EU-U.S. and Swiss-U.S. Privacy Shield Notice
Effective Date: August 8, 2017
This Privacy Shield Notice ("Notice") explains how IDEXX Laboratories, Inc., IDEXX Distribution, Inc., IDEXX Operations, Inc. and OPTI Medical Systems, Inc. (“IDEXX”) collect, use, and disclose certain personal information that we receive in the U.S. from Switzerland, the European Union and European Economic Area ("EU Personal Data").
IDEXX recognizes that Switzerland and the EUhave established strict protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of Switzerland and the EU (and the EEA). To provide adequate protection for certain EU Personal Data about our customers, customer’s customers, employees, job applicants and website visitors received in the U.S., we elected to self-certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce ("Privacy Shield"). IDEXX adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
Personal Data Collection and Use
Data Transfers to Third Parties
Third-Party Agents or Service Providers
If a third party agent or service provider providing services on IDEXX’s behalf processes EU personal data in a manner inconsistent with the Privacy Shield Principles, IDEXX will be liable unless we can prove that we are not responsible for the event giving rise to the damage.
IDEXX maintains reasonable and appropriate security measures to protect EU Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction taking due account of the nature of the data and the risks involved in the processing.
You have the right to access EU Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. If you would like to request access to, correction, amendment, or deletion of your EU Personal Data see the “Contact us” section later in this notice. We will respond to your access request within a reasonable time frame. We may request specific information from you to confirm your identity.
Questions or Complaints
If you are located in the EEA or Switzerland, you can direct any questions or complaints about the use or disclosure of your EU Personal Data to us at email@example.com or see the “Contact us” section later in this notice. We will respond to you within 45 days of receiving your questions or complaints.
For any EEA complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the EU data protection authorities (“DPAs”). The DPAs will establish a panel to investigate and resolve complaints brought under the Privacy Shield and IDEXX will cooperate with this panel. Furthermore, IDEXX will comply with the advice given by the DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.
For any Swiss complaints that cannot be resolved with IDEXX directly, we have agreed to cooperate with the Federal Data Protection and Information Commissioner (“Commissioner”). IDEXX commits to cooperate with the Commissioner. Furthermore, IDEXX will comply with the advice given by the Commissioner and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.
Investigatory and enforcement powers of the FTC
IDEXX is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
If you are located in the EEA or Switzerland and have exhausted all the means to resolve your concern regarding a potential violation of IDEXX’s obligations under the Privacy 3 Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process, please visit the Privacy Shield website: https://www.privacyshield.gov.
Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your EU Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
If you have any questions about this Notice or would like to request access to your EU Personal Data, please contact us as follows:
- Email: firstname.lastname@example.org
- Phone: 00-1-888-557-6518
- FAX: 00-1-888-557-6518 (Attention: Chief Privacy Officer)
- Mail: IDEXX Laboratories, Inc., Attention: Chief Privacy Officer, One IDEXX Drive, Westbrook, Maine 04092, U.S.A.
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield's requirements.