EU-U.S. Data Privacy Framework Policy
Weil Technology North America LLC, hereafter referred to as WE-NA, complies with the EU-U.S. Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of Personal Information received from the European Economic Area (EEA) member countries. WE-NA has certified that it adheres to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the DPF, and to view WE-NA’s certification, please visit
https://www.dataprivacyframework.gov/.
This DPF Policy describes the collection and use of Personal Information.
WE-NA’s collection, use, and disclosure of Personal Information is managed in a manner consistent with the laws of the countries in which it does business; it also has a tradition of upholding the highest ethical standards in their business practices. This DPF Policy sets forth the privacy principles that WE-NA follows with respect to the protection and transfers of Personal Information from the European Economic Area (EEA) [which includes the member states of the European Union (EU) plus Iceland, Liechtenstein, and Norway] to the United States.
WE-NA periodically reviews its privacy policies and practices; accordingly they may be subject to change. In order to ensure familiarity with the most current version of this policy, we encourage periodic review by our website users.
The Data Privacy Framework
The DPF was developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for Personal Information transfers to the United States from the European Union / European Economic Area that are consistent with EU law. The DPF is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce. The DPF enables the transfer of EU Personal Information to participating organizations consistent with EU law. Organizations participating in the DPF may receive Personal Information from the EU / EEA if they self-certify to the ITA and publicly commit to comply with the DPF Principles. Consistent with its commitment to protect personal privacy, WE-NA adheres to the principles set forth in the EU-U.S. DPF.
Scope
This DPF Policy applies to all Personal Information received by WE-NA in the United States from the EEA, in any format, including electronic, paper, or verbal. This policy applies to all Personal Information WE-NA handles (except as noted below), including on-line, off-line, and manually processed data.
Definitions
For purposes of this DPF Policy, the following definitions shall apply:
“Data subject” means an individual who is the subject of Personal Information.
“Personal Information” or “Personally Identifiable Information” refers to all personal information concerning an identified or identifiable individual, including all expressions of opinion concerning the individual and all intentions of the data controller, or any person, in respect of the individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, marital status, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, WE-NA will treat as sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.
“Data controller” means a person or organization who (either alone or jointly or in common with other persons or organizations) determines the purposes for which and the manner in which any Personal Information are, or are to be, processed.
“Data processor” means any third party that collects or uses Personal Information under the instructions of, and solely for the data controller or to which Personal Information are being disclosed on behalf of the data controller.
With regard to the Personal Information received from the European Economic Area (EEA) member countries, WE-NA is acting as data controller, in particular cases which are based on further contractual arrangements also as a data processor.
Privacy Principles
The following privacy principles are based on the DPF Framework.
Notice
If WE-NA collects Personal Information directly from individuals in the EEA, it will inform them about
• the purposes for which it collects and uses Personal Information about them,
• the type or identity of third parties to which WE-NA discloses Personal Information, and the purposes for which it does so,
• the fact that WE-NA is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
• the possibility, under certain conditions, for the individual to invoke binding arbitration,
• how to contact WE-NA to make a subject access request.
This notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to WE-NA, or as soon as practicable thereafter, and in any event before WE-NA uses or discloses the information for a purpose other than that for which it was originally collected or discloses information to a third party.
WE-NA may receive Personal Information of employees of the Weil Technology GmbH and affiliates residing in the EEA (“EEA Employees”) for human resources purposes such as temporary work contract, visa application and other human resources purposes as are generally undertaken by organizations employing individuals. WE-NA will not, without obtaining the EEA Employee’s prior express consent, use such information for any purpose other than human resources purposes unless the EEA Employees have already consented to such use.
WE-NA collects Personal Information on its website, which is technically required for monitoring purposes. Beyond that it collects Personal Information from website visitors on a voluntary basis for the purpose of providing downloads, product information and newsletters. With respect to this category of Personal Information, WE-NA has created a specific Privacy Notice governing the treatment of Personal Information collected through websites that it operates.
Where WE-NA receives Personal Information from its parent organizations, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Information relates.
Choice
WE-NA is transparent about the purposes for which it collects and processes Personal Information and gives individuals appropriate privacy notices when collecting their Personal Information. WE-NA will provide data subjects with an easy mechanism to choose:
• whether Personal Information is to be disclosed to a third party,
• whether Personal Information is to be used for a purpose that is incompatible with the purpose or purposes for which it was originally collected,
• how usage and disclosure of Personal Information can be limited
Data subjects provide their Personal Information on a voluntary basis. Should an individual doesn’t consent or would like to revoke its consent to a particular processing, it can inform WE-NAs data protection official at any time, so that WE-NA can specifically exempt that information from processing accordingly. If sensitive Personal Information is involved in the processing, WE-NA will provide explicit choice to this data.
Onward Transfer
WE-NA will not disclose an individual’s Personal Information to third parties except when one or more of the following conditions apply:
• The data subject has given his consent to the transfer
• The transfer is necessary for the performance of a contract between the data subject and WE-NA, or for the taking of steps at the request of the data subject with a view to his entering into a contract with WE-NA
• The transfer is necessary for the conclusion of a contract between WE-NA and a person other than the data subject which is entered into at the request of the data subject, or is in the interest of the data subject, or for the performance of such a contract.
• The transfer is necessary for reason of substantial public interest.
• The transfer is necessary for the purpose of, or in connection with, any legal proceeding, is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purpose of establishing, exercising or defending legal rights.
• The disclosure is required by means of a court order, if the transfer will assist with the legal or criminal investigations and/or prosecution or if WE-NA is otherwise legally bound to do so.
• The information in question is publicly available.
If Personal Information is disclosed to a third party, WE-NA will apply choice and notice principle. WE-NA ascertains that third parties, who receive such Personal Information (acting as a data processor) adhere to technical and organizational measures that provide for the same level of protection as is available under the EU-U.S. DPF, or are subject to the EU General Data Protection Regulation (EU-GDPR) or another adequacy finding, or enter into a written agreement with WE-NA based on the EU Standard Contractual clauses. Unless WE-NA proves that it is not responsible for the event giving rise to the damage, it shall remain liable under the Principles if one of the data processors so chosen processes the Personal Information received in a manner which is inconsistent with the Principles.
Security
WE-NA will take reasonable precautions and has put in place technical and organizational measures to protect Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity, purpose limitation and retention
WE-NA processes personal information only if it has legitimate grounds for collecting and using the Personal Information and if this is relevant for the purposes of processing. Personal Information will not be used in ways that have unjustified adverse effects on the individual concerned or are incompatible with the purposes for which they have been collected or subsequently authorized by the individual. To the extent necessary for those purposes, WE-NA takes reasonable steps to ensure that data is reliable for its intended use, accurate, complete and current. Personal Information will not be kept for longer than is necessary for the specified purposes.
Access
Data subjects have the right of access to the Personal Information WE-NA holds about them and are entitled to have their information corrected, amended, or deleted where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, where the rights of persons other than the data subject would be involved, or as otherwise permitted by the DPF.
If individuals have questions which have not been covered in this document, or would like to have more detailed information on a particular subject, or would like to make a subject access request concerning its Personal Information (e.g. reasons for storage, origin, recipients, etc.) they may contact WE-NAs data protection official. The individual will need to provide sufficient identifying information, such as name, address, birth date, WE-NA may request additional identifying information as a security precaution. In some circumstances, WE-NA may charge a reasonable fee, where warranted, for access to the Personal Information owned by the individual requesting access.
Enforcement and recourse
WE-NA utilizes the self-assessment approach to assure its compliance with this privacy policy and will periodically conduct compliance audits of its relevant privacy practices to verify adherence to this policy. WE-NA ensures that this policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the DPF Principles.
Any employee who is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.
WE-NA encourages interested persons to raise any concerns with us using the contact information below. WE-NA will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this policy. For complaints that cannot be resolved between WE-NA and the complainant, WE-NA has chosen the EU Data Protection Authorities (EU DPAs) to serve as an independent recourse mechanism (IRM) for dispute resolution arising from collection, use, and retention of Personal Information transferred from EU Member States to the United States. The EU DPAs will investigate and resolve each individual’s complaint and dispute by reference to the Principles and will award damages where the applicable law or private sector initiatives so provide.
We encourage anyone who has complaints or wishes to make a Subject Access Request to contact our Data Protection Official using the contact information below.
Limitation on Application of Principles
Adherence by WE-NA to these DPF Principles in the DPF may be limited
• to the extent required to respond to a legal obligation;
• to the extent necessary to meet national security, public interest or law enforcement obligations; and
• to the extent expressly permitted by an applicable law, rule or regulation.
Internet Privacy
WE-NA sees the Internet and the use of other technologies as valuable tools to communicate and interact with business partners and others. However, WE-NA cannot guarantee the security of information on, or transmitted via the Internet. WE-NA recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy governing the treatment of Personal Information collected through websites that it operates with respect to Personal Information that is transferred from the European Economic Area to the U.S. The Internet Privacy Policy is subordinate to this DPF Privacy Policy.
Children’s Online Privacy Protection Act
Our Services are not designed to attract children under the age of 13. WE-NA does not knowingly solicit or collect personally identifiable information online from children under the age of 13. If WE-NA learns that a child under the age of 13 has submitted personally identifiable information online, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children under 13, please contact our data protection official.
Subject access request and further information
Your trust is important to us and we will gladly answer any questions you have concerning the processing of Personal Information. If you have questions which have not been covered in this document, if you would like to have more detailed information on a particular subject, or if you would like to make a subject access request concerning your Personal Information (e.g. reasons for storage, origin, recipients, etc.) please do not hesitate to contact our data protection official:
Weil Technology North America LLC
25921 Meadowbrook Rd
Novi, MI 48375-1853
USA
email: privacy(at)weilengineering.com
