Privacy Policy and Terms of Use

Introduction

Senneca Holdings and its Brands (collectively, “Senneca,” “we,” “us,” “our,” or “Company”) care about your privacy. Senneca provides you with access to our website, www.senneca.com, as well as the websites and portals of our affiliated brands (each, a “Brand,” including Senneca, Chase, Curtron Products, Door Engineering, Eliason, Hercules, HMF Express, Subzero, Thermoseal, (collectively, the “Websites”) in order to facilitate access to certain services we may offer (together with the Websites, the “Services”). We are committed to respecting the privacy of information and data of the users of our Services.

This policy describes our policies and practices with respect to the collection and use of information that’s about you (your “Personal Information”). This information can be your name, email address, your contact information, and anything else that tells someone something about you. If you do not agree to the terms set forth herein, please do not use our Services. We reserve the right to update this Privacy Policy at any time, and the revision date above provides you with notice that the Privacy Policy has been updated.

Personal Information We Collect and How We Collect It

We collect several types of Personal Information from and about users of our Services, including:

• Personal Identification Data includes your first name and last name, email address, your phone number, or similar identifiers.
• Communication Data includes your communications you send us, and your feedback that you communicate to us via email or social media.
• Transaction Data includes your payment and transaction information such as your credit/debit card number, your first and last name, and billing address.
• Marketing Data includes names and email addresses.
• Device Data includes your device’s hardware information, operating system, platform information, browser type, language information, and browser plugin types.
• Usage Data includes information about how you use our Services.
• Employment Related Data includes information about your education history, your business, and your title at your business, as well as any other information you may include in your resume.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
• From third parties, for example, our business partners or information from social networking sites.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data could be derived from your Personal Information, but Aggregated Data is not considered Personal Information, as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing our Services. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.

Reasons for Processing Your Personal Information

Your Personal Information is used by us for the purpose it was collected, such as responding to your inquiry. In some cases, Personal Information is required to perform certain functions. You may be asked to provide your Personal Information to:

• Provide you with our Services;
• Send you newsletters or special offers you sign up for;
• Inform you of new features, functionality, services, products, and other promotions, if you agree to such notifications;
• Respond to questions or comments from you;
• Provide customer support;
• Plan and manage our contractual relationships with our vendors;
• Detect, prevent, and address technical issues;
• Complete internal analysis of information enabling us to monitor the usage of our Services;
• Improve our Services;
• Address legal issues, including (i) complying with our obligations to retain certain business records; (ii) establishing, exercising, or defending legal claims; (iii) complying with laws, regulations, court orders, or other legal processes; (iv) detecting and preventing fraud or intellectual property infringement claims, violations of our contracts or agreements, violations of law, or other misuses of our Services; and (v) protecting our rights or property, or yours or others’ health, safety, welfare, rights, or property; and
• Allow you to exercise your data privacy rights.

In addition, we may process your personal information for the following reasons:

• To carry out our obligations and enforce our rights.
• In any other way we may describe when you provide the information.
• For any other purpose with your express consent.

We may use information that is not Personal Information for any purpose. For example, we may aggregate usage data from many people in a way that does not identify any individuals to calculate the percentage of users accessing a feature on our websites. Such aggregated or anonymized data will not identify you or be traced back to your Personal Information.

Disclosure of Your Information

We may disclose Personal Information that we collect, or you provide as described in this privacy policy:

• To our corporate affiliates.
• To contractors, service providers, and other third parties we use to support our business.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Senneca’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Senneca about the users of our Services is among the assets transferred.
• To third parties to market their products or services to you if you have not opted out of these disclosures.
• To fulfill the purpose for which you provide it.
• To perform our purposes for processing it (see Reasons for Processing Your Personal Information).
• For any other purpose disclosed by us when you provide the information.
• With your consent.

Cookies and Automatic Data Collection Technologies

Our Services may use automatic data collection technologies to distinguish you from other users. It also allows us to improve our Services by enabling us to:

• Estimate our audience size and usage patterns.
• Store your preferences, so we may customize our Services according to your individual interests.
• Recognize you when you return to our Services.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. For information about managing browser settings to refuse cookies, see Your Rights and Choices.
• Flash Cookies. Certain features of our websites may use Flash cookies (local stored objects) instead of browser cookies to collect and store information about your preferences and navigation to, from, and on the Websites. For information about managing Flash cookies, see Your Rights and Choices.
• Web Beacons, Pixel Tags, Clear Gifs. Our website pages and emails may contain small transparent embedded images or objects known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count Website page visitors or email readers, or to compile other similar statistics such as recording Website content popularity or verifying system and server integrity. For information about managing web beacons, see Your Rights and Choices.
• Google Analytics. We use Google Analytics as a web analytics service. More information about how Google Analytics collects and processes data, and how you can opt-out and manage Google’s access to your activity, can be found at: https://policies.google.com/technologies/partner-sites.

Third Party Links

Our Services may include links to other websites we do not control and whose privacy policies may differ from this Privacy Policy. If you submit Personal Information to any of those sites, such information is subject to third party privacy statements. We strongly encourage you to carefully read the privacy statement of any website you visit.

Security

We use industry-standard encryption technologies when transferring and receiving consumer data exchanged with our Services. However, the Internet environment is not 100% secure, and we cannot guarantee that information we collect will never be accessed in an unauthorized way.

Your Rights and Choices

Your rights may vary depending on where you are located.

• Accessing, Updating, and Deleting Your Information. You can contact us as set forth in the Contact Information section below to request access to, correction of, or deletion of Personal Information that you have provided to us. We may also ask you to verify your identity before we respond to your request. Depending on your request, we may not accommodate your request to change information if we believe the change would violate any law or legal requirement or negatively affect the information’s accuracy.
• Cookies and Automatic Data Collection Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of these websites may become inaccessible or not function properly.
• California Residents. If you are a California resident, you may have additional rights and choices with regard to your personal information. Please see the CCPA Notice for more information.
• EU-UK Residents. If you are a resident of the EU-UK, you may have additional rights and choices with regard to your personal information. Please see  EEA Notice for more information.
• Canada Residents. If you are a resident of Canada, you may have additional rights and choices with regard to your personal information. Please see the Canada Notice for more information.
• Other Locations. If you are a resident of a jurisdiction which you believe provides greater privacy protection than as noted in this Privacy Policy, please contact us at [email protected].

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can block the collection and use of information related to you by advertising companies for the purpose of serving interest-based advertising by visiting the following platforms of self-regulatory programs of which those companies are members:

• The NAI’s opt-out platform is available here.
• The DAA’s opt-out platform is available here.

Residents of certain states may have additional Personal Information rights and choices.

Children Under the Age of 18

Our Services are not intended for children under 18 years of age. We will not knowingly solicit or collect Personal Information from children under 18, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law. If we learn that we have received information directly from a child under 18 without his or her parent’s or legal guardian’s consent, we will make commercially reasonable efforts to delete such information.

Changes to Our Privacy Policy

Changes to this Privacy Policy will be posted on this site, along with information on any material changes. Senneca reserves the right to update or modify this Privacy Policy at any time and without prior notice.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Canada Privacy Rights Notice

This Canada Privacy Rights Notice (the “Canada Notice”) provide information about the collection, use, processing and sharing of data about individuals located in Canada.

We comply with applicable Canadian privacy laws and regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA), in connection with processing Canadian personal information.

We will only use your personal information for the purposes described in this privacy policy unless (1) we have obtained your consent to use it for other purposes; or (2) we are otherwise permitted or required by applicable law to use it for such other purposes.

This Canada Notice applies only to the use of personal information in Canadian processing activities. In this Canada Notice, the words “Senneca,” “Company,” “we,” “us” or “our” refer to Senneca Holdings, together with our Brands (as defined in our Privacy Policy).

A. Transferring your personal information outside of Canada

We may transfer personal information that we collect, or that you provide, to third parties (including affiliates, service providers and others) as described in the Privacy Policy.

We may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as Canadian law, such as to the United States. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country.

You are welcome to contact us if you have questions regarding the collection, use, disclosure or storage of personal information by our service providers and affiliates outside Canada, and/or to obtain access to written information about our policies and practices with respect to service providers (including affiliates) outside Canada.

For questions about our privacy practices, please contact [email protected].

B. Data Retention

Your personal information will be kept in Canada and the United States and accessible to our employees and service providers who have a “need to know” such information for the purposes described in this privacy policy.

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, and/or for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you, either directly or indirectly, alone or in combination with any other information. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

C. Accessing and correcting your personal information

By law you have the right to request access to and to correct or rectify the personal information that we hold about you, subject to certain exceptions as required or permitted by applicable law.

If you want to access, review, verify, correct, rectify, update, or withdraw consent to the collection, use or disclosure of your personal information you may also contact us as directed in the Contact Us section of the Privacy Policy to make such a request.

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. 

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons, subject to any legal or regulatory restrictions.

We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions may include (without limitation):

• Information protected by solicitor-client privilege.
• Information that is part of a formal dispute resolution process.
• Information that would reveal the personal information or confidential commercial information of another person.
• Information that is prohibitively expensive to provide.

If you are concerned about our response or would like to correct the information provided, you may contact us as described in the Contact Us section of the Privacy Policy.

California Privacy Rights Notice

Senneca is committed to respecting the privacy of information and data of the users of our websites and other individuals (“you”), as described in the Privacy Policy. This California Privacy Rights Notice  (“CCPA Notice”) applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Sensitive Personal Information	Social security numbers, driver’s license, state identification card, passport number, financial account login in combination with security or access code, password or credentials, or precise geolocation.	NO

Personal Information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA’s scope, such as:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

How We Collect Personal Information

We use different methods and sources to collect information from and about you, including through:

• Direct interactions. You may give us information about you by interacting with our website, communicating with us via email or contact us page, or by interacting with us over social media.
• Third party or publicly available sources. We may receive information about you from third parties. For more detail, please refer to our Privacy Policy.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the business purposes noted in the Privacy Policy under the “Reasons for Processing Your Personal Information” section.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

In the preceding twelve (12) months, we have used your personal information from the following categories for business purposes:

• Category A: Identifiers
• Category B: Personal Information categories listed in the California Customer Records statute
• Category D: Commercial information
• Category F: Internet or other similar network activity
• Category I: Professional or employment-related information

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

• Category A: Identifiers
• Category B: Personal Information categories listed in the California Customer Records statute
• Category D: Commercial information
• Category F: Internet or other similar network activity

We disclose your personal information for a business purpose to the following categories of third parties:

• To our corporate affiliates.
• To contractors, service providers, and other third parties we use to support our business.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Senneca’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Senneca about the users of our Services is among the assets transferred.

In the preceding twelve (12) months, we have not sold any personal information.

Using your Sensitive Personal Information

Sensitive personal information means personal information that reveals (A) a consumer’s social security number, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; (F) consumer’s genetic data; (G) biometric information for the purpose of uniquely identifying a consumer; (H) personal information collected and analyzed concerning a consumer’s health; or (I) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

In the preceding twelve (12) months, we may have collected and used the following sensitive personal information.

• A consumer’s financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

This information is used to process your payment for the products and Services and deliver the products and Services to you. Because this is the only use of sensitive personal information and our use is reasonably necessary and proportionate to the purpose, we are not required to post a notice of right to the limit use of sensitive personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we disclosed your personal information for a business purpose, the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, Deletion, and Opt-out Rights

To exercise the access, portability, deletion, or opt-out rights described above, please submit a verifiable consumer request to us by email at [email protected] or contact us at 513.609.2999 or by mail at:

Senneca Holdings
10021 Commerce Park Dr.
Cincinnati, OH 45246
Attn: Privacy

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of the person we collected personal information on.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Policy

We reserve the right to amend this CCPA Notice at our discretion and at any time. When we make changes to this CCPA Notice, we will notify you by email or through a notice on our website homepage.

EU-UK Privacy Rights Notice

This EU-UK Privacy Rights Notice (the “EEA Notice”) provides information about the collection, use, processing and sharing of data about individuals located in the European Union, United Kingdom (UK), Iceland, Liechtenstein or Norway (the “European Economic Area” or “EEA”).

With respect to individuals in the UK, references to the GDPR in this EEA Notice are to be read as referring to the UK’s similar legislation, the Data Protection Act 2018.

In this EEA Notice:

• GDPR means the European Union’s General Data Protection Regulation.
• Personal Data means information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, by use of any identifier or factor specific to that individual; and
• GDPR Processing Activities means the collection, use, processing or sharing of Personal Data when those activities are within the scope of the GDPR.

This EEA Notice applies only to the use of Personal Data in GDPR Processing Activities. In this EEA Notice, the words “Senneca,” “Company,” “we,” “us” or “our” refer to Senneca Holdings, together with our Brands (as defined in our Privacy Policy), and we are the data controller of the GDPR Processing Activities.

A. How We Collect and Use Personal Data

We collect several categories of Personal Data in circumstances that may involve GDPR Processing Activities, including data you provide, data collected automatically (potentially including location data), and data we obtain from third party sources.

We use the Personal Data that we collect, dependent on your status as a customer or prospective customer, to:

• Create and maintain your account;
• Process your account registration;
• Answer your questions;
• Send you newsletters, updates, and other communications that you have requested; and
• Send you information about our Services and resources.

As described in more detail below, we rely on a number of legal bases to lawfully process your Personal Data. Most commonly, we will use your Personal Data in the following circumstances:

• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.
• For providing and customizing offerings.
• For administering our operations.
• For offering attendance to events and opportunities to participate.
• To understand how our online platforms are being used.
• Where necessary for cybersecurity purposes.
• To enhance protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.
• To meet our obligations and enforce our legal rights.

The ways in which we collect and use your data vary depending on the relationship between you and us. The following sections of this EEA Notice describe in more detail how we collect and use Personal Data in various circumstances that may involve GDPR Processing Activities.

Please note that, depending on the situation, some of the processing of Personal Data we do in the various circumstances described below may not fall within the scope of the GDPR.

1. Personal Data We Collect

As is true of most digital platforms, we obtain certain data automatically when you use one of our websites, such as your IP address, browser type and device type. Certain web forms also collect Personal Data you provide, for example when you enter data into form fields, such as for the purpose of registration. If we also process data through our websites for one of the activities described further below, those descriptions will provide additional information about how those data are collected and used. We and our third-party vendors use this Personal Data for the primary purposes of responding to your requests and providing you with relevant information. We and our third-party vendors use de-identified information for conducting analytics and improving our products.

2. Personal Data We Obtain from Third Party Sources

As part of our GDPR Processing Activities, we may obtain certain Personal Data about you from third party sources, which we may use for the purposes and in the ways described in the Privacy Policy. In some cases, we may obtain your consent for additional uses.

Partners and Service Providers

We use partners and service providers to provide services for us. Some of these partners have access to Personal Data about you that we may not otherwise have (for example, when you sign up directly with that provider) and may share some or all of these data with us.

3. Additional Uses of Personal Data

In addition to the uses described above, including under the Privacy Policy, we may use your Personal Data for purposes the noted in the Privacy Policy under the “Reasons for Processing Your Personal Information” section. These additional uses may under certain circumstances be necessary to fulfill our contractual commitments to you, for legal compliance, or to serve our legitimate interest.

4. Data Retention

We will retain your Personal Data for as long as is necessary for the purposes set out in this EEA Notice and for as long as is required under applicable law or is needed to resolve disputes or protect our legal rights or otherwise to comply with legal obligations. Consistent with the foregoing guidance, some data may be retained indefinitely.

Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see “Your Rights” below).

Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.

Where we are processing Personal Data based on the public interest, we generally retain the information for the period of time that continues to serve that underlying interest.

Where we are processing Personal Data based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects. In some cases, where Personal Data was primarily processed and retained on the basis of consent, contract, the public interest, or other bases described in this EEA Notice, we may continue thereafter to retain the data based on a legitimate interest.

B. How We Share and Disclose Personal Data

We share your Personal Data with third parties in the ways described in this EEA Notice, including the “How We Collect and Use Personal Data” section above. Additionally, we may share information as described below:

Service Providers

We share your Personal Data with third-party service providers that complete transactions or perform services on our behalf or for your benefit, such as:

• Marketing and analytics;
• Event registration and coordination;
• Providing course platforms or tools that enable or enhance our offerings;
• Research insights and analytics;
• Research collaboration;
• System maintenance and security;
• Facilitating other transactions with you; and
• Assisting with our legal compliance.

Social Media Platforms

We may also use services provided by third parties (such as social media platforms) to serve targeted ads or sponsored content on third-party platforms. For more information regarding our use of cookies and similar technologies, see the “Cookies and Similar Technologies” section below.

Legal Process, Safety and Terms Enforcement

We may disclose your Personal Data to legal or government regulatory authorities as required by applicable law. We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health, safety, rights or property of you, us or others, or to enforce our legal rights or contractual commitments that you have made.

C. International Data Transfers

Much of our Personal Data processing takes place in the United States, though sometimes we or third parties with whom we share data, as discussed above, may process data in other countries. The data privacy laws in the United States and other countries outside the EEA and the UK may provide less protection than such laws in the EEA or the UK. In the event we transfer your Personal Data outside the EEA or outside the UK as part of our GDPR Processing Activities, we rely where required on appropriate or suitable safeguards or specific derogations recognized under the GDPR or under UK law.

The European Commission has adopted standard data protection clauses, also applicable in the UK, which provide safeguards for Personal Data transferred outside of the EEA or the UK. We may use Standard Contractual Clauses when transferring Personal Data from a country in the EEA or from the UK to a country outside the EEA or the UK. If so and your Personal Data are affected, you can request a copy of the Standard Contractual Clauses relevant to your Personal Data by contacting us as set forth in the “Contact Us” section below.

D. Cookies and Similar Technologies

We may collect Personal Data about you, or information that becomes Personal Data if combined with other information, when you visit or use our websites and online Services. This information may be collected through the use of cookies, which are small data files placed on your computer or mobile device that allow us to collect certain information whenever you visit or interact with our websites or online Services. Some of these cookies are managed by us (first-party cookies), while others are managed by third parties that we do not control (third-party cookies). This information may also be collected through the use of other data collection technologies (such as web beacons, pixels or tags) that embed graphic files in our websites and online Services. These graphic files contain a unique identifier that enables us to recognize when someone has visited our website or online Services, or in the case of web beacons, opened an email that we have sent them.

These small data files or graphic files serve various functions:

• Strictly Necessary: Necessary to deliver our Services;
• Performance and Functionality: Enhance the performance and functionality of our Services but are non-essential to their use;
• Analytics and Customization: Allow us to understand the effectiveness of our Services and marketing campaigns, as well as to customize our Services based on this information; or
• Advertising: Make advertising messages more relevant to you and your interests.

You can control the use of certain cookies and similar technologies by:

• Opting out of targeted online advertising through advertising networks (please visit http://www.aboutads.info/choices/, http://optout.networkadvertising.org/ or
  http://www.youronlinechoices.com for more information);
• Setting or amending your web browser controls to accept or refuse cookies (please visit your browser’s help menu for more information).

If you choose to reject certain cookies and similar technologies, you may still use our websites and online Services although your access to some functionality and features may be restricted. If you have any questions regarding our use of cookies and other similar technologies, please contact us as set forth in the “Contact Us” section below.

E. Your Rights

Upon your reasonable, good faith request we will provide you with information about whether we hold any of your Personal Data as part of our GDPR Processing Activities, to the extent required by and in accordance with applicable law. In certain cases, you may also have a right, with respect to your Personal Data collected and used in the GDPR Processing Activities, to:

• correct or update any of your Personal Data that is inaccurate;
• restrict or limit the ways in which we use your Personal Data;
• object to the processing of your Personal Data;
• request the deletion of your Personal Data; and
• obtain a copy of your Personal Data in an easily accessible format.

To submit a request, please send an email message to [email protected]. Because we want to avoid taking action regarding your Personal Data at the direction of someone other than you, we will ask you for information verifying your identity. We will respond to your request within a reasonable timeframe.

Subject to certain legal limits, you also have the right to withdraw your consent to our processing of your Personal Data as part of our GDPR Processing Activities, where our processing is solely based on your consent. In some cases, you can do this by discontinuing use of the Services involved in the GDPR Processing Activities. This would include by closing all of your online accounts with us and contacting us at [email protected] to request that your Personal Data be deleted. If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in this EEA Notice or the other Senneca privacy notices, you may not have access to some or all of the related Services, and we might not be able to provide you some or all of the Services. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so. For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our Services and operations safe and secure or to safeguard our rights or the rights or safety of others.

If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority (i.e., supervisory authority).

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

By mail:

Senneca Holdings
10021 Commerce Park Dr.
Cincinnati, OH 45246

By email: [email protected]
By phone: 513.609.2999

0010517.0251108   4920-9201-3588v1