Global Privacy Policy

  1. Introduction

    Venator Materials PLC, its subsidiaries and affiliates located globally (collectively, “Venator” or the "Company"), Process and Transfer Personal Data, to the extent necessary or appropriate for the administration of your employment relationship or any other specified, explicit and legitimate purposes. In this regard, and in compliance with this Global Privacy Policy (“Policy”), the Company strives to comply with Applicable Laws to the extent they apply to associates and to other individuals.

  2. Scope

    This Global Privacy Policy (“Policy”) provides associates with information about how the Company Processes and Transfers Personal Data locally, regionally and globally, including but not limited to Transfers to the U.S. in accordance with Applicable Laws. Further information on how the Company processes your Personal Data, please also refer to the Company's Employee Privacy Notice available on the Company intranet. The HR Team, the Privacy Team, or, where applicable, the local Data Protection Officer (“DPO”), can provide further information about Company policies and procedures that relate to Personal Data.

  3. Definitions

    Applicable Laws

    The principles of data protection laws as set forth in the European General Data Protection Regulation (“GDPR”), the principles of the applicable Data Privacy Framework or local data protection legislation, whichever is stricter.

    Personal Data

    Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity. Categories of Personal Data collected and Processed by the Company or a third party are identified in Section 5 below.

    Process/Processed/Processing

    Any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Transfer/Transferred/Transferring

    When one party or the Company makes Personal Data available, by whatever means, to another party or the Company.

  4. EU-U.S. DPF, UK Extension to EU-U.S. DPF and Swiss-U.S. DPF ("Data Privacy Framework")

    Venator Materials Corporation and our entities Venator Chemicals LLC and Venator Americas LLC comply with the EU-U.S. Data Privacy Framework principles with regard to the Processing of Personal Data received from the European Economic Area in reliance on the EU-U.S. Data Privacy Framework and from the United Kingdom and Gibraltar in reliance on the UK Extension to the EU-U.S. Data Privacy Framework, as well as the Swiss-U.S. Data Privacy Framework principles with regard to the Processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this Statement and the EU-U.S. Data Privacy Framework principles and/or the Swiss-U.S. Data Privacy Framework principles, the applicable principles shall govern.

    Further information about Processing Personal Data subject to the Data Privacy Framework is contained in our EU-U.S. DPF, UK Extension and Swiss-U.S. DPF Notice available here.

  5. Personal Data Defined and Collected

    The types of Personal Data that the Company may receive, Process and Transfer locally, regionally and globally, including Transfers to the U.S., or disclose to other Venator companies or third-party organizations providing administration or other services to the Company, are as follows:

    Individual’s Contact and Business Identification Data

    Individual’s name and business-related contact information such as work telephone number(s), business address and email address;

    Company Created Personal Data

    Information related to job and salary such as compensation data; bonuses and incentives; general information regarding benefits; retirement pensions; performance; compliance with EHS policies, procedures, standards and guidelines and related investigations; training and development and compliance with Company policies, procedures, standards and guidelines and related investigations.

    Personal Data Provided by the Individual

    Information related to location data or online identifiers such as home address; home and any personal telephone numbers; email and IP addresses; work and educational background; business travel and expenses; and image.

    Personal Data may be collected prior to the commencement of employment such as during the recruitment process and also throughout an associate’s employment by online means and/or in paper form.

    Personal Data That May Be Considered Sensitive

    Depending upon the Applicable Laws, Personal Data that may be considered sensitive data, which includes government issued identification information; race or ethnic origin, religious beliefs; genetic information; physical or mental health condition or disability; sexual orientation; personal banking or payment card information; trade union membership; criminal history and any punishment received for a proven offense or any other Personal Data that severely impedes personal rights of the affected individual.

    In addition, if an associate needs to obtain a visa to work in the U.S. or elsewhere, the Company may ask the associate, and any accompanying family members, to provide additional Personal Data or family information to the Company to assist with the visa applications. The Company also may receive certain information regarding an associate’s spouse, family members or other dependents for emergency contact (if voluntarily provided) and for benefits administration purposes.

    The Company receives Personal Data that is “sensitive” within the meaning and to the extent permitted under Applicable Laws, such as when it is necessary for the performance of the employment or contractual relationship. In particular, the Company may receive and Process Personal Data that is sensitive related to an associate’s health and/or disabilities for the business purposes of administration of health benefits, medical surveillance programs, leave administration, or work duties accommodation.

  6. The Company’s Uses of Personal Data

    The Company may Process and Transfer Personal Data locally, regionally and globally, including in the U.S., in connection with an associate for purposes, as permitted by Applicable Laws, such as the following:

    • Emergency Contacts
    • Consideration for employment or promotion
    • Administration of personnel and work duties
    • Performance management and training and development
    • Leave administration
    • Facilitating travel and processing expense reports
    • Administration of compensation, bonus, pension, benefits, and incentive programs
    • Administration of health benefits, workers’ compensation, and medical surveillance programs
    • Administration of executive compensation-related programs
    • Workflow management and continuity
    • Budgeting and planning
    • Succession planning
    • Sale, merger or reorganization of the business
    • Business-related personal surveys
    • Processing visa applications and work permits
    • Compliance and legal considerations requiring investigating, auditing, and enforcing the Company’s policies, procedures, guidelines, and standards
    • Compliance with applicable social, tax, and other legal requirements and regulations
    • IT Security measures to prevent external and/or internal intrusion
    • Company network access and IT support
    • Business related communication
    • Facilitating social collaboration on the Company’s network
    • Preserving or defending the Company’s legal rights following demands or during business related litigation
    • Administration of grievances and / or claims
    • Personal contact directories
    • Mailing of Company communications

    For prevention, detection or investigation of external and/or internal intrusions to the Company’s IT systems the Company may Process and Transfer Personal Data such as log files or IP addresses to the extent that is permitted by Applicable Laws.

    Further, the Company may Process Personal Data as part of any Ethics & Compliance investigation. This includes Personal Data about the person making the complaint (to the extent that person has identified themselves), Personal Data about any individual who is the subject of the complaint and Personal Data of any other individual who assists us with the Company’s investigations. The nature of Personal Data Processed depends on the nature of the report received and it may include sensitive Personal Data. The Company will only retain such Personal Data for as long as it is relevant for the Ethics & Compliance investigation or necessary for legal reasons.

  7. Personal Data Transfers and Processing

    In order to Process Personal Data, it may be necessary for the Company to store it in the Company’s Human Resources information system or other Company computerized or electronic systems or platforms and transfer it locally, regionally and globally, including to the U.S., or disclose it to other Venator companies or third-party organizations providing administration or other services to the Company, subject to appropriate safeguards.

    For transfers governed by the Data Privacy Framework, the applicable Venator entity remains responsible for Processing of Personal Data received under the applicable Data Privacy Framework and subsequently transferred to a third party acting as an agent if the agent Processes such Personal Data in a manner inconsistent with the applicable Data Privacy Framework principles, unless we prove that we are not responsible for the event giving rise to the damage.

    As necessary in connection with these purposes, the Human Resources Team, functional managers or supervisors may Process and Transfer Personal Data in connection with their job responsibilities and valid business-related tasks. If and where permitted by Applicable Laws, Personal Data also may be accessed by certain associates within the Company related to business related IT traffic and content analysis, and operating systems monitoring and maintenance. The Company takes appropriate steps designed to ensure that such personnel maintain confidentiality with respect to Personal Data.

    The Company intend to protect Personal Data in line with the Applicable Laws regardless of whether the recipients of any Transferred Personal Data are located in or out of the EEA, UK or Switzerland, including in countries that may not offer the same level of protection of Personal Data or countries that do not have national laws providing the same level of Personal Data protection. Any Transfer of Personal Data to a country that does not provide for an adequate level of data protection within the meaning of the Applicable Laws, will be made on the basis of (i) an Intra-Group Data Transfer Agreement, a copy of which is available on request from the address in Part 13 of this Policy, which includes approved clauses for the Transfer of Personal Data in accordance with Applicable Laws and (ii) the applicable Data Privacy Framework.

  8. Notice and Choice

    The Company intends to use Personal Data for the purposes for which such Personal Data was originally collected and do not intend to disclose Personal Data to any third party for an inconsistent purpose, except with the appropriate consent of the affected individuals as permitted under the applicable Data Privacy Framework principles or local standards in accordance with Applicable Laws, or for the Processing of the Personal Data by an external Processor who provides sufficient guarantees to the Company related to the technical and organizational measures taken related to the protection of the Personal Data.

    Any list required by Applicable Laws of the names and addresses of third-party Processors and internal computerized or electronic systems utilized by the Company as well as any required list of the countries Personal Data is Transferred to can be obtained from the Privacy Team.

  9. Data Security and Data Integrity

    The Company has implemented appropriate technical and organizational security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, or unauthorized alteration or destruction. Associates also are subject to certain confidentiality obligations related to the handling and protection of Personal Data and may be disciplined or terminated if they fail to meet these obligations.

    The Company also maintains procedures designed to help ensure, to the extent appropriate or required by the Applicable Laws, that Personal Data is reliable for its intended use and accurate, complete, and current and that the individual can exercise their right to access or erasure of Personal Data. In this regard, the individual is encouraged to update their own Personal Data when appropriate to keep it accurate, complete, and current. The Company retains Personal Data only for so long as is required by the Company’s data retention procedures, details of which are available from the Privacy Team, and as permitted by Applicable Laws.

  10. Access to Personal Data

    Associates or other individuals have the right to access and review their own Personal Data in accordance with Applicable Laws to verify its accuracy and lawful uses, which can include inquiring into the purposes of Processing, the categories of Personal Data concerned, and the third-parties or categories of third parties to whom their Personal Data is disclosed. Where appropriate or required by Applicable Laws, with respect to Personal Data maintained by or on behalf of the Company, an associate may update or correct any inaccurate Personal Data about themselves. Subject to the Applicable Laws, an associate may also request that their Personal Data be blocked or deleted. In some circumstances, however, access may be denied where the burden or expense of providing access would be disproportionate to the risks to the associate’s privacy, where the rights of others would be violated, where confidential commercial information or succession planning or re-organization information would be revealed, or where a compliance, legal, or regulatory matter, function or privilege would be prejudiced or jeopardized. After leaving the Company, the Company may be entitled or required by law to continue to Process an associate’s Personal Data in connection with the employment relationship or the Company’s legal responsibilities.

    An associate should send requests for access, amendment or deletion to their Personal Data, in writing or via email, to the Privacy Team, identified below or Data Protection Officer.


    Access to Personal Data processed under the DPF

    As outlined in our Data Privacy Framework Notice, you have a right to access Personal Data Processed under the Data Privacy Framework to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the EU-U.S. Data Privacy Framework principles, the UK Extension to the EU-U.S. DPF and/or Swiss-U.S. Data Privacy Framework principles (as applicable), except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

  11. Disclosures Required or Permitted by Applicable Laws

    Regardless of any other provisions in this Policy, the Company may disclose or otherwise Process Personal Data in the context of any sale, merger, transaction or reorganization involving all or a portion of the business, or for the purpose of audits conducted by outside auditors as is necessary to satisfy statutory requirements, or in other circumstances without which non-disclosure would prejudice the legitimate interests of the Company, or as may be required or permitted by Applicable Laws or the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or Swiss DPF Principles (as applicable). It is the Company’s intent to implement appropriate measures, such as pseudonymization and data minimization, to seek appropriate protection of Personal Data in these types of transactions.

    The Company may also regularly disclose Personal Data to government agencies and regulators (e.g., tax authorities), social organizations (e.g., the social security administration), human resources benefits providers (e.g., health insurers), travel-related third-parties (e.g., to book a flight, hotel room or rental car), courts and other tribunals and government authorities or to the extent required by lawful requests from public authorities to meet national security or enforcement requirements or other applicable legal obligations, in accordance with the Applicable Laws or the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or Swiss DPF Principles (as applicable).

    If and where required by Applicable Laws, the Company will not disclose an associate’s Personal Data to any third party without having obtained their written consent.

  12. Personal Data about Dependents and Related Persons

    If an associate provides the Company with Personal Data about their dependents, family members and/or related persons (e.g., for benefits administration and/or emergency contact purposes), it is the associate’s responsibility to inform such individuals about the Processing of their Personal Data by the Company for those purposes and in the manner described in this Policy, about their rights of access, correction and deletion in accordance with the Applicable Laws, as well as to obtain their consent, where necessary, to the Processing (including the Transfer to countries that may not provide the same level of protection of Personal Data as in their home country) of their Personal Data as is set out in this Policy.

  13. Associate Inquiries and Reporting Concerns

    An associate can inquire into any issue regarding Applicable Laws with the Privacy Team or the local Data Protection Officer, where existent. Concerns or access requests can also be sent directly to HR team listed below:

    Venator Materials PLC
    Attention: Legal Department
    Titanium House, Hanzard Drive
    Wynyard Park, TS22 5FD UK
    Phone: +44 1740 608001

    Recourse, Enforcement and Liability to Personal Data processed under the Data Privacy Framework

    For any Personal Data processing subject to the Data Privacy Framework, Venator has established procedures for periodically verifying implementation of and compliance with the Data Privacy Framework principles. We conduct an annual self-assessment of our Personal Data practices to verify that the attestations and assertions we make about our privacy practices are true and that our privacy practices have been implemented as represented. In the event we no longer maintain Data Privacy Framework certifications, we will continue to adhere to the principles and requirements for so long as we retain such Personal Data. If associate complaints cannot be resolved or remedied through the internal process, EEA-based associates can share their unresolved complaint about our processing of their Personal Data with the data protection authority (“DPA”) in the jurisdiction where they work. Venator will promptly respond to and cooperate with, at no cost to the associate, the relevant authority or DPA panel in the investigation and the resolution of a concern or complaint, as appropriate. Under certain circumstances relative to the Data Privacy Framework, the DPA or DPA panel may refer an unresolved complaint to the U.S. Federal Trade Commission, which has Data Privacy Framework investigatory and enforcement jurisdiction over Venator and can hear claims regarding possible unfair or deceptive practices and violations of privacy laws.


    Document Revision History

    Policy:

    Privacy

    Document Reference:

    PRIV-001

    Issue Date:

    2025-02-13

    Index Number:

    5

    Values:

    Integrity, Zero Harm, Teamwork, Innovation, Performance

    This publication is confidential and is the property of Venator Materials PLC. It may not be used for any purposes, or be disclosed to any third party without the prior written permission of Venator Materials PLC. No part of this publication may be reproduced or transmitted, in any form or by any means, electrical, mechanical, photocopying, recording or otherwise, or stored in any retrieval system of any nature, without the written permission of Venator Materials PLC.

EU-US DPF, UK Extension and Swiss-US DPF Notice

Venator Materials PLC,

Venator Americas LLC

Venator Chemicals LLC

(collectively, “Venator” or the “Company”) respect your concerns about privacy. The Company complies with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF ("UK Extension") and Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce (collectively the "DPF").

The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of Personal Data received from the European Economic Area ("EEA") in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. The Company has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively the EU-US DPF Principles and Swiss-US DPF Principles are the "DPF Principles"). If there is any conflict between the terms in this privacy policy and the DPF Principles, the applicable DPF Principles shall govern.

To learn more about the DPF, and to view our certification, please visit: Data Privacy Framework.

The Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”). In certain situations, the Company may be required to disclose Personal Data received under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

For purposes of this policy:

  • “Associate” means any current, former or prospective employee, temporary worker, intern, other non-permanent employee, contractor or consultant of any subsidiary or affiliate of Venator who is located in the EEA.

  • “Consumer” means any natural person who is located in the EEA.

  • “Covered Person” means any Consumer, but excludes any individual acting in his or her capacity as an Associate.

  • “Customer” means any entity that obtains or purchases products or services from Venator, including any distributor of Venator’s products.

  • “Job Applicant” means any Consumer who submits an application for a job at Venator.

  • “Personal Data” means any information that (i) is transferred to Venator in the U.S., from the EEA, (ii) is recorded in any form, (iii) relates to an identified or identifiable Covered Person; and, (iv) can be linked to that Covered Person.

  • “Sites” means www.venatorcorp.com or any other Venator internet site.

  • “Vendor” means any company or individual Venator has retained to provide it with services or a product.

Venator`s EU-U.S. DPF, UK Extension and the Swiss-U.S. DPF certification can be found at Data Privacy Framework.

For more information about Venator’s processing of Personal Data about Associates globally, please see the Company’s Statement for Personal Data Privacy (Global), which is available on the intranet or from the local HR representative. For information about Venator’s processing of Personal Data obtained through the Sites, please see our Venator Online Privacy Notice. For additional information about Venator’s processing of Personal Data about job applicants, please see our Notice: Processing of Personal Data of Applicants and our Venator Online Privacy Policy, both located on the Venator external internet site.

Venator’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and, recourse, enforcement and liability.

How Venator Obtains and Uses Personal Data

Venator obtains, processes and uses certain Personal Data about Associates in connection with their employment with Venator. This Personal Data includes information such as:

  • Name
  • Contact information
  • Date of birth
  • Government-issued identification information, passport or visa information
  • Educational history
  • Employment history
  • Information about job performance
  • Financial account information
  • Health or medical information

Venator processes this Personal Data for purposes such as:

  • Consideration for employment or promotion
  • Personnel, pension, benefits and incentive program administration
  • Compensation and bonus administration
  • Executive compensation-related activities and administration
  • Workflow management
  • Budgeting and planning
  • Performance management
  • Training and development
  • Succession planning
  • Planning for a sale, merger or reorganization of the business
  • Expatriates and relocation administration
  • Processing visa applications and work permits
  • Separation administration
  • Security and fraud prevention requiring management of the Company’s assets, and proprietary and confidential business information
  • Processing staffing changes
  • Processing payroll
  • Facilitating travel and processing expense reports
  • Providing Company network access and IT support
  • Managing contact directories
  • Mailing of Company communications
  • Facilitating social collaboration on the Company’s network
  • Administering business-related personal surveys
  • Managing business-related litigation
  • Grievances and claims administration
  • Job description or job task administration
  • Compliance considerations requiring investigating, auditing, and enforcing Company policies, procedures, guidelines and standards
  • Complying with legal requirements

Venator processes this information to comply with legal obligations and for benefits administration and other internal administrative purposes

Venator may obtain, process and use certain Personal Data about Non-Associates (Covered Persons) in connection with:

  • providing our products and services
  • processing business transactions and related activities
  • managing Customer and Vendor relationships
  • responding to Covered Persons’ inquiries or communicating with Covered Persons’ about requests, questions and comments
  • administering participation in special events, conferences, programs, surveys and market research
  • Covered Persons’ use of the Sites
  • sending an Investor Kit, financial information or other corporate information about Venator
  • sending information to a Covered Person’s contacts if he or she has asked us to do so
  • enforcing contractual terms and conditions
  • operating, evaluating and improving our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products and services; and performing accounting, auditing, financial and economic analyses, and other internal functions)
  • protecting against, identifying and preventing fraud and other unlawful activity, claims and other liabilities, and
  • complying with and enforcing applicable legal requirements, relevant industry standards and our policies.

In addition, Venator may obtain Personal Data directly from Job Applicants as part of the recruitment process or otherwise in connection with potential employment. Venator uses this information for purposes such as processing job applications and considering Job Applicants for employment.

We also may use information obtained from Covered Persons in other ways for which we provide specific notice at the time of collection.

Notice

Venator notifies Associates / Covered Persons about the purposes for which we collect and use their Personal Data, the types of third parties to whom we disclose the Personal Data, the choices Associates / Covered Persons have for limiting our use and disclosure of their Personal Data, and how to contact Venator about its practices concerning Personal Data. We provide information in our Venator Online Privacy Notice regarding our practices related to Personal Data collected on the Sites. Information regarding the Company’s global Personal Data practices is contained in the Statement for Personal Data Privacy (Global) and in the Global Privacy Procedure, which are available in the Global Privacy Program documents located on the Ethics & Compliance intranet website or from the local HR representative. For additional information about our processing of Personal Data about Job Applicants, please see our Privacy Notice: Notice about the Processing of Personal Data of Applicants. Relevant information also may be found in privacy notices pertaining to specific data processing activities.

Choice

Associates:

Associates have the opportunity to make choices regarding certain Venator Personal Data practices as provided in the Company’s Statement for Personal Data Privacy (Global). Associates may contact the Company’s Privacy Officer as indicated below or as set forth in the Statement for Personal Data Privacy (Global) regarding the Company’s use or disclosure of their Personal Data.

We may disclose Personal Data without offering an opportunity to opt out (i) to service providers the Company has retained to perform services on our behalf and under our instruction, (ii) if we are required to do so by law or legal process, (iii) to law enforcement or other public authorities including to meet national security or law enforcement requirements, or (iv) when we believe disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. We also reserve the right to transfer Personal Data in the event we sell or transfer all or a portion of the business or assets (including in the event of a reorganization, dissolution or liquidation), or for the purpose of audits conducted by outside auditors as is necessary to satisfy statutory requirements. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with Venator’s privacy policies.

Venator uses Personal Data only for the purposes indicated in this Policy or in the Statement for Personal Data Privacy (Global) unless we have a legal basis, such as consent, to use it for other purposes. To the extent required by law, we obtain prior opt-in consent from Associates at the time of collection for the processing of Sensitive Data. Certain circumstances where we may not be required to obtain opt-in consent with respect to Sensitive Data could occur when the processing is (i) in the vital interest of the Associate or another person; (ii) necessary for the establishment of legal claims or defenses; (iii) required to provide medical care or diagnosis; (iv) necessary to carry out our obligations in the field of employment law; or, (v) related to Personal Data that has obviously been made public by the Associate.

Non-Associates (Covered Persons):

We offer Covered Persons the opportunity to choose (opt out) whether we may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for purposes incompatible with the purposes for which the information was originally collected or subsequently authorized by the Covered Person. We may disclose Personal Data without offering an opportunity to opt out (i) to service providers the Company has retained to perform services on our behalf and under our instruction, (ii) if we are required to do so by law or legal process, (iii) to law enforcement or other public authorities including to meet national security or law enforcement requirements, or (iv) when we believe disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. We also reserve the right to transfer Personal Data in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation). We use Personal Data only for the purposes indicated in this Policy unless we have a legal basis, such as consent, to use it for other purposes. To the extent required by law, we obtain prior opt-in consent from Covered Persons at the time of collection for the processing of (i) Personal Data for marketing purposes, (ii) when Personal Data is to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized; and, (iii) sensitive data.

Covered Persons may contact us as indicated below regarding the Company’s use or disclosure of their Personal Data.

Onward Transfer of Personal Data

The Statement for Personal Data Privacy (Global) describes the internal sharing or processing of Personal Data for all Associates globally and further explains when third-party disclosures of Personal Data may be required or permitted by law related to the employment relationship.

We may regularly share Personal Data with third parties as indicated in the “Choice” section above. Venator remains liable for the processing of Personal Data received under the DPF and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Concerning Covered Persons Venator may share Personal Data with third parties as indicated in the “Choice” section above, such as for the purposes of administration and reconciliation of Vendor-related invoices or business-related travel expenses or, auditing by a third-party auditor or, to conduct or send business-related surveys and communications or, to preserve or defend the Company’s legal rights following business-related demands or litigation.

Except as permitted or required by applicable law, Venator requires third parties to whom it discloses Personal Data and who are not subject to the Regulation (EU) 2016/679 of the European Parliament (EU GDPR), UK GDPR or an adequacy finding (each as applicable), to enter into an appropriate safeguard to ensure the legal disclosure of the Personal Data to the third party.

Access

Where appropriate, Venator provides Associates / Covered Persons with reasonable access to the Personal Data the Company maintains about them to verify its accuracy and lawful uses. We also provide a reasonable opportunity for Covered Persons to correct, amend or delete that information where it is inaccurate or used inconsistent with the principles of the DPF program. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the DPF program. The right to access Personal Data also may be limited in some circumstances by local law requirements.

Covered Persons may request access to their Personal Data by contacting us as indicated below.

Associates may also request access to their Personal Data by contacting the local HR Department, any local data protection officer (“DPO”) or as indicated in the Statement for Personal Data Privacy (Global) or in the Global Privacy Procedure.

Security

Venator takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.

Data Integrity and Purpose

Venator takes reasonable steps to ensure that the Personal Data the Company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, we depend on Covered Persons (or Customers or Vendors, as appropriate) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals.

Associates may contact the local HR representative or the Company’s Privacy Officer as indicated below and in the Statement for Personal Data Privacy (Global) to request that Venator update or correct relevant Personal Data.

Non-Associates (Covered Persons) may contact us as indicated below to request that we update or correct relevant Personal Data.

We take reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.

Recourse, Enforcement and Liability

Venator has established procedures for periodically verifying implementation of and compliance with the DPF Principles. We conduct an annual self-assessment of our Personal Data practices to verify that the attestations and assertions we make about our privacy practices are true and that our privacy practices have been implemented as represented. In the event we no longer maintain DPF certifications, we will continue to adhere to the principles and requirements for so long as we retain such Personal Data.

Associates:

If Associate complaints cannot be resolved or remedied through the internal process, Associates can share their unresolved complaint about our processing of their Personal Data with their data protection authority in the jurisdiction where they work. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Venator commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF in the context of the employment relationship. Under certain circumstances relative to the DPF, the DPA or DPA panel may refer an unresolved complaint to the U.S. Federal Trade Commission, which has DPF investigatory and enforcement jurisdiction over Venator and can hear claims regarding possible unfair or deceptive practices and violations of privacy laws.

Non-Associates (covered persons):

Covered Persons may file a complaint concerning our processing of their Personal Data with the Company’s Privacy Officer, whose contact information is below. We will take steps to investigate and to promptly respond within forty-five (45) days to issues arising out of a failure to comply with the DPF principles. The form below can be used to initiate an internal complaint regarding the Company’s Personal Data practices.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Venator commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If a Covered Person continues to have concerns related to DPF Data handling practices, as a last resort, the decisions of the alternative dispute resolution provider may be appealed to a DPF Panel, which will have the authority to arbitrate disputes and to impose individual-specific non-monetary equitable relief to remedy any non-compliance with the principles of the DPF.  A Covered Person may invoke such binding arbitration for those certain DPF related purposes by following the procedure outlined in Annex 1 of the DPF Principles (available here).

How to Contact Venator

For access requests or to ask questions about this DPF Policy or the Company’s Personal Data practices, please send an email to [email protected] or contact us at:

Venator
Attention: Legal Department.

Titanium House
Hanzard Drive
Wynyard Park
Stockton-on-Tees
TS22 5FD
United Kingdom

To initiate a compliant about the Company’s Personal Data practices, please complete the complaint form and send, fax or email it to us at the above contact information.