Safe Harbor Policy
Textron, Inc. ("Textron"), parent company to Textron
Financial Corporation, acknowledges the EU’s standard for
personal data protection. Textron has a need to extract and compile
the human resource data of employees in the EU. This Policy addresses
the privacy concerns of European employees and the business concerns
of the company.
To effect this Policy, Textron will adhere to the United States
Department of Commerce Safe Harbor Principles and will self-certify
to the United States Department of Commerce compliance with the
Safe Harbor Principles. This Policy applies to all human resource
data transmissions from Textron operations in EU countries to the
United States. This includes transmission of data over phone lines,
computer lines, and in hard copy, and includes such material as
payroll records, telephone records, performance evaluations, and
any material that identifies a particular individual employee.
The use of EU employee personnel data will include global enterprise
headcount reporting, statistical analysis, compensation planning
and related transactions, career development, staffing, international
personal security issues, internal investigations ethics investigations,
law enforcement inquiries, U.S. Government agency inquiries and
mergers, acquisitions and divestitures.
Textron has adopted the seven Safe Harbor principles of notice,
choice, onward transfer (transfer to third parties), access, security,
data integrity and enforcement with respect to human resource data
to be transferred to the U.S. from Textron operations in the EU.
Notice – Textron will notify employees in the EU about the
purposes for which human resource data will be collected and used.
Information will be provided on how employees can contact Textron
with inquiries or complaints regarding human resource data. Textron
will give notice to employees regarding third parties to which it
discloses the information, and restrictions that limit the information’s
use and disclosure.
Choice – Prior to releasing human resource data to a third
party, Textron will give an individual employee the opportunity
to choose whether their human resource data is disclosed to that
third party or used for a purpose incompatible with the purpose
for which it was originally collected or subsequently authorized
by that individual. For sensitive data, an affirmative choice will
be given to the employee if the human resource data is to be disclosed
to a third party or used for a purpose other than its original purpose
or the purposes authorized subsequently by the individual.
Onward transfer – (transfer to third parties) – Prior
to disclosing human resource data to a third party, Textron will
apply the notice and choice principles, enumerated above. Textron
will commit to ensuring that the third party keeper of human resource
data also subscribes to the Safe Harbor Principles or any other
EU adequacy finding. Textron will also enter into a written agreement
with such third party requiring that the third party provide at
least the same level of personal data protection as is maintained
Access – Employees covered under this policy will have access
to personnel information about them that Textron holds and will
be able to correct, amend or delete information if it is inaccurate
(the exception is when the burden or expense of providing access
would be disproportionate to the risks of the individual privacy
in the case in question or the rights of persons other than the
individual would be violated.)
Security – Textron will take reasonable precautions to protect
personal information from loss, misuse and unauthorized access,
disclosure, alteration and destruction.
Data Integrity – Human resource data kept by Textron will
be relevant for the purposes for which it is to be used. Textron
will take reasonable steps to ensure that the data is reliable and
that it is applied to its intended use. Textron will also ensure
that the information is accurate, complete and correct.
Enforcement – To ensure compliance with these Safe Harbor
Principles, Textron will:
Commit to cooperate with the Data Protection Authorities (DPAs)
of the EU countries in the investigation and resolution of complaints
and will comply with any advice given by DPAs;
Employ a procedure for verifying that the commitment the company
has made to adhere to the Safe Harbor Principles has been implemented;
Remedy issues arising out of any failure to comply with the Principles.
Textron acknowledges that its failure to provide an annual self-certification
to the Department of Commerce will remove it from its list of participants
and the transfers of information will not be allowed unless Textron
otherwise complies with the EU Data Protection Directive.
The Textron Ethics and Compliance Department and the Director,
Information Security and Privacy Officer, will be the internal mechanism
for ensuring compliance with the Safe Harbor Principles and facilitating
the independent recourse mechanism referenced in item 7 above of
Access to the human resource data of EU employees will be to a
limited number of users on a need to know basis.
European Union – The European Union (“EU”) consists
of 15 member countries: Austria, Belgium, Denmark, Finland, France,
Germany, Greece, Ireland, Italy, Luxembourg, The Netherlands, Portugal,
Spain, Sweden and the United Kingdom.
Human Resource Data – (for the purposes of this policy) –
Any human resource information relating to an identified or identifiable
natural person who is a Textron employee and who can be identified,
directly or indirectly, in particular by a reference to an identification
number or to one or more factors specific to his or her physical,
physiological, mental, economic, cultural or social identity.
Self-Certification to the Department of Commerce – Textron
must certify to the U.S. Department of Commerce that it will abide
by the Safe Harbor Principles. Textron must also state annually
Sensitive Data – Sensitive data is data that pertains to
racial or ethnic origin, political opinions, religious or philosophical
beliefs, trade union membership, income records, health, sexual
orientation or alleged commission of any offense. This data may
not be transferred unless an individual gives explicit consent.
Questions regarding the transmission of human resource data from
the European Union (EU) to the United States or any other non-EU
location, or any further transmission of the personnel data once
received in the United States, should be referred to the Textron
Director, Information Security and Privacy Officer. That individual
is responsible for maintaining this document.
Textron must annually, in writing, certify to the Department of
Commerce that it agrees to adhere to the Safe Harbor Principles.