4. Processing of EEA personal data

Cookson may from time to time process certain EEA personal information about customers, business partners, employees and candidates for employment, including information recorded on various media as well as electronic data.

Cookson will use personal information concerning business partners and customers to provide customers and business partners with information and services and to help Cookson personnel better understand the needs and interests of these business partners and/or customers. Specifically, Cookson uses information to help customers and business partners complete a transaction or order, to facilitate communication, to deliver products/services, to bill for purchased products/services, and to provide ongoing service and support. Occasionally Cookson personnel may use personal information to contact customers and business partners to complete surveys that are used for marketing and quality assurance purposes.

Cookson may also share personal information with its service providers and suppliers for the sole purpose and only to the extent needed to support the customers’ business needs. Service providers and suppliers are required to keep confidential personal information received from Cookson and may not use it for any purpose other than as originally intended.

Cookson also collects personal information concerning its employees (Human Resources Data) in connection with administration of its Human Resources programs and functions and for purpose of communicating with its employees. These programs and functions may include compensation and benefit programs, employee development planning and review, performance appraisals, training, business travel expense and tuition reimbursement, identification cards, access to Cookson facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping, and other employment related purposes. Cookson also collects and uses personal information to consider candidates for employment opportunities within Cookson.

Human Resources data may be shared with third party vendors for the exclusive purpose of enabling the vendor to provide service and/or support to Cookson in connection with these Human Resource programs and functions. Human Resource data is not shared with third parties for non-employment related purposes. Third parties receiving personal information are required to apply the same level of privacy protection as contained in this Policy.

5. Privacy Principles

5.1. Notice

Where Cookson collects personal information directly from individuals in the EEA, it will inform those individuals about the purposes for which it collects and uses personal information about them; the types of non-agent third parties to which Cookson discloses that information; and the choices and means, if any, Cookson offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when

individuals are first asked to provide personal information to Cookson, or as soon as practicable thereafter, and in any event before Cookson uses the information for a purpose other than that for which it was originally collected.

5.2. Choice

Cookson will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Cookson will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Cookson will provide individuals with reasonable mechanisms to exercise their choices.

5.3. Onward Transfer to Agents

Cookson will obtain assurances from its Agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: a written contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor principles, being subject to EU Data Protection Directive 95/46, Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding. Where Cookson has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy, Cookson will take reasonable steps to prevent or stop the use or disclosure.

5.4. Access

Upon request, Cookson will grant individuals reasonable access to personal information that it holds about them. In addition, Cookson will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

5.5. Security

Cookson will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5.6. Data Integrity

Cookson will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). Cookson will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

5.7. Enforcement

Cookson utilizes the self-assessment approach to assure its compliance with this Privacy Policy. Cookson periodically verifies that this Policy is accurate, comprehensive for the information

intended to be covered, prominently displayed, completely implemented, and in conformity with the Safe Harbor principles. Cookson encourages interested persons to raise any concerns with it using the contact information below. Cookson will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

If Cookson determines that any person in its employ is in violation of this Privacy Policy such person will be subject to disciplinary process.

6. Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to The Group Legal Adviser and Compliance Officer for Safe Harbor at the address given below. Cookson will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

With respect to any complaints relating to this Policy that cannot be resolved through Cookson’s internal processes, Cookson has agreed to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor principles. In the event that Cookson or such Authorities determines that Cookson did not comply with this Policy, Cookson will take appropriate steps to address any adverse effects and to promote future compliance.

7. Targeting Minors

Cookson does not knowingly collect personally identifiable information from persons under the age of 13. If for some reason Cookson determines that a person with respect to whom it has collected personal information is under 13, Cookson will promptly delete or destroy that information.

8. Contact Information

Questions or comments regarding this Policy should be submitted to Cookson by mail or e-mail as follows:

The Group Legal Adviser and Compliance Officer for Safe Harbor
simon.ohara@cookson.co.uk

9. Changes to this Policy

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor principles. Appropriate public notice will be given concerning such amendments.

This policy builds on the principles set out in the Cookson Code of Conduct and in particular the Company’s commitment to high standard of professionalism, behaviour and respect for the dignity of individuals.