EUROPEAN SAFE HARBOR PROVISION
Date Issued: January 1, 2009
1. PURPOSE
HID Global Corporation, and its subsidiaries and affiliates, respect the privacy of their employees and are committed to protecting employee data maintained by the company. Due to the global nature of HID Global's business, transfers of employee Personal Data, defined below, across national boundaries may occur. As a result, HID Global Corporation and its affiliated U.S. entities ("HID Global") have adopted this Safe Harbor Data Privacy Policy ("the Privacy Policy") and adhere to the Safe Harbor Principles published by the U.S. Department of Commerce, in agreement with the European Commission, with respect to employee Personal Data transferred from the European Union to the United States of America regarding HID Global employees employed within the European Union ("EU Based Employees") or Switzerland.
2. SCOPE
This Policy applies to all employee Personal Data received by HID Global in the United States from the European Union ("EU") or Switzerland (which has adopted substantially similar privacy laws to those of the EU) in any format. For the purpose of this Policy, "Personal Data" or "Personal Information" is employee data about an identified or identifiable EU Based Employee, received by HID Global in the U.S. from the EU and recorded in any form.
3. SAFE HARBOR PRIVACY PRINCIPLES
The following privacy principles apply to the transfer, collection, use or disclosure of personal information from the EU by HID Global.
NOTICE
HID Global receives employee Personal Information in connection with the management and administration of pre-employment, employment and post-employment matters. HID Global informs EU based employees about the purposes for which their Personal Information is collected and used. HID Global will use the information for business operations, employee development, administration and planning, or when required in the course of judicial or administrative proceedings, subject to all nondisclosure safeguards available. Below are listed the general categories of third parties with whom HID Global may share this Personal Information. Notice to EU Based Employees will be provided before HID Global uses the information for purposes other than for which it was collected, or before it discloses the information to categories of third parties not specified in this policy.
CHOICE
HID Global gives its EU Based Employees the opportunity to opt out from allowing HID Global to disclose their Personal Information to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected or authorized. To exercise this opt out, an EU Based Employee should contact his or her site Human Resources Representative.
With respect to sensitive data (for example, political or religious beliefs, union membership, health matters...), HID Global will not share such information unless specifically authorized by the individual EU Based Employee.
TRANSFER TO THIRD PARTIES
HID Global may share employee data with third parties that provide certain services to HID Global, including but not limited to outside accountants and lawyers, consultants and service providers. Prior to transferring Personal Data within the HID Global Group, HID Global will ensure that the protection and transfer of such Personal Data complies with the Safe Harbor Principles.
HID Global may transfer Personal Data to a third party acting as an agent for HID Global by having the third party enter into an agreement with HID Global in which the third party promises to provide the same level of protection as required by the Safe Harbor Principles. If the third party agent does not comply with its privacy obligations, HID Global will take commercially reasonable steps to prevent or stop the use or disclosure of Personal Data.
SECURITY
HID Global takes reasonable measures to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration or destruction. These measures include password protection for online information systems and restricted access to Personal Data processed by the Human Resources Department.
DATA INTEGRITY
HID Global does not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. HID Global will take reasonable steps to ensure that Personal Information is relevant for its intended use, accurate, complete and current.
ACCESS
Upon request, HID Global will provide EU Based Employees with reasonable access to Personal Information that it holds about them and will take reasonable steps to permit the employees to correct, amend, or delete any Personal Information which is inaccurate or incomplete.
An EU Based Employee who wants to have access to his or her Personal Information should provide a written request to his or her site Human Resources Representative.
ENFORCEMENT
Annual internal compliance reviews of the Privacy Policy will take place as part of the certification process with the U.S. Department of Commerce.
If a complaint regarding HID Global's use of Personal Information is raised by an EU Based Employee, HID Global will investigate and try to resolve any dispute. If the dispute cannot be resolved, HID Global will participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities.
Any questions or concerns regarding the use or disclosure of Personal Information should be directed to the office of the HID Global's Chief Compliance Officer indicated below.
By mail: Kimberle Marquardt
By email:
kmarquardt@hidglobal.com
AMENDMENT
The HID Global Privacy Policy may be amended from time to time in compliance with the requirements of the Safe Harbor Principles. Appropriate notice will be given concerning such amendments.