Data Privacy - Privacy Shield

1. Overview    

Laird respects the privacy of their employees, suppliers, customers and contractors and is committed to protecting any personal data maintained by the company. Due to the global nature of Laird business, transfers of Personal Data, defined below, across national boundaries may occur.

In accordance with our commitment to protect personal privacy, Laird is a participant in the U.S. Department of Commerce's EU-U.S. Privacy Shield and has certified that we adhere to the EU-U.S. Privacy Shield Principles. Laird is subject to the investigatory and enforcement powers of the Federal Trade Commission.

For more information about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website at https://www.commerce.gov/privacyshield

This Policy applies to all Personal Data received by Laird in the United States from the European Union ("EU") in any format. For the purpose of this Policy, "Personal Data" is data about an identified or identifiable EU-based employee, received by Laird in the U.S. from the EU and recorded or stored in any form and may include the name alongside other data such as home address, email address etc.

2. Policy

Laird receives Personal Data in connection with the management and administration of employment matters and in transacting with customers and suppliers. Laird notifies EU-based individuals about the purposes for which their Personal Data is collected and used. Laird uses the information for business operations and transactions (e.g. sales, purchasing), employee development, administration and planning, or when required in the course of judicial or administrative proceedings, subject to all non-disclosure safeguards available. Below are listed the general categories of third parties with whom Laird may share this Personal Data. Notice to EU-based individuals will be provided before Laird uses the information for purposes other than for which it was collected, or before it discloses the information to categories of third parties not specified in this policy.

3. Transfer to Third Parties

Laird may share employees’ Personal Data (including name, date of birth, personal contact details, nationality information, national identification numbers) with third parties as required in certain situations including:

for purposes essential to the performance of Laird’s contractual obligations to employees such as (but not limited to) payroll providers, business travel support and service providers and business expense processing services;

  • where Laird has a legitimate purpose for providing the data to a third party such as (but not limited to) to facilitate organisational planning, design and analytics, the maintenance of security at Laird facilities and the sale or transfer of all or part of Laird or its businesses and joint ventures (including due diligence by prospective buyers); 
  • in order to enable Laird to perform a public task, including complying with legal obligations to Government agencies, regulatory bodies and law enforcement agencies; 
  • where an employee has explicitly consented to the provision of the data to a third party.

Prior to transferring Personal Data within the Laird group, Laird will ensure that the protection and transfer of such Personal Data complies with the EU-U.S. Privacy Shield Principles. 

Where Laird transfers Personal Data to a third party in the situations highlighted above, Laird will enter into an agreement with the third party in which the third party promises to provide the same level of protection as required by the Privacy Shield Principles. If the third party does not comply with its privacy obligations, Laird will take commercially reasonable steps to prevent or stop the use or disclosure of Personal Data.

Individuals should note that Laird is required to disclose Personal Data to law enforcement upon receipt of a valid judicial instruction.

In cases of onward transfer to third parties of Personal Data about EU individuals received pursuant to the EU-US Privacy Shield, Laird confirms that it remains liable.

If an EU individual wishes to limit the use and/or disclosure of their Personal Data, they can do so by communicating with their line manager or their Human Resources team.

4. Security

Laird takes reasonable measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration or destruction. These measures include password protection for information systems and restricted access to Personal Data processed by Human Resources, Customer Service Centres and Finance Service Centres.

5. Data Integrity

Laird will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. Laird will take reasonable steps to ensure that Personal Data is relevant for its intended use, accurate, complete and current. 

Upon request, Laird provides EU individuals with reasonable access to Personal Data that it holds about them and will take reasonable steps to permit these individuals to correct, amend or delete any Personal Data which is inaccurate or incomplete. 

An EU individual who wants to have access to his or her Personal Data should provide a written request by email to gdpr@lairdtech.com or to the Group General Counsel, Chris Fussell (chris.fussell@laird.com). 

6. Record Retention

Employee records will only be retained as required by local laws and after such time will be destroyed appropriately. In the case of a merger or acquisition, only records required by law and the terms of the acquisition agreement will be provided to acquirer.

7. Enforcement

Regular reviews of the Privacy Policy will take place and any policy updates will be communicated internally to employees and on the external website for other affected EU individuals.

If a complaint regarding Laird use of Personal Data is raised by an EU individual, Laird will investigate and try to resolve any dispute. If the dispute cannot be resolved, Laird will participate in the dispute resolution procedures by the Privacy Shield Company. Individuals can also go directly to the EU Data Protection authorities who will work with the US Department of Commerce and the Federal Trade Commission to ensure that individual complaints are investigated and resolved and, under certain conditions, individuals will be entitled to invoke binding arbitration.

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to gdpr@lairdtech.com or the Group General Counsel.