SUBJECT: Data Privacy Policy
APPLICATION: Worldwide
CONTACT/OWNER: Data Protection Officers (“DPOs”)
Statement of Policy
It is the policy of the Company to utilize personal data relating to its employees, customers, and suppliers only: (a) with a lawful basis; (b) for legitimate business purposes; and (c) only for as long as is necessary. Such information will be collected, processed, stored, and transferred among Kodak Alaris locations worldwide and among Kodak Alaris and third parties only in a manner that is consistent with Kodak Alaris policy, the Intra-Group Data Transfer Agreement and in compliance with applicable laws. Individuals may bring to the attention of the DPOs any questions or concerns regarding compliance with this policy.
Background
As a global organization, the Company must maintain certain information and exchange that information among its organizations and operations and with third parties worldwide. It is the responsibility of all employees, when collecting, processing, classifying, storing, transferring and deleting personal data, to ensure that such activity is consistent with our agreements, policies and laws applicable to the particular type of information. Oversight of this Policy and all other data-privacy policies and procedures is the responsibility of the DPOs together with Information Security (“InfoSec”), Legal, Compliance and Business Unit/Function Management.
Guiding Principles
The following principles will apply to the processing of personal data in the course of Kodak Alaris business. Personal data means data relating to an identified or identifiable individual.
- We are responsible for personal data, no matter in what form, where such data is maintained by the Company and/or by a third-party on our behalf.
- The Company will collect and use personal data only pursuant to a lawful basis and for legitimate business purposes. Kodak Alaris will take reasonable steps to see that such information is collected for specified and legitimate purposes, processed fairly, transparently and lawfully, maintained accurately and completely, and deleted or destroyed when no longer required or necessary.
- Kodak Alaris will maintain appropriate security measures to protect the confidentiality, integrity and availability of personal data. This includes protecting against risks of unauthorized access or improper destruction, use, modification, or disclosure. Employees should report any suspected data security incident or issue immediately.
- Kodak Alaris will seek contractual or other arrangements with third parties as to their obligations to follow Kodak Alaris’s policies and procedures regarding the security and privacy of personal data.
- Kodak Alaris will also implement other appropriate fair information practices regarding personal data dealing with (i) providing individuals with appropriate notice regarding Kodak Alaris’ use of such information, (ii) providing consumers with a choice as to whether such information may be used for purposes other than for those disclosed at the time the information is collected; and (iii) the ability to request corrections and deletion of personal data.
- Kodak Alaris will conduct periodic audits to ascertain that personal data is acquired, used and maintained consistent with this policy.
Reporting
Employees always have the option of using the Kodak Alaris Employee Ethics Hotline to report any concerns or make an enquiry about the use of personal data or any other policy concern. Such reports are regularly reviewed by the Company Compliance Officer and forwarded to other functions as needed for review and action. All such reports to the hotline can be made anonymously.
In addition to the Employee Ethic Hotline, employees are encouraged to contact the Company’s Data Protection Officers with any questions, concerns or reports regarding data privacy issues. Employees may contact the DPOs by e-mailing them at dpo@kodakalaris.com.
Reviewed and Approved: March 6, 2018