Menu Get in Touch
Download PDF

This Privacy Notice (the “Notice”) explains how Penn Color, Inc. and its companies collect, use, and disclose (collectively, “process”) the personal data that we gather relating to our current, former, and prospective employees, applicants for employment, website visitors, customers, suppliers, and vendors (hereafter “you” or “your”). This Notice applies to all your personal data that we process when you sample, order, purchase, or use our products and services, visit our Web Site at https://www.penncolor.com/ (the “Site”), use our customer support, apply for a job with us, work as an employee of Penn Color, or otherwise interact with Penn Color. By doing any of the aforementioned actions, you acknowledge that you agree to and accept the terms of this Privacy Notice.” Individuals residing in certain jurisdictions may have additional rights under applicable privacy laws, as explained in below. Therefore, we encourage you to read this Notice carefully.

1. Scope of this Notice

Penn Color, Inc. includes several legal entities including:

  • Penn Color, Inc. with headquarters at 2801 Richmond Road, Hatfield, PA 19440, United States of America
  • Penn Color International B.V. * with offices at Smakterweg 31, 5804 AE, Venray, The Netherlands
  • Penn Color APAC PTE. LTD., 1 Science Park Road, #01-08 The Capricorn, Singapore Science Park II, Singapore 117528
  • Penn Color (Thailand) Ltd.*, Siam Eastern Industrial Park II (SEP2), No. 119/5 Moo 4, Pluak Daeng – Wang Ta Phin – Saphan Si Road, Pluak Daeng Subdistrict, Pluak Daeng District, Rayong Province 21140 Thailand
  • A joint venture, Asha Penn Color, PVT LTD., located at Asha House, Plot no. 808C, Dr. B.A. Road, Dadr T.T., Mumbai 400 014

References to “Penn Color”, “we”, “us” and “our” throughout this Notice, depending on the context, collectively refer to the aforementioned legal entities.

If you want to exercise your rights relating to your personal data or if you have any questions or complaints about the processing of your personal data, you can contact us using the contact information below.

In this Notice, our use of the term “personal data” includes other similar terms under applicable privacy laws—such as “personal information” and “personally identifiable information.” In general, personal data includes any information that identifies, relates to, describes, or is reasonably capable of being associated, linked, or linkable with an identified or identifiable individual.

*Entities are wholly owned subsidiaries (or should we use operating units) of Penn Color, Inc. Penn Color, Inc. provides several corporate shared services including but not limited to marketing, human resources, finance, and information technology services. These services are provided on behalf and for the benefit of each subsidiary.

2. Employee Messaging Service Disclaimer

Penn Color is committed to protecting your privacy. Occasionally, Penn Color uses a text message service to mass-communicate with our employees. This requires Penn Color to use our employees’ mobile numbers and other personal information. Except as explained below, our employees’ mobile numbers and other personal information will not be used for any other purpose. We will not share our employees’ mobile information with third parties for marketing purposes. By providing your phone number, you consent to receive messages from Penn Color. You can opt out at any time by contacting Human Resources. Our website uses secure (HTTPS) connections to ensure the safety of your data. Message and data rates may apply.

Please read this entire Notice for more details about our data protection practices. If you have any questions, please contact us at DataPrivacy@penncolor.com.

3. Collection of Personal Data

For individuals other than our employees and applicants:

When you interact with us, we may collect and process the following categories of personal data:

  • Your contact information, including your name, the company you are associated with, your role
  • with your company, your company address, your phone number and email address;
  • Your gender;
  • Your participation in marketing and other events;
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding your interaction with our Site;
  • Information you may voluntarily submit to us; and
  • Our communications with you, including whether you opened an email that we sent to you, clicked on any links contained in the email, and information about the device you used to do so.

For our employees and applicants:

We may collect and process the following categories of personal data:

  • Your contact information, including your name, the company you are associated with, your role with your company, your address, your phone number and email address;
  • Your identification information, date of birth, gender, and marital status;
  • Your prior employment history and related professional or employment information;
  • Your education information;
  • Your emergency contact and beneficiary information, which may include name, address, phone number, and email address;
  • Your financial and health information; and
  • Our communications with you.

For users of our Web Site (the “Site”):

When you visit the Site, certain personal data may be passively collected, meaning it is gathered without your actively providing it. This personal data may include your IP address, location (city/state/country), Site usage information, and device information. We also use Google Analytics, which is provided by Google Inc. It uses cookiesto collect, for example, data about the operating system and the browser that you use, your IP address, the website you previously accessed (referrer URL), and the date and time of your visit to the Site. On subsequent repeated visits to the Site, frequently used information is automatically displayed for you. Google is able to track your usage patterns with the help of the cookies. The data generated by cookies about the use of the Site is transmitted to a Google server, which may be located within or outside of, the United States, and stored there. Google will use this information to evaluate your use of the Site. Google may transfer these rightsto third partiesinsofar as it isrequired to do so by law or in order that data may be processed on Google’s behalf. You can visit https://policies.google.com/privacy to learn more about Google Analytics’ use of cookies.

When you visit our Site, we may assign your device one or more cookies to facilitate access to our Site and to personalize your online experience. Through the use of a cookie, we also may automatically collect information about your online activity on our Site, such as the web pages you visit, the links you click, and the searches you conduct on our Site. Most browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on our Site. A cookie is a small text file that is stored on a user’s computer for record keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our Site. A persistent cookie remains on your hard drive for an extended period of time. We may allow our authorized service providers to serve cookies from our Site to allow them to assist us in various activities, such as doing analysis and research on the effectiveness of our Site, content and advertising. You may delete or decline cookies by changing your browser settings (click “Help” in the toolbar of most browsers for instructions). If you do so, some of the features and services of our Site may not function properly.

We may use the Meta pixel, which is an analytics tool that allows website owners to better understand the actions people take on their websites. When someone visits a website and takes an action (like completing a form), the pixel may be triggered and report this action. By accepting this Notice, you consent to the processing of your personal data by Meta.

Sensitive Data: Unless we specifically request or invite it, we ask that you not send or otherwise disclose to us your racial or ethnic origin, political opinions, cult, religion, or philosophical beliefs, sexual behaviors, health, disability, criminal background, trade union membership, or genetic data. In those cases where we may request or invite you to provide the foregoing information, we will only do so with your express consent, in accordance with applicable data protection law requirements. Where you provide us with such information without request from Penn Color, we reserve the right (but do not have any obligation) to erase any such information at our discretion.

Information about children: We do not knowingly collect personal data online from children under 18 without the express consent of the parent or legal guardian. If you are in Thailand, we do not collect personal data from children under 20 without the express consent of the parent or legal guardian and the children. If you are under 18 or 20 (as the case may be), do not use our website, or provide any information about yourself to us. If we learn we have collected or received personal information from a child under 18 or 20 (as the case may be) without verification of parental or guardian consent, we will delete that information. If you believe we might have any information from or about a child under 18 or 20 (as the case may be) without consent, please contact us.

When we collect personal data from and about residents of Singapore, we do so on behalf of Penn Color APAC PTE. LTD. Penn Color APAC PTE. LTD. is the controller of such personal data.

4. Purposes and Legal Bases for Processing Personal Data

We may process your personal data for the following purposes:

  • Performing and managing the contract we have with you or the company you are associated with;
  • Managing our relationship with you;
  • Communicating with you;
  • Facilitating the job interview and hiring process, if you are applying for a job with Penn Color;
  • Sending you our newsletters and updates via email and/or SMS about our products or services or promotions;
  • Providing our employees with benefits pursuant to their employment agreements; and
  • Complying with our legal obligations and defending our legal rights.

As discussed above, we use Google Analytics to track visitors to the Site and to get reports about how visitors use the Site. We do not allow Google to use information obtained by Analytics for other Google services, and Google anonymizes the IP-addresses provided to Penn Color.

We do not use your personal data for profiling or for any other automated decision making purposes, and we do not sell your personal data. We do not share your personal data for purposes of cross-context behavioral advertising.

If you are in the European Union, United Kingdom, or Thailand, our legal basis for processing your personal data is as follows:

  • If you, as an individual, are a party to a contract with us or seek to enter into a contract with us, our legal basis for processing your personal data for the purposes of managing our relationship with you, communicating with you, facility the job interview and hiring process (if you are an applicant for employment), and providing you with employment benefits (if you are an employee) is that such processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
  • We also will process your personal data if necessary to comply with European Union and Member State law and Thai law to which we are subject.
  • When we process your personal data for the purposes of performing and managing the contract we have with the company you are associated with, sending you our newsletters*, and/or complying with our non-EU legal obligations**, our legal basis for such processing is that it is necessary for the purposes of our legitimate interests. Our legitimate interests can include complying with United States federal and state law, complying with our contractual obligations, marketing our products to potential customers*, shipping samples to customers, accepting samples from suppliers, processing customer orders, processing supplier and vendor purchase orders, and shipping products to customers.

* except where personal data is used in Singapore for these purposes.

** except Thai legal obligations.

5. How We Collect Personal Data

Most of the personal data we process is information that you provide to us. However, in some instances, we process personal data that we are able to infer about you based on other information you provide to us, from our interactions with you, or based on personal data about you that we receive from a third party (such as the company that you are associated with, third parties that provide services to support payroll and employee benefits, third party referral sources, or one of our business affiliates).

6. Disclosure of Personal Data

Your local Penn Color group company will process some of your personal data locally. As a global organization, however, many of our business activities can also be carried out by processing or consolidating information about you in specific or centralized databases and systems located at our different facilities and companies. As a result, your information may be shared with other entities within Penn Color. Penn Color will only collect, receive, use, share, or otherwise process such personal data in accordance with applicable laws, this Notice, any applicable specific local policy, and to support our business purposes.

We may disclose your personal data to certain third parties that perform business functions or provide services to us, including with the following categories of recipients: our sales agents, data processing vendors, freight carriers, third parties that provide services to support payroll and employee benefits, banks, customs, and insurance companies.

We also may disclose your personal data in the following circumstances:

  • your personal data may be shared for legal reasons (e.g., to prevent crime or fraud, or to comply with a court order or legislation);
  • to enforce our terms and conditions or other agreements or policies;
  • in connection with, or during negotiations of, a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy; or
  • when you provide us with your consent to disclose your personal data to third parties.

Third-Party Privacy Policies: Any third parties to whom we may disclose personal data may have their own privacy policies which describe how they use and disclose personal data. Those policies will govern use, handling and disclosure of your personal data once we have shared it with those third parties as described in this Notice. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties. These entities or their servers may be located either inside or outside the United States.

Aggregated and Non-personal Information: We may share aggregated and non-personal data we collect under any of the circumstances set forth in this Policy. We may combine non-personal data we collect with additional non-personal data collected from other sources. We also may share aggregated information with third parties.

7. International Transfers of Personal Data

We may transfer personal data to countries whose laws may not afford the same level of protection of your personal information as your home country. Where necessary, we will ensure that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws.

For such transfers, we rely on the following measures:

  • Transfers to third parties or from one Penn Color entity to another Penn Color entity: Penn Color will use EU Commission-approved or PDPC-approved Standard Contractual Clauses (the “SCC”) as safeguards. If you wish to receive a copy of these safeguards, please contact us through the contact details provided below.
  • Where the Standard Contractual Clauses have not been executed between the data importer and the data exporter, Penn Color may instead rely on one or more of the derogations for specific situations identified in Article 49 of the General Data Protection Regulation and Section 28 of Thailand’s Personal Data Protection Act B.E. 2562 (2019) where permissible under applicable laws, including the following:
    • the data subject has explicitly consented to the proposed transfer, after having been provided with a reasonable summary of the extent to which the personal data transferred will be protected in the destination country to a standard compliant with applicable laws or informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
    • the transfer is necessary for compliance with law;
    • the transfer is necessary for the performance of a contract between the data subject and Penn Color or the implementation of pre-contractual measures taken at the data subject’s request;
    • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between Penn Color and another natural or legal person;
    • the transfer is necessary for the establishment, exercise or defense of legal claims;
    • the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;
    • the transfer is necessary for carrying out the activities in relation to substantial public interests; or
    • the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by Penn Color which are assessed by Penn Color as not overridden by the interests or rights and freedoms of the data subject, and Penn Color has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data and reasonable measures to eliminate, reduce the likelihood of or mitigate any adverse effect of the transfer on the data subject, has informed the relevant supervisory authority of the transfer, and has informed the data subject of the transfer, the compelling legitimate interests pursued and has provided reasonable access to information about such transfer. In such circumstances Penn Color will document the required assessment and safeguards.

8. Retention of Personal Data

Our retention periods for personal data are based on our business needs and legal requirements. We retain your personal information for the period necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose unless a longer retention period is required or permitted by law or defined in an agreement. We may retain personal data for longer where required by our regulatory obligations or professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.

We will cease to retain personal data as soon as it is reasonable to assume that the purpose(s) for which such personal data was collected is no longer being served by retention, and retention is no longer necessary for our legal or business purposes. Except that, only where permissible under applicable law(s), after deleting personal data in our active systems, copies of that data may be maintained in our backup systems until those copies are deleted in the ordinary course of business, according to the retention schedule for the backup systems.

9. Your Privacy Rights

If you are in the European Union, United Kingdom, or in Thailand:

  • You can contact us to exercise any of the rights you are granted under applicable data protection laws, which may include the right to (1) access your data, (2) rectify the data, (3) erase data, (4) restrict the processing of your data, (5) the right to receive a file of your personal data, (6) the right to object to the processing, (7) where we have asked for your consent for processing, withdraw this consent, and (for Thailand) (8) the right to lodge a complaint with the competent authority in Thailand regarding violations of the Thai PDPA. These rights will be limited in some situations. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data if the processing of such data is necessary for compliance with legal or regulatory obligations. You also have the right to lodge a complaint with the local Supervisory Authority.

If you are a resident of California:

  • You may request the following from us: (1) disclosure of information about the collection, use, disclosure, and sale of your personal information; (2) a list of categories of personal information collected about you in the preceding 12 months, including (a) categories of personal information collected about you, (b) categories of sources from which the personal information is collected, (c) the business or commercial purpose for collection or selling personal information, (d) categories of third parties with whom we share personal information, and (e) specific pieces of information that we have collected about you; and (3) deletion of any personal information about you that we have collected from you. These rights are subject to certain limitations. You have the right not to face discrimination for exercising any of your privacy rights. As stated above, we do not sell your personal information or share it for purposes of cross-context behavioral advertising.

When you would like to exercise your rights, please send your request to the contact details below. Please note that we may need you to provide additional information to confirm your identity.

We will use the following process to verify requests: We will acknowledge receipt of your request, verify it using processes required by law, then process and respond to your request as required by law. To verify such requests, we may ask you to provide the following information:

  • For a request to know categories of personal information which we collect, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you against information in our systems which are considered reasonably reliable for the purposes of verifying a consumer’s identity.
  • For a request to know specific pieces of personal information or for requests to delete, we will verify your identity to a high degree of certainty by matching at least three pieces of personal information provided by you to personal information maintained in our systems and also by obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.

We will respond to verifiable requests as required by law.

Authorized agent requests: An authorized agent can make a CCPA request on a California resident’s behalf by providing either: (1) a power of attorney valid under California law; or (2) proof that the consumer gave the agent signed permission to submit the request. The consumer must also provide either: (1) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete which are outlined above; or (2) direct confirmation that the consumer provided the authorized agent permission to submit the request.

You can also contact us if you have any questions, remarks, or complaints in relation to this Notice.

10. No Rights of Third Parties

This Notice does not create rights enforceable by third parties.

11. How We Manage this Notice

We may modify this Notice from time to time and will notify you of any changes by posting the revised Notice on our website. We encourage you to review this Notice each time you visit our website to see if this Notice has been updated since your last visit.

12. Contact Us

If you have any questions about this Policy or our privacy practices, please contact us at the following addresses:

Penn Color International B.V. Smakterweg 31, 5804 AE Venray, The Netherlands
Tel. +31 478-554000
DataPrivacyNL@penncolor.com

Penn Color, Inc.
400 Old Dublin Pike
Doylestown, PA 18901
Tel. 866-617-7366
DataPrivacy@penncolor.com