ELECTRONIC PRIVACY INSTITUTE
PRIVACY POLICY
Electronic Privacy Institute ("EPI") respects individual privacy and values the confidence of its
customers, employees, vendors, consumers, business partners and others.
EPI strives to collect, use and disclose Personal information in
a manner consistent with the laws of the countries in which it does business,
and has a tradition of upholding the highest ethical standards in its business
practices. EPI abides by the Safe Harbor Principles developed by
the U.S. Department of Commerce and the European Commission and the Frequently
Asked Questions (FAQs) issued by the Department of Commerce on July 21, 2000.
This Safe Harbor Privacy Policy (the "Policy") sets forth the privacy
principles that EPI follows with respect to transfers of Personal
information anywhere in the world, including transfers from the European
Economic Area (EEA) (which includes the twenty-five member states of the
European Union (EU) plus Iceland, Liechtenstein and Norway) to the United
States.
I. SAFE HARBOR
The United States Department of Commerce and the European
Commission have agreed on a set of data protection principles and frequently
asked questions (the "Safe Harbor Principles") to enable US companies
to satisfy the requirement under European Union law that adequate protection be
given to Personal information transferred from the EU to the United States. The
EEA also has recognized the US Safe Harbor as providing adequate data
protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to
protect Personal privacy, EPI adheres to the Safe Harbor
Principles.
EPI has a Chief Privacy Officer who is
responsible for EPI's compliance with and enforcement of this
Policy. EPI also has a Global Director of Data Protection who
assists in ensuring compliance with this Policy and data security issues.
EPI educates its employees concerning compliance with this Policy
and has self-assessment procedures in place to assure compliance. EPI's Chief Privacy Officer and Global Director of Data
Protection, Kenneth M. Gardner,
and Corporate Legal Team are available to any of its valued employees,
customers, vendors, business partners or others who may have questions
concerning this Policy or data security practices. Relevant contact information
is provided herein.
II. SCOPE
This Policy applies to all Personal information received by
EPI in any format including electronic, paper or verbal. EPI collects and processes Personal information concerning current and
former employees and their respective family members, as well as applicants for
employment through its Internet websites, its intranet site, electronic mail
and manually. EPI is the sole owner of information it collects
from current and former employees, applicants for employment, customers,
vendors and others. EPI will not sell or share this information
with third parties in ways different than what is disclosed in this Privacy
Policy. On a global basis, EPI will, and will cause its
affiliates to, establish and maintain business procedures that are consistent
with this Policy.
Personal information collected by EPI from
employees and applicants for employment is maintained at its corporate offices
in San Diego, California in the United States as well as the local office of
the employee or applicant. EPI collects Personal information for,
among other things, legitimate human resource business reasons such as payroll
administration; filling employment positions; administration and operations of
its benefit programs; meeting governmental reporting requirements;
security, health and safety management; performance management; company network
access; and authentication. EPI does not request or gather
information regarding political opinions, religion, philosophy or sexual
preference. To the extent EPI maintains information on an
individuals medical health or ethnicity (as legally required), EPI will protect, secure and use that information in a manner consistent
with this Policy and applicable law.
Personal information collected by EPI from
prospective customers, consumers, vendors, business partners and others may be
maintained at its corporate offices in San Diego, California or at other EPI facilities. EPI collects Personal information for, among
other things, legitimate business reasons such as customer service; product,
warranty and claims administration; meeting governmental reporting and records
requirements; maintenance of accurate accounts payable and receivable records;
internal marketing research; safety and performance management; financial and
sales data; and contact information. All Personal information collected by
EPI will be used for legitimate business purposes consistent with
this Policy.
III. DEFINITIONS
For purposes of this Policy, the following definitions shall
apply:
"Agent" means any third party that uses Personal
information provided by EPI to perform tasks on behalf of or at
the instruction of EPI.
"EPI" means EPI
Companies, Inc., its predecessors, successors, subsidiaries, divisions and
groups.
"Personal information" means any information or
set of information that identifies or could be used by or on behalf of EPI to identify an individual. Personal information does not include
information that is encoded or anonymized, or publicly available information
that has not been combined with non-public Personal information.
"Sensitive Personal information" means Personal
information that reveals race, ethnic origin, trade union membership, or that
concerns health. In addition, EPI will treat as sensitive
Personal information any information received from a third party where that
third party treats and identifies the information as sensitive.
IV. PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the seven
Safe Harbor Principles.
(1) NOTICE: Where EPI collects Personal
information directly from individuals, it will inform them about the purposes
for which it collects and uses Personal information about them, the types of
non-agent third parties to which EPI discloses that information,
and the choices and means, if any, EPI offers individuals for
limiting the use and disclosure of their Personal information. Notice will be
provided in clear and conspicuous language when individuals are first asked to
provide Personal information to EPI, or as soon as practicable
thereafter, and in any event before EPI uses the information for
a purpose other than that for which it was originally collected. EPI may disclose Personal information if required to do so by law or to
protect and defend the rights or property of EPI.
(2) CHOICE: EPI will offer individuals the
opportunity to choose (opt-out) whether their Personal information is (a) to be
disclosed to a non-agent third party, or (b) to be used for a purpose other
than the purpose for which it was originally collected or subsequently
authorized by the individual.
For sensitive Personal information, EPI will
give individuals the opportunity to affirmatively and explicitly (opt-in)
consent to the disclosure of the information to a non-agent third party or the
use of the information for a purpose other than the purpose for which it was
originally collected or subsequently authorized by the individual.
EPI will provide individuals with reasonable
mechanisms to exercise their choices should requisite circumstances arise.
(3) DATA INTEGRITY: EPI will use Personal
information only in ways that are compatible with the purposes for which it was
collected or subsequently authorized by the individual. EPI will
take reasonable steps to ensure that Personal information is relevant to its
intended use, accurate, complete and current.
(4) TRANSFERS TO AGENTS: EPI will obtain assurances
from its Agents that they will safeguard Personal information consistently with
this Policy. Examples of appropriate assurances that may be provided by Agents
include: a contract obligating the Agent to provide at least the same level of
protection as is required by the relevant Safe Harbor Principles, being subject
to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor
certification by the Agent, or being subject to another European Commission
adequacy finding (e.g., companies located in Switzerland). Where EPI has knowledge that an Agent is using or disclosing Personal
information in a manner contrary to this Policy, EPI will take
reasonable steps to prevent or stop the use or disclosure. EPI
holds it Agents accountable for maintaining the trust our employees and
customers place in the company.
(5) ACCESS AND CORRECTION: Upon request, EPI
will grant individuals reasonable access to Personal information that it holds
about them. In addition, EPI will take reasonable steps to permit
individuals to correct, amend or delete information that is demonstrated to be
inaccurate or incomplete. Any employees that desire to review or update their
Personal information can do so by contacting their local Human Resources
Representative.
(6) SECURITY: EPI will take reasonable
precautions to protect Personal information in its possession from loss, misuse
and unauthorized access, disclosure, alteration and destruction. EPI protects data in many ways. Physical security is designed to prevent
unauthorized access to database equipment and hard copies of sensitive Personal
information. Electronic security measures continuously monitor access to our
servers and provide protection from hacking or other unauthorized access from
remote locations. This protection includes the use of firewalls, restricted
access and encryption technology. EPI limits access to Personal
information and data to those persons in EPI's organization, or
as agents of EPI, that have a specific business purpose for
maintaining and processing such Personal information and data. Individuals who
have been granted access to Personal information are aware of their
responsibilities to protect the security, confidentiality and integrity of that
information and have been provided training and instruction on how to do so.
(7) ENFORCEMENT: EPI will conduct compliance
audits of its relevant privacy practices to verify adherence to this Policy and
the US Department of Commerce Safe Harbor Principles. Any employee that
EPI determines is in violation of this Policy will be subject to
disciplinary action up to and including termination of employment.
V. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of
Personal information should be directed to the EPI Privacy Office
at the address given below. EPI will investigate and attempt to
resolve complaints and disputes regarding use and disclosure of Personal
information in accordance with the principles contained in this Policy. For
complaints that cannot be resolved between EPI and the
complainant, EPI has agreed to participate in the dispute
resolution procedures of the panel established by the European data protection
authorities to resolve disputes pursuant to the Safe Harbor Principles.
VI. INTERNET PRIVACY
EPI sees the Internet, intranets and the use
of other technologies as valuable tools for communicating and interacting with
consumers, employees, vendors, business partners and others. EPI
recognizes the importance of maintaining the privacy of Personal information
collected through websites that it operates. EPI's sole purpose
for operating its websites is to provide information concerning products and
services to the public. In general, visitors can reach EPI on the
Web without revealing any Personal information. Visitors on the Web may elect
to voluntarily provide Personal information via EPI websites but
are not required to do so. EPI collects information from visitors
to the websites who voluntarily provide Personal information by filling out and
submitting online questionnaires concerning feedback on the website, requesting
information on products or services, or seeking employment. The Personal
information voluntarily provided by website users is contact information
limited to the user's name, home and/or business address, phone numbers and
email address. EPI collects this information so it may answer
questions and forward requested information. EPI does not sell or
share this information with non-agent third parties.
EPI may also collect anonymous information
concerning website users through the use of "cookies" in order to
provide better customer service. "Cookies" are small files that
websites place on usersEcomputers to identify the user and enhance the website
experience. None of this information is reviewed at an individual level.
Visitors may set their browsers to provide notice before they receive a cookie,
giving the opportunity to decide whether to accept the cookie. Visitors can
also set their browsers to turn off cookies. If visitors do so, however, some
areas of EPI websites may not function properly.
Few, if any, of EPI's websites are directed
toward children. Nevertheless, EPI is committed to complying with
applicable laws and requirements, such as the United States' Children's Online
Privacy Protection Act ("COPPA").
EPI website users have the option to request
that EPI not use information previously provided, correct
information previously provided, or remove information previously provided to
EPI. Those that would like to correct or suppress information
they have provided to EPI should forward such inquiries to:
EPI Privacy Inquiries
Attention: Kenneth M. Gardner, Chief Privacy Officer
The inquiries should include the individual's name, address,
and other relevant contact information (phone number, email address). EPI will use all reasonable efforts to honor such requests as quickly as
possible.
EPI websites may contain links to other
"non-EPI" websites. EPI assumes no
responsibility for the content or the privacy policies and practices on those
websites. EPI encourages all users to read the privacy statements
of those sites; their privacy practices may differ from those of EPI.
VII. CHANGES TO THIS SAFE HARBOR PRIVACY POLICY
The practices described in this Policy are current Personal
data protection policies as of January 3, 2008.
EPI reserves the right to modify or amend this Policy at any time
consistent with the requirements of the Safe Harbor Principles. Appropriate
public notice will be given concerning such amendments.
