I. SAFE HARBOR
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the requirement under European Union law that adequate protection be given to Personal information transferred from the EU to the United States. The EEA also has recognized the US Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). The United States Department of Commerce and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of principles and frequently asked questions to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States (U.S.-Swiss Safe Harbor Framework). Consistent with its commitment to protect personal privacy, Ingersoll Rand adheres to the Safe Harbor Principles set forth in the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework.
Ingersoll Rand has a Global Data Protection Officer who assists in ensuring compliance with this Policy and data security issues. Ingersoll Rand educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance. Ingersoll Rand's Global Data Protection Officer Evan Turtz and its Corporate Legal Team are available to any of its valued employees, customers, vendors, business partners or others who may have questions concerning this Policy or data security practices. Relevant contact information is provided herein.
This Policy applies to all Personal information received by Ingersoll Rand in any format including electronic, paper or verbal. Ingersoll Rand collects, stores and processes Personal information concerning current and former employees, as well as applicants for employment through its Internet websites, its intranet site, electronic mail and manually. Ingersoll Rand is the sole owner of information it collects, stores and processes from current and former employees, applicants for employment, customers, vendors and others. Ingersoll Rand will not sell or share this information with third parties in ways different than what is disclosed in this Data Protection Policy. On a global basis, Ingersoll Rand will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Policy. Notwithstanding the foregoing, Ingersoll-Rand has separate policies governing the processing of employee personal data and external personal data in those countries that are members of the European Union. These policies are consistent with the European Directive 95/46/EC on the protection of personal data.
Personal information collected, stored and processed by Ingersoll Rand from employees and applicants for employment is maintained at Corporate or at Regional HQ, depending on the level of the position as well as the local office of the employee or applicant. Ingersoll Rand collects Personal information for employment related purposes and legitimate human resource business reasons such as recruitment and staffing; payroll administration; absence monitoring; training and development;, management planning; appraisal and promotion; union negotiation; production and publication of company address books and telephone and e-mail directories; production of employee Identity cards; monitoring the use of company resources; information to contact close relatives in case of emergency; filling employment positions; administration and operations of its benefit and compensation programs; meeting governmental reporting requirements; security, health and safety management; performance management; company network access; and authentication. Ingersoll Rand does not request or gather information regarding political opinions, religion, philosophy or sexual preference. To the extent Ingersoll Rand maintains information on trade union membership, medical health, race or ethnicity, Ingersoll Rand will protect, secure and process that information in a manner consistent with this Policy and applicable law.
Personal information collected by Ingersoll Rand from prospective customers, consumers, vendors, business partners and others may be maintained at its corporate offices in Swords, Ireland, Davidson, North Carolina, Piscataway, New Jersey or at other Ingersoll Rand facilities, consistent with local legislation. Ingersoll Rand collects Personal information for, among other things, legitimate business reasons such as customer service; product, warranty and claims administration; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; internal marketing research; safety and performance management; financial and sales data; and contact information. All Personal information collected by Ingersoll Rand will be used for legitimate business purposes consistent with this Policy.
For purposes of this Policy, the following definitions shall apply:
"Agent" means any third party that processes Personal information provided by Ingersoll Rand to perform tasks on behalf of or at the instruction of Ingersoll Rand.
"Ingersoll Rand" means Ingersoll-Rand plc., Inc., its subsidiaries, divisions and groups, including, Climate Solutions, Industrial Technologies, Residential Solutions, Security Technologies, with brands such as Thermo-King, Trane, Schlage, Hussmann, Club Car, Interflex and Steelcraft.
"Personal information" means any information or set of information that identifies or could be used by or on behalf of Ingersoll Rand to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal information.
"Sensitive Personal information" means Personal information that reveals race, ethnic origin, trade union membership, political opinions, religious or philosophical beliefs or that concerns health or sex life. In addition, Ingersoll Rand will treat as sensitive Personal information any information received from a third party where that third party treats and identifies the information as sensitive.
IV. PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the seven Safe Harbor Principles.
- NOTICE: Where Ingersoll Rand collects Personal information directly from individuals, it will inform them about the purposes for which it collects, stores and processes Personal information about them, the types of non-agent third parties to which Ingersoll Rand discloses that information, and the choices and means, if any, Ingersoll Rand offers individuals for limiting the use and disclosure of their Personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal information to Ingersoll Rand, or as soon as practicable thereafter, and in any event before Ingersoll Rand uses the information for a purpose other than that for which it was originally collected. Ingersoll Rand may disclose Personal information if required to do so by law or to protect and defend the rights or property of Ingersoll Rand.
- CHOICE: Ingersoll Rand will offer individuals the opportunity to choose (opt-out) whether their Personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For Sensitive Personal information, Ingersoll Rand will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Ingersoll Rand will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.
- DATA INTEGRITY: Ingersoll Rand will use Personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Ingersoll Rand will take reasonable steps to ensure that Personal information is relevant to its intended use, accurate, complete and current.
- TRANSFERS TO AGENTS: Ingersoll Rand will obtain assurances from its Agents that they will safeguard Personal information. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where Ingersoll Rand has knowledge that an Agent is using or disclosing Personal information in a manner contrary to this Policy, Ingersoll Rand will take reasonable steps to prevent or stop the use or disclosure. Ingersoll Rand holds it Agents accountable for maintaining the trust our employees and customers place in the company.
- ACCESS AND CORRECTION: Upon request, Ingersoll Rand will grant individuals reasonable access to Personal information that it holds about them. In addition, Ingersoll Rand will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Any employees that desire to review or update their Personal information can do so by contacting their local Human Resources Representative.
- SECURITY: Ingersoll Rand will take reasonable precautions to protect Personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Ingersoll Rand protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. Ingersoll Rand limits access to Personal information and data to those persons in Ingersoll Rand's organization, or as agents of Ingersoll Rand, that have a specific business purpose for maintaining and processing such Personal information and data. Individuals who have been granted access to Personal information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.
- ENFORCEMENT: Ingersoll Rand will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy and the US Department of Commerce Safe Harbor Principles. Any employee that Ingersoll Rand determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
V. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of Personal information should be directed to the Ingersoll Rand Data Protection and Privacy Office at the address given below. Ingersoll Rand will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Ingersoll Rand and the complainant, Ingersoll Rand has agreed to participate in the dispute resolution procedures of the panel established by the European Union data protection authorities and to cooperate and comply with the Swiss Federal Data Protection and Information Commissioner to resolve disputes pursuant to the Safe Harbor Principles.
VI. INTERNET PRIVACY
Ingersoll Rand sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. Ingersoll Rand recognizes the importance of maintaining the privacy of Personal information collected through websites that it operates. Ingersoll Rand's sole purpose for operating its websites is to provide information concerning products and services to the public. In general, visitors can reach Ingersoll Rand on the Web without revealing any Personal information. Visitors on the Web may elect to voluntarily provide Personal information via Ingersoll Rand websites but are not required to do so. Ingersoll Rand collects information from visitors to the websites who voluntarily provide Personal information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, or seeking employment. The Personal information voluntarily provided by website users is contact information limited to the user's name, home and/or business address, phone numbers and email address. Ingersoll Rand collects this information so it may answer questions and forward requested information. Ingersoll Rand does not sell this information.
Ingersoll Rand may also collect anonymous information concerning website users through the use of "cookies" in order to provide better customer service. "Cookies" are small files that websites place on users' computers to identify the user and enhance the website experience. None of this information is reviewed at an individual level. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. If visitors do so, however, some areas of Ingersoll Rand websites may not function properly.
Few, if any, of Ingersoll Rand's websites are directed toward children. Nevertheless, Ingersoll Rand is committed to complying with applicable laws and requirements, such as the United States' Children's Online Privacy Protection Act ("COPPA").
Ingersoll Rand website users have the option to request that Ingersoll Rand not use information previously provided, correct information previously provided, or remove information previously provided to Ingersoll Rand. Those that would like to correct or suppress information they have provided to Ingersoll Rand should forward such inquiries to:
Ingersoll Rand Privacy Inquiries
One Centennial Avenue
Piscataway, New Jersey
Attention: Evan Turtz, Global Data Protection and Privacy Officer
The inquiries should include the individual's name, address, and other relevant contact information (phone number, email address). Ingersoll Rand will use all reasonable efforts to honor such requests as quickly as possible.
Ingersoll Rand websites may contain links to other "non-Ingersoll Rand" websites. Ingersoll Rand assumes no responsibility for the content or the privacy policies and practices on those websites. Ingersoll Rand encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of Ingersoll Rand.
The practices described in this Policy are current Personal data protection policies as of December 1, 2010. Ingersoll Rand reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate notice will be given concerning such amendments.