LAST UPDATED: December 2018
Edmund Optics Inc wants you to be familiar with how we collect, use and disclose information in our capacity as a Data Controller. We want you to be in control of how we use your personal data and to make you aware of your rights, and our legal basis for using this information under the European Union General Data Protection Regulations (GDPR).
- Email messages that we may send to you.
- Offline, through interactions with our staff, for example when you contact us for Customer or Technical support by telephone or fax or when you visit us at a trade show.
1.What is Personally Identifiable Information?
“Personally Identifiable Information” (PII) is information that identifies you as an individual or relates to another identifiable living individual, examples of PII include:
- Your Name
- Your Postal Address (including billing and shipping addresses)
- Telephone/Fax Number
- E-Mail Address
- IP Address
- Credit or Debit Card Number
- Customer Number
- Driver’s License or other form of official ID (e.g., When you visit our offices)
- Internal Account ID
2. Collection of Personally Identifiable Information
We, and our service providers (see Annex 1), may collect Personally Identifiable Information (PII) in a variety of ways, known collectively as “EO Services”, including:
- Through our “On-line Services”: We may collect PII through one or more on-line services provided by Edmund Optics:
- When you visit our website:
- MAC address
- IP address information.
- When you sign up for a newsletter.
- When you request a catalogue, quotation or on-line chat.
- When you make a purchase on our website or by e-mail.
- When you communicate with us via e-mail.
- Through our “Off-line Services”: We may collect PII from you offline, such as:
- When you attend one of our trade shows.
- When you place an order by telephone, by fax or by postal mail.
- When you contact customer services by telephone, by fax or by postal mail.
- When you visit one of our offices.
- When Making Payments: We may use a third-party payment service to process payments made through our On-line and Off-line Services. If you wish to make a payment through these Services, your PII will not held or stored by us, it will be collected by our third party payment processors, who specialise in the secure capture and processing of credit/debit card transactions.
3. Use of Personally Identifiable Information and the Legal Basis for Processing under GDPR
We, and our service providers, may use PII as follows:
- Contract Fulfilment
Note: For European Union customers, contract fulfilment will be performed by Edmund Optics Ltd, located in the United Kingdom.
- To fulfil your online or offline orders, your quotation or catalogue requests or to provide you with any other related customer services.
- To send administrative information to you, such as changes to our terms, conditions and policies.
We require the above information for the purposes of Contract Fulfilment. You have requested, and we will deliver to you, products or services, or to inform you of any significant changes to the conditions under which we do business.
- Legal Obligation
- For legitimate business purposes such as fraud monitoring and prevention, identity checks, audits, adherence to local strategic export controls surrounding transfer of technical data, accountancy related filings or security alerts in connection with your Edmund Optics account.
We require the above information for the purposes of Legal Obligation as detailed above and required by applicable local laws in one or more of the countries in which we operate.
- To send you Marketing communications that we believe may be of interest to you including:
- Educational content: Whitepapers, e-books etc.
- Product Annoucements and promotions
- Webinar Invites
- Local Events including Trade Shows, training sessions etc.
- Monthly Newsletter
- Company news flashes and initiatives.
- To personalise your experience of our On-line Services by presenting products and offers tailored to you, both on our Websites and on Social Media Pages.
- To assist us in developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
We will ask for your Consent for any of the above functions and will send marketing communications to you only if you consent to receive them.
- Legitimate Interest
- To investigate any issues reported to us via the web feedback form and to forward to other offices and/or affiliates to follow up as necessary, in order to resolve the issue.
- To periodically send, by postal mail, our latest product catalogue unless you have previously opted out of receiving this catalogue.
We have a Legitimate Interest in using your information, in the above scenarios, to develop our website using your feedback and to grow our business.
Please see the section 8 below for additional information in relation to your rights in relation to the Personally Identifiable Information that you provide us with.
4. Disclosure of Personal Information
Your Personal Information may be disclosed:
- Between Edmund Optics offices and/or our affiliates for:
- The purposes of order fulfilment.
- Local contact follow-up.
- Local marketing related purposes.
- To our third party service providers who provide services such as:
- Website Hosting
- Data Analysis
- Payment Processing
- Order/Delivery Fulfillment
- Information Technology and Related Infrastructure Provision
- Customer Services
- E-mail Delivery
- Catalogue Delivery
- Auditing and other services.
- To third party content providers, to permit them to send you marketing communications, where you have consented to us doing this.
- To third party sponsors of award programs, contests and similar promotions where you have consented to us doing this.
- Publicy by you, on message boards, chats, profile pages, blogs and other services to which you are able to post information and content hosted by Edmund Optics.
5. Other Uses and Disclosures
We also may use and disclose your PII as we believe to be necessary or appropriate:
- To comply with any legal obligations to which we are subject. This may include laws outside your country of residence.
- To enforce our terms and conditions
- To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- We may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
6. Other Information
“Other Information” is any information that does not reveal your specific identity or does not directly relate, or can be linked to, to an identifiable individual, such as:
- Browser and Device Information.
- Demographic Information and Other Information provided by you that does not reveal your specific identity.
- Information that has been aggregated in a manner that it no longer reveals your specific identity.
Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
- Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your:
- Computer type (Windows or Macintosh).
- Screen resolution.
- Operating system name and version.
- Device manufacturer and model.
- Internet browser type and version and the name and version of the Services you are using.
We use this information to ensure that our On-Line Services function properly.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may collect Other Information together with PII. If we do, we will treat the combined information as PII as long as it is combined or can be linked to PII.
7. Third Party Services
Third Party Service Providers
We may pass your information to our third party service providers for the purposes of completing specific tasks and/or to provide services to you on our behalf, as specified above. When we utilise these third party service providers we will only disclose the personal information necessary to complete the task or deliver the service as instructed by Edmund Optics. In accordance with the requirements of the GDPR, where applicable, Data transfer agreements are in place with all of our third party service providers requiring them to keep your information secure and to only use it for the particular purposes that it has been provided to them for.
Third Party Linking
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with our Social Media Pages, except as explicitly stated in this policy.
We are committed to using all reasonable organisational, technical and administrative measures to protect the Personal Information that you provide us with. When inputting information onto our website, sensitive information (such as credit or debit card information) is encrypted and protected via SSL encryption, and is subsequently transferred and tokenised by our payment provider, Edmund Optics does not store your credit or debit card information on any of our systems.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
9. Choices and Access
Your choices regarding our use and disclosure of your Personally Identifiable Information for Marketing Purposes
We give you choices regarding our use and disclosure of your Personally Identifiable Information for marketing purposes. You may opt-out from any of these services as follows:
- Receiving electronic communications from us: If you would like to withdraw your consent to receive marketing-related emails, you may opt-out by:
- Clicking the unsubscribe link in the email
- Contacting us in accordance with the “Contacting Us” section below
- Unsubscribing from our electronic newsletters or other email marketing online at https://www.edmundoptics.eu/email-unsubscribe/.
- Receiving our catalogue: Receiving our catalogue: If you no longer want to receive our product catalogue, you may withdraw your consent by contacting us in accordance with the “Contacting Us” section below or online at: https://www.edmundoptics.eu/unsubscribe/
- Your Right to be Forgotten: Your Right to be Forgotten: If you would like to withdraw your consent for us to contact you for direct marketing purposes, you may opt-out by contacting us in accordance with section 17 “Contacting Us”, below.
We will comply with your request(s) as soon as reasonably practicable. Please note that if you withdraw consent to receive marketing related emails from us, we may still send you important administrative or order related messages.
10. How you can access, change or suppress your Personal Information
If you would like to review, correct, update, suppress or delete Personal Information that you have previously disclosed to us, you may contact us in accordance with the “Contacting Us” section below.
Under the GDPR, individuals in the EEA have the following rights:
- Request access to your Personal Information.
- Request the correction and in some cases the deletion of your Personal Information.
- Request we restrict our use of your information where one or more of the circumstances set out in Article 18(1), GDPR applies.
- Request that wherever possible you be provided with copies of any information be provided in a structured, commonly used digital format.
- Object to the the processing of your information for certain purposes unless there are compelling legitimate grounds which require our processing of your Personal Information to continue.
- Withdraw your consent to our use of your information where consent constitutes the lawful ground for processing.
In your request, please make clear what Personally Identifiable Information is affected and what changes you would like to make, or let us know what limitations you would like to put on our use of your Personal Information. A record of any changes, deletions or withdrawals of consent will be recorded solely for the purposes of complying with the Legal Obligations required under the GDPR.
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.
Where one of the circumstances specified in Article 17(1), GDPR applies you may request that we permanently delete any Personal Identifiable Information that we hold in respect of you.
11. Retention Period
We will only use and store your Personal Information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
12. Use of “EO Services” by Minors
Edmund Optics’ “EO Services” are not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personally Identifiable Information from individuals under 13.
13. For EU Individuals: Privacy Shield Notice for Personal Data Transfers to the United States
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage third party service providers in accordance with the terms outlined in section 7. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Edmund Optics is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Edmund Optics accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Edmund Optics remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Edmund Optics proves that it is not responsible for the event giving rise to the damage.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
If you are located in the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of protection according to EEA standards (the full list of these countries is available here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.) With regard to transfers of Personal Information that we may from time to time make to other countries, we have put in place measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the "Contacting Us" section below.
14. Sensitive Information
We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us. Where unsolicited sensitive Personal Information is received it will be deleted unless there is a compelling and legitimate reason for it to be retained.
In compliance with the Privacy Shield Principles, Edmund Optics commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Edmund Optics by email at firstname.lastname@example.org.
Edmund Optics has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
- UK based individuals is the Information Commissioner's Office (https://ico.org.uk/).
- Germany based individuals is the BFDI (https://www.bfdi.bund.de).
- • France based individuals is the CNIL (https://www.cnil.fr/).
If you have a privacy complaint concerning your personal data transferred from the EU to the U.S. under Privacy Shield, please see the detailed instructions included in our Privacy Shield statement above.
17. Contacting Us
The Marketing department, located at the address below, is responsible for collection, use and disclosure of your Personally Identifiable Information.
- by email at email@example.com
- by phone at +44 (0)1904 788 600
- by fax at +44 (0)1904 788 610
- by post at:
Olly Simmons – Database Director
Edmund Optics Ltd.
1 Opus Avenue, Nether Poppleton
York, YO26 6BL, United Kingdom
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Annex 1. List of service providers
Edmund Optics utilises the services of various third parties in various different functional areas, including, but not limited to, Shipment logisitics, Data backup and recovery, IT security and Marketing/Marketing communications.
The following are representative of some of the companies whose services we utilise:
- United Parcel Service of America, Inc.
- DHL International GmbH
- Fedex Corp
- TNT Holdings B.V.
- United States Postal Service
- Royal Mail
Marketing and Marketing Communications:
- Google Inc
- LiveChat Inc
- Meritdirect LLC