EU-U.S. Privacy Shield Policy
Weil Engineering North America LLC, hereafter referred to as WE-NA, complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal data received from the European Economic Area (EEA) member countries. WE-NA has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield framework, and to view WE-NA’s certification, please visit https://www.privacyshield.gov/ .
This Privacy Shield Policy describes the collection and use of personal data.
WE-NA’s collection, use, and disclosure of personal data is managed in a manner consistent with the laws of the countries in which it does business; it also has a tradition of upholding the highest ethical standards in their business practices. This Privacy Shield Policy sets forth the privacy principles that WE-NA follows with respect to the protection and transfers of personal data from the European Economic Area (EEA) [which includes the member states of the European Union (EU) plus Iceland, Liechtenstein, and Norway] to the United States.
WE-NA periodically reviews its privacy policies and practices; accordingly they may be subject to change. In order to ensure familiarity with the most current version of this policy, we encourage periodic review by our website users.
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “Privacy Shield Principles”), frequently asked questions, incorporated documents, and letters (collectively the “EU-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal data transferred from the European Economic Area (EEA) to the United States (the “EU-U.S. Privacy Shield”). The EEA also has recognized the EU-U.S. Privacy Shield Framework as providing adequate data protection [Decision C (2016) 4176 final, 12.7.2016, Article 1 (1)]. Consistent with its commitment to protect personal privacy, WE-NA adheres to the principles set forth in the EU-U.S. Privacy Shield Framework.
This Privacy Shield Policy applies to all personal data received by WE-NA in the United States from the EEA, in any format, including electronic, paper, or verbal. This policy applies to all personal data WE-NA handles (except as noted below), including on-line, off-line, and manually processed data.
For purposes of this Privacy Shield Policy, the following definitions shall apply:
“Data subject” means an individual who is the subject of personal data.
“Personal data” or “Personally Identifiable Information” refers to all personal information concerning an identified or identifiable individual, including all expressions of opinion concerning the individual and all intentions of the data controller, or any person, in respect of the individual. Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal data.
“Sensitive personal data” means personal data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, marital status, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, WE-NA will treat as sensitive personal data any information received from a third party where that third party treats and identifies the information as sensitive.
“Data controller” means a person or organization who (either alone or jointly or in common with other persons or organizations) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
“Data processor” means any third party that collects or uses personal data under the instructions of, and solely for the data controller or to which personal data are being disclosed on behalf of the data controller.
With regard to the personal data received from the European Economic Area (EEA) member countries, WE-NA is acting as data controller, in particular cases which are based on further contractual arrangements also as a data processor.
The following privacy principles are based on the Privacy Shield Framework.
If WE-NA collects Personal Information directly from individuals in the EEA, it will inform them about
the purposes for which it collects and uses Personal Information about them,
the type or identity of third parties to which WE-NA discloses Personal Information, and the purposes for which it does so,
the fact that WE-NA is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
the possibility, under certain conditions, for the individual to invoke binding arbitration,
how to contact WE-NA to make a subject access request.
This notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to WE-NA, or as soon as practicable thereafter, and in any event before WE-NA uses or discloses the information for a purpose other than that for which it was originally collected or discloses information to a third party.
WE-NA may receive Personal Information of employees of the Weil Engineering GmbH and affiliates residing in the EEA (“EEA Employees”) for human resources purposes such as temporary work contract, visa application and other human resources purposes as are generally undertaken by organizations employing individuals. WE-NA will not, without obtaining the EEA Employee’s prior express consent, use such information for any purpose other than human resources purposes unless the EEA Employees have already consented to such use.
WE-NA collects personal data on its website, which is technically required for monitoring purposes. Beyond that it collects personal data from website visitors on a voluntary basis for the purpose of providing downloads, product information and newsletters. With respect to this category of personal data, WE-NA has created a specific Privacy Notice governing the treatment of personal data collected through websites that it operates.
Where WE-NA receives personal data from its parent organizations, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal data relates.
WE-NA is transparent about the purposes for which it collects and processes personal data and gives individuals appropriate privacy notices when collecting their personal data. WE-NA will provide data subjects with an easy mechanism to choose:
whether personal data is to be disclosed to a third party,
whether personal data is to be used for a purpose that is incompatible with the purpose or purposes for which it was originally collected,
how usage and disclosure of personal data can be limited
Data subjects provide their personal data on a voluntary basis. Should an individual doesn’t consent or would like to revoke its consent to a particular processing, it can inform WE-NAs data protection official at any time, so that WE-NA can specifically exempt that information from processing accordingly. If sensitive personal data is involved in the processing, WE-NA will provide explicit choice to this data.
WE-NA will not disclose an individual’s personal data to third parties except when one or more of the following conditions apply:
The data subject has given his consent to the transfer
The transfer is necessary for the performance of a contract between the data subject and WE-NA, or for the taking of steps at the request of the data subject with a view to his entering into a contract with WE-NA
The transfer is necessary for the conclusion of a contract between WE-NA and a person other than the data subject which is entered into at the request of the data subject, or is in the interest of the data subject, or for the performance of such a contract.
The transfer is necessary for reason of substantial public interest.
The transfer is necessary for the purpose of, or in connection with, any legal proceeding, is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purpose of establishing, exercising or defending legal rights.
The disclosure is required by means of a court order, if the transfer will assist with the legal or criminal investigations and/or prosecution or if WE-NA is otherwise legally bound to do so.
The information in question is publicly available.
If personal data is disclosed to a third party, WE-NA will apply choice and notice principle. WE-NA ascertains that third parties, who receive such personal data (acting as a data processor) adhere to technical and organizational measures that provide for the same level of protection as is available under the EU-U.S. Privacy Shield Framework, or are subject to the EU General Data Protection Regulation (EU-GDPR) or another adequacy finding, or enter into a written agreement with WE-NA based on the EU Standard Contractual clauses. Unless WE-NA proves that it is not responsible for the event giving rise to the damage, it shall remain liable under the Principles if one of the data processors so chosen processes the personal data received in a manner which is inconsistent with the Principles.
WE-NA will take reasonable precautions and has put in place technical and organizational measures to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity, purpose limitation and retention
WE-NA processes personal information only if it has legitimate grounds for collecting and using the personal data and if this is relevant for the purposes of processing. Personal data will not be used in ways that have unjustified adverse effects on the individual concerned or are incompatible with the purposes for which they have been collected or subsequently authorized by the individual. To the extent necessary for those purposes, WE-NA takes reasonable steps to ensure that data is reliable for its intended use, accurate, complete and current. Personal data will not be kept for longer than is necessary for the specified purposes.
Data subjects have the right of access to the personal data WE-NA holds about them and are entitled to have their information corrected, amended, or deleted where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, where the rights of persons other than the data subject would be involved, or as otherwise permitted by the Privacy Shield Framework.
If individuals have questions which have not been covered in this document, or would like to have more detailed information on a particular subject, or would like to make a subject access request concerning its personal data (e.g. reasons for storage, origin, recipients, etc.) they may contact WE-NAs data protection official. The individual will need to provide sufficient identifying information, such as name, address, birth date, WE-NA may request additional identifying information as a security precaution. In some circumstances, WE-NA may charge a reasonable fee, where warranted, for access to the personal data owned by the individual requesting access.
Enforcement and recourse
Any employee who is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.
WE-NA encourages interested persons to raise any concerns with us using the contact information below. WE-NA will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the principles contained in this policy. For complaints that cannot be resolved between WE-NA and the complainant, WE-NA has chosen the EU Data Protection Authorities (EU DPAs) to serve as an independent recourse mechanism (IRM) for dispute resolution arising from collection, use, and retention of personal data transferred from EU Member States to the United States. The EU DPAs will investigate and resolve each individual’s complaint and dispute by reference to the Principles and will award damages where the applicable law or private sector initiatives so provide.
We encourage anyone who has complaints or wishes to make a Subject Access Request to contact our Data Protection Official using the contact information below.
Limitation on Application of Principles
Adherence by WE-NA to these Privacy Shield Principles in the Privacy Shield Framework may be limited
to the extent required to respond to a legal obligation;
to the extent necessary to meet national security, public interest or law enforcement obligations; and
to the extent expressly permitted by an applicable law, rule or regulation.
Children’s Online Privacy Protection Act
Our Services are not designed to attract children under the age of 13. WE-NA does not knowingly solicit or collect personally identifiable information online from children under the age of 13. If WE-NA learns that a child under the age of 13 has submitted personally identifiable information online, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children under 13, please contact our data protection official.
Subject access request and further information
Your trust is important to us and we will gladly answer any questions you have concerning the processing of personal data. If you have questions which have not been covered in this document, if you would like to have more detailed information on a particular subject, or if you would like to make a subject access request concerning your personal data (e.g. reasons for storage, origin, recipients, etc.) please do not hesitate to contact our data protection official:
Weil Engineering North America LLC
25921 Meadowbrook Rd
Novi, MI 48375-1853