Privacy Notice

Introduction

This is the Privacy Notice for Mexichem Flour and its affiliates (hereinafter: “Koura”, “we”, “our” or “us”) and its websites www.transportistas.kouraglobal.com, (referred to as “Website”). This Privacy Notice applies to Personal Information that we process about you when you:

•                     Use any of our Website (including all subdomains depending on your location);

•                     Use any of our IT systems, including messaging, and collaboration platforms (“IT systems”)

•                     Create an account on any of our Website, subdomains, applications or IT systems;

•                     Contact us or when we contact you;

•                     Apply for one of our job vacancies;

•                     Purchase goods or services from us;

•                     Provide services or goods to us (for example, you are a sole trader or where you are providing services or goods on behalf of your employer/contractor); and

•                     Visit our premises.

This Privacy Notice also explains your rights in relation to the Personal Information that we collect and how to exercise them. Throughout this Notice, each of these activities will be collectively referred to as the “Activities”.

The data controller for Personal Information collected under this privacy notice is Mexichem Speciality Compounds and/or the relevant Alphagary Group entity that you are dealing with, or with whom your data may be shared as explained further in this notice. You can contact us using the details in Section 12.

1. What Personal Information Do We Collect

Personal Information means any information which can directly or indirectly identify a living individual. We collect the following Personal Information:

 Personal Information Collected Directly From You (where provided)

•                     Identification Details: including your first and last name, title, gender, job title, company name.

•                     Contact Details: including your personal or business phone number, email address, home or business address.

•                     Communication Details: including Identification Details and Contact Details and any information which you provide in the form of queries, comments, feedback, on social media messaging, within contact forms or otherwise. o Application Details: including Identification Details, Contact Details, CV details, cover letter, information within your CV, and preferred locations of work, when you apply for a vacant role. For Application Details, the data controller will be the relevant entity to which you apply.

•                     Marketing Preferences: including preferred methods of contact, your Contact Details, and your interests.

Personal Information Collected When You Become a Customer or Supplier

•                     Contract Details: including information about goods or services you have ordered, received, or supplied (e.g. when you represent on behalf of a company).

•                     Account Details: including, in addition to Identification and Contact Details, your account number, username, and password. For Customer and Supplier representatives only: your authorisation by the Customer/Supplier and your role within the Customer’s/Supplier’s business.

•                     Payment Details: for sole traders / individuals, including bank details, payment methods, payment and transaction history (e.g., payments made or due, including invoice details) and details of authorised person on the account.

Personal Information Collected From Your Time on Our Premises

•                     Visitor Details: including Identification Details, Contact Details, and visitor logs which may include full name, time of arrival and departure, and where applicable, vehicle registration number.

•                     Recording of Footage (“Recording Details”): where you enter our building or premises, you may be recorded on our video surveillance systems (CCTV). You may also be recorded during events that we organise during which we collect video footage. This may include both audio and visual recording details.

For Personal Information collected from your time on our premises, the relevant data controller will be the entity that owns or manages the premises you are visiting.

Personal Information Collected Automatically

•                     Cookies and Preference Details: when visiting our Website, we collect data automatically through your browser or device, by making use of cookies and other technologies to track visitors on the Website and to collect information about your use of our Website. Such information includes an identifier that corresponds to your device, your IP address, information about the device you use (e.g., operating system, model, language setting), duration, frequency, time of use, click through information (meaning the way you browse through and use our Website) and/or region. For further information, please see our Cookie Notice.

Personal Information Collected Indirectly

We may receive Personal Information about you from indirect sources for example:

•                     Reference Details: when you apply for a vacant role, we may collect references about you from your previous employers, such as details about your performance and role at previous organisations.

•                     Employee Referral Programmes: where you have been referred for a vacant role, as part of our employee referral programme, we may receive Identification details about you from your referrer.

•                     Credit Checks: we may receive information about your credit history from credit agencies where relevant and applicable.

There are also other sources of your Personal Information that may be applicable from time to time, such as, government agencies, tax authorities. We may also collect information that is available publicly (e.g., journalist contact details or media contacts) etc.

2. What We Do With Your Personal Information and Legal Bases Relied On

Alphagary collects and uses your Personal Information for the purposes and on the lawful bases as set out below.

For our Legitimate Interests. We process your Personal Information for the following purposes on the basis of our legitimate interests or those of a third-party, where they are not outweighed by your interests or fundamental rights and freedoms:

•                     Communication Purposes. We may process Identification Details, Contact Details and Communications Details to (a) respond to any questions, enquiries, emails, or comments you might share with us via the contact forms available on the Website; (b) respond to any phone calls you make to us; and (c) send any required service update emails, for example, changes or updates to our services, or terms.

•                     Customer Relationship Purposes. We may process Identification Details, Contact Details, Communication Details, Marketing Preference Details and Account Details to manage our relationship with you.

•                     Business and Operational Purposes. We may process Identification Details, Contact Details and Communications Details to (a) operate and expand our business and Activities; (b) operate company policies and procedures (for example, for training and learning purposes); and (c) enable us to make corporate transactions, such as mergers, sales, reorganizations, transfer of our assets or business or acquisitions.

•                     Social Media Interaction Purposes. When you interact with us on social media websites, (a) we receive from the social media platform, basic engagement metrics and we use this to tailor content and marketing to improve the user experience; (b) we may store engagement moments and behaviour like replies on our content or sent messages to our social media inboxes and messaging services; and (c) we may combine information about individuals’ social media behaviour and Website behaviour to personalise your experience on our Website.

•                     Phone Call Recording Purposes. Where applicable, we may process and record Identification Details (where provided), Contact Details and details from any phone calls you may have with us. Such call recordings will be used for training and monitoring purposes – this is necessary to protect our staff and customers. We may also record phone calls in order to perform a contract with you where such call recording shall be used to verify any request or statement made as part of any order or otherwise deal with customer management).

•                     Prevention and Detection of Unlawful Activities Purposes. Depending on the issue, we may process Personal Information listed at Section 2, such as Identification Details, Contact Details,

•                     Account Details, Product/Service Usage Details, external reports from fraud agencies, Payment Details, etc. in order to detect or prevent for example, fraudulent activities or money laundering – this is necessary to protect our business and co-operate with relevant law enforcement agencies.

•                     Product and Services Improvement Purposes. We may process Identification Details, Contact Details, Communication Details and/or Product/Service Usage Details to improve our products, services and experience with Alphagary, and, if necessary, to respond to any feedback you send us.

•                     Health, Safety and Security Purposes. We may process Identification Details, Visitor Details and Recording Footage in order to (a) ensure the safety and security of our staff, visitors, suppliers, premises, property, vehicles, operating equipment, etc; and (b) carry out any required investigations where a health, safety or security incident has occurred.

•                     Processing Job Application Purposes. When you apply for a vacant position, we will process Application Details, Identity Details, and Contact Details for the purposes of processing job applications of prospective employees. If you are successful in your application and move on to interview stages, we will process your Personal Information on the basis of necessary steps taken to enter into a contract with you.

Your Consent. We process your Personal Information for the following purposes on the basis of your consent:

•                     Newsletter and Marketing Purposes. Where you have consented (or “opted-in”) to receiving marketing communications such as newsletters or other marketing materials from Alphagary, we will process Identification Details, Contact Details, and Marketing Preferences to send direct marketing communications to you.

•                     Cookies and Analytics Purposes. Where you have consented to the use of cookies on the Website, we use Cookies and Preference Details and to (a) collect website usage data to understand how our website is used and to improve our services; and (b) to recognise users across multiple pages to analyse user patterns.

•                     Photograph or Video Purposes. Where you have consented to your photograph or video being taken at an event or conference, we will process your Identification Details, audio / visual Recording Details and in some cases, where provided, Contact Details for the purpose of (a) taking the photograph or video footage; and (b) with your consent, the publishing of photographs or video footage on specified platforms or locations, for example, within a newsletter, on our Website or on our social media channels.

Legal Obligations. We may process your Personal Information for the following purposes on the basis of our legal obligations:

•                     Compliance Purposes. We may process or disclose Identification Details, Contact Details, Communications Details, Recording Details and/or other details in order to ensure compliance – for example, in response to a court order, or a request from a regulator or authority.

•                     For the Purposes of Defending Against Legal Claims, Demands or Proceedings. We may process Identification Details, Contact Details, Communications Details, Recording Details, and/or other details in order to defend against legal matters.

•                     For the Purposes of Establishing, Protecting or Exercising Legal Rights. We may process Identification Details, Contact Details, Communications Details, Recording Details and/or other details in order to establish, protection or exercise our legal rights for example, to enforce our agreements or other contracts.

We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may also anonymize or aggregate any of the Information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually.

3. How We Share Personal Information

To fulfil the purposes described above, from time to time we share your Personal Information with other entities that assist us in our Activities. These entities will have access to your Personal Information, but only when necessary to perform their services. We do this on a strict need-to-know basis, and we ensure that before we share your Personal Information, we put in place appropriate contractual agreements as required.

These entities may include:

•                     Other entities within our Group – this may include within the Alphagary group, or with other or affiliate entities to the extent required for internal administration purposes, management purposes or other business-related purposes as described within this Notice.

Service Providers and Data Processors – we may engage service providers from time to time who assist us in our Activities, including, for example: Business partner suppliers including, without limitation: IT providers, website hosting providers, CRM database providers, etc., and sub-contractors who might assist with the performance of any contract we enter into with them or to provide services on our behalf;

Marketing companies and other advertising companies that assist us or that carry out marketing activities on our behalf;

Analytics and search engine providers that assist us in the improvement and optimisation of our Website and Activities.

We may also share Personal Information with third parties:

Who are Professional Advisors – including, without limitation: tax, legal or other corporate advisors who provide professional services to us to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm and for risk management purposes.

B. In the case of a legal requirement or legal proceedings – such as in response to court orders, law enforcement of legal process, for national security purposes, to establish, protect or exercise our legal rights, as required to enforce our terms of service or other contracts, to defend against legal claims or demands, to detect, investigate, prevent of take action against illegal activities, or threats to rights, property or a person’s safety; or in the context of an investigation, regulatory requirement, judicial proceeding, or to protect the rights or safety of the Website, our Activities, and/or our affiliated entities.

C. In the case of a corporate transaction or reorganisation – Personal Information may be disclosed to third parties as part of any merger, sale, transfer of our assets, acquisition, bankruptcy, or similar event.

In line with your consent or request – we may disclose your Personal Information to a third-party where you have provided prior consent or have requested that we do so.

4. International Data Transfers

For individuals who reside in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, it is likely that we may need to transfer Personal Information to locations outside of the EEA, UK, or Switzerland in order to facilitate and manage our global business operations.

Similarly, subject to compliance with local law requirements, the recipients of Personal Information described in Section 3 may be located in countries whose laws regarding data protection may not offer an adequate level of protection compared to the laws in your country. For example, not all countries outside the EEA, UK or Switzerland offer the same level of protections.

Where we transfer Personal Information to other entities within our group, or service providers based outside of these locations, we rely on the following safeguards*:

•                     Adequacy Decisions

•                     European Standard Contractual Clauses (“SCCs”)

•                     The UK International Data Transfer Agreement (“IDTA”)

•                     In limited circumstances where the transfer is permitted by applicable data protection laws.

The European SCCs are contractual clauses approved by the European Commission that ensure appropriate data protection safeguards when personal information is transferred from the EEA to third countries. They can be viewed here.