Last updated: May 25, 2018
Dear Flextronics Customer:
This document is a “Data Processing Addendum” (“DPA”) for customers that are looking for one in reference to the “General Data Protection Regulation” (EU) 2016/679 (“GDPR”). It covers the Personal Data, as defined by the GDPR, that a customer stores with Flextronics. The terms and principles in this DPA apply to all Flextronics customers, regardless of where they reside. This DPA is an addendum and is incorporated by reference from the Flextronics Terms of Service and the Flextronics Privacy Policy found on the Flextronics web site.
As the GDPR evolves and best practices are refined, Flextronics reserves the right to update this DPA at any time. If there is something we view as a material change, we will notify our customers via email 30 days in advance of the change going into place.
GDPR COMPLIANCE
Flextronics is compliant with the requirements set forth in the GDPR for a Data Processor. Our compliance with the GDPR includes, but is not limited to:
- The use of Personal Data of an EU data subject solely for the performance of our services and as permitted by applicable law;
- Taking appropriate measures to ensure the security of the Personal Data Flextronics processes. This includes, but is not limited to – maintaining a Chief Security Officer and resourcing that position to effect high security standards for all Flextronics services, deployment of generally accepted technical protections, frequent testing of our services, and training of all Flextronics employees;
- Ensuring that all Flextronics personnel who have access to or process Personal Data, are subject to a duty of confidence;
- Ensuring that no third party processes any Personal Data received from Flextronics except in accordance with applicable GDPR requirements;
- Servicing obligations in connection with subject access requests and other data subject rights under GDPR;
- Retention of Personal Data after the termination of an account only for the period specified in our published privacy policy (which complies with GDPR requirements).
- In the unlikely event of a system breach, we will expeditiously (within 72 hours) send you a notification email. A “system breach” does not include a customer account being accessed via valid credentials unless those credentials were exposed through some action or fault of Flextronics or one of its sub-processors.
Customers who wish to provide personal information to Flextronics by purchasing our products and services can access Flextronics’s Data Processing Agreement to understand what information we collect, how we treat that data when you use our products and services, and what obligations Flextronics assumes under Article 28 of the GDPR.
For further information on our compliance with the GDPR, or to request an executed copy of our Data Processing Agreement, please contact us at compliance@Flextronicstechgroup.com.