Textron, Inc. ("Textron"), parent company to Textron Financial Corporation, acknowledges the EU’s standard for personal data protection. Textron has a need to extract and compile the human resource data of employees in the EU. This Policy addresses the privacy concerns of European employees and the business concerns of the company.
To effect this Policy, Textron will adhere to the United States Department of Commerce Safe Harbor Principles and will self-certify to the United States Department of Commerce compliance with the Safe Harbor Principles. This Policy applies to all human resource data transmissions from Textron operations in EU countries to the United States. This includes transmission of data over phone lines, computer lines, and in hard copy, and includes such material as payroll records, telephone records, performance evaluations, and any material that identifies a particular individual employee.
The use of EU employee personnel data will include global enterprise headcount reporting, statistical analysis, compensation planning and related transactions, career development, staffing, international personal security issues, internal investigations ethics investigations, law enforcement inquiries, U.S. Government agency inquiries and mergers, acquisitions and divestitures.
Textron has adopted the seven Safe Harbor principles of notice, choice, onward transfer (transfer to third parties), access, security, data integrity and enforcement with respect to human resource data to be transferred to the U.S. from Textron operations in the EU.
1. Notice – Textron will notify employees in the EU about the purposes for which human resource data will be collected and used. Information will be provided on how employees can contact Textron with inquiries or complaints regarding human resource data. Textron will give notice to employees regarding third parties to which it discloses the information, and restrictions that limit the information’s use and disclosure.
2. Choice – Prior to releasing human resource data to a third party, Textron will give an individual employee the opportunity to choose whether their human resource data is disclosed to that third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by that individual. For sensitive data, an affirmative choice will be given to the employee if the human resource data is to be disclosed to a third party or used for a purpose other than its original purpose or the purposes authorized subsequently by the individual.
3. Onward transfer – (transfer to third parties) – Prior to disclosing human resource data to a third party, Textron will apply the notice and choice principles, enumerated above. Textron will commit to ensuring that the third party keeper of human resource data also subscribes to the Safe Harbor Principles or any other EU adequacy finding. Textron will also enter into a written agreement with such third party requiring that the third party provide at least the same level of personal data protection as is maintained by Textron.
4. Access – Employees covered under this policy will have access to personnel information about them that Textron holds and will be able to correct, amend or delete information if it is inaccurate (the exception is when the burden or expense of providing access would be disproportionate to the risks of the individual privacy in the case in question or the rights of persons other than the individual would be violated.)
5. Security – Textron will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
6. Data Integrity – Human resource data kept by Textron will be relevant for the purposes for which it is to be used. Textron will take reasonable steps to ensure that the data is reliable and that it is applied to its intended use. Textron will also ensure that the information is accurate, complete and correct.
7. Enforcement – To ensure compliance with these Safe Harbor Principles, Textron will:
a. Commit to cooperate with the Data Protection Authorities (DPAs) of the EU countries in the investigation and resolution of complaints and will comply with any advice given by DPAs;
b. Employ a procedure for verifying that the commitment the company has made to adhere to the Safe Harbor Principles has been implemented;
c. Remedy issues arising out of any failure to comply with the Principles. Textron acknowledges that its failure to provide an annual self-certification to the Department of Commerce will remove it from its list of participants and the transfers of information will not be allowed unless Textron otherwise complies with the EU Data Protection Directive.
The Textron Ethics and Compliance Department and the Director, Information Security and Privacy Officer, will be the internal mechanism for ensuring compliance with the Safe Harbor Principles and facilitating the independent recourse mechanism referenced in item 7 above of this Policy.
Access to the human resource data of EU employees will be to a limited number of users on a need to know basis.
European Union – The European Union (“EU”) consists of 15 member countries: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, The Netherlands, Portugal, Spain, Sweden and the United Kingdom.
Human Resource Data – (for the purposes of this policy) – Any human resource information relating to an identified or identifiable natural person who is a Textron employee and who can be identified, directly or indirectly, in particular by a reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
Sensitive Data – Sensitive data is data that pertains to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, income records, health, sexual orientation or alleged commission of any offense. This data may not be transferred unless an individual gives explicit consent.
Questions regarding the transmission of human resource data from the European Union (EU) to the United States or any other non-EU location, or any further transmission of the personnel data once received in the United States, should be referred to the Textron Director, Information Security and Privacy Officer. That individual is responsible for maintaining this document.
Textron must annually, in writing, certify to the Department of Commerce that it agrees to adhere to the Safe Harbor Principles.