EU-U.S. and Swiss-U.S. Privacy Shield Notice

Effective Date: August 8, 2017

This Privacy Shield Notice ("Notice") explains how IDEXX Laboratories, Inc., IDEXX Distribution, Inc., IDEXX Operations, Inc. and OPTI Medical Systems, Inc. (“IDEXX”) collect, use, and disclose certain personal information that we receive in the U.S. from Switzerland, the European Union and European Economic Area ("EU Personal Data").

This Notice supplements our IDEXX Laboratories Privacy Policy Statement (“Privacy Policy”) located at https://www.idexx.com/en/about-idexx/privacy-policy/, our Employee Personal Information Processing Notice (“Employee Privacy Notice”) and our Applicant Information Processing Notice (“Applicant Processing Notice”).

IDEXX recognizes that Switzerland and the EUhave established strict protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of Switzerland and the EU (and the EEA). To provide adequate protection for certain EU Personal Data about our customers, customer’s customers, employees, job applicants and website visitors received in the U.S., we elected to self-certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce ("Privacy Shield"). IDEXX adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

 

Personal Data Collection and Use

Our Privacy Policy, Employee Privacy Notice and Applicant Processing Notice describe the categories of EU Personal Data that we may receive in the U.S. as well as the purposes for which we use that EU Personal Data. We will only process EU Personal Data in ways that are compatible with the purpose that we collected it for, or for purposes the individual later authorizes. Before we use your EU Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. IDEXX maintains reasonable procedures to help ensure that EU Personal Data is reliable for its intended use, accurate, complete, and current.

 

Data Transfers to Third Parties

Third-Party Agents or Service Providers

We may transfer EU Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Privacy Policy, Employee Privacy Notice and Applicant Processing Notice. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EU Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing.

Liability

If a third party agent or service provider providing services on IDEXX’s behalf processes EU personal data in a manner inconsistent with the Privacy Shield Principles, IDEXX will be liable unless we can prove that we are not responsible for the event giving rise to the damage.

 

Security

IDEXX maintains reasonable and appropriate security measures to protect EU Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction taking due account of the nature of the data and the risks involved in the processing.

 

Access Rights

You have the right to access EU Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. If you would like to request access to, correction, amendment, or deletion of your EU Personal Data see the “Contact us” section later in this notice. We will respond to your access request within a reasonable time frame. We may request specific information from you to confirm your identity.

 

Questions or Complaints

If you are located in the EEA or Switzerland, you can direct any questions or complaints about the use or disclosure of your EU Personal Data to us at chiefprivacyofficer@idexx.com or see the “Contact us” section later in this notice. We will respond to you within 45 days of receiving your questions or complaints.

For any EEA complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the EU data protection authorities (“DPAs”). The DPAs will establish a panel to investigate and resolve complaints brought under the Privacy Shield and IDEXX will cooperate with this panel. Furthermore, IDEXX will comply with the advice given by the DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.

For any Swiss complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the Federal Data Protection and Information Commissioner (“Commissioner”). IDEXX commits to cooperate with the Commissioner. Furthermore, IDEXX will comply with the advice given by the Commissioner and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.

 

Investigatory and enforcement powers of the FTC

IDEXX is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

 

Binding arbitration

If you are located in the EEA or Switzerland and have exhausted all the means to resolve your concern regarding a potential violation of IDEXX’s obligations under the Privacy 3 Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process, please visit the Privacy Shield website: https://www.privacyshield.gov.

 

Disclosures for National Security or Law Enforcement

Under certain circumstances, we may be required to disclose your EU Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

 

Contact Us

If you have any questions about this Notice or would like to request access to your EU Personal Data, please contact us as follows:

  • Email: chiefprivacyofficer@idexx.com
  • Phone: 00-1-888-557-6518
  • FAX: 00-1-888-557-6518 (Attention: Chief Privacy Officer)
  • Mail: IDEXX Laboratories, Inc., Attention: Chief Privacy Officer, One IDEXX Drive, Westbrook, Maine 04092, U.S.A.

 

Changes To This Policy

We reserve the right to amend this Policy from time to time consistent with the Privacy Shield's requirements.