R1VER building on a partly cloudy winter day.
Website User Privacy Policy

Michels and its subsidiaries and affiliated companies (“Company” “Michels” or “we”) take your privacy seriously. We want you to know how we collect, use, and disclose your Personal Information. The Michels legal entity that you are directly interacting with is the data controller and is responsible for ensuring that your Personal Information is processed in accordance with applicable laws and this Website Privacy Policy (the “Policy”). As the parent company of the local Michels entity, Michels Corporation also undertakes certain processing activities that we can confirm to you should you request such information.

“Data Subject” refers to the individual the Personal Information relates to.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly with a particular Data Subject.

GDPR Articles 13 & 14 Privacy Disclosures

In accordance with GDPR Art. 13 and Art. 14, Michels is required to inform you about (i) the categories of Personal Information we collect about you when visiting the website; (ii) the sources from which we may collect such Personal Information; (iii) the purposes for which we use your Personal Information; and (iv) why we may need to disclose your Personal Information to third parties.

Data Collection without Input

If you visit our website only to inform yourself about the content and do not make any entries of your own, we may collect and temporarily store the following information, which may also be a combination of Personal Information that your browser transmits to our server:

  • IP Address
  • Date and Time of the Request
  • Execution Time of the Request
  • Content of the Request (specific page)
  • Access Status/HTTP Status Code
  • Website from which the Request Comes
  • Browser
  • Operating System and its Interface
  • Language and Version of the Browser Software

This data is technically necessary to display the website to you and to ensure stability and security, in particular to be able to detect and prevent malicious spam attacks. We delete the log files that contain Personal Information in accordance with the retention periods in our Cookie Policy, which in no case exceed six (6) months. The collection of this data is based on the legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Contact Form

We offer the opportunity for visitors to our website who wish to contact us to use our contact form. This requires the entry of Personal Information such as first name, last name, phone number, and e-mail address. These entries and the content you submit are only used for communication between the user of the form and Michels for the purpose of establishing contact or for the purpose of sending the requested information. The data you provide will be processed on the basis of your consent in accordance with Art. 6 (1) (f) GDPR. If the message initiates pre-contractual measures or was sent in connection with an existing contract, the data in question will be processed in accordance with Art. 6 (1) (b) GDPR. We delete your Personal Information when it is no longer required to achieve the purpose for which it was processed. For Personal Information that has been disclosed to us without a contractual reference, this is the case when the respective conversation with you has ended. The conversation has ended when it is clear from the circumstances that the matter in question has been clarified. If the contact initiates pre-contractual measures or concerns an ongoing contractual relationship, the data provided will be deleted after expiry of the limitation period starting at the end of the year in which the contractual relationship was terminated.

Use of Cookies when Visiting without Input

We use cookies in accordance with the purposes described in our Cookie Policy.

The use of essential or necessary cookies ensures data security on our website and that you can use the website without technical problems. Essential or necessary cookies are used on the basis of our legitimate interest Art. 6 (1) (f) GDPR in conjunction with paragraph 25 (2) no. 2 German Telecommunications-Telemedia Data Protection Act (“TTDSG”).

In addition, we use non-essential cookies which are placed by us or third-party providers. Such non-essential cookies are only used with your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with paragraph 25 (1) TTDSG as they are not absolutely necessary for the provision of the website. For example, non-essential cookies are used by us to access, analyze, and store information such as the properties of your terminal device as well as certain personal data (IP address, usage behavior). The use of non-essential cookies relates in particular to marketing and analytics cookies which allow us to understand user behavior in order to provide you with a relevant user experience or to personalize the content on our website.

You can withdraw your consent according to Art. 7 (3) GDPR regarding data processing by non-essential cookies at any time by changing your preferences in the cookie settings of the consent tool we use and rejecting non-essential cookies. We store Personal Information for the retention periods stated in our Cookie Policy which in no case exceed two (2) years.

We use a consent management service on our website. As part of this, we store date and time of the visit, browser information, consent information, information about the terminal device, and the IP address of the requesting end device. The processing of the above data is based on Art. 6 (1) (c) GDPR in conjunction with paragraph 25 (1) TTDSG. The data processing serves the purpose of offering website visitors the option to confirm or decline the use of non-essential cookies. The documentation of such consent is necessary and required in accordance with the accountability obligation from Art. 5 (2) GDPR to ensure the withdrawal of consent and to control the setting of cookies. We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after three (3) years starting with the end of the year in which the data was collected.

How Long We Keep Your Personal Information

Unless otherwise stated in this Privacy Policy or Company’s Cookie Policy, we delete Personal Information pursuant to GDPR Art. 17 or restrict the processing pursuant to GDPR Art. 18 after the storage of your Personal Information is no longer necessary for the purposes stated in each case unless the Company is required to retain your Personal Information longer by applicable law or regulation, by legal process, or to exercise or defend legal claims.

Your Privacy Rights and How to Exercise Them

Your Privacy Rights

You have certain rights relating to your Personal Information subject to local privacy laws. These rights are subject to certain exemptions, including without limitation to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege).

Depending on the applicable laws and under certain conditions, Data Subjects have the following rights:

  • Right to Access (GDPR Art. 15): You have the right to submit a request for copies of specific pieces of your Personal Information obtained from you and for information about the Company’s collection, use, and disclosure of your Personal Information. Please note that this right to obtain copies does not grant a right to the whole of any document that contains Personal Information, but only to copies of “specific pieces” of Personal Information. Moreover, Data Subjects have a right to know categories of sources of Personal Information and categories of third parties to which Personal Information is disclosed.
  • Right to Delete (GDPR Art. 17): You have the right to submit a request for the deletion of Personal Information that you have provided to Company.
  • Right to Rectification (GDPR Art. 16): You have the right to submit a request for the correction of inaccurate Personal Information maintained by Company, taking into account the nature of the Personal Information and the purposes of processing the Personal Information.
  • Right to Data Portability (GDPR Art. 20): You have the right to request we transmit the Personal Information you have provided to us to a third party.
  • Right to Restriction of Processing (GDPR Art. 18): You have the right to restrict how we process your Personal Information while we consider a request you have raised.
  • Right to Withdraw Consent (GDPR Art. 7(3)): Where processing is based on consent, you have the right to withdraw the consent at any time. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
  • Right to Object or Make a Complaint (GDPR Art. 21): You have the right to object to any processing of Personal Information that we process on the “legitimate interests” or “public interests” grounds, unless our reasons for the underlying processing outweighs your interests, rights, and freedoms. You also have the right to lodge a complaint with your local government agency or supervisory authority. The following data protection authority in Germany is competent for us: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Lautenschlagerstraße 20 70173 Stuttgart.
  • Right to Object to Being Subject to Automated Decision Making (GDPR Art. 22): You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects on you or significantly affects you unless (i) we request your consent or (ii) if it is necessary for entering into or performing a contract between the Data Subject and the Company.

How to Exercise Your Rights

Company will respond to requests in accordance with applicable law if it can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:

  • If residing in the United States or at any location outside of the European Economic Area (EEA):
    • Call Michels Corporation Human Resources Team at (920) 924-8755 or email at HR@michels.us; or
    • Call the Michels Compliance Hotline at (888) 310-7732.
  • If residing in Germany or at any other location inside the EEA:
    • Email our DPO Florian Groothuis at groothuis@byte.law; or
    • Email Bailey Zimmerly at bzimmerly@michels.us.

Once your request is received, you will be provided a request form to complete and your request will be responded to in a timely manner.

How We Will Verify Your Request Pursuant to GDPR Art. 12(6)

The processes that we follow to verify your identity when you make a request are described below. The relevant process depends on how and why the request is submitted. We will only request you to verify your identity if we have a reasonable doubt as to your identity.

If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:

  • Requests To Know Categories or Purposes: We will match at least two data points that you provide with your request or in response to your verification request against information about you that we already have in our records and that we have determined to be reliable for purposes of verifying your identity. Examples of relevant data points include your mobile phone number, your zip code, or your employee identification number.
  • Requests To Know Specific Pieces of Personal Information: We will match at least three data points that you provide with your request or in response to our request for verification information against information that we already have about you in our records and that we have determined to be reliable for purposes of verifying your identity. In addition, we may require you to sign a declaration under penalty of perjury that you are the individual whose Personal Information is the subject of the request.
  • Requests To Correct or Delete Personal Information: Our process for verifying your identity will depend on the risk level (as determined by Company) associated with the Personal Information that you ask us to correct or delete. For low-risk Personal Information, we will require a match of two data points as described in Point No. 1 above. For higher risk Personal Information, we will require a match of three data points and a signed declaration as described in Point No. 2 above.

We have implemented the following additional procedures when verifying the identity of requestors:

  • If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will not use that information for any purpose other than verification.
  • If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.

Authorized Agents

If an authorized agent submits a request on your behalf, the authorized agent must submit with the request another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, if we can demonstrate we have reasonable doubt as to your identity or the identity of your authorized agent, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain the “Authorized Agent Designation” form by contacting us at HR@Michels.us or, if residing in Germany or the EEA, please contact us at groothuis@byte.law and bzimmerly@michels.us.

Company’s Non-Discrimination and Non-Retaliation Policy

Company will not unlawfully discriminate or retaliate against you for exercising your rights under applicable privacy laws.

International Transfers of Information

We may hold your Personal Information in the country of the Michels legal entity that you have a relationship with. We may also transfer your Personal Information to Canada or the United States. Other countries may not have the same protections for Personal Information as the country where you have applied for employment. If we transfer your Personal Information outside of the country where you are located, we will do so in accordance with applicable law and ensure that such transfers have an appropriate level of protection given the Personal Information. For Personal Information originating in the European Economic Area (EEA) that is transferred to Michels located in the U.S., we ensure an adequate level of data protection by using Standard Contractual Clauses. For data transferred to countries without an adequacy decision, we generally use the Standard Contractual Clauses.

Changes to This Privacy Policy

If we change this Policy, we will post those changes on this page and update the Policy modification date below. If we materially change this Policy in a way that affects how we use or disclose your Personal Information, we will provide a prominent notice of such changes and the effective date of the changes before making them.

For More Information

For questions or concerns about the Company’s privacy policies and practices, please contact us at HR@michels.us or, if residing in Germany or the EEA, please contact us at groothuis@byte.law and bzimmerly@michels.us.

Last modified: June 3, 2024