Scope and Purpose
This policy applies to all employees of Nordson1. This policy may be supplemented by communications from the Information Services, Human Resources, and/or Law Departments. All supervisors are responsible for enforcing this policy. Employees are expected to be familiar with and comply with all such statements of policy in this area.
The purpose of this policy is to inform employees of the principles under which Nordson processes personal information received from countries belonging to the European Union (“EU”). This policy complies with the U.S. Department of Commerce safe harbor framework, which has been approved by the EU as an adequate way for Nordson to demonstrate that it complies with the protections outlined in the EU Directive on Data Privacy.
Policy and Procedure
“Personal data” and “personal information” are data about an identified or identifiable individual, received by Nordson in the U.S. from the EU, and recorded in any form.
“Processing” means any online and offline processing and includes such activities as copying, filing, and inputting personal information into a database.
“Sensitive data” is data that pertains to racial or ethnic origins, political or religious beliefs, health or sex life. Sensitive data may not be processed at all, unless the individual has given explicit consent.
The Safe Harbor Principles
In processing personal data, Nordson complies with the following Safe Harbor Principles. Adherence to the principles may be limited in certain cases to the extent necessary to meet national security, public interest, or law enforcement requirements.
Nordson notifies all individuals about the purposes for which personal information is collected and used. In certain situations, data is transmitted anonymously so that the names of the individuals are not known by data processors within Nordson. In these cases, data subjects do not need to be notified.
Nordson gives each individual the opportunity to opt out from allowing the Company to disclose his/her personal information to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected or authorized. If Nordson collects sensitive data, individuals will be provided with an affirmative or explicit (opt-in) choice if the data will be disclosed to a third party or used for a purpose other than that which it was originally collected or subsequently authorized.
Onward Transfer (to Third Parties)
Nordson may transfer information to a third party acting as an agent for Nordson, such as an outside benefits administrator, by making sure that the third party enters into an agreement with Nordson in which the third party promises to provide the same level of protection as required by the Safe Harbor Principles.
Occasionally, Nordson may also be required to disclose certain personal data to other third parties as a matter of law (e.g., to tax authorities, garnishments, etc.); to protect Nordson’s legal rights (e.g., to defend a lawsuit); or in an emergency where the health or security of an individual is endangered.
Nordson takes reasonable precautions to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These precautions include password protections for online information systems and restricted access to personal data processed by Human Resources. All inquiries from outside the Company, either written or verbal, concerning the identity, employment record, or performance of a current or terminated employee shall be referred, without exception, to Human Resources or an appropriate manager for handling. If the request is from a government agency, a Human Resources representative and/or an attorney in the Law Department will verify the credentials of the agency representative before releasing information about a current or terminated employee.
Nordson takes reasonable steps to ensure that personal data is accurate, complete, and current. All employees are asked to inform the Human Resources, Payroll or their manager immediately in the event of changes in personal information.
An individual has the right to inquire as to the nature of the personal data stored or processed about him or her by Nordson or a third party vendor. Upon request, individuals may access personal information about them by making a request to your manager or to Human Resources. If any information is inaccurate or incomplete, the individual may request that inaccurate information be corrected.
Individuals may contact Bruce Fields, the Vice President of Human Resources, at Nordson’s corporate offices in Westlake, Ohio in order to register complaints, to submit access requests, or to address any other issues arising under the Safe Harbor Principles. In addition, Nordson self-certifies annually with the U.S. Department of Commerce as a data controller, and the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress for individuals in case of the Company’s noncompliance with the Safe Harbor Principles.
Nordson conducts an annual self-assessment in order to verify that this Policy on Data Protection and Privacy of Personal Information is published and implemented within the Company and that it conforms to the Safe Harbor Principles.
1 For purposes of this policy, “Nordson” means Nordson Corporation, its predecessors, successors, subsidiaries, divisions and groups.