Privacy & Data Protection Policy

Swagelok Central Privacy & Data Protection Policy

Privacy - All data collected and/or stored by Swagelok Central UK is done so for the sole purpose of enabling Swagelok Central UK to fulfill the performance of a contract, legal obligation or for the purposes of the legitimate interest.

Individual’s personal data will not be shared with a third party without prior consent of the individual. This includes, but is not limited to: Name, address, email address and phone details.

Since September 2017 Swagelok Central UK has not retained any paper files of personal data. All files and transactions governed by GDPR are held for 7 years in a restricted location. The data is treated as confidential and is only shared with authorised personnel.

After their expiry, all data records and any historic paper copies will be permanently destroyed by a registered company authorised to dispose of confidential waste.

Swagelok Central UK has thoroughly analysed GDPR requirements and has put in place a dedicated internal team to drive our organisation to meet them. Some of our initiatives which are due for completion by the time the regulation comes into effect:

  • Designate a Data Protection Officer
  • Identify personal data -Defining the purview of personal data and documenting the various sources of data in order to create a road map for compliance.
  • Provide visibility and transparency - Identified affected systems and file shares
  • Enhancing data integrity and security – Data privacy and data security is very closely linked. Swagelok Central UK are already Cyber Essential certified, however are we extending this certification to Cyber Essentials partnered with GDPR Tech.
  • Selected independent recourse mechanism - Data Protection Authorities (DPAs)
  • Developed HR Privacy Policy and approach
  • Evaluated effectiveness of prior consent – Retention of prior information
  • Obtain active consent – For systems and applications where consent would be required, as request for permission will have been sought.
  • Provide US-EU Privacy Shield Commitment – Swagelok Central UK is one of the authorised sales and service centres for Swagelok Company. Swagelok Company is the manufacturing entity who resides in the US.

SWAGELOK’S PRIVACY SHIELD PARTICIPATION AND COMMITMENT

Swagelok complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Swagelok has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Swagelok’s participation in the Privacy Shield applies to all Personal Information (as defined below) that is subject to this Policy and is received from the European Union, European Economic Area, and Switzerland. Swagelok will comply with the Privacy Shield Principles in respect of such personal data.

Swagelok’s accountability for Personal Information that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Swagelok remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Swagelok proves that it is not responsible for the event giving rise to the damage.

As further explained in the "How to Contact Us" section of this Policy, we encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) complaint. For any complaints that cannot be resolved with Swagelok directly, Swagelok has chosen to cooperate with EU data protection authorities (“DPA”) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Swagelok is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”). Swagelok is also committed to cooperating and complying with the Swiss Federal Data Protection and Information Commissioner.

Please find further information from the DPAs at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.