I. PRIVACY SHIELD
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under EU law that adequate protection be given to Personal Information transferred from the EU to the United States (EU-U.S. Privacy Shield Framework). To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/list.
Cortland educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance.. Cortland is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to the Privacy Shield Framework.
This Policy applies to all Personal Information received by Cortland in any format including electronic, paper or verbal. Cortland collects, stores and processes Personal Information concerning current and former employees, as well as applicants for employment through its Internet websites, its intranet site, electronic mail and manually. Cortland will not sell or share this information with third parties in ways different than what is disclosed in this Policy. On a global basis, Cortland will establish and maintain business procedures that are consistent with this Policy. Notwithstanding the foregoing, Cortland has separate policies governing the processing of employee personal data and external personal data in those countries that are members of the EU. These policies are consistent with EU data protection law.
Cortland collects, stores, and processes Personal Information from current and past employees and applicants for employment, such as name, contact information, government identifier, financial account information, and family information. This information is maintained at the Corporate and local level by Cortland and its authorized agents, depending on the level of the position as well as the local office of the employee or applicant. Cortland collects Personal Information for employment related purposes and legitimate human resource business reasons such as personnel and job candidate administration and assessment, recruitment and staffing; payroll administration; absence monitoring; training and development; management planning; appraisal and promotion; union negotiation; production and publication of company address books and telephone and e-mail directories; managing email and other communication systems; production of employee Identity cards; monitoring the use of company resources; information to contact close relatives in case of emergency; filling employment positions; administration and operations of its benefit and compensation programs; meeting governmental reporting requirements; security, health and safety management; performance management; company network access;; facilitating workplace communications; workforce analytics, and authentication. Cortland does not request or gather information regarding political opinions, religion, philosophy or sexual preference. To the extent Cortland maintains information on trade union membership, medical health, race or ethnicity, Cortland will protect, secure and process that information in a manner consistent with this Policy and applicable law.
Cortland also collects, stores, and processes Personal Information from prospective customers, vendors, professional advisers and consultants, distributors, dealers, suppliers, business partners and others, such as name, contact and financial information. This information may be maintained at its corporate offices in Stafford, Texas or at other Cortland facilities, and its authorized agents, consistent with local legislation. Cortland collects this Personal Information for, among other things, legitimate business reasons such as processing and fulfilling orders; customer service; the provision of services or products to Cortland, product, warranty and claims administration; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; marketing; internal marketing research; safety and performance management; financial and sales data; and contact information. All Personal Information collected by Cortland will be used for legitimate business purposes consistent with this Policy.
Cortland may process and disclose Personal Information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which a Cortland business is acquired by or merged with another business, or sells, liquidates, or transfers all or a portion of its assets.
Cortland also may process or disclose Personal Information as is reasonably necessary or legally required on important public interest grounds, to respond to lawful requests by public authorities (including to meet national security or law enforcement requests), to meet governmental reporting or records requirements, or for the establishment, exercise or defense of legal claims by Cortland or other companies within its corporate group.
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that processes Personal Information provided by Cortland to perform tasks on behalf of or at the instruction of Cortland.
“Personal Information” means any information or set of information that identifies or could be used by or on behalf of Cortland to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, trade union membership, political opinions, or religious or philosophical beliefs, that concerns health or sex life, or that contains criminal records. In addition, Cortland will treat as Sensitive Personal Information any Personal Information received from a third party where that third party treats and identifies the Personal Information as sensitive.
IV. PRIVACY PRINCIPLES
Cortland commits to subject the Personal Information covered by this policy to the following principles:
(1) NOTICE: Where Cortland collects Personal Information directly from individuals, it will inform them about the purposes for which it collects, stores and processes Personal Information about them, the types of non-Agent third parties to which Cortland discloses that information, and the choices and means, if any, Cortland offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Cortland, or as soon as practicable thereafter, and in any event before Cortland uses the information for a purpose other than that for which it was originally collected.
(2) DATA INTEGRITY AND PURPOSE LIMITATION: Cortland will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Cortland will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current.
(3) ACCOUNTABILITY FOR ONWARD TRANSFER: Cortland uses third-party Agents to assist us in accomplishing the purposes described in this Policy, for example to support our customers, perform technical operations, and store and transmit data. Cortland will confirm that any third party to which it discloses Personal Information will appropriately safeguard the privacy of that Personal Information. Examples of appropriate privacy safeguards include: a contract obligating the third party to provide at least the same level of protection as is required by the relevant privacy principles, the third party being subject to EU data protection law, Privacy Shield certification by the third party, or the third party being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where Cortland has knowledge that a third party is using or disclosing Personal Information in a manner contrary to this Policy, Cortland will take reasonable steps to prevent or stop the use or disclosure. Cortland holds third parties to which it discloses Personal Information accountable for maintaining the trust our employees and customers place in the company. Cortland may remain liable under the Privacy Shield Principles if any Agent processes Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Cortland first demonstrates that it is not responsible for the event giving rise to the damage.
(4) ACCESS AND CORRECTION: Upon request, Cortland will grant individuals reasonable access to Personal Information that it holds about them. In addition, Cortland will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Any employees that desire to review or update their Personal Information can do so by contacting their local Human Resources Representative.
(5) SECURITY: Cortland will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Cortland protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal Information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. Cortland limits access to Personal Information and data to those persons in Cortland’s organization, or as Agents of Cortland, that have a specific business purpose for maintaining and processing such Personal Information and data. Individuals who have been granted access to Personal Information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.
(6) RECOURSE, ENFORCEMENT, AND LIABILITY: Cortland will conduct compliance audits of its relevant privacy practices to verify compliance with this Policy and the relevant privacy principles. Any employee that Cortland determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
V. DISPUTE RESOLUTION
Cortland will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy and as required by law.
VI. INTERNET PRIVACY
Cortland sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. Cortland recognizes the importance of maintaining the privacy of Personal Information collected through websites that it operates. Cortland’s purpose for operating its websites is to provide information concerning products and services to the public. In general, visitors can reach Cortland on the Web without revealing any Personal Information. Visitors on the Web may elect to voluntarily provide Personal Information via Cortland websites but are not required to do so. Cortland collects information from visitors to the websites who voluntarily provide Personal Information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, or seeking employment. The Personal Information voluntarily provided by website users is contact information such as the user’s name, home and/or business address, phone numbers and email address. Cortland collects this information so it may answer questions and forward requested information. Cortland does not sell this information.
Cortland may also collect anonymous information concerning website users through the use of “cookies” in order to provide better customer service. “Cookies” are small files that websites place on users’ computers to identify the user and enhance the website experience. The cookies used are typically not intrusive and are not typically connected to visitors’ contact or other identifiable information. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. Visitors can learn how to control or delete cookies used on Cortland’s websites by visiting https://www.aboutcookies.org for detailed guidance. If visitors do suppress the website cookies, however, some areas of Cortland websites may not function properly.
No Cortland websites are directed toward children. Nevertheless, Cortland is committed to complying with applicable laws and requirements, such as the United States’ Children’s Online Privacy Protection Act (“COPPA”)
Cortland websites may contain links to other “non-Cortland” websites. Cortland assumes no responsibility for the content or the privacy policies and practices on those websites. Cortland encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of Cortland.
VII. CHANGES TO THIS POLICY
Cortland reserves the right to modify or amend this Policy at any time consistent with the requirements of the relevant principles and applicable law. Appropriate notice will be given concerning such amendments.