World Leader in Specialty Coatings | RPM International Inc.

Leading Brands
Construction Brands

Performance Coatings Brands

Consumer Brands

Specialty Brands
Dryvit Systems

Euclid Chemical

FEMA

Flowcrete

Key Resin

Newbrick

Nudura

Nullifire

StructureCare

Tremco Barrier

Tremco illbruck

Tremco Roofing

Tremco Sealants

Vandex

Viapol

AD Fire Protection

API S.p.A.

Applied Polymerics

Arnette Polymers

Bison

Carboline

Dudick Inc.

Fibergrate

Fibregrid

FPT Infrastructure

Hummervoll

Ignifugaciones Argos

Kemtile

Logiball

Perlindustria

Perlita y Vermiculita

Plasite

Prime Resins

SPC

SPRAYMATE

Stonhard

Strathmore

ALEX PLUS

Concrobium

DAP

DAP Foam

EpoxyShield

Gator Finishing Products

Krud Kutter

Kwik Seal

Mathys

Mean Green

Miracle Sealants

Modern Masters

Okon

Plastic Wood

Prochemko

RockSolid

Roto-Rooter

Rust-Oleum

SEAL-KRETE

SPS Group

Stops Rust

Testors

Tor Coatings

Touch 'n Foam

Touch 'n Seal

Universal

Varathane

Watco

Whink

Wolman

Zinsser

AGPRO NZ

DayGlo

Dri-Eaz

FinishWorks

Holton Food Products

Kirker

Kop-Coat

Legend Brands

Mantrose-Haeuser

Mohawk

Morrells

NatureSeal

Pettit

Prochem

Profile Food

Radiant Color

Ramuc

TCI Powder Coatings

Tuff Coat

ValvTect

Wood Finishes Group
About RPM
News
Stock
Dividend
Reports / Financials
Investors
Sustainability

DPIA Policy

Download the English version as a pdf here

DPIA POLICY

Version: March 1, 2021

Purpose

The purpose of this Policy is to define when employees must complete a DPIA (Data Protection Impact Assessment), related to the implementation of any new or updated activity that may involve data about identified or identifiable people (“Personal Data”). Examples of these activities may include changes to or the implementation of internal processes, procedures, software, SaaS, the engagement of a new service provider, development of a new website or other projects that involve collecting, storing, transferring or any use of Personal Data (each a “Processing Activity”). Processing Activities that involve Personal Data trigger data privacy considerations and therefore require evaluation of any associated risks through a DPIA.

Policy

If a new or updated Processing Activity involves or has the potential to involve Personal Data, you must request and complete a DPIA and submit it for review to the RPM Legal and Compliance department, prior to moving forward with the Processing Activity. All technology-based solutions must also be subjected to a general security review and a vulnerability assessment. All security reviews and assessments can be requested by emailing the RPM Corporate Issue Log at issuelog@rpminc.com.

Scope

This Policy applies to all employees responsible for assessing, evaluating or procuring any new or updated Processing Activity.

Procedure

New Request

When a new or updated Processing Activity is identified as a target for implementation within the Company, promptly request a DPIA from the RPM Legal and Compliance department by emailing dataprotection@rpminc.com. You will receive a DPIA questionnaire from One Trust to fill out and submit for review by the RPM Legal and Compliance department.

If there is a material change or update to the Processing Activity thereafter, a new DPIA must be requested and submitted for review by the RPM Legal and Compliance department.

Review Process

The RPM Legal and Compliance department will assist with the completion of the DPIA as needed and provide recommendations related to mitigating any Personal Data risks identified as a result of the DPIA analysis. If the DPIA review process identifies significant issues or risks related to how the Processing Activity will use Personal Data, the RPM Legal and Compliance department will issue recommendations.

Following the completion and approval of the DPIA, the RPM Legal and Compliance department will collaborate with you to add the Processing Activity to the One Trust central data mapping inventory system.

To assist in illustrating the process, please refer to the general process workflow diagram below.

How to Report Suspected Violation

A suspected violation of this policy can be reported to your immediate supervisor, Human Resources, or the Legal & Compliance department. Employees are also welcome to contact the Company’s Hotline to report their concerns to RPM. Allegations will be investigated thoroughly and objectively. For more information, refer to RPM’s Hotline and Non-Retaliation Policy. Any employee who violates this Policy, including the failure to report a Policy violation, directs or who knowingly permits a subordinate to violate a Policy, or who engages in retaliatory actions may be subject to disciplinary action up to and including termination.