Last Updated: July 11, 2018
GENERAL POLICY STATEMENT
We recognize that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data about corporate customers, clients, suppliers, business partners, and job applicants received in the US, we have elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (”Privacy Shield”). We adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. Visit https://www.privacyshield.gov to learn more about the Privacy Shield Framework and Privacy Shield Principles. If there are any conflicts between this Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern.
For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission and are registered with the US Department of Commerce. Visit https://www.privacyshield.gov/list to review our Privacy Shield registration on the US Department of Commerce’s Privacy Shield self-certification list.
We are typically the “data controller” as that term is used in applicable European privacy laws (including without limitation the General Data Protection Regulation or “GDPR”) when we collect EEA Personal Data from you. However, when we collect EEA Personal Data about you from a third party (e.g. our customers and business partners), that third party may be the data controller and we may be the “data processor” for purposes of applicable law. In such cases, we will only process EEA Personal Data in accordance with the data controller’s instructions, and we may need to refer your inquiries and request to the applicable data controller.
PERSONAL DATA COLLECTION AND USE
We may receive in the US some or all of the following categories of EEA Personal Data: name, email address, postal address, telephone number, job title, and IP address. We process EEA Personal Data:(1) to fulfill our contractual obligations, including for billing and account administration and product and service delivery; (2) to carry out our legitimate business interests, including sending communications regarding our products and services and complying with anti-fraud, anti-corruption, risk management and other compliance protocols; and (3) for other purposes with the data subject’s express consent. We will only process EEA Personal Data in ways that are compatible with the purposes that we have collected it for, or for purposes the individual later authorizes. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. You can opt out of any marketing communications by following the “opt-out” or “unsubscribe” link or instructions in any such emails. We maintain reasonable procedures to help ensure that EEA Personal Data is accurate, complete, current, and reliable for its intended use.
We commit to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of an employment relationship.
DATA TRANSFERS TO THIRD PARTIES
We may transfer EEA Personal Data to our third-party agents or service providers who perform functions on our behalf, which may include providing: (1) product marketing and sales functions, (2) payment processing, transportation and logistics, and other services for product order administration and fulfillment, (3) customer support, technical, warranty or maintenance services for our products and services, and (4) legal, accounting and technical consultation services pertaining to our business. We limit access to EEA Personal Data to only those Company employees and third-party service providers who need such information to carry out the above-listed purposes and who have agreed not to use such information for any other purposes. We do not sell, lease or license EEA Personal Data to third parties. However, should we do so we will enter into written agreements with those third-party agents and service providers requiring them to protect the data pursuant to applicable law and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our Privacy Shield and GDPR obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.
We may also transfer EEA Personal Data to our successor in the event of a sale, merger, acquisition, or similar transaction involving the relevant portion of our business; any such successor will be bound to the same obligations as we are regarding such information.
DISCLOSURES FOR NATIONAL SECURITY OR LAW ENFORCEMENT
Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We maintain reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield and GDPR. In determining what is reasonable and appropriate, we consider the risks involved in transferring, accessing and processing the EEA Personal Data, and we may review and make periodic adjustments to security measures that we believe are reasonably necessary to address changes in the nature and quantity of EEA Personal Data we process.
You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield or the GDPR. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to the contact information provided below. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information. In some circumstances we may charge a reasonable fee for access to your information. If we deny your request we will provide you with a written explanation of the reasons for our determination. If we are acting as the data processor for the relevant EEA Personal Data, we may need to refer your request to the applicable data controller.
QUESTIONS OR COMPLAINTS
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of EEA Personal Data. You can direct any questions or complaints about the use or disclosure of your EEA Personal Data to us at:
415 E. Exchange Parkway
Allen, TX 75002
Fax No. 972.423.9778
Attention: Privacy Officer
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA Personal Data within 45 days of receiving your complaint. If we are acting as the data processor for the relevant EEA Personal Data, we may need to refer your request to the applicable data controller. We have designated the American Arbitration Association’s International Centre for Dispute Resolution (ICDR/AAA) as the independent recourse mechanism to investigate and resolve any complaints we are not able to resolve ourselves. If you are unsatisfied with the resolution of your complaint, you may contact the ICDR/AAA at http://go.adr.org/privacyshield.html for further information and assistance. The services of the AAA are provided at no cost to you.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with us and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If you have any questions about this Policy or would like to request access to your EEA Personal Data, please contact us by using the contact information listed above.
CHANGES TO THIS POLICY
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements. We will make available on our website any new version of this Privacy Shield Policy.