Graco Reactor Connect Data Protection Notice

Last Modified: June 1, 2020

I.         INTRODUCTION AND SCOPE

Graco Inc. (“Graco”), its affiliates and subsidiaries (together “we”, “our”, or “us”) is committed to protecting your privacy. This notice (“Notice”) describes the data processing activities in connection with the use of Reactor Connect, including the mobile app, web site, cloud software, and the cellular module. Reactor Connect has been designed to assist Graco Reactor users with use of the Reactor proportioner, including monitoring and controlling the Reactor and reporting of past Reactor usage. Reactor Connect can therefore be used by different user groups, including company administrators, company users, distributors, and repair centers. Consequently, this Notice addresses all groups in their capacity as Reactor Connect users. It describes the categories of personal data we process, the purposes for which personal data is collected, the parties with whom we share it and the security measures we take to protect the data. It also informs users about their rights and choices with respect to their personal data, and how they can contact us to inquire about our data protection practices. We encourage our Reactor Connect users to read this Notice carefully. This Notice may change from time to time, for more information about notice amendments see Section XII below.

 

II.         DATA CONTROLLER

For the purpose of this Notice

Graco Inc.
Attn: Legal-Privacy
88-11th Avenue Northeast
Minneapolis, MN 55413
USA

is responsible for the processing of your Personal Data as the data controller. You can contact us by emailing privacy@graco.com, calling either  +1 612 379 3654 (US) or +32 (0) 89 770 960 (EU) or mailing:

Graco Inc.
Attn: Legal-Privacy
88-11th Avenue Northeast
Minneapolis, MN 55440-1441
USA

 

III.         PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

When using our Reactor Connect you have the option to provide us with Personal Data relating to you. Additionally, we automatically collect certain information about you and your Reactor Connect usage. The specific categories of Personal Data concerned and the sources from which we obtain them are linked to the way you interact with our Reactor Connect. More information about the categories of Personal Data and the ways in which we collect it are described below.

(1) Personal Data You Give to Us. Our Reactor Connect offers you the possibility of creating a Reactor Account (“Reactor Account” or “Account”). In this context, we collect information you provide to us which includes:

  • Account information consisting of first and last name, mobile phone number, email address, account password, country, and language; where applicable, company-related information such as company name, address, phone number, location, website, administrators and users; (Note: account information also typically includes Operational Data that does not qualify as Personal Data, such as Reactor product name, nickname and serial number, recipe names, job names, and operational metrics including gallons sprayed, system error codes);
  • Submit requests, queries or complaints through email; and
  • Give us feedback on our Reactor Connect and its functionalities and features through email.

The obligatory fields are visible as such if the user fails to fill them out. The use of certain features of our Reactor Connect is subject to the provision of this information.

(2) Personal Data We Automatically Collect. If you are a Reactor Account holder, we automatically collect information about you and your use of our Reactor Connect, as well as information regarding the mobile device used. This information includes:

  • Device information: Personal Data about your mobile device and internet connection, hardware and software, unique device identifier, operating system, language settings, wireless network and mobile network information including the network operator;
  • Usage Information: Your use of our Reactor Connect and your interactions with the Reactor Connect’s features, e.g. functionalities use, use frequency, etc.; and
  • Geolocation Information: Your general location, provided by your mobile device via wireless networks, cell towers, Wi-Fi access points and other sensors, when the Reactor Connect sends operational data. Please also note that, in general, mobile devices allow you to switch off the disclosure of your geo-location through the privacy settings.

(3) Personal Data from other sources. We also obtain information from other sources. These include:

  • Other Reactor Connect users who provide us with Personal Data about you when using our Reactor Connect, e.g., when a company owner enters data about his or her employees to add them as managers or assign them jobs;

IV.         HOW WE USE YOUR PERSONAL DATA

We will only process your Personal Data for specific, explicit and legitimate purposes. We will not process your Personal Data for any further purposes than the ones the data was originally intended for, unless the new purpose is compatible with the original one. In the absence of compatibility, the processing of data for further purposes is subject to your prior explicit consent.

We process the Personal Data you provide us with for the purposes listed below:

  • Provide you with the features, functionalities and services of our Reactor Connect, which include the remote management and tracking system, performance and maintenance history, and alerts and notifications;
  • Verify your identity and attempt to prevent fraud or other unauthorized or illegal activity;
  • Communicate with you in connection with customer care; and
  • Enforce our Terms of Service and other usage policies.

The Personal Data we collect automatically includes statistical data that helps us improve our Reactor Connect’s features and functionalities in order to deliver a better service, including by enabling us to:

  • Observe and analyze the performance of our Reactor Connect to improve its features and functionalities according to our target groups preferences;
  • Determine time between user visits; and
  • Prevent and detect misuse and malfunction of our Reactor Connect, including troubleshooting.

The processing of all the Personal Data we collect relating to you is either (i) based on your consent; (ii) necessary to provide you with our products and services at your request prior into entering into a contract with you or necessary for the performance of a contract to which you are party; or (iii) based on our legitimate interests in ensuring and improving the functionality of our Reactor Connect, unless these are overridden by your interests and rights.

 

V.         HOW WE SHARE YOUR PERSONAL DATA

Due to the international scope of our business, your Personal Data can be shared or accessed by Graco-affiliated entities within the company group. You can find more information on data transfers to affiliates based outside of the EU in Section VII. below.

Subject to applicable law and regulations, we share your Personal Data with:

  • Other Reactor Connect account holders with access to your Reactor Connect Account (as is the case, for example, with companies and their administrators having access to their employees’ accounts);
  • Public authorities, including law enforcement; and
  • Service providers acting on our behalf for the purposes listed above in Section IV. We require these service providers to only process Personal Data in accordance with our instructions and only as long as necessary to perform the requested services or in compliance with applicable law (e.g., app administration providers)

VI.         INTERNATIONAL TRANSFERS OF PERSONAL DATA

International data transfers refer to transfers of Personal Data outside of the European Economic Area (“EEA”). Our Reactor Connect connects with servers located in the United States. Accordingly, depending on your country of residence, your Personal Data may be subject to international data transfers. These transfers are covered by an appropriate data protection safeguard consisting of the EU – U.S. Privacy Shield.

Graco is certified to adhere to the Privacy Shield Principles as laid down by the EU – U.S. Privacy Shield Framework as well as those pursuant to the Swiss – U.S. Privacy Shield Framework regarding the collection, use and retention of personal information transferred from the EU and Switzerland to the United States respectively. To learn more about the Privacy Shield program and to view our certification, please visit the Privacy Shield Framework website at https://www.privacyshield.gov/. A full list of covered entities can be found at https://www.privacyshield.gov/list.

To obtain more information about the implemented appropriate data protection safeguards please contact Graco’s Legal Department – Privacy Directory by emailing privacy@graco.com, calling either +1 612 379 3654 (US) or +32 (0) 89 770 860 (EU), or mailing

Graco Inc.
Attn: Legal-Privacy
88-11th Avenue Northeast
Minneapolis, MN 55413
USA

 

VII.         DATA RETENTION

Retention periods vary depending on the categories of data concerned. As a general rule, we will not retain your Personal Data for longer than is allowed under the applicable data protection laws or for longer that is necessary in relation to the purposes for which it was originally collected or otherwise processed. Unless statutory retention periods apply, we will delete your Personal Data in the event of inactivity of your Reactor Account for the duration of a period of 2 years. System-related operational data, however, will be pseudonymized and retained beyond that period for statistical purposes.

In the absence of statutory retention periods, alternatively after completion of those periods, we will erase your Personal Data. Further, we will erase your Personal Data where one of the following applies: (i) when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; (ii) when you object to the processing and there are no overriding legitimate grounds for the processing; (iii) when your Personal Data has been unlawfully processed; and (iv) when it is necessary to comply with legal obligations.

 

VIII.         YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA

You have certain rights regarding the Personal Data we maintain about you and certain choices about what Personal Data we collect from you, how we use it, and how we communicate with you.

  • The right to request access to and receive information about the Personal Data we maintain about you.
  • The right to rectification or erasure of your Personal Data.
  • The right to restriction of processing of your Personal Data.
  • The right to data portability in order to transfer your Personal Data easily to another company.
  • Where Personal Data processing is based on your consent, the right to withdraw your consent at any time. You can tell us not to send you any further marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below.
  • The right to lodge a complaint with a supervisory authority.
  • The right to object to processing concerning your Personal Data.

You can submit a request to exercise these rights at any time by contacting our DPC at privacy@graco.com, calling either +1 612 379 3654 (US) or +32 (0) 89 770 860 (EU), or mailing:

Graco Inc.
Attn: Legal-Privacy
88-11th Avenue Northeast
Minneapolis, MN 55413
USA

 

IX.         DATA SECURITY

The security of your Personal Data is important to Graco and we are committed to protection the data we collect. We maintain administrative, technical and physical safeguards designed to protect the Personal Data you provide or we process against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption for our Reactor Connect from which we transfer certain Personal Data.

 

X.         THIRD PARTY CONTENT

Our Reactor Connect may contain links to third party websites. The links are provided exclusively for your convenience. Please be aware that this Notice does not apply to those third party websites nor do we have control over the content of linked third party websites. We encourage you to read the data protection policies and terms and conditions of linked or referenced website you enter.

 

XI.         CHILDREN

Our Reactor Connect is not intended for children and we have no intention of collecting Personal Data from individuals under eighteen years of age. If a child has provided us with Personal Data, a parent or a guardian of that child may contact us to request to have such information deleted emailing privacy@graco.com, calling either +1 612 379 3654 (US) or +32 (0) 89 770 860 (EU), or mailing

Graco Inc.
Attn: Legal-Privacy
88-11th Avenue Northeast
Minneapolis, MN 55413
USA

 

XII.         REVISIONS TO OUR DATA PROTECTION NOTICE

We reserve the right to amend this Notice from time to time consistent with applicable data protection laws and regulations. Any changes to this Notice will be posted on this page. If we make material changes to how we treat your Personal Data, we will notify you through an alert or a message via the Reactor Connect, or in some cases, through email. The date this notice was last revised is identified at the top of the page.

 

Graco