TTM Technologies, Inc. – General Data Protection Regulation (“GDPR”) Privacy Policy
1. Introduction
1.1 We are TTM Technologies, Inc. (referred to as TTM, we, us and our in this GDPR Privacy Policy), a company incorporated in the state of Delaware and whose principal office address is 200 East Sandpointe, Suite 400, Santa Ana, California 92707.
1.2 The information set out in this GDPR Privacy Policy is provided to individuals who are based in the European Union whose personal data we process (you or your) as data controller, in compliance with our obligations under Articles 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR). This GDPR Privacy Policy descripts how we, and our affiliated companies, use Personal Data (defined below) that we collect, receive and store about you in connection with your use of our website: https://www.ttmtech.com/Default.aspx and any other website or application from which this GDPR Privacy Policy is linked, including, without limitation our sales portal (each, together with its sub-domains, content and services, a "Site")
1.3 Please refer to Schedule 1 for details of: the particular category of information we collect and retain; from where we obtain the information from; the purpose and legal basis of processing and to whom we will (if applicable) disclose the information.
2. Data controller details
2.1 We are the data controller in relation to, and will be responsible as data controller for the purposes of the GDPR, the processing of the personal information that is provided to TTM, TTM Technologies Trading (Guangzhou) Co., Ltd., and TTM Technologies Trading (Asia) Co., Ltd. and any other subsidiary entity within the TTM group (together, the TTM Group).
2.2 Our contact details are as follows:
2.2.1 Address: 200 East Sandpointe, Suite 400, Santa Ana, California 927072.2.2 Telephone number: +31 615 016 6232.2.3 Email address: beckers@ttm.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
3. International transfers
We will not transfer personal data relating to you to a country which is outside the European Economic Area (EEA) unless:
3.1 the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
3.2 appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA);
3.3 one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
3.3.1 the transfer is necessary to perform, or to form, a contract to which we are a party:3.3.1.1 with you; or
3.3.1.2 with a third party where the contract is in your interests;
3.3.2 the transfer is necessary for the establishment, exercise or defense of legal claims;
3.3.3 you have provided your explicit consent to the transfer; or
3.3.4 the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
4. Retention of personal data
Our retention and deletion policy can be found here – please see Schedule 2.
5. Your rights in respect of your personal data
5.1 You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. In accordance with the GDPR:
5.1.1 you will have the following rights:5.1.1.1 right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and5.1.1.2 right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
5.1.2 in certain circumstances, you will also have the following rights:
5.1.2.1 right to erasure / “right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);5.1.2.2 right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
5.1.2.3 right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
5.1.2.4 right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
5.2 Please note that if you withdraw your consent to the use of your personal information for purposes set out in our GDPR Privacy Policy, we may not be able to carry out our contractual obligations to you or provide you with access to all or certain parts of our services.
5.3 If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the Irish Data Protection Commission. Please see further information on their website: https://www.dataprotection.ie. We encourage you to first reach out to use at beckers@ttm.com so we have an opportunity to address your concerns directly before you do so.
6. Automatic decision making
We do not make decisions based solely on automated data processing, including profiling.
7. Security
7.1 We keep your information protected by taking appropriate technical and organizational measures to guard against unauthorized or unlawful processing, accidental loss, destruction or damage. For example:
7.1.1 where appropriate, data is encrypted when transiting on our system or stored on our databases;7.1.2 we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and7.1.3 we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.7.2 However, while we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone.
8. Representative
In accordance with Article 27 of the GDPR, our designated representative for purposes of receiving inquiries or complaints in regards to this GDPR Privacy Policy can be contacted as follows:
Address: St Philips Point, Temple Row, Birmingham, West Midlands, B2 5AF.
Telephone number: +(00) (314) 75388772.
Email address: rene.beckers@ttm.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
9. Changes to this GDPR Privacy Policy
We may amend this GDPR Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this GDPR Privacy Policy on our website, so please try to read it when you visit the website (the “last updated” reference tells you when we last updated our GDPR Privacy Policy).
Last updated 16 April 2020
Schedule 1
Data about our customers, and all individuals in respect of whom we have acquired personal information in connection with any products or services offered by us (including directors, shareholders, consultants, employees or other personnel of our customers)
What we collect:
- Contact details such as your name, home/work addresses, email address, landline/mobile phone or fax numbers.
- Employment information such as your position/title, employment history, professional specialisms and qualifications.
- Payment information such as bank details and transaction history.
- Information Collected Automatically by means of various software tools including but not limited to cookies and web beacons.
We may use your information for the following purposes, based on the following legal grounds:
- If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of providing our products or services.
- If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of communications in relation to establishing a customer relationship, obtaining evidence of identity of our customer, communications regarding our products or services and fees, for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future) and sending information to you about products and services which we think may be of interest to you for marketing purposes.
- If we obtain your consent: for any purpose for which we have obtained your consent. For example, if we ask you to opt into receiving certain marketing communications, we will comply with your consent or withdrawal of consent, notwithstanding our legitimate business interests to send such marketing information.
- Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
- If it is necessary for the performance of our contract: for the purpose of making or receiving payments in the course of providing our products or services.
- If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions, for insight purposes (e.g. to analyse market trends and demographics in relation to our fees), for establishing our customer’s ability to pay costs and to develop the service which we offer to you or other individuals in the future).
- If it is in our legitimate business interests to do so for the following purposes:
- “Required Cookies” enable you to navigate our Site and use its features, such as accessing secure areas of our Site and using our services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. Because these cookies are essential to operate our Site, there is no option to opt out of these cookies.
- “Performance Cookies” collect information about how you use our Site, including which pages you go to most often and if they receive error messages from certain pages. All information these cookies collect is aggregated and anonymous. It is only used to improve how our Site functions and performs. To learn how to opt out of performance cookies using user browser settings click here
- “Functionality Cookies” allow our Site to remember information you have entered or choices you make (such as your username, language or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of our Site after logging in. To learn how to opt out of performance cookies using user browser settings click here
- “Targeting or Advertising Cookies” allow us or third party advertisers to track your usage of our Site. Our advertisers and we use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on third party websites. This process also helps us manage and track the effectiveness of our marketing efforts. To learn how to opt out of targeting or advertising cookies using user browser settings click here
Recipients:
How we share information within the TTM Group
1. We may share information about you with any company within the TTM Group for the purposes set out in this GDPR Privacy Policy only (e.g. customer relationship management, software and service compatibility and improvements, information and data related to products or services, and to provide you with any information, applications, products or services that you have requested).
How we share information outside the TTM Group
2. Please note that personal information we are holding about you may be shared with and processed by:
2.1 regulators or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;2.2 any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
2.3 other parties and/or their professional advisers involved in a matter where required as part of the conduct of the services;
2.4 our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
2.5 our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and platform providers, our bank, payment processing providers and those organizations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested; and
2.6 another organization to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguards are in place.
3. Some of our service providers may use cookies or other methods to gather information regarding your use of our Site. Such third parties may use these cookies or other tracking methods for their own purposes by relating information about your use of our Site with any personal information about you that they may have. The use of such information by a third party depends on the privacy policy of that third party.
Schedule 2
Retention and deletion policy
Unless we are required or permitted by law to hold on to your information for a specific retention period, we may retain your information for the following purposes and periods:
Category of personal data
Data about our customers, business contacts, and third parties involved in matters in relation to which we provide products or services to our customers.
Period for which personal data will be stored
Contracts and general correspondence (emails, post and other communications) obtained in the course of providing our products or services:
Such information will be stored for three (3) years following completion of the services or termination or after expiry of the requirements of any contract with our customer (whichever is later).
Contact details for marketing purposes:
Contact information relating to customers and contacts will be held for so long as we believe the information to remain accurate and the individual concerned remains a genuine connection of ours, or of one of our directors and staff. We have a programme for reviewing our contacts regularly, and removing any information which is considered to be out of date or no longer relevant.