Effective Date: February 23, 2023
This GDPR Privacy Addendum supplements our Statement and applies to residents of the European Economic Area, i.e. the European Union plus Iceland, Norway, and Lichtenstein, as well as to residents of the United Kingdom.
The data controller pursuant to Art. 4 No. 7 General Data Protection Regulation (Regulation (EU) 2016/679) and the UK General Data Protection Regulation and the Data Protection Act of 2018 (collectively, the “GDPR”) is Toptech Systems, Inc. (Toptech), a company with its principal place of business at 1124 Florida Central Parkway, Longwood, Florida 32750, U.S.A. will process your personal data pursuant to this Statement as a personal data handler under PIPL, and can be contacted at the following email addresses: firstname.lastname@example.org or Privacy@idexcorp.com.
IDEX may have business unit-specific Data Protection Officers when necessary to comply with the GDPR. Some of our business units may also have a representative in the European Union and/or the United Kingdom when necessary, however our business units that are European Economic Area may not be required to appoint a representative and have elected not to do so. More information about contacting IDEX’s representative (when appropriate) and Data Protection Officer is set forth below under the “Contact Information” portion of this GDPR Privacy Addendum.
The types of information about you that we process and the purposes for that processing is described in our Statement. As described in our Statement we process personal data for different purposes. The legal bases according to the GDPR for such processing are listed below (Please see our Toptech Cookie Notice, available here https://toptech.com/privacy-statement/cookie-notice/ for information about the processing of data derived from cookies):
|Processing purposes||Lawful basis|
| Learning about our website(s) users’ browsing pattern and the performance of our website(s) or for marketing purposes via cookie data or similar tracking technologies||We only process this kind of cookie or similar tracking data if you have given us your prior consent (Art. 6 (1) (a) GDPR).|
| Visits or interactions with social media||These data are processed on the basis of statutory regulations, which allow us to process personal data to the extent necessary for the use of a service (Art. 6 (1)(b) GDPR) or because we have a predominant legitimate interest in providing you with, or optimize the functions on our presences on social media (Art. 6 (1)(f) GDPR), as well as your consent vis-á-vis the respective operator of the social media platform (Art. 6 (1)(a) GDPR). We might act as joint controller with the respective social media site. For further information, please see Section 2 below.|
| Providing our Sites to our users
Maintaining and improving our Sites
Providing and improving our customer service, including responding to your comments, questions and requests (e.g. product queries or technical questions)
Processing employment inquiries
Learning about how our products and services may be used
|This data is processed on the basis of statutory provisions which allow us to process personal data to the extent necessary for the use of a service or the performance of a contract (Art. 6 (1) (b) GDPR), any processing for these purposes that is not necessary for the use of our website and the functions provided on the website is necessary for pursuing our or a third party’s legitimate interests which are not overridden by the interests or fundamental rights and freedoms of the users which require the protection of personal data (Art. 6 (1) (f) GDPR). Insofar as the processing is based on our legitimate interests, such interests are running a stable and efficient website, having a good customer service, employing people, making our business processes more efficient and improving our business and services.|
| Analysing and managing our business
Improving our IT security
Defending our legal interests, e.g. when claiming remedies of attacks on our website
Establishing and managing our business relationship, e.g. when you as a customer contact us via one of the Sites and we connect this request to your business account
|The personal data is processed for pursuing our or a third party’s legitimate interests which are not overridden by the interests or fundamental rights and freedoms of the users which require the protection of personal data (Art. 6 (1) (f) GDPR). The legitimate interests are running a user-friendly website, improving our offers by tailoring our offers to the individual user, running a secure and stable website, making our business processes more efficient and pursuing our legal rights.|
| Communicating with you about services, offers, promotions, rewards, and events offered by IDEX and others||Depending on the individual case such communication can be based on different legal bases. We might provide you with certain information based on a declaration of consent (Art. 6 (1) (a) GDPR), we might also provide you the information because you have subscribed to a specific service in which case the processing is necessary for the performance of a contract with you (Art. 6 (1) (b) GDPR). Certain communication might also be based on our legitimate interest to provide tailored marketing information to the users of the Sites (Art. 6 (1) (f) GDPR).|
| Carrying out any other purpose described to you at the time the information was collected||The legal basis will depend on the individual case.|
For users located in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland“). The privacy statement of LinkedIn Ireland can be accessed here: https://de.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. In it, you will also find information on the privacy setting options for your LinkedIn profile.
We are also jointly responsible with LinkedIn Ireland for the processing of so-called Page Insights data when people visit our LinkedIn company page. For this purpose, we have concluded a joint processing responsibility agreement with LinkedIn Ireland, which can be accessed here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn Ireland undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Page Insights Data and to comply with all obligations under the GDPR with respect to the processing of Page Insights Data. We receive non-personal information and analytics about the use of our account or interactions with our posts from LinkedIn Ireland as part of so-called Page Insights. With this information, we can analyze and optimize the effectiveness of our LinkedIn activities. For this purpose, LinkedIn Ireland processes in particular data that you have provided to LinkedIn Ireland via the information in your profile. This especially includes the following data:
In addition, LinkedIn Ireland will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page.
We delete or anonymize your personal data as soon as it is no longer required for the purpose for which we processed it.
In general, we store your personal data for the duration of the usage or the contractual relationship via the website plus a period of 15 days for IT security purposes. We store general web log files for a period of one year and for analytical information, we store the data for three years.
In the event that you have given us your consent to process your data (e.g. for marketing purposes including the associated profiling), we will store your data until you revoke your consent or the processing purpose does not apply anymore.
For the retention period of cookies and other tracking, please refer to the details in our Toptech Cookie Notice, available here https://toptech.com/privacy-statement/cookie-notice/.
After these periods have expired, the data will be erased unless this data is required for a longer period due to legal retention periods, alternative purposes or for criminal prosecution. Beyond these retention periods, we may retain the data for the purposes of legal defense and law enforcement for as long as is necessary for the preparation or execution of a possible legal dispute (usually up to four years, whereby the legal dispute itself may inhibit the course of this period). If data can be stored for these reasons, it will be blocked. The data will then no longer be available for further use.
The GDPR provides you with certain rights in relation to the processing of your personal data. These rights are subject to various conditions under the GDPR and/or your countries specific implementation of the GDPR.
All such requests to exercise these rights may be sent to email@example.com or to the other contact information listed below. Those rights include:
RIGHT OF OBJECTION. YOU HAVE THE RIGHT; FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON THE BASIS OF ART. 6 (1) (e) OR (f) OF THE GDPR. WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
You are under no contractual or statutory obligation to provide personal data. However, if you do not provide the personal data we require to process your request (e.g. when you contact us with questions about our products), we may not be able to respond to such request.
No automated decision- making as referred to in Art. 22 GDPR occurs on the Sites.
Toptech is an affiliate of the IDEX Corporation which operates internationally, as such, your information may be made available to companies and/or branches within our group which may be located outside of the U.S., including in countries which may not provide the same level of protection of your information as in your home jurisdiction. In some countries, the federal, state, local, provincial, or other governments, courts, and law enforcement or other regulatory agencies may be able to obtain disclosure of your information through their laws.
If and when transferring your personal data to which the GDPR applies onwards outside the EU/EEA or the United Kingdom, we will do so using one of the following safeguards:
International transfers within Toptech and IDEX are governed by Standard Contractual Clauses (as defined under the GDPR) approved by the EU Commission and/or the Information Commissioner’s Office in the United Kingdom.
You may request a copy of the Standard Contractual Clauses or other applicable safeguards by contacting firstname.lastname@example.org or email@example.com.
If you have any questions or comments about this GDPR Privacy Addendum, the ways in which Toptech collects and uses your information described above and in the Statement, your choices and rights regarding such use, or wish to exercise your rights under the GDPR, please do not hesitate to contact us at:
To Contact Toptech:
Email: firstname.lastname@example.org or privacy@IDEXcorp.com
Postal Address: Toptech Systems
1124 Florida Central Parkway
Longwood, FL 32750
To Contact IDEX:
Postal Address: IDEX Corporation
Attn: Legal Department: Compliance/Privacy
3100 Sanders Road, Suite 301
Northbrook, IL 60062, USA