Important Update: Potential Impact of Hurricane Milton on Toptech Systems’ Florida Operations. View the update.

Business Contact Privacy Notice

This privacy statement was last revised on 30th September 2021.

1.             Introduction and Scope

This Privacy Notices to Business Contacts (“Notice”) describes the processing of personal data by Toptech Systems, Inc. (“Toptech”), 1124 Florida Central Parkway, Longwood, Florida 32750 (“Company”, “we” or “us”), part of IDEX Corporation (“IDEX” or “IDEX Group and Affiliates”) (please see https://www.idexcorp.com/affiliates-list/ for all companies involved) of business contacts. Company is committed to the protection of the Personal Data that we process about you in line with the data protection principles set out in the Applicable Data Protection Law. This Notice informs you how we Process your Personal Data if you are one of our business contacts. Concerning the Processing of Personal Data of website users, please see our Website Privacy Statement, which you may access at https://toptech.com/privacy-statement/

This Notice applies exclusively to residents of a country belonging to the European Economic Area or the United Kingdom. It does not apply to any other business contacts and the rights listed in this document do not apply to such business contacts from other countries.

With regard to the Processing of Personal Data of website users, please see our Website Privacy Notice, which you may access here

This Notice may be amended from time to time. We will post any change to this Notice a reasonable period of time in advance of the effective date of the change.

Capitalised terms used in this Notice are defined in Section 2 of this Notice.

2.             Definitions

The following terms used within this Notice and defined as follows:

Term Definition
Applicable Data Protection Legislation All applicable data protection laws, which apply to the Processing of your Personal Data; in particular the GDPR as well as potential local laws, which may apply in your country.
Business Contacts All Consumers, Corporate Partners or employees of a Corporate Partner or any other person, which IDEX Group and Affiliates contacts or interacts with in the context of establishing, developing, maintaining, servicing or otherwise furthering the business relationship.
Consent Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the specific processing of his/her Personal Data. It has to be a clear affirmative act (“Opt-In”). Silence or inactivity are not sufficient. Consent may be withdrawn at any time with effect for the future.
Consumer A person that buys goods or services mainly for personal purposes.
Corporate Partner Persons or organisations that buy goods or services from IDEX Group and Affiliates, mainly for their own business purposes, or other business partners with which we have a contractual or commercial relationship with, like subcontractors and suppliers; this includes existing as well as prospective Corporate Partners.
Data Controller The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data; where the purposes and means of Processing are determined by national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by national or EU law.
Data Processing Any operation, or set of operations, which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Processor A natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Data Controller.
Data Protection Officer The person, which is appointed by the Company to protect the data subjects’ rights and to acts as an interlocutor between the Company and you in order to ensure that the Company complies with all Applicable Data Protection Legislation.
Data Subject Any person to whom the respective Personal Data refers.
Data Protection Supervisory Authority Any public authority which is competent to review legitimacy of Personal Data Processing by the Company and/or enforce your data protection rights against the Company.
European Economic Area

or

EEA

The Member States of the European Union, plus Norway, Iceland and Lichtenstein.
Filing System Any structured set of Personal Data, which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
GDPR EU General Data Protection Regulation 2016/679.
Personal Data Any information relating to an identified or identifiable natural person (also referred to as ‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of identifying an individual, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Process

or

Processing

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

3.             Identity and Contact Details of the Data Controller and the Data Protection Officer

The Company is responsible for Processing your Personal Data and is the Data Controller.

If you have any questions about this Notice, please contact us at

Toptech Systems, Inc.

1124 Florida Central Pkwy

Longwood, Florida 32750

+1 (407) 332-1774

 

Toptech Systems NV

Nieuwe Weg 1 – Haven 1053

B-2070 Zwijndrecht / Belgium

+32 (0)3 250 6060

 

Email: privacy@IDEXcorp.com

You can contact our Data Protection Officer at privacy@IDEXcorp.com

4.             Categories and Sources of Personal Data we Process

We Process a different categories of Personal Data of our Business Contacts. This includes:

  • identity details, including name, information about your title, your job title and hierarchical position and educational level or work experience;
  • contact details, including business contact details, such as company address and business telephone number and e-mail address;
  • information you provide us in our business relationship, including within corporate surveys, questionnaires or our correspondence; such as information about your liking of our products, previous inquiries or other information about our ongoing business relationship;
  • data from initiation, maintenance and execution of our business relationship, including performed and planned orders and related data such as delivery modalities or insurance coverages as well as user login and subscription data, use of our web services or newsletters and data about your budget;
  • company data of our Corporate Partners, such as company name and company business registration number, including information from our due-diligence or other onboarding procedures or our Corporate Partner´s business needs, which may be linked to you; and
  • data relating to the assertion or defense against legal claims and prevention of misconduct, compliance checks, compliance violations or other infringements.

Most of the Personal Data we Process, you have provided directly to us, other Personal Data may have be provided by your employer, our Corporate Partner or other instances involved in the initiation and execution of the contracts with our Corporate Partner. In addition, we may process personal data that we permissibly obtain from publicly accessible sources (such as LinkedIn) or that are legitimately transmitted to us by third parties (such as credit agencies).

5.             Purposes of Data Processing

The Company Processes Personal Data of Business Contacts for various business purposes, including:

  • initiation, performance and execution of a contract with you or our Corporate Partner, including to meet our contractual obligations, necessary due diligence and other onboarding requirements in regard to our Corporate Partners;
  • market analysis, in particular through surveys, to understand the market in which we operate to use inter alia for product and service development;
  • business communication by e-mail and telephone and promotion of our products and services;
  • fulfilment of legal obligations, including local tax and commercial law, as well as audits by governmental and regulatory authorities and compliance;
  • for security control of the IDEX Group and Affiliates premises and IT infrastructure as well as Data Breach Procedures;
  • the assertion and defence of legal claims and prevention of misconduct, compliance violations or other infringements, such as routine inspections, specific suspicious facts or dispute resolution cases, e.g. regarding IT security incidents or (potential) misuse of Toptech (intellectual) property;
  • the provision of our customer services, in particular to respond to your queries or investigating and resolving complaints;
  • customer relationship management, including listing important contacts for our business, connecting individual people with accounts of our Corporate Partners, listing important stakeholders for us, customers surveys;
  • optimization of our business processes, such as account management, including to establish and manage our business relationships; like the maintenance of a supplier or customer database, also in regard to an electronic “customer relationship management system”, undertaking risk management or preventing or detecting crime including fraud and financial crime.

6.             Legal Bases for Processing Personal Data

The Company Processes Personal Data relating to its Business Contacts on different legal bases:

  • 6 section 1 lit. a GDPR, if you have been informed about the intended Processing of your Personal Data, and have given us your consent. You can always withdraw your consent. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.
  • 6 section 1 lit. b GDPR, if the Processing of your Personal Data is necessary in order to carry out the contract concluded between you and us.
  • 6 section 1 lit. c GDPR, if the Processing is necessary for us in order to comply with a legal obligation we are subject to. E.g. laws on money laundering or similar compliance requirements might require us to process certain of your Personal Data.
  • 6 section 1 lit. f GDPR, if the Processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data. These legitimate interests can be:
  • management of our business relationship with our Corporate Partners, including meeting our contractual obligations and corresponding communications in relation to our business relationship;
  • optimization of our business processes, including the implementation of optimized customer service and customer management, including with regard to you as an employee of our Corporate Partner, such as the maintenance of a supplier or customer database, also in regard to a “customer relationship management system”;
  • security of our property and infrastructure, such as IT Security and Data Breach Procedures, as well as measures to ensure operational, building and plant safety and for business management;
  • the assertion and defence of legal claims and the prevention of compliance or other infringements;
  • to grow our business by networking and market research and analysis of potential business opportunities as well as direct marketing, such as marketing activities and communications or in regard to product or service development processes.

7.             Your Rights

The GDPR provides you with certain rights in relation to the Processing of your Personal Data, including to:

  • Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you, and to check that we are lawfully Processing it.
  • Request rectification, correction, or updating to any of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request Personal Data provided by you to be transferred in machine-readable format (“data portability”), to the extent that this right is relevant in the employment context.
  • Request erasure of Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).
  • Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you (e.g. if you want us to establish its accuracy or the reason for Processing it).
  • Withdraw any consent you may potentially have given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

These rights are not absolute and are subject to various conditions under: (a) Applicable Data Protection Legislation; and (b) other laws and regulations to which we are subject.

You may exercise the rights accorded by the Applicable Data Protection Legislation, for example, by contacting us at the contact details given above.

You also have the right to lodge a complaint with a Data Protection Supervisory Authority.

8.             Data Sharing and International Data Transfers: Intra-Group and Third Parties

8.1          Intra-group transfers

As a member of a multinational enterprise operating under a matrixed management structure, Company may share Personal Data of Business Contacts with other IDEX Group and Affiliates listed in the Annex for the purposes set out in this Notice. Please note that Company only shares Personal Data of Business Contacts with those listed companies where this is covered by a lawful basis for such Processing.

These transfers are protected by the obligations set out in intra-group agreements that we will enter into among and between the various legal entities comprising the IDEX Group and Affiliates. International transfers within the IDEX Group and Affiliates are governed by EU Commission-approved Standard Contractual Clauses for Controllers and, where relevant, for Processors. You may receive a copy of these Standard Contractual Clauses used in our intra-group agreements by contacting us at the contact details given in Sec. 3 above.

8.2          Third Parties

Company may share Personal Data with external vendors that we engage to perform services or functions on our behalf and under our instructions. Where applicable, their Processing of your data will be subject to the GDPR requirements. Company will also ensure that its contracts with these parties ensure that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of the Personal Data entrusted to them, in line with the GDPR requirements.

For the purposes set out in this Notice, we may also disclose your Personal Data to our IT service providers, auditors, lawyers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. Some of these recipients are themselves responsible to determine the purposes and means of the Processing and for the lawfulness of the Processing on their end. Where necessary, we will ensure that appropriate contractual measures are in place to ensure the protection of your Personal Data.

Some of the third parties that we engage to Process your Personal Data are located outside the European Economic Area. We will ensure that these transfers are either

  • to countries, which fall under an adequacy decision by the EU-Commission and is deemed to provide an adequate level of protection, currently including Switzerland, Uruguay, Argentina, Japan, Israel, Isle of Man, New Zealand, Guernsey, Canada, Andorra, Faroe Islands and Jersey; or are
  • governed by one of the following safeguards according to Art. 44 ff GDPR, especially: EU Commission-approved Standard Contractual Clauses or Binding Corporate Rules approved by an EU data protection authority, extended by additional safeguards according to the ECJ findings in Schrems-II. You may receive a copy of these data protection safeguards by contacting us at the contact details given above.

9.             Retention of Personal Data

Company will keep and Process your Personal Data only for as long as is necessary for the above-mentioned purposes for which they were collected or for legal obligations. Such legal obligations may arise particularly under tax and commercial law. If your data is no longer necessary for the fulfilment of contractual or legal obligations or for the fulfilment of the above-mentioned purposes, they will be deleted; unless they are needed to secure, assert or enforce legal claims. In this case, we will retain them in accordance with the regular limitation period. During this period, this data is blocked and is no longer available for any other use.

10.          Statutory/Contractual Requirements

In certain cases, you may choose to not provide us with your Personal Data and/or provide incomplete Personal Data. However, please be aware that we may not be able to engage in or continue a business relationship as your Personal Data is required for administrative purposes and/or to fulfill statutory requirements.

11.          Automated Decision-Making and Profiling

Your Personal Data will not be used for automated decision-making and/or profiling.

 

Documentation / Firmware

About Us

Events

Updates

Careers

Contact Us