Privacy Statement for Personal Data (Non-HR) Under the Privacy Shield
Last Updated September 2016
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions to enable U.S. companies to satisfy the requirement under European Union (“EU”) and European Economic Area (“EEA”) law that adequate protection be given to personal information transferred from the EU/EEA to the United States (the “Privacy Shield” – https://www.privacyshield.gov/). The European Commission also has recognized the U.S.-European Union Privacy Shield as providing adequate data protection. General Cable Corporation and General Cable Industries, Inc. (together “GC”) are fully committed to the Principles of the Privacy Shield.
GC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries. GC has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the provisions in this Privacy Shield Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
This Privacy Statement answers the following questions:
1. Scope of the Privacy Statement
- What personal data from the EU/EEA do we collect about You?
- How do we process Your personal data?
- Will we share Your personal data with third parties?
- What choices do You have about the collection and use of Your personal data?
- What security measures do we take to safeguard Your personal data?
Our Privacy Shield commitments cover all personal data GC received from companies or other organizations located the EU under the Privacy Shield. It covers the individuals to whom these personal data refer to (“You”). “Personal data" means information that can be used to identify and contact You and includes information like name, address, and email address. With respect to these Personal Data, GC is subject to the enforcement power of the U.S. Federal Trade Commission.
(a) GC processes personal data from EU-based customers and potential customers such as:
(i) Customers’ employees contact details. For example: addresses, telephone number/fax number, e-mail addresses.
(ii) Customers’ identification data. For example: identification number, addresses, telephone number/fax number.
(iii) Customers’ representatives and/or relevant shareholders/ultimate owners. For example: identification number, percentage of stocks.
(iv) Other categories of data. For example: Account user name /passwords and bank account numbers.
EU-based customers and potential customers may provide some or all of these data sets in connection with the opening or operation of service accounts, and when the company provides other related facilities and services. GC may process these personal data sets of EU customers and potential customers for any of the following purposes:
(i) The daily operation of the GC's services;
(ii) Conducting customer, product and service surveys;
(iv) Customer complaints and enquiries;
(v) Fulfillment of legal, regulatory and tax duties; and
(vi) Compliance of internal policies, code of conduct and similar programs.
(b) GC also processes personal data from EU-based suppliers (such as vendors and contractors) such as:
(i) Contact details: Identification number, addressees, e-mail, telephone number/fax number.
(ii) Other categories of data. For example: Account user name /passwords and bank account numbers.
GC may process these personal data of EU-based suppliers to conduct the daily operation of the Company and/or for compliance purposes (internal code of conduct and similar programs).
2. Notice of GC’s Collection and Disclosure of Personal Data Practices
(a) Where GC collects personal data directly from individuals in the EU, it will inform them about the purposes for which it collects and how it uses their personal data, the types of third parties to which GC discloses personal data (excluding third parties on which GC relies to offer services or make products), the choices and means, if any, that GC offers individuals for limiting the use and disclosure of personal data about them, and how to contact GC. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal data, or as soon as practicable thereafter, and, in any event, before GC uses or discloses the personal data for a purpose other than that for which it was originally collected.
Where GC receives personal data from its subsidiaries, affiliates or other entities in the EU, it will use and disclose such personal data in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal data relates.
GC currently uses a U.S. service provider assisting in these GC’s compliance obligations.
(b) The Notice Principle also obliges GC to name an independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to the individual. GC has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.
(c) You have the option under the Privacy Shield to invoke binding arbitration subject to certain conditions. You are encouraged to contact GC directly to resolve any dispute concerning Your personal data under the Privacy Shield Principles. If Your complaint is still wholly or partially unresolved after using the other redress mechanisms, or if You are not satisfied with the way GC has handled the complaint, You have the right to seek redress through binding arbitration. If You choose that option, You need to first formally notify GC of Your intention to do so, including a summary of the steps You have already taken notify GC of the complaint, the alleged violation, supporting documents, and other relevant details. The arbitration will take place in the United States under the mechanism set up by the US Department of Commerce for this purpose, including rules on the arbitral costs.
(d) GC also advises You that GC may be required to disclose some of Your personal data in response to lawful requests by public authorities, including transfers to meet national security or law enforcement requirements, or in the event it is served with lawful process from private litigants. Additionally, GC may disclose Your personal data where GC enters, or may reasonably enter, into a corporate transaction, such as for example, a merger, consolidation, acquisition or asset purchase. In situations involving bankruptcy or insolvency, the database containing personal data may be treated as an asset of GC.
3. Your Option with Respect to the Collection and Disclosure of Personal Data
(a) GC offers You the opportunity to choose (opt out) whether Your personal data is
(i) to be disclosed to a third party or
(ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
You can exert your individual opt-out at any time without a fee by writing to Ryan Green at email@example.com with your opt-out request.
(b) Consistent with the Privacy Shield Principles, GC does not provide You with the choice to opt-out if GC discloses Your personal data to a third party that performs task(s) on behalf of and under the instructions of GC and needs Your personal data for this purpose (a so-called “agent”).
4. Transfers of Personal Data to Third Parties
Where GC transfers Your personal data to a third party acting under the direction of GC (in particular, a US service provider assisting GC to fulfill the compliance obligations), GC will:
(i) transfer such data only for limited and specified purposes in accordance with the requirements of the Privacy Shield;
(iii) require the agent to notify GC if the agent can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, GC is potentially liable.
5. Data Security
GC will take reasonable and appropriate measures to protect Your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of Your personal data.
6. Data Integrity
(a) GC will process Your personal data only to the extent that it is relevant for the purposes of the processing. GC will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by You. For example a compatible processing purpose may include reasonably serving customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending the organization’s legal rights, for billing or collection purposes, or other purposes consistent with the expectations of a reasonable person given the context of the collection. To the extent necessary for those purposes, GC will take reasonable steps to ensure that Your personal data is reliable for its intended use, accurate, complete, and current. GC will adhere to the Privacy Shield Principles for as long as it retains such personal data.
(b) GC will retain Your personal data (unless it is fully anonymized) only for as long as it serves a purpose of this processing or as required by law. However, GC may process Your personal data for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing would still be subject to the other Privacy Shield Principles and provisions.
7. Access to Your Personal Data
GC acknowledges that EU individuals have the right to access the personal data that we maintain about them. You have the right to obtain information from GC about Your personal data that GC holds under the Privacy Shield. You are also entitled to demand that GC correct, amend, or delete Your personal data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. This includes Your right to obtain information about the purposes for which Your personal data are processed, the data categories and the recipients of Your personal data.
Should You wish to review, modify, correct, change or update any of the personal data, You can contact GC at (859) 572-8855, firstname.lastname@example.org or by using the postal address at the end of this Statement.
According to the Privacy Principles, You do not have this right where:
- the burden or expense of providing access would be disproportionate to the risks to Your or other person’s privacy, or
- where the rights of persons other than the individual would be violated, or
- where granting the access that would undermine confidentiality, breach of professional privilege, or would conflict with legal obligations of GC.
8. Recourse, Enforcement and Liability
Effective privacy protection by GC includes robust mechanisms for assuring compliance with the Privacy Shield Principles and recourse for individuals who are affected by non-compliance with the Privacy Shield Principles.
GC has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If You do not receive timely acknowledgment of Your complaint, or if Your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if Your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
9. Limitations to the Principles
The Privacy Shield Principles allow for the companies participating in the Framework to disclose Your personal data under specific circumstances:
(a) if required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
(b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, or
(c) if an EU Directive or EU/EEA Member State law allows the disclosure.
10. Changes to this Privacy Statement
If there are updates to the terms of this statement, GC will post those changes here and update the revision date in this document so that You will always know what information GC collects, how we use it, and what choices You have.
Ryan Green @ email@example.com
Postal address (att. Legal Department) for both covered entities General Cable Corporation and General Cable Industries Inc.: 4 Tesseneer Drive, Highland Heights, KY 41076-9753
©2016. General Cable Technologies Corporation, Highland Heights, KY 41076-9753. All rights reserved.