TEREX CORPORATION DATA PROTECTION POLICY

Similar documents
THE IRON MOUNTAIN GDPR JARGON BUSTER

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

FSMA_2017_05-01 of 24/02/2017

Approach to Employment Injury (EI) compensation benefits in the EU and OECD

PREPARING FOR THE EU GDPR IN RESEARCH SETTINGS

Purpose of this form. If you are an Appointed Representative ( AR ) then this form must be completed by the sponsoring firm on your behalf.

MRS Brexit Survival Guide: EU-UK Data transfers November

EU BUDGET AND NATIONAL BUDGETS

EU-28 RECOVERED PAPER STATISTICS. Mr. Giampiero MAGNAGHI On behalf of EuRIC

How to complete a payment application form (NI)

EIOPA Statistics - Accompanying note

EIOPA Statistics - Accompanying note

Understanding Privacy Regulatory Restrictions on Trans Border Data Flow

Adopted on 26 November 2014

EIOPA Statistics - Accompanying note

Burden of Taxation: International Comparisons

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

2.2. Eligibility for the Service. The Client understands and agrees that in order to be able to use the Service:

Report Penalties and measures imposed under the UCITS Directive in 2016 and 2017

European Advertising Business Climate Index Q4 2016/Q #AdIndex2017

EU State aid: Guidelines on State aid for environmental protection and energy making of -

11 th Economic Trends Survey of the Impact of Economic Downturn

EU Data Processing Addendum

You may also use this form if you are a UK firm that wishes to notify us (the FSA) of changes to the details of its current cross border services.

Spain France. England Netherlands. Wales Ukraine. Republic of Ireland Czech Republic. Romania Albania. Serbia Israel. FYR Macedonia Latvia

EU KLEMS Growth and Productivity Accounts March 2011 Update of the November 2009 release

Live Long and Prosper? Demographic Change and Europe s Pensions Crisis. Dr. Jochen Pimpertz Brussels, 10 November 2015

2.2. The client understands and agrees that in order to execute payments by SEPA direct debit:

Second SHA2011-based pilot data collection 2014

DG TAXUD. STAT/11/100 1 July 2011

Guidance on International Transfers / Eighth Principle

AXA GROUP BINDING CORPORATE RULES

Electricity & Gas Prices in Ireland. Annex Business Electricity Prices per kwh 2 nd Semester (July December) 2016

NOTE. for the Interparliamentary Meeting of the Committee on Budgets

FRN or AIFM national code or AIFM legal entity identification code (LEI)

UPSTREAM SECURITY IN EUROPE. A concise overview of the issues arising in connection with the granting and taking of Upstream Security in Europe

Starting a branch ESTABLISHMENT GUIDE

EUROPA - Press Releases - Taxation trends in the European Union EU27 tax...of GDP in 2008 Steady decline in top corporate income tax rate since 2000

Statistics: Fair taxation of the digital economy

EuSEF and EuVECA management and marketing notifications

LEGAL SHEET On the regulation of sports agent profession

EMPLOYMENT RATE Employed/Working age population (15-64 years)

Privacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.

You may find it useful to view the UK social and labour law summary overview (PDF, 99kb, 24 pages).

THE IMPACT OF THE PUBLIC DEBT STRUCTURE IN THE EUROPEAN UNION MEMBER COUNTRIES ON THE POSSIBILITY OF DEBT OVERHANG

Eligibility? Activities covered? Clients covered? Application or notification required? N/A N/A N/A N/A N/A N/A N/A

International Services tariff

Borderline cases for salary, social contribution and tax

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

STAT/12/ October Household saving rate fell in the euro area and remained stable in the EU27. Household saving rate (seasonally adjusted)

EMPLOYMENT RATE IN EU-COUNTRIES 2000 Employed/Working age population (15-64 years)

LENDING FACILITIES Hire Purchase (HP) 1% % on a case by case basis (fee set by AgriFinance Ltd)

International Hints and Tips

Composition of capital IT044 IT044 POWSZECHNAIT044 UNIONE DI BANCHE ITALIANE SCPA (UBI BANCA)

Cross Border Services Notification Form

EU Pension Trends. Matti Leppälä, Secretary General / CEO PensionsEurope 16 October 2014 Rovinj, Croatia

ROSETTA STONE LTD. PROCESSING ADDENDUM

Lowest implicit tax rates on labour in Malta, on consumption in Spain and on capital in Lithuania

PUBLIC PROCUREMENT INDICATORS 2011, Brussels, 5 December 2012

ANNOUNCEMENT BY THE MANAGEMENT COMMITTEE OF THE DEPOSIT GUARANTEE AND RESOLUTION OF CREDIT AND OTHER INSTITUTIONS SCHEME

EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

Amgen Binding Corporate Rules (BCRs) Public Document

Fee Information Document

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

Appropriate Policy Document

The Allied Group Privacy Shield Policy

Council conclusions on "First Annual Report to the European Council on EU Development Aid Targets"

FOREIGN INSURERS AND REINSURERS DOING BUSINESS IN THE UK AND EUROPE: SETTING THE 1 RECO

Corrigendum. OECD Pensions Outlook 2012 DOI: ISBN (print) ISBN (PDF) OECD 2012

EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

Order Execution Policy - Corporate & Investment Bank Division - EEA

FY18 Campaign Terms. CAMPAIGN AGREEMENT ( Campaign Agreement ) FOR CEE DYNAMICS 365 CSP CAMPAIGN ( Program )

Quarterly Gross Domestic Product of Montenegro 3 rd quarter 2017

LENDING FACILITIES Hire Purchase (HP) 1% % on a case by case basis (fee set by AgriFinance Ltd)

Quarterly Gross Domestic Product of Montenegro 2st quarter 2016

This information, or "personal data" as it is often referred to, must be processed according to the principles contained within the Regulation.

CANADA EUROPEAN UNION

Courthouse News Service

Fiscal rules in Lithuania

GDPR : We protect your data

Cross-border mergers and divisions

Consumer Credit. Introduction. June, the 6th (2013)

Audit guidelines Mini One-Stop Shop for telecom, broadcasting and electronic services

Fee Information Document

Raising the retirement age is the labour market ready for active ageing: evidence from EB and Eurofound research

The European Union Savings Tax Directive. An historic guide

Move to T+2 settlement cycle: Singapore market

Price List of Nordea Bank CONTENT. Corporate customer Effective from 1 June 2015

EMPLOYMENT RATE Employed/Working age population (15 64 years)

TAXATION OF TRUSTS IN ISRAEL. An Opportunity For Foreign Residents. Dr. Avi Nov

Q&A. 1. Q: Why did the company feel the need to move to Ireland?

Cross Border Services Notification Form

DATA PROTECTION ADDENDUM

BTSF FOOD HYGIENE AND FLEXIBILITY. Notification To NCPs

2017 Figures summary 1

Relevant reporting requirements in each EEA States will also have to be checked.

DATA PROTECTION POLICY

Dividends from the EU to the US: The S-Corp and its Q-Sub. Peter Kirpensteijn 23 September 2016

Revenue Arrangements for Implementing EU and OECD Exchange of Information Requirements In Respect of Tax Rulings

MUTUALS IN EUROPE: WHO THEY ARE, WHAT THEY DO AND WHY THEY MATTER

Transcription:

TEREX CORPORATION DATA PROTECTION POLICY Terex Data Protection Policy Page 1

Index 1.0 Policy Statement, Purpose and Scope... 3 2.0 Requirements... 3 2.1 Data Protection Principles... 3 2.2 Communication and Transfer of Personal Data to Third Parties and within Terex... 3 2.3 Sources and Quality of Personal Data... 4 2.4 Disclosure to the Data Subject... 4 2.5 Sensitive Data... 4 2.6 Data Relating to Criminal Offenses... 4 3.0 Notification to Data Protection Authorities Regarding Terex Processing Activities... 4 4.0 Data Security and Data Secrecy... 4 5.0 Data Protection Trainings... 5 6.0 Specific Rules for Specific Countries... 5 6.1 Integration with Other Terex Policies... 5 6.2 Limited Effect of Policy... 6 7.0 Implementation... 6 7.1 Publication... 6 7.2 Effective Date... 6 7.3 Revisions... 6 8.0 Sponsor / Custodian / Implementation... 6 9.0 Severability... 6 10.0 Glossary... 6 Terex Data Protection Policy Page 2

1.0 Policy Statement, Purpose and Scope Terex is committed to complying with data protection and security requirements in the countries in which it and its subsidiaries operate. Terex has adopted the policies and procedures in this Data Protection Policy in order to achieve worldwide compliance with applicable laws and regulations, with supplemental policies to be implemented as needed in those jurisdictions with unique requirements. 2.0 Requirements 2.1 Data Protection Principles Terex will treat and process Personal Data lawfully. Such Data shall be obtained only for specified and legitimate purposes, and it shall not be further processed in any manner incompatible with those purposes. Personal Data shall be collected and processed to the degree necessary to meet the purposes of collection. It shall not be kept longer than necessary. Personal Data shall be collected and processed using technical and procedural measures taken to secure legal compliance. Personal Data should be collected and processed only: with the consent of the Data Subject, or as permitted by contract with the Data Subject, or in order to comply with a legal obligation, or in the event of a Data Subject s vital interests, or in order to perform a task as requested or required by an official authority, or when there is a legitimate interest of Terex, or of a Third Party to whom the data is disclosed, to collect and process the Personal Data. 2.2 Communication and Transfer of Personal Data to Third Parties and within Terex Personal Data shall not be transferred to another entity, country or territory unless reasonable and appropriate steps have been taken to maintain the required level of data protection and may only be communicated for reasons consistent with the purposes for which it was originally collected or for purposes authorized by law. All Sensitive Data transferred outside of Terex or across public communication networks shall be de-identified or protected by use of encryption. All data transfers to Third Parties, to the extent such transfers involve further Processing (as defined), shall be subject to Safe Harbor certifications (as applicable) or agreements that include appropriate data protection provisions. EU Personal Data shall only be transferred outside the EU and the European Economic Area if an adequate level of legal protection for the rights and freedoms of Data Subjects is guaranteed by standard contractual clauses, Safe Harbor or binding corporate rules. Terex Data Protection Policy Page 3

2.3 Sources and Quality of Personal Data Unless a legal exception exists, Personal Data should only be collected from the Data Subject. To protect Terex from the risk of incorrect collection, processing and storage of such Personal Data, each Terex legal entity is responsible for having its business units comply with applicable data protection laws from the moment of original collection of Personal Data. 2.4 Disclosure to the Data Subject When Personal Data is collected from the Data Subject for the first time, the Data Subject should be informed as to how the Personal Data will be used, either orally, electronically via the Terex Intranet, or in writing unless the Data Subject already knows or should know how such Personal Data will be used. If there is a change in how the collected data will be used, the Data Subject should be informed of such change. 2.5 Sensitive Data Sensitive Data shall only be processed if it is either authorized or required by law, or if the Data Subject consents, or in cases of urgent medical care. All contracts with employees and independent contractors who will have access to Sensitive Data must contain adequate confidentiality requirements or Terex may establish other means to assure that those handling Sensitive Data understand the appropriate confidentiality to be exercised with this kind of data. If Sensitive Data is processed under other circumstances, such processing must be pre-approved in writing by the Terex Chief Ethics & Compliance Officer or her designee. 2.6 Data Relating to Criminal Offenses An investigation relating to criminal offenses will be conducted either (a) when initiated by Terex, in accordance with applicable Terex Corporation policies, or (b) under the control of an official authority in accordance with the local laws. 3.0 Notification to Data Protection Authorities Regarding Terex Processing Activities If applicable law requires notifying the responsible Data Protection Authorities, Terex will not knowingly process such data until the notification is provided. Terex will comply with data notification requirements. 4.0 Data Security and Data Secrecy Terex shall adopt technical and procedural measures to ensure the security of Personal Data at every Terex site, and shall also endeavor to prevent the alteration, loss, damage, unauthorized processing of or access to Personal Data, taking into consideration commercially acceptable practices, the nature of the data, and the risk of inadvertent disclosure of data. All management team members who deal with Personal Data as part of their work shall be required to maintain the secrecy of that data, both during and after their employment by Terex. Adequate security measures shall be implemented at every Terex site to achieve: Terex Data Protection Policy Page 4

Entry Control: Preventing unauthorized persons from gaining access to data processing systems in which Personal Data are processed. Admission Control: Preventing data processing systems from being used by unauthorized persons. Access Control: Preventing persons entitled to use a data processing system from accessing data beyond their needs and authorizations. This includes preventing unauthorized reading, copying, modifying or removal during processing and use, or after storage. Disclosure Control: Ensuring that Personal Data in the course of electronic transmission during transport or during storage on a data carrier cannot be read, copied, modified or removed without authorization, and providing a mechanism for checking to establish who is authorized to receive, and who has received, the information. Input Control: Ensuring the ability to establish whether and by whom Personal Data have been accessed, modified or removed. Job Control: Ensuring that in the case of commissioned processing of Personal Data, the data can be processed only in accordance with the instructions of the Data Controller. Availability Control: Ensuring that Personal Data are protected against undesired destruction or loss. Use Control: Ensuring that data collected for different purposes can and will be processed separately. Longevity Control: Ensuring that data are not kept longer than necessary, including by requiring that data transferred to third persons be returned or destroyed. 5.0 Data Protection Trainings Each Terex site will help protect Personal Data and comply with applicable law by providing training that includes: The contents of this Policy, especially each team member s duty to use and permit the use of Personal Data only by authorized persons and for authorized purposes, and the need for and proper use of the forms and procedures adopted to implement this Policy according to any principles set forth in section 2.1; The relationship of this Policy to other Terex policies, especially those identified in section 6.1; The security measures established according to section 4.0; A general prohibition of the transfer of Personal Data outside the internal network and physical office premises, except when compliant with this Policy; Securely storing manual files, print-outs and electronic storage media; and Proper disposal of confidential data by shredding, etc. 6.0 Specific Rules for Specific Countries 6.1 Integration with Other Terex Policies This Policy applies to Terex operations globally and provides an overarching framework for the company s approach to data protection. Terex has also issued or will issue other data protection policies specifically applicable to particular countries or locations. In some instances, there may be a conflict between a local or different Terex policy (e.g., the Safe Harbor Privacy Policy) and this Policy. In those instances, always comply with the policy or Terex Data Protection Policy Page 5

standard that requires the highest level of data protection and contact the Terex Chief Ethics & Compliance Officer or any attorney in the Terex Legal Department to assist you in resolving the conflict. 6.2 Limited Effect of Policy This Policy shall not be interpreted as giving any individual rights greater than those to which such person would be entitled under applicable law. 7.0 Implementation 7.1 Publication: May 1, 2014. 7.2 Effective Date: May 1, 2014. 7.3 Revisions: This Policy may be revised at any time. 8.0 Sponsor / Custodian / Implementation The sponsor of this Policy is the Terex Legal Department. The custodian of this Policy is the Terex Chief Ethics & Compliance Officer. The implementation of this Policy is the responsibility of each legal entity manager. 9.0 Severability This Policy shall, whenever possible, be interpreted in a manner compatible with applicable law. Any provision held invalid shall be ineffective only to the extent necessary and the remainder of the Policy shall be construed in all respects as if such invalid or unenforceable provision were omitted. 10.0 Glossary Terex means Terex Corporation, and its affiliate operations, divisions and subsidiaries. Consent means any freely given specific and informed indication of his wishes by which the Data Subject signifies agreement to Personal Data relating to him being processed. Data Controller means a person who (alone or with others) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. Generally, Terex itself will be the Data Controller, although there may be more than one Data Controller within a group of companies if local or overseas offices, subsidiaries or affiliates within the group enjoy a level of autonomy over the processing of the Personal Data they use. Data Processor means any person, other than an employee of the Data Controller, who processes the data on behalf of the Data Controller. Terex Data Protection Policy Page 6

Data Subject means the person to which data refers. Data Subjects include customers and web users, individuals on contact/e-mailing lists or marketing databases, team members, contractors and suppliers. EEA means the European Economic Area as constituted by the EU countries Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, France. Finland, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, The Netherlands, Poland, Portugal, Romania, Slovak Republic, Slovenia, Spain, Sweden, United Kingdom and the European Free Trade Association countries Iceland, Lichtenstein and Norway. Switzerland, a Free Trade European Association country, is neither a Member of the EU nor a member of the European Economic Area. Therefore, Switzerland and the U.S. signed a separate agreement upon identical Safe Harbor Principles that follows the known Safe Harbor Principles. Terex follows the latter as well as the former. Personal Data means any data relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal Data does not include information that is anonymous. Processing includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data, including: - Organization, adaptation, or alteration; - Disclosure by transmission, dissemination, or otherwise; and - Alignment, combination, blocking, erasure, or destruction. Sensitive Data means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or sexual orientation. Terex Data Protection Policy Page 7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback