The European Commission and the United States Department of Commerce have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy EU requirements for adequate protection of personal information transferred between the EU and the United States. The EU also has recognized the U.S. Safe Harbor as providing adequate data protection. Consistent with its commitment to protect personal privacy, we adhere to the Safe Harbor Principles.
"Personal information" means any information or set of information that identifies or could be used by us, our customers or agents of our customers, to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with nonpublic personal information. It does not include information that pertains to a specific individual, but from which that individual could not reasonably be identified.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, we will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
The following privacy principles are based on the Safe Harbor Principles.
Notice and Choice
To the extent permitted by the Safe Harbor Agreement, we reserve the right to process personal information in the course of providing services. Where we collect personal information directly from individuals in the EU, we inform them about the types of personal information we collect from them, the purposes for which we collect and use it, and the types of non-agent third parties to which we disclose that information. We also inform those individuals about the choices and means, if any, we offer individuals for limiting the use or disclosure of their information.
Disclosures and Transfers
We will not disclose an individual's personal information to third parties, except when one or more of the follow conditions is true:
- We have the individual's permission to make the disclosure;
- The disclosure is required by law or professional standards;
- The disclosure is reasonably related to the sale or disposition of all or part of our business;
- The information in question is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims; or
- The disclosure is to another Solutia or Eastman entity or to persons or entities providing services on our or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
- is subject to law providing an adequate level of privacy protection,
- has agreed in writing to provide an adequate level of privacy protection; or
- subscribes to the Safe Harbor Principles.
Permitted transfers of information, either to third parties or within our organization, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we process. However, we cannot guarantee the security of information on or transmitted via the Internet.
We process personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
Access and Correction
If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birth date, and social security number. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreement. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.
Enforcement and Dispute Resolution
We utilize the self-assessment approach to assure its compliance with our privacy statement. We periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.
With respect to any complaints relating to this policy that cannot be resolved through our internal processes, we have agreed to participate in the dispute resolution procedures if the panel established by the EU data protection authorities determine that we did not comply with this policy. We will then take appropriate steps to address any adverse effects and to promote future compliance.
Any person who we determine is in violation of our privacy policies will be subject to disciplinary process.
Questions or comments regarding our Safe Harbor certification should be submitted by e-mail to: email@example.com