Privacy Notice

Brambles Ltd and its affiliates including its companies operating under the CHEP, BXB Digital, and Kegstar brands (collectively, “Brambles” or “we” or “our” or “us”), respect your right to privacy and your right to control the dissemination of your personal information . Please click here for a list of our business locations and contact information.

myCHEP is our proprietary online customer portal that streamlines and simplifies the administrative tasks associated with pallets, reusable plastic containers, bins and container sharing and reusing. It is accessible on multiple devices and simplifies customer orders, collections, issues or returns in just a few clicks. This notice applies to the myCHEP website and any mobile applications or other online and/or mobile applications or websites operated by us or that are related to myCHEP (collectively, "Website"). It also describes how this Website collects information from you, what types of information it collects, what we may do with the information you provide, and your rights regarding privacy.

By visiting our Website, and/or using the services offered on or through our Website, you acknowledge you have read and understood the terms of this Privacy Notice. This Privacy Notice is incorporated into, and part of, the Terms and Conditions of our Website, which governs your use of our Website.

1. INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following information about you:

• Contact Information

If you choose to use the contact function, we may ask you to provide us with some basic information about you and/or your company -- such as name, job title, email address -- which enables us to provide services and information to you, and helps make our contact with you as productive as possible.

• Communications

To continually improve the effectiveness of our customer service communications, we may examine e-mail communications with you for its effectiveness. We may also collect other information from you when you provide comments or participate in surveys.

• Browsing

We may collect details of your visits to our Website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access.

2. IP ADDRESSES AND COOKIES

• IP Addresses

Our web servers may collect the name of the domain you used to access the Internet, the website you came from, and the website you visit next. This information is aggregated to measure the number of visits to the site, average time spent, page views, and other statistics about visitors to this site. We may also use this aggregated data to monitor site performance and to make the site both easier and more convenient to use.

When you visit our Website, we collect certain technical and routing information about your computer to facilitate your use of the Website. For example, we may log environmental variables, such as browser type, operating system and CPU speed, and the Internet Protocol ("IP") address of your originating Internet Service Provider, to try to bring you the best possible service. We may also record search requests and results to try to ensure the accuracy and efficiency of our search engine. We may use your IP address to track your use of the site. This "Click Stream" data may be matched with other information you provide.

• About Cookies

Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.

Cookies can be used by web servers to identity and track users as they navigate different pages on a website, and to identify users returning to a website. Cookies are either placed by Our Website (first-party cookies) or other websites whose content appears on Our Website (third-party cookies).

Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

• How we use cookies

Cookies do not contain any information that personally identifies you, but information that we store about you may be linked, by us, to the information stored in and obtained from cookies.

We use the information we obtain from you for the following purposes:

• to recognize your computer when you visit our Website
• to track you as you navigate our Website
• to improve our Website's usability
• to analyze the use of our Website

There are different categories of cookies used for different purposes.

• Managing cookies

You can control how your browser handles cookies received from Our Website. You can choose to refuse all cookies, or to be prompted before a cookie is saved to your hard drive, or to only accept cookies from certain websites that you designate. Information on deleting or controlling cookies is available at www.AboutCookies.org . By refusing to accept cookies from us, you may not be able to use some of the features and functionality available on Our Website.

3. HOW WE USE PERSONAL INFORMATION

We may use the information we obtain about you to:

• Operate our Website
• Ensure that the content from our Website is presented in the most effective manner for you and for your computer
• Communicate with you about our products, services, offers, events and promotions, and offer you products and services we believe may be of interest to you, such as through email business alerts and newsletters
• Provide customer support, including by responding to requests for information about our products and services (such as material safety information or inquiries about our services)
• Provide you with the specific services that you request
• Facilitate your involvement in our charity programs and community activities
• Operate, evaluate, and improve our business
• Gather your feedback about and improve our products, services, programs, and Internet services
• Analyze and enhance our marketing communications and strategies, and trends and statistics regarding use of our Internet services
• Protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users
• Comply with applicable legal requirements and industry standards and with our policies

4. DISCLOSURE OF PERSONAL INFORMATION

When you provide information to our Website, we may share that information as follows:

• Within Brambles. Please click here for a list of our business locations and contact information.
• In order to carry out your requests, to make various features, services and materials available to you, to respond to your inquiries, and for other purposes described in the "How We Use Your Information" section of this Privacy Notice, we may share your personal information or usage information with third parties that perform functions on our behalf (or on behalf of other entities with which We do business), such as companies or individuals that: host or operate our sites; analyze data; provide customer service; mail product samples or manage payments; advertisers; sponsors or other third parties that participate in or administer our promotions or provide marketing or promotional assistance. Our services may present you with the opportunity to opt in to receive information or marketing offers from third parties or to otherwise consent to the sharing of your information with third parties. If you agree to have your personal information shared, your personal information will be disclosed to the third party subject to the privacy notice and business practices of that third party.
• We may share non-personal information, such as aggregate user statistics, demographic information, and usage information with third parties.
• We may disclose your personal information, usage information, and other information about you to parties acquiring part or all of our assets, as well as to attorneys and consultants. If we transfer your information to an acquirer, we will use reasonable efforts to direct the acquirer to use your information in a manner that is consistent with this Privacy Notice.
• If any bankruptcy or reorganization proceeding is brought by or against us, your information may be considered a company asset that may be sold or transferred to third parties.
• We may disclose information about you to others if we have a good faith belief that we are required to do so by law or legal process, to respond to claims, or to protect the rights, property or safety of Brambles or others.

5. SPECIAL PROVISIONS FOR OUR EUROPEAN USERS

By providing us with information and data, you understand and acknowledge that we may collect, use and disclose personal data for commercial and marketing purposes, and may provide such information (consistent with the terms of this Privacy Notice) within Brambles - any or all of which may be outside your resident jurisdiction.

• Communications

To continually improve the effectiveness of our customer service communications, we may examine e-mail communications with you for effectiveness. Insofar as this communication relates to European Union or European Economic Area (EU/EEA) customer services, such analyses are performed on the basis of anonymized e-mails. We anonymize these e-mails in accordance with the requirements of the EU General Data Protection Regulation and local law before transmitting them to a processor / service provider outside of the EU/EEA for their analysis. In the unlikely case that data are re-identified after transfer, the security of your data will be protected by appropriate safeguards, including but not limited to Model Clauses pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection (“Model Clauses”).

• Where we store your personal information

Please be aware that the personal data you share may be transferred, and stored, outside of the EU/EEA, and in a database and on servers in the United States and other countries in which the privacy laws may not be as comprehensive as those in your country of residence or citizenship. Such transfers will occur only where appropriate safeguards are in place, including but not limited to Model Clauses.

• Legal Basis for Processing

We will only collect and process personal data about you where we have a legal basis including performance of a contract (where processing is necessary for entering into or the performance of a contract with you), consent and legitimate interests. We may process your personal data for the purposes of our legitimate interests, provided that such processing does not outweigh your rights and freedoms. Where we rely on legitimate interests, you have the right to object. Please keep in mind that if you object this may affect our ability to perform certain services for your benefit.

We process your personal data based on legitimate interests in order to:

• Protect you, us, or others from security threats
• Comply with laws that apply to us
• Improve our Website performance
• Enable or administer our business, such as for invoicing and platform maintenance and
• Understand and improve our business or customer relationships generally

• European Supervisory Authority

You have the right to register a complaint with a European data protection or supervisory authority about our collection and use of your personal information. For more information, please contact your local data protection authority (contact details for data protection authorities are available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm ).

6. PERSONAL INFORMATION ACCESS REQUESTS

You may: (i) request information on and access to the personal information we hold about you; (ii) request that any inaccurate personal information we hold be corrected; (iii) to object to certain types of processing of your personal information we carry out (including the right to opt-out of any direct marketing); (iv) request that We delete the personal information We hold about you; and (v) request a copy of your personal information in a machine readable, commonly used format (or to request we transfer your personal information in such a format to a third party service provider).

Whilst some of these rights can be exercised by you directly through this Website, many of the rights, such as those relating to requests to delete your personal data, will need to be submitted to Us as detailed in the “How to Contact Us” section of the Privacy Notice.

We will consider such requests and respond to you. If we deny an access request, we will notify you of the reasons for the denial. We may charge you a small fee and may require verification of your identity before providing a copy of your information as permitted by law.

7. DATA RETENTION

We retain the personal data that we collect from you no longer than is necessary except where we have an ongoing legitimate business need to do so (for example, to provide you with the services you requested or to comply with an applicable legal requirement). For instance, transactional data is archived after 13 months and browsing information is deleted within 12 - 24 months.

8. SECURITY

We maintain certain administrative, technical and physical safeguards to help protect against loss, misuse or unauthorized access, disclosure, alteration, or destruction of your personal information. However, no electronic data transmission or storage of information can be completely secure. We cannot ensure or warrant the security of any information you transmit to us or that we acquire. Accordingly, you must use our Website at your own risk.

If, despite all our efforts, a data breach does occur, we shall do everything reasonably practicable to limit the damage. In case of a data breach, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage.

9. WHAT ELSE SHOULD YOU KNOW?

• User-Generated Content

Some of our services and social networking features enable you to submit your own content for public posting. Information you post in this fashion becomes public information and is not subject to this Website Privacy Notice. We cannot control how others may use publicly-posted information.

Any information, communications, or material of any type or nature that you post or submit to our Website (including, but not limited to any Brambles websites contained on a social media platform or website such as Facebook or Twitter) by e-mail, posting, messaging, uploading, downloading, or otherwise (collectively, a “Submission”), is done at your own risk and without any expectation of privacy. We cannot control the actions of other users of any social media platform or website, and we are therefore not responsible for any content or Submissions contained on such sites and platforms.

• California Residents and Do-Not-Track Disclosure

If you are a California resident, you may ask us to refrain from sharing your information (whether collected online or offline) with our affiliates for their marketing purposes, if the affiliates are separate legal entities. Please tell us your preference by contacting us as indicated in the "How to Contact Us" section of this Website Privacy Notice.

Because there is not yet a consensus on how companies should respond to web browser-based or other do-not-track ("DNT") mechanisms, our Website does not respond to web browser-based DNT signals.

• Children

Our services are generally not directed to children under 16. We do not knowingly collect personal information from anyone under 16 without parental consent. If you become aware that we have collected personal information from a child under the age of 16 without parental consent, please contact us as indicated below so we can take appropriate action.

10. HOW TO CONTACT US

If you have any questions, comments or concerns about this Privacy Notice or if you would like us to update information we have about you or your preferences, please contact our Chief Privacy Officer at privacy@brambles.com. Alternatively, please contact our location nearest you. Our list of business locations is available here.

11. PRIVACY NOTICE UPDATES

We reserve the right to modify or supplement this Privacy Notice at any time. Changes to the policy will be posted at least 30 days prior to the effective date of the changes. The date below indicates when this Privacy Notice was last changed.

This policy was last updated on 17.11.2018, effective 17.12.2018.