24 May 2018
FLEXCON EUROPE Ltd and its European Union (“EU”) affiliates (identified below) (hereinafter collectively, “FLEXCON EUROPE,” “we” or “us”) collect and process personal information provided to us from, or that we obtain on behalf of, our suppliers/customers/outside contacts in the course of providing services to them.
The FLEXCON EUROPE affiliates in the EU are located at:
FLEXcon Europe Ltd
Southfield Industrial Estate
KY6 2TF - SCOTLAND
FLEXcon Europe Ltd
1382 JX Weesp - NETHERLAND
This Data Protection Notice (“Notice”) is provided in accordance with applicable privacy laws including, but not limited to, laws implementing the General Data Protection Regulation 2016/679 (“GDPR”) and its national laws referring to it (the “Data Privacy Laws”). It applies only to former, current and prospective suppliers/customers/outside contacts (“third parties”) whose personal data we process on their behalf or on behalf FLEXCON EUROPE in the EU/EEA. It identifies the personal data we receive and how FLEXCON EUROPE uses this information to serve the third parties and do business with the third parties.
FLEXCON EUROPE provides various commercial services to our customers. In this respect, we are likely deemed a data controller under applicable Data Privacy Laws with respect to the personal data we obtain from third parties about their personnel and other individuals with whom we work. To the extent that FLEXCON EUROPE is deemed a data controller under applicable Data Privacy Laws, this Notice fulfils our obligation to provide information to the third parties whose personal data we process in this capacity.
The personal data FLEXCON EUROPE processes primarily includes contact details for the third parties and their employees and their other personnel, along with any other data relating to such individuals in which they are identified or from which they are identifiable. This includes each individual’s name and contact information, information about where he or she works and, only to the extent provided to us by a third party or its employees or other personnel.
FLEXCON EUROPE collects various types of personal data from different sources, including from:
- directly from the third parties;
- public sources, such as the internet sites; and
- from any vendor engaged by us or by the third parties to provide services on our customer’s behalf.
What we do with this personal data
The personal data FLEXCON EUROPE collects is used in connection with and to provide its commercial services to its customers, notably to facilitate our provision of such services, to respond to queries, and for other professional dealings with third parties. Where and to the extent required by a court order or a request from a governmental or regulatory authority, FLEXCON EUROPE may also disclose this personal data to the court or governmental or regulatory authority.
Where personnel employed or engaged by a third party and contacts consent to FLEXCON EUROPE’s using their personal data for marketing purposes we use their data to newsletters, new product introductions or promotions, notices of product changes or discontinuations, any legal updates and to invite them to events hosted or sponsored by FLEXCON EUROPE. Individuals can unsubscribe from these marketing communications at any time after initially providing consent
FLEXCON EUROPE will not use this personal data for any additional purposes without express consent to do so, unless we have another lawful ground on which to use this information under the Data Privacy Laws. Any such consent is revocable at any time. FLEXCON EUROPE is not using personal data for automated decision making, including profiling.
We are also permitted to process this personal data to comply with our legal and regulatory obligations and/or our contractual obligations to the third parties to provide the services to them and our own legitimate interests.
Some of this personal data is processed by us outside Europe, including in the United States, and is held on servers provided by Microsoft in United States. FLEXCON takes steps to safeguard the privacy and security of all categories of personal data as required under the Data Privacy Laws. FLEXCON EUROPE uses the EU Standard Contractual Clauses that the European Commission has approved and can be obtained through the contacts mentioned in this Notice. FLEXCON EUROPE shares the personal data for the purposes mentioned in this Notice only to the extent that this is necessary to provide the services to our customers and other third parties. Our security measures to protect the personal data are described below in this Notice.
There may be instances when we disclose this personal data to other parties to:
- Comply with the law or respond to compulsory legal processes (such as a search warrant or court order) or in response to a request for information from a regulator or governmental authority, or in the course of actual or anticipated litigation or otherwise for legal purposes; and/or
- Protect the rights, property or safety of FLEXCON EUROPE, or any of our respective affiliates, business partners, or other third parties, or otherwise in the legitimate business interests of FLEXCON EUROPE and/or our affiliates and in accordance with Data Privacy Laws.
We may share this personal data with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of FLEXCON EUROPE's business to that business entity. We will require that such recipients undertake to protect this personal information as required by the Data Privacy Laws.
How FLEXCON EUROPE protects personal data
We are regularly audited for adherence to the ISO 9001 standard and are currently certified.
We backup data every day to disk and once a week to tape. Those tape backups are held off-site by Iron Mountain in a secure facility. Iron Mountain themselves are GDPR compliant.
Firewalls in Weesp and Glenrothes were replaced by the most current models in March and are regularly patched by Spencer IT. Hard drives on PCs and laptops are protected by industry-standard encryption software. A stock of encrypted pen drives is maintained should staff require to transport personal data off site.
FLEXCON EUROPE understands that storing personal data in a secure manner is an essential requirement of the Data Privacy Laws and, therefore, employs reasonable physical, technical and administrative safeguards to secure such data against foreseeable risks, including unauthorized use, access, disclosure, destruction, or modification. You also have the right to transmit your personal data to another company etc. (data portability). More specifically, our information security team has developed policies, standards and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of FLEXCON EUROPE’s data. We utilize preventive and detective controls such as Log Collection Analysis and Event Correlation, Perimeter Protection, Account Security, Physical Security, User Access, Encryption, Data Loss Prevention, and Vulnerability Management to safeguard the data of third parties. In addition, FLEXCON EUROPE personnel are required to read FLEXCON EUROPE’s code of business conduct and confidentiality and data security policies with are available to them via the company intranet.
Although we make good-faith efforts to store the information we receive from and on behalf of the third parties in a secure operating environment that is not available to the public, FLEXCON EUROPE cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining this information.
How long we keep it
We retain the personal data for the duration of the business relationship with the third party and, depending on the applicable jurisdiction in which a third party is located, after the end of the engagement, unless the information is needed longer for legal, regulatory, audit, and tax requirements.
Privacy rights under the GDPR
Individuals in the EU have the right to access their personal data and to ensure that it is accurate, and to request that we delete and/or restrict the processing of their personal data in accordance with, and subject to, the Data Privacy Laws. To enforce any of these rights, individuals or for any further privacy-related question or concern you may have, you can contact us by email at firstname.lastname@example.org. If he or she is not satisfied with our response, he or she can complain to the data protection authority in his or her country of residence or in the FLEXCON EUROPE affiliate’s place of residence.