This Privacy Policy (“Policy”) describes how Bilfinger North America Inc., its affiliates, and subsidiaries (“Bilfinger,” “we,” “our,” or “us”) collects, uses, discloses, and otherwise processes personal information described in this Policy, as well as the rights and choices individuals have regarding such personal information.

By using our Services (as defined below), you acknowledge that your personal information will be handled as described in this Policy. Your use of our Services and any dispute over privacy are subject to this Policy.

California residents can view our California Consumer Privacy Act notice by clicking here.

Except as otherwise noted below, this Policy applies to personal information of individuals whose personal information we collect both offline and online, including with respect to our vendor / client personnel and users of our websites where this Policy is posted, including at northamerica.bilfinger.com, and other websites we operate that display or include a link to this Policy (collectively, the “Services”).

Additional Notices. Depending on how you interact or engage with us, we may provide other privacy notices with additional details about our privacy practices. For example, this Policy does not apply to job applicants and candidates who apply for employment with us, or to employees in the context of our working relationship with them.

3. Disclosures of Personal Information

We may disclose the personal information we collect for the purposes described above and as follows: 

• Our affiliates and subsidiaries. We may disclose personal information we collect to our affiliates or subsidiaries who will use and disclose this personal information in accordance with this Policy.
• Business partners. We may disclose personal information we collect to our business partners in accordance with this policy.
• Vendors and service providers. We may disclose personal information we collect to our service providers, processors, and others who perform functions on our behalf. These may include, for example, event management agencies, catering suppliers, shippers and distributors, IT service providers, help desk, payment processors, analytics providers, consultants, auditors, and legal counsel.
• In support of business transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
• Third party platforms, providers, and networks. We may disclose or make available personal information to third party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. Advertising networks.We may make available certain personal information to third parties in support of our marketing, advertising, and campaign management.
• Internet service providers.We may disclose personal information we collect to internet service providers in accordance with this policy.
• Data analytics providers.We may make available certain personal information to third parties in support of our analytics.
• Compliance and legal obligations.We may also disclose personal information to third parties to comply with our legal and compliance obligations and to respond to legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process. In addition, it may include certain disclosures that we are required to make under applicable laws, such as the names of sweepstakes and contest winners.
• Security and protection of rights. We may disclose personal information where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property and safety of others. For example, we may disclose personal information in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party. We may also disclose information, including personal information, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
• Social networks. We may disclose information to social networks in the context of communication and other interaction with you via our social media presences.
• At your request. We may disclose information to others when requested, explicitly or implicitly, by you.
• Aggregate and Deidentified Information. Notwithstanding anything else in this Policy, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and other purposes.
• Other Disclosures. We may disclose personal information in other ways not described above, but will notify you by updating this Policy, and, if necessary, obtain your consent.

4. Cookies and Other Tracking Mechanisms

We and our third-party service providers use cookies, pixels, local storage objects, log files, APIs, and other mechanisms to automatically collect information browsing, activity, device and similar information within our Services and to target advertising and content. We use this information to, for example, analyze and understand how users access, use and interact with others through our Services, as well to identify and resolve bugs and errors in our Services and to assess secure, protect, optimize and improve the performance of our Services. You have certain choices about our use of cookies and tracking within the Services, as described in this section.

Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within Service. 

Local storage objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order enable faster loading of pages and content when you return to our websites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.

Cross-device Tracking. We and our third-party providers may use the information that we collect about you within our Services and on other third-party sites and services to help us and these third parties to identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.).

5. Your Privacy Choices

We make available several ways that you can manage your privacy choices and submit privacy requests related to your personal information. These include:

• Cookie Settings. To prevent cookies from tracking your activity on our Site or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The "Help" portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function.
• Marketing Communications. You can opt out of receiving marketing emails from us by using the unsubscribe feature in any such email we send you. You can also log in to your account and change your marketing/communications preferences.

For more information about our privacy practices and your privacy choices, you may contact us using the contact information in the ‘Contact Us’ section below.

6. Personal Data of Children

We do not knowingly collect or solicit personal data about children under 16 years of age. If you are a child under the age of 16, please do not send us any personal data. If we learn that we have incidentally collected personal data from a child under 16 years of age, we will delete that information. If you believe that a child under 16 years of age may have provided personal data to us, please contact us at dataprivacynospam@bilfinger.com.

7. Security

We have implemented safeguards that are intended to protect the personal information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

8. Additional Information for California Residents

8.1 Personal Data We Collect.

Depending on how you use the Services, we may collect the following categories of personal data (and have collected in the prior 12 months):

• Identifiers. Such as name, email, phone number, billing and shipping address, unique personal identifier, online identifier, IP address, account name, or other similar identifiers.
• CustomerRecords. Such as account and profile information and customer records that contain personal data, such as name, account name, other characteristics or descriptions, email, address, phone number, and other contact information, account credentials, communications preferences, billing and payment information, customer service and support tickets and records, and other information you provide to use our services.
• Commercial Information. Such as records of purchases and other purchasing or consuming histories or tendencies.
• Internet or Other Electronic Network Activity Information. Such as browsing history, clickstream data, search history, and information regarding interactions with our site, advertisements, or emails, including other usage data related to your use of any of our services or other online services.
• Geolocation Data. Such as general location information about a particular individual or device.
• Audio, Electronic, Visual, or Similar Information. Such as information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, photographs, user profile images, and security camera footage to secure our offices and premises.
• Professional or employment-related information.Such as job title, employer, work email, phone number, and address.
• Inferences. Such as inferences drawn from any of the information described in this section about an individual including inferences reflecting the individual’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.

8.2 Sources of Personal Data.

We generally collect personal data from the following categories of sources:

• Directly or indirectly from you;
• Our business partners;
• Customers and clients;
• Social networks;
• Our vendors and service providers.

8.3 Purposes for Collecting and Disclosing Personal Data.

In general, we collect and otherwise process the personal data we collect for the following business or commercial purposes:

• Provision and maintenance of the Services;
• Contacting you and providing you with information you have requested;
• Analytics and improvement of our services, products, and Services;
• Collection and use of statistical information about the use of the Services;
• Detecting issues and addressing the security of our Services and systems;
• Payment processing;
• Marketing and promotions;
• Security and protection of rights;
• Research and surveys;
• Interacting with you via social media;
• Planning and managing events;
• Compliance with legal obligations and legal process;
• Execution of corporate transactions (e.g., reorganization, merger, sale, sale of assets, joint venture);
• Auditing, reporting, and other internal operations; and
• General business and operational support.

Sensitive Personal Data. Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal data” beyond the purposes authorized by the CCPA.

8.4 Retention of Personal Data.

We retain your personal data for as long as needed or permitted, based on the reason we obtained it (consistent with applicable law). When deciding how long to keep your personal data, we consider whether we are subject to any legal obligations (e.g., any laws that require us to keep records for a certain period before we can delete them) or whether we have taken any legal positions (e.g., issued any legal holds or otherwise need to preserve the information). Rather than delete your data, we may also deidentify it by removing identifying details. Where we have committed to maintaining and using personal data in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.

We review the personal data of new leads that we have entered into our Customer Relationship Management tool every four weeks to determine whether it is still required for the purposes set out above. If we no longer need this personal data, it will be promptly deleted.

We review the personal data of contacts that we have entered into our customer relationship management tool every ten years to determine whether they are still required for the purposes set out above. If we no longer need this personal data, it will be promptly deleted.

We retain e-mails for as long as they are needed for our operational purposes.

We generally delete personal data provided pursuant to a user’s consent when the consent is withdrawn. Proof of consent is stored for up to three years after consent was withdrawn.

8.5 Disclosure of Personal Data to Third Parties and Other Recipients.

The categories of personal data we have disclosed for a business purpose in the preceding 12 months include: identifiers, customer records, commercial information, Internet or other electronic network activity information, geolocation data, audio, video, and other electronic data, and inferences.

The categories of third parties and other recipients to whom we may disclose personal data for a business purpose may include: affiliates, subsidiaries, and business partners, vendors and service providers, acquirers of business assets, advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, and social networks.

8.6 Sales and Sharing of Personal Data.

The CCPA defines "sale" as disclosing or making available personal data to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal data to a third-party for purposes of cross-contextual behavioural advertising.

We do not “sell” or “share” personal data as defined above. We also do not sell or share personal data about individuals we know are under age 16.

8.7 Your CCPA Rights.

The CCPA provides California residents with certain rights regarding their personal data. Note that these rights only apply to personal data we collect and process under this privacy notice as a business or controller. For personal data we process on behalf of our business clients in our capacity as a service provider or processor, please submit your request directly to the business client with whom you have a relationship, and we will provide reasonable assistance to that business client as necessary. In general, California residents, including our business clients’ employees who reside in California, have the following rights, subject to certain exceptions:

Right to Know/Access. The right to request:

• The categories or personal data we collected about you;
• The categories of sources from which the personal data is collected;
• Our business or commercial purposes for collecting, selling, or sharing personal data;
• The categories of third parties to whom we have disclosed personal data; and
• A copy of the specific pieces of personal data we have collected about you.

Right to Correct. The right to request that we correct inaccuracies in your personal data.

Right to Delete. The right to request we delete your personal data.

Opt-Out of Sale or Sharing. We do not “sell” or “share” personal data, or use it for targeted advertising purposes, so there is no need to exercise your right to opt-out.

Right to Limit Use . We do not engage in uses or disclosures of “sensitive personal data” that would trigger the right to limit use of sensitive personal data under the CCPA.

Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

8.8 Exercising Your CCPA Rights.

If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

• Email us at dataprivacynospam@bilfinger.com

Verification. Before responding to your request, we must first verify your identity using the personal data you recently provided to us. You must provide us with your name and the email address you usually use to interact with us. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

9. Contact Us

If you have any questions or concerns regarding this Policy or our privacy practices, you may contact us at any of the following methods:

dataprivacynospam@bilfinger.com

10. Amendment of this Privacy Notice

We reserve the right to amend or change this privacy notice at any time to ensure compliance with applicable laws. Please check regularly to see if this privacy notice has changed.

This privacy notice was last amended in February 2024.

The effective date of this privacy notice is February 26, 2024.