Relating to Personal Data Transferred From The European Economic Area (“EEA”) and Switzerland To The United States of America (“U.S.”)
Terex Corporation (“Terex”) respects the privacy of its customers, business partners and Team Members, and recognizes the need for appropriate protection and management of personal information provided to it. Terex itself and on behalf of its U.S. subsidiaries lawfully processes, transfers and stores personal data. Terex has implemented the Standard Contractual Clauses (“SCC”) approved by the European Commission for the transfer of personal data outside of the European Economic Area (“EEA”) to the U.S. This applies to data transfers that take place within the Terex group of companies as well as with external service providers.
For purpose of this Policy, the following definitions shall apply:
- “Agent” means any third party that collects and/or uses personal information provided by Terex to perform tasks on behalf of and at the direction of Terex.
- “Personal information” means any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that is anonymous.
- “Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or sexual orientation, as well as biometric and genetic data.
- Processing of EEA personal data
Terex may process certain EEA or Swiss personal information about customers, business partners, team members and candidates for employment, including information recorded on various media, as well as electronic data.
Terex will use personal information concerning business partners and customers
- to provide customers and business partners with information and services, and
- to help Terex team members better understand the needs and interests of these business partners and/or customers.
Specifically, Terex uses information
- to help customers and business partners complete a transaction or order,
- to facilitate communication,
- to deliver products/services,
- to bill for purchased products/services, and
- to provide ongoing service and support.
Occasionally Terex team members may use personal information to contact customers and business partners to complete surveys that are used for marketing and quality assurance purposes. In the event that personal information is used for marketing purposes, the processing of this information will take place according to applicable data protection legislation.
Terex may also share personal information with its service providers and suppliers, for the sole purpose and only to the extent needed, to support the customers’ business needs. Service providers and suppliers are required to maintain the confidentiality of personal information received from Terex, and may not use such information for any purpose other than as originally intended.
Terex also collects personal information concerning its team members (“Human Resources Data”) in connection with administration of its Human Resources programs and functions, for auditing and compliance purposes and for communicating with its team members. These programs and functions may include:
- compensation and benefit programs,
- Team Member development planning and review,
- performance appraisals,
- business travel expense,
- tuition reimbursement,
- identification cards,
- access to Terex facilities and computer networks,
- team member profiles,
- internal team member directories,
- Human Resource record keeping, and
- other employment related purposes.
Terex also collects and uses personal information to consider candidates for employment opportunities within Terex.
Human Resources Data may be shared with third party vendors for the purpose of enabling the vendor to provide service and/or support to Terex in connection with these Human Resource programs and functions. Human Resource Data is not shared with third parties for non-employment related purposes. Third parties receiving personal information are required to apply the same level of privacy protection as contained in this Policy.
Personal information about team members, candidates for employment, customers and business partners will be stored as long as necessary to fulfill the purposes for which it was collected or as long as required by the applicable laws.
- Privacy Principles
Where Terex collects personal information directly from individuals in the EEA or Switzerland, it will inform these individuals about the purposes for which it collects and uses personal information about them, the types of third parties who are not Agents of Terex (“non-agent third parties”) to which Terex discloses that information, and the choices and means, if any, Terex offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Terex, or as soon as practicable thereafter. Terex will also inform individuals before Terex uses the information for a purpose other than that for which it was originally collected and will obtain their consent if required.
Terex will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Terex will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Terex will provide individuals with reasonable mechanisms to exercise their choices.
5.3. Onward Transfer to Agents and accountability
Terex will obtain assurances from its Agents that they will safeguard personal information consistent with EU Data Protection standards. Where Terex has knowledge that an Agent is using or disclosing Terex personal information in a manner contrary to EU Data Protection standards, Terex will take reasonable steps to prevent or stop the use or disclosure.
Upon request, Terex will grant individuals reasonable access to personal information that it holds about them. In addition, Terex will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Terex will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5.6. Data Integrity and purpose limitation
Terex will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). Terex will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
5.7. Violations or Concerns
- Targeting Minors
Terex does not knowingly collect personally identifiable information from persons under the age of 13. If Terex determines that a person with respect to whom it has collected personal information is under the age of 13, Terex will promptly delete or destroy that information.
- Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the applicable Data Protection Legislation. Appropriate public notice will be given concerning such amendments.
Effective Date: September 15, 2016