Last Updated: September 23, 2020
1. How we collect your personal data
a) Personal data collected on our Site and use of “cookies”
With most Internet browsers, you can erase the type of cookies we use from your computer hard drive, block our cookies, or receive a warning before our cookie is stored. However, please note that while you may still use the website and the services, your actions in connection with such functions will interfere with the website and the services functioning properly.
b) Other websites
c) New product offerings /promotional emails
We will not send you unrelated promotional e-mails unless you have specifically asked to receive them. If you choose to receive promotional e-mails from FLEXcon, we will ask you to provide FLEXcon with your e-mail address. If at any time after you subscribe to receive e-mail promotions, you may unsubscribe by replying to FLEXcon with the word "unsubscribe" in the subject heading of your e-mail (opt-out).
d) Customer inquiries
We also collect customer information from customers who call our customer service with inquiries. This personal data is also stored in the third-party lead management system and in a Survey Software that is hosted by a third party as FLEXcon’s service provider but will not be disclosed or otherwise made available to any other party.
f) Vendors and Customers based in the EEA or U.K.
We may also collect personal data from vendors and customers with whom we work as part of maintaining these relationships and the services provided or received. This personal data is also stored in a database in U.S. and U.K. It will not be disclosed or otherwise made available to any other party.
2. Disclosure of your personal data
a) Sharing with third parties
b) Sharing with employees, service providers, etc.
In addition, FLEXcon and its contractors and service providers may process your personal data to:
- customize, analyze, adjust and improve the Site and our services to better meet your needs;
- respond to your inquiries;
- prevent fraud and other prohibited or illegal activities; and
- protect or defend FLEXcon’s rights or property, even without a subpoena, warrant or other court order. All personal data will be processed based in the principles of legality, consent, Information, quality, purpose, loyalty proportionality and responsibility, as set forth in applicable law.
c) Data sharing with law enforcement and regulators, restructuring etc.
3) Protection against unauthorized access
FLEXcon takes appropriate measures to safeguard your personal data and to prevent unauthorized access to that information in its internal procedures and technology. However, we do not promise, and you should not expect, that your personal data are always safe against cyber-attacks, involuntary data loss or hacking, as such activities are common. FLEXcon has implemented physical, electronic and procedural safeguards to protect your personal data from unauthorized access and use. While FLEXcon strives to protect your personal data, no data transmission over the Internet is 100% secure and, consequently, we cannot guarantee the security of any information, nor should you expect that your personal data, searches or other communications with FLEXcon will always remain secure. You should also be aware that FLEXcon has no control over the security of other sites on the Internet that you might visit or interact with even when a link to any such third-party site appears on our site.
In the event of a breach of the confidentiality or security of your personal data, FLEXcon may notify you directly as necessary so you can take appropriate protective steps. FLEXcon may notify you under such circumstances using the e-mail address(es) that we have on record for you.
4) No Marketing to Children
This Site is a general audience site and does not target or intend to collect personal data from children. FLEXcon is concerned about the privacy and safety of children when they use the Internet. We will never knowingly request or collect personal data online from minors without prior verifiable parental consent. To use the Site or any of service, you must be the age of legal majority in your place of residence. By using the Site or any of our services, you hereby represent that you are at least the age of legal majority in your place of residence or have otherwise provided us with parental consent. All information provided to FLEXcon will be treated as if it was provided by an adult. In accordance with the US Children’s Online Privacy Protection Act of 1998 and similar non-US laws and regulations, if we discover that a child under 13 has provided us with personal data, we will remove it from our systems.
5) Removal /update of your personal data, revocation of consent for data processing
7) California residents
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of their personal data to third parties for their direct marketing purposes in the preceding calendar year. We give these users the ability to tell us not to share their personal data with third parties for their direct marketing purposes. To make such a request, please send us an email to privacy@FLEXcon.com. We may need additional information to process your request. We do not sell California customers’ personal information as defined in the CCPA (Section 1798.140(t).
8) How to contact us
FLEXcon Company, Inc.
1 FLEXcon Industrial Park
Spencer, MA 01562
GDPR DATA PROTECTION NOTICE
FLEXcon COMPANY, INC. and its European Union (“EU”) and U.K. affiliates (identified below) (hereinafter collectively, “FLEXcon”, “we” or “us”) collect and process personal information provided to us from, or that we obtain on behalf of, our suppliers/customers/outside contacts in the course of providing services to them.
The FLEXcon affiliates in the EU and U.K. are located at:
FLEXcon Europe Limited
Southfield Industrial Estate
Glenrothes, Fife KY6 2TF
Scotland - UK
FLEXcon Europe Limited
1382 JX Weesp
P.O. Box 131
1380 AC WEESP
Email contact for both: privacy@FLEXcon.com
FLEXcon is not obliged to have a data protection officer under the GDPR at this time.
This Data Protection Notice (“Notice”) is provided in accordance with applicable privacy laws including, but not limited to, laws implementing the General Data Protection Regulation 2016/679 (“GDPR”) and its national laws referring to it or implementing it (the “Data Privacy Laws”). It applies only to former, current and prospective suppliers/customers/outside contacts (“third parties”) in the European Economic Area or U.K. whose personal data we process on their behalf or on behalf FLEXcon (“EU personal data”). It covers the EU personal data we receive and describes how FLEXcon uses this information to serve the third parties and do business with the third parties.
FLEXcon provides various commercial services to our customers. In this respect, we are likely deemed a data controller under applicable Data Privacy Laws with respect to the personal data we obtain from third parties about their personnel and other individuals with whom we work. To the extent that FLEXcon is deemed a data controller under applicable Data Privacy Laws, this Notice fulfils our obligation to provide information to the third parties whose personal data we process in this capacity.
The EU personal data FLEXcon processes primarily include contact details for the third parties and their employees and their other personnel, along with any other data relating to such individuals in which they are identified or from which they are identifiable. Only to the extent provided to us by a third party or its employees or other personnel, this includes each individual’s name and contact information, and information about where the individual works.
FLEXcon collects various types of personal data from different sources, including from:
Personal data from job applicants in the EU and U.K. are processed in the U.K. according to the applicable employee data protection policy.
- directly from the third parties or our EU/U.K. affiliates;
- public sources, such as the internet sites; and
- from any vendor engaged by us or by the third parties to provide services on our customer’s behalf.
What we do with this personal data
The personal data FLEXcon collects are processed and to provide its commercial services to its customers, notably to facilitate our provision of such services, to respond to queries, and for other professional dealings with third parties (legitimate interest pursuant to Art. 6 (1) (f) GDPR). Where and to the extent required by a court order or a request from a governmental or regulatory authority, FLEXcon may also disclose this personal data to the court or governmental or regulatory authority.
FLEXcon will not use this EU personal data for any additional purposes, other than disclosed in this Notice, without the data subject’s express consent to do so, unless we have another lawful ground on which to use this information under the Data Privacy Laws. Any such consent can be withdrawn at any time by sending an email to privacy@FLEXcon.com or contacting us in writing. FLEXcon is not using EU personal data for automated decision-making, including profiling.
We are also permitted to process this personal data to comply with our legal and regulatory obligations and/or our contractual obligations to the third parties to provide the services to them and our own legitimate interests.
Some of this personal data is processed by us outside Europe, including in the United States, and is held on secured servers. FLEXcon’s EU and U.K. affiliates take steps to safeguard the privacy and security of all categories of personal data as required under the Data Privacy Laws. FLEXcon uses the EU Controller-to-Controller Standard Contractual Clauses that the European Commission has approved and can be obtained through the contacts mentioned in this Notice. FLEXcon shares the personal data for the purposes mentioned in this Notice only to the extent that this is necessary to provide the services to our customers and other third parties. Our security measures to protect the personal data are described below in this Notice. We are aware of the recent judgment of the European Court of Justice 311-18 (Schrems II) of July 16, 2020 and are in the process of adjusting our existing data transfer tools. Please contact us if you wish further details.
There may be instances when we disclose this personal data to other parties to:
We may share EU personal data with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of FLEXcon's business to that business entity. We will require that such recipients undertake to protect the EU personal data as required by the Data Privacy Laws.
- Comply with applicable law or respond to compulsory legal processes (such as a search warrant or court order) or in response to a request for information from a regulator or governmental authority, or in the course of actual or anticipated litigation or otherwise for legal purposes; and/or
- Protect the rights, property or safety of FLEXcon, or any of our respective affiliates, business partners, or other third parties, or otherwise in the legitimate business interests of FLEXcon and/or our affiliates and in accordance with Data Privacy Laws.
How FLEXcon protects personal data
We are regularly audited for adherence to the ISO 9001 standard and are currently certified.
We backup data every day to a secure offsite location which is GDPR compliant. Firewalls in our facilities are updated by the company IT department. Hard drives on PCs and laptops are protected by industry-standard encryption software.
FLEXcon understands that storing personal data in a secure manner is an essential requirement of the Data Privacy Laws and, therefore, employs reasonable physical, technical and administrative safeguards to secure such data against foreseeable risks, including unauthorized use, access, disclosure, destruction, or modification. You also have the right to transfer your personal data to another data controller. (data portability). More specifically, our information security team has developed policies, standards and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of FLEXcon’s data. We use preventive and detective controls such as Log Collection Analysis and Event Correlation, Perimeter Protection, Account Security, Physical Security, User Access, Encryption, Data Loss Prevention, and Vulnerability Management to safeguard the data of third parties. In addition, FLEXcon personnel are required to abide by FLEXcon’s code of business conduct and confidentiality and data security policies which are available to them online via the company internal network.
Although we make good-faith efforts to store the information we receive from and on behalf of the third parties in a secure operating environment that is not available to the public, FLEXcon cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems and data transmission lines, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining this information.
How long we keep it
We retain the personal data for the duration of the business relationship with the third party and, depending on the applicable jurisdiction in which a third party is located, after the end of the engagement, unless the information is needed longer for legal, regulatory, audit, and tax requirements. We will delete or anonymize EU personal data that are no longer needed for these purposes without undue delay.
Privacy rights under the GDPR
Data subjects in the EEA or the U.K. have the right to access their personal data and to ensure that it is accurate, and to request that we delete and/or restrict the processing of their personal data in accordance with, and subject to, the Data Privacy Laws. To enforce any of these rights, or for any further privacy-related question or concern you may have, you can contact us by email at privacy@FLEXcon.com. If you are not satisfied with our response, you can complain to the data protection authority in your country of residence or in the FLEXcon affiliate’s place of residence. The contact of the data protection agency for FLEXcon in the EU is Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ Den Haag, The Netherlands, website https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us