Data Privacy Policy

This privacy policy contains important information as it sets out how M. Holland Company and its subsidiaries and affiliates handle personal data of our website visitors, (employees of) customers and suppliers and other third parties (“user” or “you”). Please read this policy carefully before you use our services. If you have any questions, please feel free to contact us.

If you click on one of the topics below, the information on this topic will fold out.

1. About Us
   1. M. Holland Company, including its subsidiaries and affiliated entities M. Holland Canada Company, M. Holland Latinoamérica, S. de R.L. de C.V., M. Holland Export Services LLC, M. Holland Puerto Rico LLC, and M Holland Europe B.V. (“M. Holland”, “we“, “us” or “our“), attaches great importance to the protection of its users’ privacy and personal information. We collect and use your personal data when you use our products and/or services. This privacy policy explains to you how we and other members of the group collect, use, save, share, transfer or otherwise process your personal data when you, or in the case of business users any individuals acting on your behalf (your “personnel”), use(s) our products and/or services.
   2. References to personnel below are relevant only to business users’ use. Any references to “your” personal information shall be read as references to personnel personal information for business users.
2. Scope
   1. This privacy policy is governed by the General Data Protection Regulation (“GDPR”). The GDPR applies in any case if you are situated in the European Union and are interested in requesting one of our services or purchasing our products.
3. Responsibility
   1. We will only process personal data in accordance with the applicable privacy legislation and as described in this privacy policy.
   2. The website includes links to websites of third parties. We are not responsible for the content of these websites, services provided by these third parties, or their compliance with the applicable privacy legislation.
4. How we obtain your personal data
   1. We obtain your personal data in various ways:
      1. We obtain information actively provided by you. For example, if you contact us, if you sign up for our bulletin or if you provide information to us in the course of our services.
      2. We obtain some information automatically when you visit our website. For example, we automatically obtain information about you via cookies when you visit our website. For more information on this, please see Article 6.
      3. We may perform analysis on personal data about you. The resulting data can also qualify as personal data about you. For example, we may analyze which webpages are visited most frequently.
   2. It may be that providing certain personal data to us is a statutory or contractual requirement, a requirement necessary to enter into a contract, or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you thereof separately, and will also explain the possible consequences if you fail to provide such personal data to us, including not being able to do business with us.
5. Details of Processing
   1. It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. Please find an overview below.

      Activity	Categories of personal data processed	Legal ground(s) for processing and purposes for processing
      Visiting our website	IP Address Browsing history Cookie preferences Movements on our websites or websites of third parties gathered through tracking cookies Jointly referred to as “cookie information” For detailed information about our use of cookies, refer to Article 6.	We collect this personal data on the basis of your consent or, in case we are not legally required to obtain consent, on the basis of our legitimate interests, namely improving our online services. This is the case with regard to technical cookies necessary for the functioning of the website and several analytic cookies that are not used to treat you differently from other users. We process your personal data for purposes of (i) improving our website, (ii) being able to show you the products and services that fit your preferences, (iii) being able to provide you with consistent service across all your devices, (iv) enhancing our security and protecting your information and (v) enhancing your user experiences.
      Customer service or otherwise corresponding with you	Your name, e-mail address and telephone number Content of your message, for instance a request for a quote, an order, a claim, or pictures of damaged product Details with regard to the follow-up	We collect this personal data as this is necessary for the performance of a contract or on the basis of our legitimate interests, namely verifying your identity for reasons of security, improving our services and providing customer service. We process your personal data for the purposes of (i) following up on your questions, complaints and claims, (ii) providing information with regard to products or services that are relevant to you, (iii) managing orders and entries, and (iv) managing freight and freight forwarding.
      Bulletin	Your name and e-mail address Company information, position, name of account manager Preferences for receiving information, such as frequency and categories of information	We collect this personal data on the basis of your consent or, in case we are not legally required to obtain consent, on the basis of our legitimate interests, namely our commercial activities and informing you of products or services that you might like. Consent: we send you our bulletins and marketing e-mails (other than for marketing regarding similar products or services), always on the basis of your prior consent. You always have the option to unsubscribe from our mailings, e.g. via the unsubscribe link in our bulletin and marketing e-mails. Legitimate interest: we send offers about similar products or services that you have previously ordered with us on the basis of our legitimate interest. You always have the option to unsubscribe from our mailings, e.g. via the unsubscribe link in our marketing e-mails. We process your personal data for the purposes of (i) providing information with regard to products or services that you might like, and (ii) providing offers.
      Logistics and customer/supplier management	Your (company) name, e-mail address and telephone number Your title Content of your message	We collect this personal data as this is necessary for the performance of a contract or on the basis of our legitimate interests, namely managing your orders and our contractual relationships. We process your personal data for the purposes of (i) booking shipments, (ii) performing warehouse transactions, (iii) customer or supplier maintenance and managing contractual relationships, (iv) reporting price changes and force majeure declarations, and (v) negotiating new business.
      Recruitement	Name and email address is required to apply for an opening; telephone number & address are optional Prior work experience summary, cover letter, and/or resume	We collect this personal data on the basis of your consent or, in case we are not legally required to obtain consent, on the basis of our legitimate interests, namely assessing your suitability as an applicant. We process your personal data for purposes of the assessment of the applicant.
      Other general purposes	Any information we possibly have of you that is necessary for the relevant purpose of processing.	We collect this personal data as this might be necessary for compliance with a legal obligation that is applicable to us as a data controller or for purposes of our legitimate interests, namely carrying out our regular business activities and protecting our interests in case of conflicts. We process your personal data for purposes of (i) following requests of public authorities, (ii) conducting criminal investigations, prosecutions, trails and the execution of judgments, (iii) protecting rights of third parties, (iv) conducting statistical or academic researches, or (v) other circumstances as stipulated by relevant laws and regulations.

   2. If and insofar your personal data is processed on the basis of legitimate interests, information can be obtained by you as to the so-called balancing test that was carried out to allow us to rely on this processing ground. This test shows why our legitimate interests outweigh your right to privacy in those specific cases. Please find our contact details below.
   3. It may be that we intend to further process your personal data for a purpose other than those for which the personal data have been collected. In such case, we will provide you with information about the(se) other purpose(s) and all relevant further information prior to that further processing.
6. Cookies
   1. Please see below an overview of the cookies that we use:

      	Name Cookie	Purpose of the cookie	Storage Location	Is this cookie placed by a third-party or is the cookie information shared with third parties?	Validity period	Consent required
      Functional Cookies	UserMatchHistory	LinkedIn sets this cookie for LinkedIn Ads ID syncing	.linkedin.com	Placed and used by LinkedIn.	1 month	Yes
      	lang	LinkedIn sets this cookie to remember a user’s language setting.	.ads.linkedin.com	Placed and used by LinkedIn	session	Yes
      	bcookie	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.	.linkedin.com	Placed and used by LinkedIn	2 years	Yes
      	lidc	LinkedIn sets the lidc cookie to facilitate data center selection.	.linkedin.com	Placed and used by LinkedIn	1 day	Yes
      	lang	LinkedIn sets this cookie to remember a user’s language setting.	.linkedin.com	Placed and used by LinkedIn	session	Yes
      	bscookie	LinkedIn sets this cookie to store performed actions on the website.	.linkedin.com	Placed and used by LinkedIn	2 years	Yes
      Analytical Cookies	_gcl_au	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.	.mholland.com	Placed and used by Google Analytics	3 months	Yes
      	_ga_S6SF7JZ2WY	This cookie is installed by Google Analytics.	.mholland.com	Placed and used by Google Analytics	2 years	Yes
      	_ga	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.	.mholland.com	Placed and used by Google Analytics	2 years	Yes
      	_gid	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.	.mholland.com	Placed and used by Google Analytics	1 day	Yes
      	_gat_UA-7828007-1	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.	.mholland.com	Placed and used by Google Analytics	1 minute	Yes
      Affiliate Cookies	test_cookie	The test_cookie is set by doubleclick.net and is used to determine if the user’s browser supports cookies.	.doubleclick.net	Placed and used by Google Analytics	15 minutes	Yes
      	personalization_id	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.	.twitter.com	Placed and used by Twitter	2 years	Yes
      	_fbp	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.	.mholland.com	Placed and used by Facebook	3 months	Yes
      	fr	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.	.facebook.com	Placed and used by Facebook	3 months	Yes
      	tr	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	facebook.com	Placed and used by Facebook	Session	Yes
      	li_sugr	Used to make a probabilistic match of a user’s identity outside the Designated Countries	.linkedin.com	Placed and used by LinkedIn	90 days	Yes
      	muc_ads	Collects data on user behavior and interaction in order to optimize the website and make advertisement on the website more relevant.	t.co	Placed and used by Twitter	2 Years	Yes
      	i/adsct	The cookie is used by Twitter.com in order to determine the number of visitors accessing the website through Twitter advertisement content.	twitter.com	Placed and used by Twitter	Session	Yes
      	IDE	Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.	doubleclick.net	Placed and used by Google Analytics	1 Year	Yes
      Tracking cookies	AnalyticsSyncHistory	No description	.linkedin.com	Placed and used by LinkedIn	1 month	Yes
      	muc_ads	No description	.t.co	Placed and used by Twitter	2 years	Yes
      	li_gc	No description	.linkedin.com	Placed and used by LinkedIn	2 years	Yes
      	pagead/1p-user-list/#	Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites.	google.com	Placed and used by Google Analytics	Session	Yes
      	ce_successful_csp_check	Detects whether user behavior tracking should be active on the website	crazyegg.com	Placed and used by CrazyEgg	24 Hours	Yes
      	_ce.gtld	Holds which URL should be presented to the visitor when visiting the site.	crazyegg.com	Placed and used by CrazyEgg	Session	Yes
      	_ce.s	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	crazyegg.com	Placed and used by CrazyEgg	1 Year	Yes
      	ce_clock	Sets a timestamp for when the visitor entered the website. This is used for analytical purposed on the website.	crazyegg.com	Placed and used by CrazyEgg	Persistent	Yes
      	_ce.cch	Stores the user’s cookie consent state for the current domain	crazyegg.com	Placed and used by CrazyEgg	1 second	Yes
      	cebs	Unclassified	mholland.com	Placed and used by CrazyEgg	Session	Yes

   2. You can change your cookie settings in general – for all websites you visit – via your browser settings. Within your browser you can change your cookie preferences and choose whether you wish to accept cookies or not. If differs per browser which sort of choices you can make, such as denying all third-party cookies. For further information on how you can change your browser settings, please be referred to: www.aboutcookies.org/how-to-control-cookies/.
   3. Please note that if you refuse certain cookies, this may reduce the functionality of some parts of our website.
7. Sharing with third parties
   1. For the provision of our services, we share your personal data on a strictly need-to-know-basis with:

      Activity	Recipients	Location
      Visiting our website or app	Data processors engaged by us, such as IT service providers, marketing companies and hosting providers.	In the United States
      Customer service or otherwise corresponding with you	Subcontractors or service providers such as freight forwarding companies, auditing companies, consulting and law firms, insurance companies and payment providers; Data processors engaged by us, such as hosting providers.	In the United States
      Bulletin	Data processors engaged by us, such as IT service providers, marketing companies and hosting providers.	In the United States
      Logistics and customer/supplier management	Group companies; Subcontractors or service providers such as freight forwarding companies, auditing companies, consulting and law firms, insurance companies and payment providers; Relevant authorities.	In the United States
      Recruitment	Group companies; Data processors such as Applicant Tracking System provider.	In the United States
      Other general purposes	Relevant recipients and their locations depend on the specific purpose for processing. Where relevant, we will inform you thereof.

   2. We will only make information public under the following conditions and to the extent that security measures are generally accepted in the industry have been taken:
      1. At your request, and only limited to the personal data that you have requested;
      2. As required by relevant laws and regulations applicable to us;
      3. If needed in case of a lawsuit or legal proceding.
8. Transfer to countries outside the EEA
   1. Some of our recipients as referenced above are located in countries that may not – by law – provide the same level of data protection as you are used to in the European Economic Area (“EEA”). If that is the case, we will ensure that adequate safeguards are in place to duly protect your personal data and we guarantee that we are able to and have mechanisms in place to respect the level of data protection required by EU data protection laws and that we shall refrain from processing personal data in the event of a breach of the concluded safeguarding measures or if we (or our recipients) are no longer able to honor them.
   2. Transfers of your personal data to a country outside the EEA may in the first place be legitimized on the basis of a so-called adequacy decision. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions. If and insofar as we transfer personal data with parties in countries outside the EEA to which no adequacy decision applies, we will agree with these parties to data protection provisions set by the European Commission, so called standard contractual clauses. A copy of the agreed standard contractual clauses can be requested by you.
9. Security
   1. We take appropriate organizational and technical security measures to protect your personal data and to prevent misuse, loss or alteration thereof. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to have access in view of their work/services. Also, the aforementioned persons involved are bound by a confidentiality obligation, either in their employment agreements or data protectionagreements.
   2. Examples of technical security measures taken by us are:
      1. logical and physical security (e.g. safe, doorman, firewall, network segmentation);
      2. technical control of the authorizations (as limited as possible) and keeping log files;
      3. management of the technical vulnerabilities (patch management);
      4. keeping software up-to-date (e.g. browsers, virus scanners and operating systems);
      5. making back-ups to safeguard availability and accessibility of the personal data;
      6. encryption of personal data;
      7. applying hashing or (other) pseudonymization methods to personal data; and
      8. provide secure storage facilities for end-users (e.g. file server storage).
   3. Examples of organizational security measures taken by us are:
      1. assign responsibilities for information security;
      2. promote privacy and security awareness among new and existing employees;
      3. establish procedures to test, assess and evaluate security measures periodically;
      4. check logfiles regularly;
      5. using a protocol for handling data breaches and other security incidents;
      6. provide access to personal data to as few people within the organization as possible; and
      7. define the decision-making and underlying considerations per processing.
   4. We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach.
10. Retention Periods
    1. We have the following retention terms in place:

       Activity	Retention term
       Visiting our website	Please see Article 6 above.
       Customer service or otherwise corresponding with you	7 years after the last moment of contact if the correspondence is related to business
       Bulletin	Upon withdrawal of your consent
       Logistics and customer/supplier management	In perpetuity for business critical purposes
       Recruitment	Retention terms depend on relevant local law requirements
       Other general purposes	Relevant retention terms depend on the specific purpose for processing. Where relevant, we will inform your thereof.

11. Your rights
    1. In relation to our processing of your personal data, you have the below privacy rights. For more information on your privacy rights, please be referred to this webpage of the European Commission.
       1. Right to withdraw consent: In so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.
       2. Right of access: You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.
       3. Right of rectification: You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
       4. Right of erasure: You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.
       5. Right to object: You have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.
       6. Right to restriction: You have the right to request restriction of processing of your personal data in case: (i) the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest .
       7. Right to data portability: You have the right to request to transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
       8. Automated decision-making: You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.
       9. Right to complaint: In addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities and their contact details. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.
    2. The exercise of the abovementioned rights is free of charge and can be carried out by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.
    3. We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.
    4. We will provide you with information about the follow-up to the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable privacy legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
12. Protection of minors
    1. M. Holland attaches great importance to the protection of personal data of minors. If you are a minor under the age of 16, you must obtain prior written consent from your parent(s) or guardian(s) before using our products and/or services. We protect personal data of minors in accordance with applicable laws and regulations. If we find ourselves collecting personal data of a minor without prior consent, we will delete it as soon as possible.
13. Contact details
    1. For any questions, comments or requests, you may contact the Innovation and Technology department at helpdesk@mholland.com or 1-847-849-5600.
14. Miscellaneous
    1. We are entitled at all times to delete your personal data without notice. In such a case, we owe no compensation to you as a result of the termination of the account.
    2. If provisions from this privacy policy are in conflict with the law, they will be replaced by provisions of the same purport that reflects the original intention of the provision, all this to the extent legally permissible. In that case, the remaining provisions remain applicable unchanged.
    3. We reserve the right to change this privacy policy on a regular basis. Where required, we will inform you of updates made to this privacy policy. The current version is always available on our website. This privacy policy was last amended and revised in August 2022.
15. Definitions
    1. In this privacy policy, the following definitions apply:

       Applicable privacy legislation	All applicable privacy legislation, including the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts.
       Privacy Policy	This present privacy policy.
       Business critical purpose	Any process essential for carrying out day-to-day operations of and by M. Holland Company and that is relied upon by M. Holland Company for continuity of regular business operations.
       M. Holland Company	M. Holland Company 400 Skokie Boulevard, Suite 600 Northbrook, Illinois 60062 And M Holland Europe B.V. Prins Bernhardplein 200 1097 Jb Amsterdam Chamber of Commerce number: 81726457
       Website	www.mholland.com

    2. Other terms that are defined in the applicable privacy legislation, such as personal data, (joint) controller, processor, data subject and processing will have the meaning as described in the applicable privacy legislation.