I. Safe Harbor
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the requirement under European Union law that adequate protection be given to Personal information transferred from the EU to the United States. The EEA also has recognized the US Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect Personal privacy, FARO Technologies adheres to the Safe Harbor Principles.
FARO Technologies has designated the Heads of both Human Resources and Information Technology as the persons responsible for FARO’s compliance with and enforcement of this Policy. Relevant contact information is provided herein.
Personal information collected by FARO Technologies from employees and applicants for employment is maintained at its corporate offices in Lake Mary, Florida in the United States as well as the local and regional office of the employee or applicant. For purposes of data security and backup, copies will be maintained at secured secondary facilities.
FARO Technologies collects Personal information for, among other things, legitimate human resource business reasons such as payroll administration, filling employment positions, maintaining accurate benefits records, meeting governmental reporting requirements, security, health and safety management, performance management; company network access, and authentication. FARO Technologies does not request or gather information regarding political opinions, religion, philosophy or sexual preference. To the extent FARO Technologies maintains information on an individual’s medical health or ethnicity (only for countries where it is legally required), FARO Technologies will protect, secure and use that information in a manner consistent with this Policy.
Personal information collected by FARO Technologies from prospective customers, consumers, vendors, business partners and others may be maintained at its corporate offices in Lake Mary, Florida or at other FARO Technologies facilities. FARO Technologies collects Personal information for, among other things, legitimate business reasons such as customer service, product, warranty and claims administration, meeting governmental reporting and records requirements, maintenance of accurate accounts payable and receivable records, internal marketing research, safety and performance management; financial and sales data, and contact information. All Personal information collected by FARO Technologies will be used for legitimate business purposes consistent with this Policy.
For purposes of this Policy, the following definitions shall apply:
- "Agent" means any third party that uses Personal information provided by FARO Technologies to perform tasks on behalf of or at the instruction of FARO Technologies.
- “FARO Technologies" means FARO Technologies, its predecessors, successors, subsidiaries, divisions and groups.
- "Personal information" means any information or set of information that identifies or could be used by or on behalf of FARO Technologies to identify an individual. Personal information does not include information that is encoded or publicly available information that has not been combined with non-public Personal information.
- "Sensitive Personal information" means Personal information that reveals race, ethnic origin, trade union membership, or that concerns health. In addition, FARO Technologies will treat as sensitive Personal information, any information received from a third party, where that third party treats and identifies the information as sensitive.
IV. Privacy Principles
The privacy principles in this Policy are based on the seven Safe Harbor Principles.
- NOTICE: Where FARO Technologies collects Personal information directly from individuals, it will inform them about the purposes for which it collects and uses Personal information about them, the types of non-agent third parties to which FARO Technologies discloses that information, and the choices and means, if any, FARO Technologies offers individuals for limiting the use and disclosure of their Personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal information to FARO Technologies, or as soon as practicable thereafter, and in any event before FARO Technologies uses the information for a purpose other than that for which it was originally collected. FARO Technologies may disclose Personal information if required to do so by law or to protect and defend the rights or property of FARO Technologies.
- CHOICE: FARO Technologies will offer individuals the opportunity to choose (opt-out) whether their Personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive Personal information, FARO Technologies will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. FARO Technologies will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.
- DATA INTEGRITY: FARO Technologies will use Personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. FARO Technologies will take reasonable steps to ensure that Personal information is relevant accurate, complete and current, to its intended use.
- TRANSFERS TO AGENTS: FARO Technologies will obtain assurances from its Agents that they will safeguard Personal information consistently with this Policy. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding (e.g., companies located in Hungary and Switzerland). Where FARO Technologies has knowledge that an Agent is using or disclosing Personal information in a manner contrary to this Policy, FARO Technologies will take reasonable steps to prevent or stop the use or disclosure. FARO Technologies holds it Agents accountable for maintaining the trust our employees and customers place in the company.
- ACCESS AND CORRECTION: Upon request, FARO Technologies will grant individuals reasonable access to Personal information that it holds about them. In addition, FARO Technologies will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Any employees that desire to review or update their Personal information can do so by contacting their local Human Resources Representative.
- SECURITY: FARO Technologies will take reasonable precautions to protect Personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. FARO Technologies protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. FARO Technologies limits access to Personal information and data to those persons in FARO Technologies’ organization, or as Agents of FARO, that have a specific business purpose for maintaining and processing such Personal information and data. Individuals who have been granted access to Personal information will be made aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so. \
- ENFORCEMENT: FARO Technologies will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy and the US Department of Commerce Safe Harbor Principles. Any employee that FARO Technologies determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
V. Dispute Resolution
Any questions or concerns regarding the use or disclosure of Personal information should be directed to Human Resources at the address given below. FARO Technologies will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between FARO Technologies and the complainant, FARO Technologies has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.
VI. Internet Privacy
FARO Technologies sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. FARO Technologies recognizes the importance of maintaining the privacy of Personal information collected through websites that it operates. FARO’s sole purpose for operating its websites is to provide information concerning products and services to its customers and employees. In general, visitors can reach FARO Technologies on the Web without revealing any Personal information. Visitors on the Web may elect to voluntarily provide Personal information via FARO Technologies websites but are not required to do so. FARO Technologies collects information from visitors to the websites who voluntarily provide Personal information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, or seeking employment. The Personal information voluntarily provided by website users is contact information limited to the user's name, home and/or business address, phone numbers and email address. FARO Technologies collects this information so it may answer questions and forward requested information. FARO Technologies does not sell or share this information with non-agent third parties. For purposes of improved security and authentication, FARO may enter into mutual agreements with customers or partners to utilize protocols and technology that may require the collection of additional information.
FARO Technologies may also collect anonymous information concerning website users through the use of "cookies" in order to provide better customer service. "Cookies" are files that websites place on users’ computers to identify the user and enhance the website experience. None of this information is reviewed at an individual level. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. If visitors do so, however, some areas of FARO Technologies websites may not function properly.
FARO Technologies website users have the option to request that FARO not use information previously provided, correct information previously provided, or remove information previously provided to FARO. Those that would like to correct or suppress information they have provided to FARO Technologies should forward such inquiries to:
125 Technology Park
Lake Mary, FL 32746
The inquiries should include the individual's name, address, and other relevant contact information (phone number, email address). FARO Technologies will use all reasonable efforts to honor such requests as quickly as possible. FARO Technologies websites may contain links to other "non-FARO" websites. FARO Technologies assumes no responsibility for the content or the privacy policies and practices on those websites. FARO Technologies encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of FARO.
The practices described in this Policy are current Personal data protection policies as of February 28, 2005. FARO Technologies reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments.