Last Updated: July 26, 2018
1. How we collect your personal data
a) Personal data collected on our Site and use of “cookies”
With most Internet browsers, you can erase the type of cookies we use from your computer hard drive, block our cookies, or receive a warning before our cookie is stored. However, please note that while you may still use the website and the services, your actions in connection with such functions will interfere with the website and the services functioning properly.
b) Other websites
c) New product offerings /promotional emails
We will not send you unrelated promotional e-mails unless you have specifically asked to receive them. If you choose to receive promotional e-mails from FLEXcon, we will ask you to provide FLEXcon with your e-mail address. If at any time after you subscribe to receive e-mail promotions, you may unsubscribe by replying to FLEXcon with the word "unsubscribe" in the subject heading of your e-mail (opt-out).
d) Customer inquiries
We also collect customer information from customers who call our customer service with inquiries. These personal data are also stored in the third-party lead management system and in a Survey Software that is hosted by a third party as FLEXcon’s service provider but will not be disclosed or otherwise made available to any other party.
2. Disclosure of your personal data
a) Sharing with third parties
b) Sharing with employees, contractors, service providers, etc.
In addition, FLEXcon and its contractors and service providers may process your personal data to:
- customize, analyze, adjust and improve the Site and our services to better meet your needs;
- respond to your inquiries;
- protect or defend FLEXcon’s rights or property, even without a subpoena, warrant or other court order. All personal data will be treated and processed based in the principles of legality, consent, Information, quality, purpose, loyalty proportionality and responsibility, as set forth in applicable law.
c) Data sharing with law enforcement and regulators, restructuring etc.
3) Protection against unauthorized access
FLEXcon takes appropriate measures to safeguard your personal data and to prevent unauthorized access to that information in its internal procedures and technology. However, we do not promise, and you should not expect, that your personal data are always safe against cyber-attacks, involuntary data loss or hacking, as such activities are common. FLEXcon has implemented physical, electronic and procedural safeguards to protect your personal data from unauthorized access and use. While FLEXcon strives to protect your personal data, no data transmission over the Internet is 100% secure and, consequently, we cannot guarantee the security of any information, nor should you expect that your personal data, searches or other communications with FLEXcon will always remain secure. You should also be aware that FLEXcon has no control over the security of other sites on the Internet that you might visit or interact with even when a link to any such third-party site appears on our site.
In the event of a breach of the confidentiality or security of your personal data, FLEXcon may notify you directly as necessary so you can take appropriate protective steps. FLEXcon may notify you under such circumstances using the e-mail address(es) that we have on record for you.
4) No Marketing to Children
This Site is a general audience site and does not target or intend to collect personal data from children. FLEXcon is concerned about the privacy and safety of children when they use the Internet. We will never knowingly request or collect personal data online from minors without prior verifiable parental consent. To use the Site or any of service, you must be the age of legal majority in your place of residence. By using the Site or any of our services, you hereby represent that you are at least the age of legal majority in your place of residence or have otherwise provided us with parental consent. All information provided to FLEXcon will be treated as if it was provided by an adult. In accordance with the US Children’s Online Privacy Protection Act of 1998 and similar non-US laws and regulations, if we discover that a child under 13 has provided us with personal data, we will remove it from our systems.
5) Removal /update of your personal data, revocation of consent for data processing
7) California residents
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of their personal data to third parties for their direct marketing purposes in the preceding calendar year. We give these users the ability to tell us not to share their personal data with third parties for their direct marketing purposes. To make such a request, please send us an email to email@example.com. We may need additional information to process your request.
8) How to contact us
IT Operations Manager
FLEXcon Company Inc.
1 FLEXcon Industrial Park
Spencer, MA 01562-2642
GDPR DATA PROTECTION NOTICE
FLEXCON Company and its European Union (“EU”) affiliates (identified below) (hereinafter collectively, “FLEXCON”, “we” or “us”) collect and process personal information provided to us from, or that we obtain on behalf of, our suppliers/customers/outside contacts in the course of providing services to them.
The FLEXCON affiliates in the EU are located at:
Southfield Industrial Estate
Fife KY6 2TF
13872 JX Weesp
This Data Protection Notice (“Notice”) is provided in accordance with applicable privacy laws including, but not limited to, laws implementing the General Data Protection Regulation 2016/679 (“GDPR”) and its national laws referring to it (the “Data Privacy Laws”). It applies only to former, current and prospective suppliers/customers/outside contacts (“third parties”) whose EU personal data we process on their behalf or on behalf FLEXCON. It identifies the personal data we receive and how FLEXCON uses this information to serve the third parties and do business with the third parties.
FLEXCON provides various commercial services to our customers. In this respect, we are likely deemed a data controller under applicable Data Privacy Laws with respect to the personal data we obtain from third parties about their personnel and other individuals with whom we work. To the extent that FLEXCON is deemed a data controller under applicable Data Privacy Laws, this Notice fulfils our obligation to provide information to the third parties whose personal data we process in this capacity.
The EU personal data FLEXCON processes primarily include contact details for the third parties and their employees and their other personnel, along with any other data relating to such individuals in which they are identified or from which they are identifiable. This includes each individual’s name and contact information, information about where he or she works and, only to the extent provided to us by a third party or its employees or other personnel.
FLEXCON collects various types of personal data from different sources, including from:
- directly from the third parties;
- public sources, such as the internet sites; and
- from any vendor engaged by us or by the third parties to provide services on our customer’s behalf.
What we do with this personal data
The personal data FLEXCON collects is used in connection with and to provide its commercial services to its customers, notably to facilitate our provision of such services, to respond to queries, and for other professional dealings with third parties. Where and to the extent required by a court order or a request from a governmental or regulatory authority, FLEXCON may also disclose this personal data to the court or governmental or regulatory authority.
Where personnel employed or engaged by a third party and contacts consent to FLEXCON’s using their personal data for marketing purposes we use their data to newsletters, new product introductions or promotions, notices of product changes or discontinuations, any legal updates and to invite them to events hosted or sponsored by FLEXCON. Individuals can unsubscribe from these marketing communications at any time after initially providing consent.
FLEXCON will not use this EU personal data for any additional purposes without express consent to do so, unless we have another lawful ground on which to use this information under the Data Privacy Laws. Any such consent is revocable at any time. FLEXCON is not using EU personal data for automated decision making, including profiling.
We are also permitted to process this personal data to comply with our legal and regulatory obligations and/or our contractual obligations to the third parties to provide the services to them and our own legitimate interests.
Some of this personal data is processed by us outside Europe, including in the United States, and is held on servers provided by Microsoft in United States. FLEXCON’S European affiliates take steps to safeguard the privacy and security of all categories of personal data as required under the Data Privacy Laws. FLEXCON uses the EU Standard Contractual Clauses that the European Commission has approved and can be obtained through the contacts mentioned in this Notice. FLEXCON shares the personal data for the purposes mentioned in this Notice only to the extent that this is necessary to provide the services to our customers and other third parties. Our security measures to protect the personal data are described below in this Notice.
There may be instances when we disclose this personal data to other parties to:
- Comply with the law or respond to compulsory legal processes (such as a search warrant or court order) or in response to a request for information from a regulator or governmental authority, or in the course of actual or anticipated litigation or otherwise for legal purposes; and/or
- Protect the rights, property or safety of FLEXCON, or any of our respective affiliates, business partners, or other third parties, or otherwise in the legitimate business interests of FLEXCON and/or our affiliates and in accordance with Data Privacy Laws.
We may share this personal data with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of FLEXCON's business to that business entity. We will require that such recipients undertake to protect this personal information as required by the Data Privacy Laws.
How FLEXCON protects personal data
We are regularly audited for adherence to the ISO 9001 standard and are currently certified.
We backup data every day to disk and once a week to tape. Those tape backups are held off-site by Iron Mountain in a secure facility. Iron Mountain themselves are GDPR compliant.
Firewalls in Weesp and Glenrothes were replaced by the most current models in March and are regularly patched by Spencer IT. Hard drives on PCs and laptops are protected by industry-standard encryption software. A stock of encrypted pen drives is maintained should staff require to transport personal data off site.
FLEXCON understands that storing personal data in a secure manner is an essential requirement of the Data Privacy Laws and, therefore, employs reasonable physical, technical and administrative safeguards to secure such data against foreseeable risks, including unauthorized use, access, disclosure, destruction, or modification. You also have the right to transmit your personal data to another company etc. (data portability). More specifically, our information security team has developed policies, standards and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of FLEXCON’s data. We utilize preventive and detective controls such as Log Collection Analysis and Event Correlation, Perimeter Protection, Account Security, Physical Security, User Access, Encryption, Data Loss Prevention, and Vulnerability Management to safeguard the data of third parties. In addition, FLEXCON personnel are required to read FLEXCON’s code of business conduct and confidentiality and data security policies with are available to them via the company intranet.
Although we make good-faith efforts to store the information we receive from and on behalf of the third parties in a secure operating environment that is not available to the public, FLEXCON cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining this information.
How long we keep it
We retain the personal data for the duration of the business relationship with the third party and, depending on the applicable jurisdiction in which a third party is located, after the end of the engagement, unless the information is needed longer for legal, regulatory, audit, and tax requirements.
Privacy rights under the GDPR
Individuals in the EU have the right to access their personal data and to ensure that it is accurate, and to request that we delete and/or restrict the processing of their personal data in accordance with, and subject to, the Data Privacy Laws. To enforce any of these rights, individuals or for any further privacy-related question or concern you may have, you can contact us by email at firstname.lastname@example.org. If he or she is not satisfied with our response, he or she can complain to the data protection authority in his or her country of residence or in the FLEXCON affiliate’s place of residence.