via photographs or other likenesses, including facial recognition;
- Location tracking, duration, and other telematics of certain Rebuilders assets;
- Time collection and allocation;
- Data mining for internal Company management purposes;
- Data supplied to vendors providing benefits;
- Physical and information technology security monitoring;
- Data backup and recovery; and
- Automated information technology threat assessments and response;
- Given and Family names, including suffixes;
- Middle name(s);
- Preferred name;
- Country of birth;
- Citizenships held (past and present);
- S. and other country permanent resident and/or asylee status;
- SMTP address;
- Place of work, including street mailing address and other pertinent contact information;
- Home address and other pertinent contact information;
- Supervisor identifier;
- Job-related information such as title, department, job function, title, etc.;
- Other data to support human resources applications;
- Management reports and data mining (usually anonymized and not containing individually identifying data);
- Computer asset location & billing data, including computer location;
- For third parties resident in Rebuilders business locations, identification of persons via photographs or other likenesses, including facial recognition; location tracking, duration, and other telematics; biometric data; forensics analysis; physical and information technology security monitoring; sanctions screening and automated information technology threat assessments and response;
- E-mail message content (end-user controlled);
- Message attachments (end-user controlled);
- Public folder content (local administrator supplies folder permissions);
- Web page address;
- Instant Messaging address;
- Authorizing, granting, administering, monitoring and terminating access to or use of Rebuilders systems, facilities, records, property and infrastructure;
- Administration of customer and supplier contracts and agreements, joint ventures, and other business combinations;
- Support of marketing efforts;
- Budget planning and administration;
- Invoice processing and payment-related purposes;
- Training and certification of customer and supplier personnel;
- Data collected as part of job application and hiring processes;
- Background checks and sanctions screening;
- Problem resolution, internal investigations, auditing, compliance, risk management and security;
- Conflict of interest reporting;
- On-site injury and illness evaluation and reporting, for those who access Rebuilders facilities;
- Monitoring and surveillance for industrial hygiene, public health and safety;
- Legal proceedings and government investigations, including preservation of relevant data;
- As required or expressly authorized by laws or regulations applicable to our business globally or by government agencies that oversee our business globally;
- Personal data (e.g., date of birth, day or year of birth, citizenship(s), preferred language);
- Biographies, curriculum vitae, and similar information;
- Organizational and institutional affiliations;
- Professional credentials;
- Agreements, programs, and activities in which the data subject participates(d);
- Agreements entered into with Rebuilders;
- Payment-related information, including social security number or tax identification number and bank information;
- Communications preferences;
- Education and training;
- Industrial hygiene exposure assessment and monitoring information;
- Computer or facilities access and authentication information (e.g., identification codes, passwords, address lists, etc.);
- Photographs and other visual images of the data subject;
- Provide investor services;
- Communicate with you about products, services, and events relating to Rebuilders ;
- Improve our products, services, and websites;
- Evaluate interest in and/or allow persons to apply for employment with Rebuilders ;
- Verify identity to ensure security for one of the other purposes listed here;
- Ensure or enhance the security of Rebuilders electronic systems;
- Protect against fraud;
- Screen against sanctions and antiterrorism lists as required by law;
- Respond to a legitimate legal request from law enforcement authorities or other government regulators;
- Investigate suspected or actual illegal activity;
- Prevent physical harm or financial loss; and
- Support the sale or transfer of all or a portion of our business or assets (including through bankruptcy).
Exhibit 2 – Accessing & Correcting Your Personal Data
For Rebuilders employees and third parties who are subject to the European Union’s General Data Protection Regulation, normally within one month (subject to certain exceptions) after receipt from you (or from a competent legal representative you designate), Rebuilders is committed to providing you with the following:
- Confirmation of whether, and where, Rebuilders is processing your personal data;
- Information about the purposes of the processing;
- Information about the categories of your data that are being processed;
- Information about the categories of recipients with whom the data may be shared;
- Information about the period for which the data will be stored (or the criteria used to determine that period);
- Information about your rights to erasure, to rectification, to restriction of processing and to object to processing;
- Information about your right to complain to the relevant EU data protection authority;
- Where the data were not collected directly from you, information as to the source of the data; and
- Information about the existence and an explanation of how automated processing is being used to process your data and/or make decisions regarding you or your data solely on the basis of automated processing.
You may request a copy of your personal data that are being processed. Copies will be provided in a structured, commonly used, machine-readable format that supports reasonable re-use in commonly-available IT systems and applications. Upon reasonable request, Rebuilders will transfer your personal data from one data controller to another, store your personal data for further personal use on a private device, and/or have your personal data transmitted directly from Rebuilders to another controller without hindrance. This is not applicable to personal data you did not provide to Rebuilders directly, and Rebuilders is not obligated to retain your personal data for longer than is otherwise necessary or if no longer legally available.
Normally, Rebuilders does not charge any costs or fees for the above. However, as provided by law, we reserve the right to charge a reasonable fee for repetitive, excessive, or unfounded requests, and for additional copies.
Rebuilders takes all reasonable measures to ensure that inaccurate or incomplete personal data are erased or rectified. You have the right to inform Rebuilders of any discrepancies or inaccuracies and to rectification of inaccurate personal data.
You have the right to restrict the continued processing of your personal data if:
- You contest the accuracy of your data (and only for as long as it takes to verify and correct the accuracy of your data);
- The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
- Rebuilders no longer needs the data for its original purpose, but the data are still required by Rebuilders to establish, exercise or defend its legal rights; or
- If you have validly requested erasure or destruction of your data, but Rebuilders is evaluating other overriding grounds for retaining and processing your data.
- Rebuilders will erase or otherwise render inaccessible your personal data when:
- Your data are no longer needed for their original purpose (and no new lawful purpose exists);
- The legal basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
- You exercise your right to object to Rebuilders continued processing of your data and the Company has no overriding grounds for continuing the processing;
- Your data have been processed unlawfully; or
- Erasure is necessary for compliance with EU law or the law of the relevant Member State of the EU to which you are subject.
If Rebuilders has disclosed your personal data to any third parties, and you subsequently exercise any of the rights described above, Rebuilders will notify those third parties unless it is impossible or would require disproportionate effort. You may request the identity of those third parties. In exceptional cases where Rebuilders has made your data public, Rebuilders will take reasonable steps (taking costs into account) to inform relevant third parties.
Questions regarding implementation of these requirements should be addressed as described elsewhere in this Policy.
EXHIBIT 3 – How We Manage Data Protection
The Information Security and Privacy Subcommittee of Rebuilders Ethics & Compliance Committee is charged with evaluating Rebuilders information security and privacy policies, procedures, and operations to set the strategic direction for the Company’s information privacy and security programs. The subcommittee consists of senior executives from each of the following organizations: Information Technology, Human Resources, Finance, and Marketing, supported as needed by other subject matter experts when necessary.
The Subcommittee is responsible for:
- Assessing the inventory of Rebuilders high‐risk information management programs and processes (paper and electronic) and coordinating plans to address information privacy and security weaknesses;
- Reviewing information security and privacy policies and standards and recommending improvements and revisions, as appropriate;
- Reviewing and responding to specific information security and data breaches;
- Serving as a resource for Company management on information security and privacy issues;
- Evaluating conflicts between management requirements and information security and privacy requirements;
- Evaluating information security and privacy staffing, training, and communication needs; and
- Coordinating efforts to make information security and privacy visible within the Company.
Rebuilders has elected not to appoint a Data Protection Officer (“DPO”) having the duties and responsibilities delineated in Articles 37-39 of the GDPR. Rebuilders does not fall within the standards of the GDPR for mandatory appointment of a DPO. A privately-held company such as Rebuilders is not required under the GDPR to have a formal DPO. Our core business activities do not involve monitoring data subjects, do not infringe on those data subjects’ rights, and involve no collection or processing of “special category” personal information. We are neither a consumer products company nor one heavily reliant on personal information collected from our employees, customers, or suppliers. We manage mainly internal employee data, mostly within the US and the EU, most of which are required for legal compliance reasons (e.g., tax, pensions, etc.). Data obtained from customers and suppliers is narrowly framed to support our business contacts and contractual relationships and not for intrusion into the personal details of third parties or other purposes not directly related to our business with our customers and suppliers. Therefore, after careful review, we determined that a DPO in Rebuilders would neither be gainfully occupied nor represent a significant risk mitigation.
Questions regarding our program should be addressed as provided elsewhere in this Policy.
EXHIBIT 4 – Legal Entity Listing
Rebuilders International, LLC
 See Exhibit 4 for legal entity listing