concerning personal data transferred from the European Economic Area (“EEA”) and Switzerland to the United States of America (“U.S.")
Terex Corporation (“Terex”) respects the privacy of its customers, business partners and employees and recognizes the need for appropriate protection and management of personal information provided to it. Terex itself and on behalf of its affiliate U.S. companies, has made a decision to voluntarily participate in the Safe Harbor principles available to U.S. organizations under the European Commission's directive on data protection. Should there be any conflict between the Safe Harbor principles and this Policy, the Safe Harbor principles will prevail. This Policy outlines the general practices for implementing the requirements of Safe Harbor, in connection with personal data that is transferred from the EEA or Switzerland to the U.S, including the types of information that is collected and transferred, how it is used, and the choices individuals located in the EEA and Switzerland have regarding the use of, and their ability to correct, that information.
For purpose of this Policy, the following definitions shall apply:
• “Agent” means any third party that collects and/or uses personal information provided by Terex to perform tasks on behalf of and at the direction of Terex.
• “Personal information” means any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that is anonymous.
• “Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or sexual orientation.
4. Processing of EEA or Swiss personal data
Terex may process certain EEA or Swiss personal information about customers, business partners, employees and candidates for employment, including information recorded on various media, as well as electronic data.
Terex will use personal information concerning business partners and customers
• to provide customers and business partners with information and services, and
• to help Terex employees better understand the needs and interests of these business partners and/or customers.
Specifically, Terex uses information
• to help customers and business partners complete a transaction or order
• to facilitate communication
• to deliver products/services
• to bill for purchased products/services, and
• to provide ongoing service and support.
Occasionally Terex employees may use personal information
• to contact customers and business partners to complete surveys that are used for marketing and quality assurance purposes.
Terex may also share personal information with its service providers and suppliers, for the sole purpose and only to the extent needed, to support the customers’ business needs. Service providers and suppliers are required to maintain the confidentiality of personal information received from Terex, and may not use such information for any purpose other than as originally intended.
Terex also collects personal information concerning its employees (“Human Resources Data”) in connection with administration of its Human Resources programs and functions and for purposes of communicating with its employees. These programs and functions may include:
• compensation and benefit programs
• employee development planning and review
• performance appraisals
• business travel expense
• tuition reimbursement,
• identification cards,
• access to Terex facilities and computer networks
• employee profiles
• internal employee directories
• Human Resource record keeping, and
• other employment related purposes.
Terex also collects and uses personal information to consider candidates for employment opportunities within Terex.
Human Resources Data may be shared with third party vendors for the purpose of enabling the vendor to provide service and/or support to Terex in connection with these Human Resource programs and functions. Human Resource Data is not shared with third parties for non-employment related purposes. Third parties receiving personal information are required to apply the same level of privacy protection as contained in this Policy.
5. Privacy Principles
Where Terex collects personal information directly from individuals in the EEA or Switzerland, it will inform these individuals about the purposes for which it collects and uses personal information about them, the types of third parties who are not Agents of Terex (“non-agent third parties”) to which Terex discloses that information, and the choices and means, if any, Terex offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Terex, or as soon as practicable thereafter. Terex will also inform individuals before Terex uses the information for a purpose other than that for which it was originally collected.
Terex will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Terex will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Terex will provide individuals with reasonable mechanisms to exercise their choices.
5.3. Onward Transfer to Agents
Terex will obtain assurances from its Agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: a written contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor principles, being subject to EU Data Protection Directive 95/46, Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding. Where Terex has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy, Terex will take reasonable steps to prevent or stop the use or disclosure.
Upon request, Terex will grant individuals reasonable access to personal information that it holds about them. In addition, Terex will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Terex will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5.6. Data Integrity
Terex will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). TEREX will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
6. Dispute Resolution
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Terex Data Privacy Officer at the email address given below. Alternatively, you may report concerns through the Terex Helpline administered by Ethicspoint, an independent third party under contract with Terex, at www.ethicspoint.com. Terex will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
With respect to any complaints relating to this Policy that cannot be resolved through Terex’s internal processes, Terex has agreed to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor principles. In the event that Terex or such Authorities determines that Terex did not comply with this Policy, Terex will take appropriate steps to address any adverse effects and to promote future compliance.
7. Targeting Minors
Terex does not knowingly collect personally identifiable information from persons under the age of 13. If, Terex determines that a person with respect to whom it has collected personal information is under the age of 13, Terex will promptly delete or destroy that information.
8. Contact Information
Questions or comments regarding this Policy should be submitted to Terex by mail or e-mail as follows: SafeHarbor@terex.com.
9. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor principles. Appropriate public notice will be given concerning such amendments.
For further information concerning Safe Harbor, see http://export.gov/safeharbor/.
Effective Date: 09-28-2010
¹The EEA consists of members of the European Union, as well as Iceland, Liechtenstein and Norway.