Applicable Laws impose a
number of obligations with respect to the Processing of Personal Data.
Superior Essex Group respects individual privacy and is committed to comply
with the legal standards imposed by
Applicable Laws in our
business practices involving the Processing of Personal Data. We are
accountable for and committed to comply with the key data protection
principles and core requirements set out in Applicable Laws.
This
Policy describes the key data protection principles we follow and reflects
our approach with respect to the respect for the privacy of individuals and
the protection of Personal Data.
SCOPE
This Policy applies to all Superior Essex
Group establishments in the EU, as well as all other Superior Essex Group
establishments to the extent they receive any Personal Data from the EU, or
are otherwise subject to the Applicable Laws.
The Personal Data
shall be Processed in accordance with this Policy and Applicable Laws.
This
Policy should be read in conjunction with Superior Essex Group’s other
policies as listed in Section XIII of this Policy. Superior Essex Group may
implement additional policies, procedures or practices as may be required to
comply with this Policy or with Applicable Laws.
Data Protection
is the shared responsibility of all Superior Essex Group employees and
business units and all employees and business units are expected to be
familiar with and adhere to the principles and requirements set forth in
this Policy.
DEFINITIONS
In addition to the words defined
elsewhere in this Policy, the following words used herein have the meanings
set forth below:
“Affiliate” means any entity, which is partially or wholly controlled
by, controls or is in common control with the respective entity.
“Applicable Laws” means the GDPR and any national laws implementing the
GDPR in the EEA countries.
“Automated Decision-Making” means the process of making a decision based
solely on automated Processing, including Profiling, of Personal Data,
which produces legal effects concerning a Data Subject.
“Controller” means any natural or legal person, public authority, agency
or other body, which, alone or jointly with others, determines the
purpose(s) and means of the Processing of Personal Data.
“Data Subject” means identified or identifiable natural person to whom
the Personal Data relates. An identifiable person is one who can be
identified, directly or indirectly, in particular by reference to an
identifier such as a name, identification number, location data, an
online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of
that natural person.
“EEA” means the European Economic Area, which includes all EU Member
States as well as Iceland, Liechtenstein and Norway.
“Effective Date” means May 25, 2018.
“Employees” means full-time employees, part-time employees, temporary
employees, reinstated employees, rehired employees and retired and
former employees, interns and trainees.
“Establishment” implies the effective and real exercise of activity
through stable arrangements; the legal form of such arrangements,
whether through a branch or a subsidiary with legal personality, is
irrelevant.
“EU” means the European Union.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of
the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of
such data, and repealing Directive 95/46/EC (General Data Protection
Regulation).
“Personal Data” means any information relating to a Data Subject.
Personal Data includes Special Categories of Personal Data.
“Policy” means this General Privacy Policy.
“Privacy Officer” means the person designated under Section XII below.
“Profiling” means any form of automated Processing of Personal Data
consisting of the use of Personal Data to evaluate certain personal
aspects relating to a natural person, in particular to analyze or
predict aspects concerning that natural person's performance at work,
economic situation, health, personal preferences, interests,
reliability, behavior, location or movements.
“Processing” means any operation or set of operations which is performed
on Personal Data or on sets of Personal Data, whether or not by
automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or
destruction.
“Personal Data Breach” means a breach of security leading to the
accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, Personal Data transmitted, stored or
otherwise Processed by an entity’s systems.
“Special Categories Personal Data” includes Personal Data revealing
racial or ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership, and genetic data, biometric data
Processed for the purpose of uniquely identifying a natural person, data
concerning health or data concerning a natural person's sex life or
sexual orientation.
“Superior Essex Group”, “we”, “our”, “us” means Superior Essex Inc., a
Delaware corporation, registered at Corporation Service Company, 251
Little Falls Drive, Wilmington, DE 19808, Essex Group, Inc., a Michigan
corporation, registered at CSC-Lawyers Incorporating Service (Company),
601 Abbot Road, East Lansing, MI 48823, Superior Essex International LP,
a Delaware limited partnership, registered at Corporation Service
Company, 251 Little Falls Drive, Wilmington, DE 19808, and their
respective Affiliates.
KEY DATA PROTECTION PRINCIPLES When Processing
Personal Data, we will apply the following key data protection principles:
We will Process the Personal Data lawfully, fairly and in a transparent
manner in relation to the Data Subject (hereinafter, the “Lawfulness, Fairness and Transparency Principle”);
We will only collect the Personal Data for specified, explicit and
legitimate purpose(s) and we will not further Process them in a manner
that is incompatible with those purposes (hereinafter, the “Purpose Limitation Principle”);
We will ensure that Personal Data are adequate, relevant and limited to
what is necessary in relation to the purpose(s) for which they are
Processed (hereinafter, the “Data Minimization Principle”);
We will ensure that the Personal Data are accurate and, where necessary,
kept up to date and that every reasonable step is taken to ensure that
Personal Data that are inaccurate, having regard to the purposes for
which they are Processed, are erased or rectified without delay
(hereinafter, the “Accuracy Principle”);
We will not keep the Personal Data in a form that permits identification
of Data Subjects for longer than necessary for the purpose(s) for which
the Personal Data are Processed (hereinafter, the “Storage Limitation Principle”);
We will Process the Personal Data in line with the Data Subjects’ rights
(hereinafter, the “Data Subjects’ Rights”); and
We will ensure that appropriate technical, organizational and security
measures are put in place to protect the Personal Data when Processed,
including protection against unauthorized or unlawful Processing and
against accidental loss, destruction or damage (hereinafter, the
“Integrity, Confidentiality and Security Principle”).
The Purpose Limitation Principle
In the course
of our business, we collect and Process different types of Personal Data
from different categories of Data Subjects for a variety of purposes. We
will identify specific, explicit and legitimate purposes in advance and we
will document them in our Records of Processing Activities (see Section
VIII). We will inform the Data Subjects of these purposes when we first
collect the Personal Data or as soon as possible thereafter (see the next
sub-section B), unless a relevant exception applies.
We will not
Process Personal Data that had been collected for a specific purpose, for a
different incompatible purpose, unless permitted by Applicable Laws.
If
you intend to Process Personal Data for a different purpose than the one
initially identified, please speak to the Privacy Officer prior to
commencing the Processing activity.
The Lawfulness, Fairness and Transparency Principle
1. Lawfulness and Fairness Processing of Personal Data is
only lawful if it is permitted by Applicable Laws.
We will only
Process Personal Data based on one of the permissible legal grounds listed
in the Applicable Laws. The legal grounds for Personal Data Processing we
most typically rely upon include, but are not limited to the following:
The necessity to perform a contract to which the Data Subject is party;
The necessity to comply with an EU-originated legal obligation to which
we are subject;
The necessity for the purposes of legitimate interests pursued by us as
a Controller or by a third party; and/or
The consent given by the Data Subjects.
We aim to minimize the amount of Special Categories of Personal Data
that we Process. We will only Process Special Categories of Personal Data,
if permissible under Applicable Laws, for example, when we are legally
obliged to do so or with the explicit consent of the Data Subjects.
We
will identify the appropriate legal basis in advance and document them in
our Records of Processing Activities (see Section VIII below).
Transparency
In accordance with Applicable Laws,
before we Process the Personal Data, we will provide a so-called data
protection notice to the individuals in which we describe, at a minimum, in
a manner easy to understand for the addressees, the following:
The identity and contact details of Superior Essex Group entity/ies,
which is/are the relevant Controller(s);
The categories of Personal Data we Process;
The purposes for which we Process the Personal Data and legal bases to
do so;
To whom we disclose the Personal Data;
Whether we transfer the Personal Data outside of the EEA (including the
country of destination and the transfer mechanisms used);
The period for which we store the Personal Data (or, if that is not
possible, criteria we used to determine that period);
The rights Data Subjects can exercise with respect to the Processing of
their Personal Data;
Whether the provision of Personal Data is a statutory or contractual
requirement, or a requirement necessary to enter into a contract, as
well as whether the Data Subjects are obliged to provide the Personal
Data and of the possible consequences of failure to provide such data;
and
The existence of Automated Decision-Making, including Profiling and in
cases required by the GDPR, meaningful information about the logic
involved, as well as the significance and the envisaged consequences of
such Processing for the Data Subject.
The Data Minimization Principle
We will
implement reasonable technical and organizational measures to ensure that
any Personal Data we Process are adequate, relevant and limited to what is
necessary for the purpose(s) for which we Process them.
The Accuracy Principle
We will implement
reasonable technical and organizational measures to ensure that any Personal
Data we Process are accurate and kept up-to-date. We will check the accuracy
of any Personal Data at the point of collection and at regular intervals
afterwards. We will take all reasonable steps to destroy or amend inaccurate
or out-of-date data.
The Storage Limitation Principle
We will
implement reasonable technical and organizational measures so we do not keep
Personal Data longer than necessary for the purpose(s) for which they were
collected or as otherwise required or permitted by Applicable Laws and in
accordance with Superior Essex Group Records Retention Policy. We take all
reasonable steps to securely destroy, or erase from our systems and records,
all Personal Data that are no longer required.
The Data Subjects’ Rights
We respect the rights
afforded to Data Subjects under Applicable Laws, in particular: