EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Notice
Effective Date: September 15, 2023
This Notice ("Notice") explains how IDEXX Laboratories, Inc. and its subsidiaries and affiliates in the United States ("IDEXX”) collect, use, and disclose certain personal information that we receive in the U.S. from the United Kingdom (and Gibraltar), Switzerland, the European Union and European Economic Area ("Personal Data").
IDEXX recognizes that the UK, Switzerland and the EU have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the UK (and Gibraltar), Switzerland and the EU (and the EEA). To provide adequate protection for certain Personal Data about our customers, customer’s customers, employees, job applicants and website visitors received in the U.S., we elected to self-certify to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPFand the Swiss-U.S. DPF administered by the U.S. Department of Commerce ("Data Privacy Framework") regarding the collection, use, and retention of personal information transferred from the UK (and Gibraltar), Switzerland, European Union (and the EEA) to the U.S.
Personal Data Collection and Use
Data Transfers to Third Parties
Third-Party Agents or Service Providers
If a third party agent or service provider providing services on IDEXX’s behalf processes Personal Data in a manner inconsistent with the Data Privacy Framework Principles, IDEXX will be liable unless we can prove that we are not responsible for the event giving rise to the damage.
IDEXX maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction taking due account of the nature of the data and the risks involved in the processing.
You have the right to access Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate, or has been processed in violation of the Data Privacy Framework Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
If you would like to request access to, correction, amendment, or deletion of your Personal Data see the “Contact us” section later in this notice. We will respond to your access request within a reasonable time frame. We may request specific information from you to confirm your identity.
Questions or Complaints
If you are located in the EEA, UK, or Switzerland, you can direct any questions or complaints about the use or disclosure of your Personal Data to us at email@example.com or see the “Contact us” section later in this notice. We will respond to you within 45 days of receiving your questions or complaints.
For any EEA and UK complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the EU data protection authorities (“ EU DPAs”), UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA). The EU DPAs, UK ICO and GRA, will establish a panel to investigate and resolve complaints brought under the Data Privacy Framework and IDEXX will cooperate with this panel. Furthermore, IDEXX will comply with the advice given by the EU DPAs, UK ICO and GRA and take necessary steps to remediate any non-compliance with the Data Privacy Framework Principles.
For any Swiss complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the Swiss Federal Data Protection and Information Commissioner FDPIC (“Commissioner”). IDEXX commits to cooperate with the Commissioner. Furthermore, IDEXX will comply with the advice given by the Commissioner and take necessary steps to remediate any non-compliance with the Data Privacy Framework Principles.
Investigatory and enforcement powers of the FTC
IDEXX is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
If you are located in the EEA, UK or Switzerland and have exhausted all the means to resolve your concern regarding a potential violation of IDEXX’s obligations under the Data Privacy Framework Principles, you may seek resolution via binding arbitration.
For additional information about the arbitration process, please visit the Data Privacy Framework website: https://www.dataprivacyframework.gov/.
Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
If you have any questions about this Notice or would like to request access to your Personal Data, please contact us as follows:
- Email: firstname.lastname@example.org
- Phone: 00-1-888-557-6518
- FAX: 00-1-888-557-6518 (Attention: Chief Privacy Officer)
- Mail: IDEXX Laboratories, Inc., Attention: Chief Privacy Officer, One IDEXX Drive, Westbrook, Maine 04092, U.S.A.
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Data Privacy Framework’s requirements.