Concerning personal data transferred from the European Union ("EU"), the European Economic Area ("EEA") and Switzerland to the United States of America ("U.S.")
Avnet, Inc. ("Avnet") respects the privacy of its customers, business partners and employees and recognizes the need for appropriate protection and management of personal information provided. Avnet, a U.S. based company, has made a decision to voluntarily participate in the U.S. – EU Safe Harbor and the U.S. – Swiss-Safe Harbor framework and observe the data protection principles available to U.S. organizations under the European Commission's directive on data protection.
This Policy outlines the general practices for implementing the requirements of Safe Harbor in connection with personal data that is transferred from the EU/EEA and Switzerland to the U.S, including the types of information that is collected and transferred, how it is used, and the choices individuals located in the EU/EEA and Switzerland have regarding the use of, and their ability to correct, that information. Avnet maintains other data privacy and protection practices and measures in addition those outlined in this Policy. Should there be any conflict between the U.S. – EU and U.S. – Swiss Safe Harbor principles and this Policy, the Safe Harbor / Swiss Safe Harbor principles will prevail.
To learn more about the Safe Harbor program, and to view Avnet’s certification, please visit http://www.export.gov/safeharbor/.
On October 6, 2015, the European Court of Justice has issued a judgment declaring as invalid the European Commission’s Decision 2000/520/EC of 26 July 2000 on the adequacy of the protection provided by the Safe Harbor privacy principles and related frequently asked questions issued by the US Department of Commerce. As a consequence, transfers of personal data form the EU/EEA and Switzerland to the U.S. can no longer be based on the Safe Harbor framework. EU/EEA and Switzerland based organizations should consult with their local data protection authority or other competent regulator to corroborate the requirements under which data transfers to the U.S. can take place.
For the time being, the U.S. Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. As a result Avnet will also continue to adhere to the Safe Harbor framework and will process and protect personal data in accordance with the Safe Harbor principles in addition to other data privacy and protection practices and measures Avnet implemented by Avnet.
For purpose of this Policy, the following definitions shall apply: "Agent" means any third party that collects and/or uses personal information provided by Avnet to perform tasks on behalf of and under the instructions of Avnet. Personal information means any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that is anonymous or in circumstances where the individual is not readily identifiable. "Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or sexual orientation.
4. Processing of EU/EEA or Swiss personal data
Avnet may from time to time process certain EU/EEA or Swiss personal information about customers, business partners, employees and candidates for employment, including information recorded on various media as well as electronic data.
Avnet will use personal information concerning business partners and customers to provide customers and business partners with information and services and to help Avnet personnel better understand the needs and interests of these business partners and/or customers. Specifically, Avnet uses information to help customers and business partners complete a transaction or order, to facilitate communication, to deliver products/services, to bill for purchased products/services, and to provide ongoing service and support. Occasionally Avnet personnel may use personal information to contact customers and business partners to complete surveys that are used for marketing and quality assurance purposes.
Avnet may also share personal information with its service providers and suppliers for the sole purpose and only to the extent needed to support the customers' business needs. Service providers and suppliers are required to keep confidential personal information received from Avnet and may not use it for any purpose other than as originally intended.
Avnet also collects personal information concerning its employees (Human Resources Data) in connection with administration of its Human Resources programs and functions and for purpose of communicating with its employees. These programs and functions may include compensation and benefit programs, employee development planning and review, performance appraisals, training, business travel expense and tuition reimbursement, identification cards, access to Avnet facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping, and other employment related purposes. Avnet also collects and uses personal information to consider candidates for employment opportunities within Avnet.
Avnet may share personal information with its service providers and suppliers for the sole purpose and only to the extent needed to support the customers' business needs. Service providers and suppliers are required to keep confidential personal information received from Avnet and may not use it for any purpose other than as originally intended. Human Resources data may be shared with third party vendors for the exclusive purpose of enabling the vendor to provide service and/or support to Avnet in connection with these Human Resource programs and functions. Human Resource data is not shared with third parties for non-employment related purposes. Third parties receiving personal information are required to apply the same level of privacy protection as contained in this Policy.
5. Privacy Principles
Avnet complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Avnet has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement as listed and explained below.
Where Avnet collects personal information directly from individuals in the EU/EEA and Switzerland, it will inform these individuals about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which Avnet discloses that information, and the choices and means, if any, Avnet offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Avnet, or as soon as practicable thereafter, and in any event before Avnet uses the information for a purpose other than that for which it was originally collected.
Avnet will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Avnet will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Avnet will provide individuals with reasonable mechanisms to exercise their choices.
5.3. Onward Transfer to Agents
Avnet will obtain assurances from its Agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: a written contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor principles, being subject to EU Data Protection Directive 95/46, Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding. Where Avnet has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy, Avnet will take reasonable steps to prevent or stop the use or disclosure.
Upon request, Avnet will grant individuals reasonable access to personal information that it holds about them. In addition, Avnet will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Avnet will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5.6. Data Integrity
Avnet will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). Avnet will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
5.8. Dispute Resolution
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Chief Compliance Officer at the address given below. Avnet will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. With respect to any complaints relating to this Policy that cannot be resolved through Avnet's internal processes, Avnet has agreed to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities and the Swiss Data Protection Authority (The Federal Data Protection and Information Commissioner) to resolve disputes pursuant to the Safe Harbor principles. In the event that Avnet or such Authorities determines that Avnet did not comply with this Policy, Avnet will take appropriate steps to address any adverse effects and to promote future compliance.
6. Targeting Minors
Avnet does not knowingly collect personally identifiable information from persons under the age of 13. If for some reason Avnet determines that a person with respect to whom it has collected personal information is under 13, Avnet will delete or destroy that information.
7. Contact Information
Questions or comments regarding this Policy should be submitted to Avnet by mail or e-mail as follows:
Vice President, Chief Compliance Officer Avnet, Inc.
2211 S. 47th St.
Phoenix, AZ 85034
8. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor principles. Appropriate public notice will be given concerning such amendments.
Effective Date: September 18, 2017
Last revision: September 2017