Information Privacy (Safe Harbor) Policy

Company Policy POL/GLO/05

Revision Date / Status: Feb. 04, 2014 / R-03


Objectives

This document provides guidance regarding the protection of Personal Data that may be transferred globally by syncreon Global Holdings Limited and any of its subsidiary and affiliate companies (collectively the “Company”).  


Responsibilities 

Policy Owner: 

EVP – CIO, Julian Mordaunt

Actively Involved:  

EVP – HR, Annette Cyr

Actively Involved:   General Counsel – Kenneth Pocius


Definitions

  1. “Personal Data” or “Personal Information” refers to data pertaining to an identified or identifiable natural person, including but not limited to personal details, family and lifestyle details, education and training, medical details, employment details, financial details, contractual details. 
  2.  “Personal Data” does not include information that is encoded, or publicly available information that has not been combined with non-public Personal Data.
  3.  “Personal Information” means information that: is transferred from one country to another; is recorded in any form; is about, or pertains to, a specific individual or can be linked to that individual. Personal Information does not include information that is anonymized or publicly available information that has not been combined with non-public Personal Information.
  4. “Process” means any on-line, off-line or manual processing and includes such activities as copying, filing and inputting Personal Data into a database.
  5. Safe Harbor Privacy Principles (“Principles”) are a set of principles and frequently asked questions, issued by the US Department of Commerce and approved by the European Union Commission.
  6. “Sensitive Personal Data” pertains to medical or health conditions, racial or ethnic original, political preference, religious or philosophical beliefs, trade union membership, sexual orientation or any other data that is identified as “sensitive” by any identifiable person.
  7. “European Economic Area” (“EEA”) includes the twenty-seven member states of the European Union (“EU”) plus Iceland, Liechtenstein, and Norway.
  8.  “Agent” means any third party that collects, maintains, or uses Personal Information under the instructions of or solely for the Company or to which the Company discloses Personal Information for use on behalf of the Company.

Policy

The Company respects individual privacy and values the confidence of our customers, employees, suppliers, independent contractors, consultants, business partners, and others.  The Company adheres to the Safe Harbor Principals concerning the transfer of Personal Data from the European Union or ‘Commonwealth’ to the United States of America.    Accordingly, we follow the Safe Harbor Principles with respect to the transfer of personal data between any and all countries.  This policy outlines the Company’s general policy and practices for implementing the Safe Harbor Privacy Principles, including the types of information the company gathers, how we use it, and the choices the affected individuals have regarding our use of, and their ability to correct, that information.

 This policy applies to all Personal Information or Sensitive Personal Data the Company handles, including on-line (except as noted below), off-line, and manually processed data. 

  

Principles Protecting Individuals' Privacy Notice and Choice

To the extent permitted by the Safe Harbor Principles, we reserve the right to process Personal Information in the course of our internal business operation without the knowledge of individuals involved in a secure and protected method.

Where the Company receives Personal Information from its subsidiaries, affiliates, or other entities in the EU or any other country, the Company will use and disclose such information in accordance with the purposes for which it was originally collected, or in accordance with the notices provided by such entities.

The Company will provide notice and provide individuals with an opportunity to "opt-out" if such Personal Information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected.  For Sensitive Personal Data, affirmative or explicit, the Company will provide notice and individual choice will be given to "opt-in" if such Sensitive Personal Data is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected.

The Company collects Personal Information from individuals only as permitted by the Principles or with the consent of the individual affected.  Consent for Personal Information to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use our services.

 

Disclosures and Transfers

The Company does not disclose an individual's Personal Information to third parties, except when one or more of the following conditions is true: 

  • The Company has the individual's permission to make the disclosure;
  • The disclosure is required by law or mandatory professional standards;
  • The disclosure is reasonably related to the sale or other disposition of all or part of our business;
  • The information in question is publicly available;
  • The disclosure is reasonably necessary for the establishment of legal claims; or
  • The disclosure is to another entity or to persons or entities providing services on our or the individual's behalf (each a "Transferee"), consistent with the purpose for which the information was obtained, if the Transferee, with respect to the information in question:

• is subject to law providing an adequate level of privacy protection;

• has agreed in writing to provide an adequate level of privacy protection; or

• subscribes to the Safe Harbor Privacy Principles.

Permitted transfers of information, either to third parties or within or between subsidiaries of the Company, including the transfer of data from one jurisdiction to another, including transfers to and from the United States of America.  Because privacy laws vary from one jurisdiction to another, Personal Information may be transferred to a jurisdiction where the laws provide standards for protection no less stringent than the jurisdiction in which the Personal Information originated.

 

Data Security, Integrity and Access

The Company will take all reasonable measures to ensure the protection of Personal Information from accidental loss, destruction, improper use, alteration, or disclosure.  The Company processes Personal Information only in ways compatible with the purpose for which it was collected and authorized by the individual, if applicable.  To the extent necessary for such purposes, the Company takes reasonable steps to make sure that Personal Information is accurate, complete, current, and otherwise reliable with regard to its intended use.

If an individual determines that the information the Company maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact the Company using the contact information below.  The individual will need to provide sufficient identifying information.  We may request additional identifying information as a security precaution.  In addition, the Company may limit or deny access to Personal Information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreement.  In some circumstances, we may charge a reasonable fee, where warranted, for access to Personal Information.

 

Collection of Information from Minors

The Company does not collect any information on any individuals who are below the age of 13 except where mandated by law.

 

The Use of Cookies on syncreon’s Website

“Cookie” may also be called an HTTP-, web-, or browser cookie and refers to data that is sent from a website and stored by the user’s browser. When the user returns to the website at a later date, the cookie can be used by the website to obtain information about the user’s previous activity on the website.

 

Financial Payments

The Company does not collect any financial payments or financial information on the Company’s public website. Financial information that is collected by the Company by other means is secured in accordance with requirements of the customer contract.

 

Customer Information

The Company retains customer information for the period specified in the contracts with specific customers. When no longer required, customer information is destroyed in accordance with the requirements of the contract or applicable law.

 

Enforcement

Identifiable persons may contact the Executive Vice President, Human Resources at the Company’s headquarters in Auburn Hills, Michigan, U.S.A. to submit data access requests, register complaints or address any other relevant issue under the Safe Harbor Privacy Principles. It is the responsibility of all employees to act in accordance with the Information Privacy Policy and obligations with respect to Personal Data.

 

Dispute Resolution

We are committed to ensuring the privacy of the data you entrust us with. If you have any concerns regarding data or privacy you can contact us, alternatively you can raise your concerns with eTrust. They are a trusted third party who works with us to improve our privacy and data procedures. You can contact eTrust  through this link:

http://www.etrust.org/about/privacy_contact.php

 

Mergers

In the event of a merger, all data will be transferred to the new entity

 

Bankruptcy

In the unlikely event of a bankruptcy proceeding, all information would be transferred in accordance with Court Order

 

Changes to this Information Privacy Policy

The Company reserves the right to change this Privacy Policy from time to time for any reason and will post any revisions on this web site.  When the Company makes revisions to this Policy, it will also revise the "last updated" date at the end of this Privacy Policy.

 

Limitation on Application of Principles 

Adherence by the Company to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

 

How to Contact Us

Should there be any questions or suggestions about the Company’s privacy practices, or wish to update or correct any personally identifiable information provided to the Company, please feel free to contact the Company

via email at dataprivacysyncreon.com 

or telephonically at +1-248-475-6227

or by post at the following mailing address:

2851 High Meadow Circle, Suite 250

Auburn Hills, MI 48326 USA.

 

Safe Harbor

In accordance with our commitment to protect personal privacy, the Company adheres to the principles of the Safe Harbor Framework as developed by the U.S. Department of Commerce in consultation with the European Commission. The seven principles and fifteen Frequently Asked Questions (FAQs) referred to in this policy constitute Safe Harbor privacy framework. These principles and FAQs may be found at: http://www.export.gov/safeharbor