Parker-Hannifin Corporation and each of its subsidiary or affiliated companies (collectively “Parker”) collects and uses certain Personal Data (as defined below) for the management and administration of its employment relationships (including pre-employment, employment, and post-employment activities) and its third party relationships (including those with customers, suppliers, distributors, business partners, consultants, advisers and other third parties). Due to the global nature of Parker's business, the Personal Data may be exported to one or more Parker locations outside of the location of its initial collection, including across national borders.
Parker is dedicated to compliance with all applicable laws and regulations relating to the collection, use, transfer and retention of Personal Data, including the laws of the United States of America, the European Union (including EU Regulation 2016/679 referred to as the “General Data Protection Regulation”) and those of other countries or regions where Parker conducts business.
To inform employees and third parties with whom Parker has a business relationship of the principles under which Parker collects, uses, transfers and retains Personal Data.
This Policy applies to all Personal Data received or collected by Parker. It is the responsibility of all Parker employees worldwide to ensure compliance with this Policy. For recourse in the event of a violation of this Policy, see Section 3.4.9 below.
• "Data Subject" is any living individual who is the subject of Personal Data.
• "Personal Data" means data relating to a Data Subject who is or can be identified from the data itself or from the data in conjunction with other information or data. Examples of Personal Data include name, identification number, internet protocol address, cookie identifier, e-mail address and much more.
• "Process” “Processed” or “Processing" means any online or offline activity involving the Personal Data and includes activities such as, for example, copying, filing, and inputting into a database.
• "Sensitive Data" is Personal Data that pertains to racial or ethnic origins, genetic data, biometric data (for uniquely identifying a natural person), political or union affiliation, religious or philosophical beliefs, health or sex life.
3.2 COMPLIANCE WITH PRIVACY SHIELD PRINCIPLES
The EU-US Privacy Shield Framework (and the Swiss-US Privacy Shield Framework) establish a set of data protection principles that enable U.S. companies to satisfy the requirement for adequate protection in the transfer of Personal Data to the United States. Information about the Privacy Shield Principles and Parker-Hannifin Corporation’s certification of compliance with the Privacy Shield Principles can be found at https://www.privacyshield.gov.
3.3 DATA MINIMIZATION AND RETENTION
Only the Personal Data that is necessary for a legitimate business reason or as required by applicable laws or regulations (the “Purpose”) should be collected and Processed. When the Purpose for the Personal Data has ended or is no longer relevant, the Personal Data should be deleted, taking into consideration the relevant Records Retention and Protection Guidelines (1.04). Any retention of Personal Data beyond the relevant time period set forth in the Records Retention and Protection Guidelines (1.04) must be documented and explicitly state the reasoning for such retention beyond the specified period.
3.4 NOTICE OF PERSONAL DATA COLLECTION AND PROCESSING
3.4.1 Employment Related Personal Data
Parker collects and uses Personal Data for the purposes of management and administration of its pre-employment, employment, and post-employment relationships. The Personal Data is collected and used for hiring activities, general workforce management (described further below), administering security at Parker facilities and on Parker information systems, and as necessary to maintain Parker’s third party relationships with customers, suppliers, and other third parties. General workforce management includes, for example, time and attendance tracking, payroll, brokering, providing and administering services and other benefits to employees and their dependents and beneficiaries, job performance and talent management, production of company address books and directories, management of communication systems, training and employee development, providing and monitoring the use of company resources such as company vehicles, mobile phones, computers, and travel and mobility services, managing emergency contact details, and meeting governmental reporting requirements. For Parker employees in particular countries or regions, specific notices may be furnished that provide further details related to the Processing of Personal Data.
Parker maintains Sensitive Data only as required to provide its employees with agreed services and benefits or as required to comply with governmental reporting requirements. Parker, at all times, ensures that the collection and Processing of any Sensitive Data is limited and is done in a manner consistent with this Policy and applicable law.
3.4.2 Third Party Personal Data
Parker collects and uses Personal Data related to prospective customers and suppliers, current and past customers and suppliers, distributors, business partners, consultants, advisers and other third parties for legitimate business purposes such as processing and fulfilling orders, customer service activities, obtaining material, goods, or services for Parker products, services or administration, warranty and claims administration, marketing and meeting governmental reporting and records requirements. The Personal Data collected by Parker generally consists of business contact information such as name, employer, job title, and contact information and is only used in a manner consistent with this Policy and applicable laws. No Sensitive Data of third parties is maintained or Processed except in rare cases and then, strictly in accordance with applicable law and the express consent of the Data Subject based on clear and transparent notice. In the context of this Policy, “third parties” does not include the family members, dependents or emergency contacts of those persons in pre-employment, employment, and post-employment relationships with Parker.
3.4.3 Personal Data Collected by Parker Online Tools
Parker gives each Data Subject the opportunity to choose (opt-out) whether their Personal Data is (i) disclosed to a third party, or (ii) to be used for a purpose other than its original purpose or the purpose authorized. It is noted, however, that for employment related Personal Data, Parker may not be able to provide certain services or benefits, including services such as payroll, should an opt-out be chosen. To understand the various ways to opt-out, please contact Parker as provided in Section 3.5 below.
3.4.5 Onward Transfer (to Third Parties)
Parker may transfer Personal Data to one or more third parties acting as agents or business partners of Parker by making sure that each such third party enters an agreement with Parker (i) promising that transferred Personal Data may only be Processed for the limited and specified purposes authorized by Parker and consistent with the Data Subject’s consent or Parker’s legitimate business purpose, and (ii) agreeing to provide the same level of protection as required by this Policy.
Where Parker has knowledge that the Personal Data is being used by a third party in an unauthorized manner, Parker will take reasonable and appropriate steps to prevent or stop the unauthorized use. All of Parker’s third party providers that receive transferred Personal Data are carefully selected and monitored as Parker recognizes that it faces potential liability in cases of onward transfer to third parties.
Parker also may transfer Personal Data between countries, including but not limited to Parker’s global headquarters located in the United States of America. Parker is committed to protecting the privacy and confidentiality of Personal Data when it is transferred and employs adequate safeguards and protections in any such transfer, including compliance with the EU-US (and the Swiss-US) Privacy Shield Framework.
In addition to the foregoing, Parker may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Parker takes reasonable precautions to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These precautions include, for example, password protections for online information systems, restricting access to Personal Data, and employing electronic security measures to protect against hacking or other unauthorized access. Additionally, Parker provides physical security to prevent unauthorized access to database equipment or hard copies of Personal Data.
3.4.7 Data Integrity
Parker takes reasonable steps to ensure that Personal Data is accurate, complete, current, and relevant for the purpose of the Processing and is used in a manner consistent with that for which it was collected or authorized by the Data Subject.
Upon request, Parker will provide Data Subjects with reasonable access to Personal Data about them and the reasonable ability to have incorrect or incomplete Personal Data corrected, amended or deleted. Employees’ access may be limited in cases of employee security investigations, grievance proceedings, corporate reorganizations, or where allowing access may prejudice sound management.
3.4.9 Enforcement and Liability
Parker will conduct compliance audits of its privacy practices to verify compliance with this Policy. For those persons in an employment relationship with Parker, failure to comply with this Policy may result in disciplinary action up to and including termination. For third parties in a contractual relationship with Parker, failure to comply with the terms of the contractual relationship may result in Parker terminating such relationship.
Parker’s participation in the EU-US Privacy Shield Framework (and the Swiss-US Privacy Shield Framework) is subject to investigation and enforcement by the U.S. Federal Trade Commission.
3.4.10 Dispute Resolution
In compliance with the Privacy Shield Principles, Parker commits to resolve complaints about our collection or use of your personal information. Any Data Subject, including EU and Swiss individuals, with inquiries or complaints regarding our Privacy Shield policy should first contact Parker at:
Attn: Legal Department
6035 Parkland Boulevard
Cleveland, Ohio 44124 U.S.A.
or by e-mail to: firstname.lastname@example.org
Parker will attempt to satisfy any inquiry or resolve any complaint regarding our collection or use of Personal Data. For inquiries or complaints that cannot be resolved between the Data Subject and Parker, Parker commits to cooperate with the appropriate data privacy authority including, as applicable, EU Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner (FDPIC), and in which case Parker commits to comply with the advice given by such authorities with regard to human resources data and non-human resources data transferred from the EU and Switzerland. In some cases, the Data Subject may be able to invoke binding arbitration. Parker submits to the final and binding jurisdiction of the Federal Trade Commission with regard to Privacy Shield compliance.
3.5 CONTACT INFORMATION
Questions or comments regarding this Policy should be submitted to Parker as follows:
Attn: Legal Department
6035 Parkland Boulevard
Cleveland, Ohio 44124 U.S.A.
or by e-mail to: email@example.com
3.6 CHANGES TO THIS POLICY
This Policy may be amended from time to time, in a manner consistent with the requirements of the Privacy Shield Principles and other applicable laws. Appropriate notice will be given of any such amendments.
Reference is also made to Parker’s Records Retention and Protection Guidelines (1.04).
Additional Requirements for Parker Entities Engaged in U.S. Government Funded Business (at any Customer Tier)
Federal Acquisition Regulation (FAR) 52.204-21 (Basic Safeguarding of Covered Contractor Information Systems), Defense Federal Acquisition Regulation (DFARS) 204.73 (Safeguarding Covered Defense Information and Cyber Incident Reporting), DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 applies to these entities. Any Parker entity engaged with U.S. Government funded business must review and comply to these FAR, DFARS and NIST requirements as applicable.