ALL PARTS DATA and its subsidiaries around the world (collectively “ALL PARTS DATA) are committed to respecting and protecting the privacy of those from whom they collect personal information.
This policy establishes and communicates the key principles ALL PARTS DATA follows in protecting the personal information that it collects. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case ALL PARTS DATA will comply with the local legal requirements.
Data Subject is any individual about whom ALL PARTS DATA holds personal data.
Personal data is any information that allows an individual to be identified directly or indirectly (e.g., name, date of birth, title, address, telephone number and email address).
Sensitive personal data is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to a data subject (e.g., racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, and physical or mental health conditions). Collectively, personal data and sensitive personal data are referred to as “personal information”.
Collecting and Processing Personal Information
ALL PARTS DATA collects and processes personal information that is necessary for legitimate business purposes, which will be disclosed to the data subject at the time of collection. ALL PARTS DATA will use and process this information only for the purposes for which it was collected, retaining the personal information only for so long as is required for the specific purpose for which the information was collected.
ALL PARTS DATA will not collect sensitive personal data except when permitted or required to do so by law, and will do so only for legitimate business purposes. If in any other instance a need arises to collect sensitive personal data, ALL PARTS DATA will do so only with the data subject’s express consent, which can be withdrawn at any time. ALL PARTS DATA will not sell or rent personal information for direct marketing purposes.
When part of their job responsibilities, colleagues who collect and process personal information must comply with this policy and any applicable data protection procedures. In particular, they must: Ensure the personal information is collected and processed in accordance with this policy; Check that the personal information provided is accurate and up to date; Ensure timely updates to related internal company files; Check the information ALL PARTS DATA distributes and provide details regarding processing notices on relevant communications; and take reasonable precautions to protect the personal information from unauthorized disclosure, loss, or destruction.
Transferring Personal Information
ALL PARTS DATA may transfer the personal information outside the data subject’s home country when: (i) it has the consent of the data subject; (ii) it is necessary or appropriate as permitted by law to do so because it is relevant to ALL PARTS DATA’s dealings with the data subject; or (iii) it is required by law. ALL PARTS DATA will comply with notification, registration or approval requirements imposed under local law regarding the cross border transfer of personal information. ALL PARTS DATA will implement reasonable measures to protect the security and confidentiality of personal information and provide an adequate level of protection in each ALL PARTS DATA location where the information is transferred.
In limited circumstances, ALL PARTS DATA may disclose personal information to a third party who is providing a service to ALL PARTS DATA. ALL PARTS DATA will only disclose personal information if the third party has provided satisfactory assurances to ALL PARTS DATA of its ability to provide appropriate and sufficient data privacy and security safeguards to protect the personal information from unauthorized disclosure, use or loss. Where ALL PARTS DATA learns that a third party is using or disclosing personal information in a manner contrary to this policy, ALL PARTS DATA will take reasonable steps to discontinue such use or disclosure. Disclosures to third parties will be only for the purposes described in this policy, for a compatible purpose, or for a purpose authorized by the data subject.
ALL PARTS DATA gives data subjects the opportunity to choose not to have his or her personal information transferred to third parties for use in a manner incompatible with the purpose for which it was originally collected. An employee may not opt out of the transfer of his or her personal information to a third party if it is being conducted for the purpose of: (1) meeting applicable legal requirements, or (2) furthering the legitimate employment relationship with ALL PARTS DATA. Prior to transferring sensitive personal data for use in a manner incompatible with the purpose for which it was originally collected, explicit (opt in) choice will be sought.
Security of Personal Information
ALL PARTS DATA has organizational, physical, administrative and technical measures in place to protect the personal information the company collects and maintains. ALL PARTS DATA monitors to ensure that its information security program is operating in a manner to reasonably protect the personal information it collects and processes and upgrades information safeguards as necessary to limit risks of unauthorized disclosure or use. Only authorized colleagues with a valid, work-related need may access a data subject’s personal information. In the event of a data breach, ALL PARTS DATA will issue breach notifications as may be required under applicable law.
Data Subject Rights
While personal information is maintained by ALL PARTS DATA, a data subject may access the information pertaining to him/her to the extent required by local law to review, update and correct inaccuracies. To do so, the data subject should contact the ALL PARTS DATA Global Privacy Officer or the Privacy Officer in the data subject’s home country (if one has been appointed). Additionally, a data subject may ask ALL PARTS DATA to correct, update, supplement or delete personal information held on him/her.
ALL PARTS DATA may, in its discretion, charge a reasonable, cost-based fee for access or photocopying of this information. For security purposes, ALL PARTS DATA may require verification of identity before providing access to personal information.
If a data subject has a question about this policy or a complaint about the way ALL PARTS DATA has collected, processed, used or disclosed his/her personal information and is located in Germany, the data subject should contact his or her local Privacy Officer. Data subjects located in any other country should contact the ALL PARTS DATA Global Privacy Officer. Both individuals will promptly and courteously address any complaints or disputes regarding personal information. ALL PARTS DATA’s Privacy Officers have the responsibility to ensure that each ALL PARTS DATA office complies with this policy around the world. It is also the responsibility of these persons to deal with and respond to all inquiries from governmental authorities. Any finding of misuse of personal information by ALL PARTS DATA or a breach of this policy shall be remedied as soon as reasonably possible.
To verify its compliance ALL PARTS DATA will periodically conduct a self-assessment to ensure that: (a) this policy is accurate, comprehensive, prominently displayed, completely implemented and accessible, and conforms to the Safe Harbor Principles; (b) employees are informed of the internal arrangements for handling complaints and the independent mechanisms through which they may pursue complaints; and (c) ALL PARTS DATA has in place procedures for training the appropriate employees on the implementation of this policy and disciplining those who fail to comply.
Changes to this Policy
ALL PARTS DATA
Attn: Privacy Officer