Privacy Policy
Revised September 1, 2020
This Privacy Notice (the “Notice”) sets out
how OSI
Optoelectronics, Inc. and our parent
company and affiliates (including OSI Systems, Inc., OSI Electronics, Inc., OSI
Laser Diode, Inc., OSI Electronics Pte Ltd., OSI Optoelectronics Sdn Bhd, and OSI
Electronics de Mexico) collects and
processes information about you when you visit any website operated by that
entity (“Website”) or when you otherwise provide your personal information to
that entity, as described in this Notice.
The data controller for all personal
information originating in the European Economic Area (“EEA”) or processed by
data controller established in the EEA, collected through a Website is the OSI
group entity that operates that Website, as indicated in the terms of use
related to that Website, which also contains controller’s contact details. For
products and services contracted offline, the data controller for all personal
information originating in the European Economic Area (“EEA”) or processed by
data controller located in the EEA, is the OSI group entity that contracts with
you, as identified in the terms and conditions applicable to the purchase or
use of the relevant product or service.
References in this Notice to “we”, “us” or
“our” are references to the OSI group entity that is operating the relevant
Website that you visit, contracting with you in offline sale of products and
services, or to which you otherwise provide personal information as described
in this Notice.
If you have any questions or concerns about
our use of your personal information then please contact us using the contact
details provided at the bottom of this Notice.
Quick links
We recommend that you read this Notice in full
to ensure you are fully informed. However, if you only want to access a
particular section of this Notice, then you can click on the relevant link
below to jump to that section.
Information we collect
and the sources of information
Use of personal
information
Information we share
Your choices in
relation to direct marketing
Legal basis for
processing personal information (if EEA data protection law applies)
Links to Other Websites
and social media
Data Retention
Security
Your rights (if EEA data protection law applies)
International transfers
EU-U.S. and Swiss-U.S.
Privacy Shield
For California Residents
Updates to this Notice
Who to contact
1. Information We Collect and the
Sources of Information
The personal information that we may collect
about you broadly falls into the following categories:
Information that you provide voluntarily
Certain parts of our Websites may ask you to
provide personal information voluntarily. Further examples of this are
set out below; however as a general point, the personal information that you
are asked to provide, and the reasons why you are asked to provide it, will be
made clear to you at the point we ask you to provide your personal information.
·
General: You may give us information, including information that
can identify you (“personal information”), when you make enquiries about a
Website, our products or services or about career opportunities with us or when
you otherwise communicate with us (whether via a Website or otherwise).
For example, we may ask you to provide specific information set out in an
online inquiry form. You may choose to provide additional information to
us when you communicate with us or otherwise interact with us, including in any
free text box contained in an online inquiry form.
·
Personal Information that we collect when you do business with
us: We may process your
personal information when you conduct business with us (whether through the
Website or otherwise) as, or on behalf of, a customer or prospective customer,
or as, or on behalf of, a vendor, supplier, consultant, professional adviser or
other third party. In this context, we process:
·
business contact information that is necessary to understand
your role within your organization and to communicate with you;
·
financial information that is necessary to take payment or
fulfil contractual obligations or for related purposes;
·
personal opinions/insights included in any feedback necessary to
evaluate our performance and that of our suppliers or other business partners;
and
·
personal information necessary to conduct business effectively
with you or the organization that you represent.
·
Access to online resources: For access to certain resources on a
Website (e.g. eLearning modules and Product Manuals) we may ask you to register
as a customer/customer representative in order to create an online
account. If so, as well as the business contact information referred to
above, we will ask you to create a username and password.
·
Providing feedback: Customers may also have the option of providing online feedback
via a Website (e.g. in relation to OSI group company products, services or
distributors) and we may request certain personal information via any online
feedback form, such as name and contact details of the relevant customer
representative. Customer representatives may choose to provide additional
information in the context of such feedback, e.g. via free text boxes.
·
Supplier change requests: Suppliers may make a change request via a Website.
In such circumstances, we may request via the relevant online form
personal information that is necessary to process such change request.
·
Personal Information that you provide about another person: If you provide
us with information about another person, for example, if you refer someone to
us via the Website or as a company provide us with personal information of your
employees, you confirm that you have provided them with this Notice for which
their personal information will be processed and that you have obtained any
necessary consents to the processing of their personal data. When we first
contact them, we may tell them where we got the information from.
Information we collect automatically
When you visit our Websites, we may also
collect certain information by automated means from your device. In some
countries, including countries in the EEA, this information may be considered
personal information under applicable data protection laws.
Specifically, the type of information we
collect automatically may include information such as your IP address, device
type, unique device identification numbers, browser type, broad geographic
location (e.g. country or city-level location) and operating system, referring
URLs, information about your visit including the URL clickstream to, through
and from our Websites, download errors, number of Website visits, average time
spent on the Website, length of visits to certain pages and page interaction.
We collect this information automatically through the use of various
technologies including through “cookies”.
A cookie is a data
file containing small amounts of information that a website can send to your
browser (and many websites do), which may then be stored on your computer as a
tag that distinguishes your computer but does not name you. For further
information about the types of cookies we use, why and how you can control
cookies, please see our Cookies Notice at https://www.osi-systems.com/cookies. Some browsers have incorporated Do Not Track
(“DNT”) preferences. Most of these features, when turned on, send signals to
the website you are visiting that you do not wish to have information about
your online searching and browsing activities collected and used. As
there is not yet a common agreement about how to interpret DNT signals, we do
not honor DNT signals from website browsers at this time. However, you
may refuse or delete cookies. If you refuse or delete cookies, some of
our website functionality may be impaired. If you change computers,
devices, or browsers, or use multiple computers, devices, or browsers, and
delete your cookies, you may need to repeat this process for each computer,
device, or browser. Please refer to your browser’s Help instructions to learn
more about how to manage cookies and the use of other tracking technologies.
Personal Information for which we act as a
data processor: We may process
personal information on behalf of our customers in the context of supporting
our products. We do so in accordance with the instructions of our
customers. While our customers are in control of what personal
information is processed by our products it will typically include personal
information about individuals who are involved with the sale or support of our
products. For further information about how such information is handled
by our customers, please refer to the privacy policies of those customers.
2. Use of personal information –
purposes of processing
We process your personal information for the
following purposes:
·
To deal with your inquiries and requests;
·
To create and administer records about any online account that
you register with us, or to allow you to register an account with us;
·
To maintain and improve the accuracy of the records that we hold
about you;
·
To provide you with information, and access to resources that
you have requested from us;
·
To provide our products and services;
·
To otherwise maintain our relationship with you, including
requesting/processing your feedback;
·
Research and development and to improve our products and
services (subject to your prior consent, which will be obtained separately from
this Notice);
·
Website and system administration and security;
·
For internal analytics, in particular to better understand the
visitors who come to our Websites, where they come from and what content on our
Website is of interest to them and to improve the navigation and content of the
Website (please see our Cookies Notice (https://www.osi-systems.com/cookies/) for information
about the cookies that are used for this purpose);
·
To assess financial, credit or insurance risks arising from any
relationship or prospective relationship with a customer, supplier, distributor
or other business partner;
·
To alert you to updates to the Websites, and to any news and
events in which we think you may be interested (should you opt in to receiving
such updates) and/or to allow you to submit enquiries to us.
3. Information we share
We will only disclose personal information to
other companies within our group of companies (the OSI group
entities, please see above) for the purposes outlined in this Notice, unless
otherwise provided herein. We may also share your information with third
parties when:
(1) It is necessary to involve third party
service providers such as software product/support providers on a
“need-to-know” basis in order to support the provision of our products and
services and business operations;
(2) We have your consent or have otherwise
been requested by you (e.g. with social media networks or with other
employers);
(3) Required by a court order or any by any
competent legal, regulatory, government agency, court or other third party
where we believe disclosure is necessary: (i) as a matter of applicable law or
regulation, (ii) to exercise, establish or defend our legal rights or the
rights of our customers, website users or other third parties (e.g. with debt
collection and tracing agencies or to enforce our Terms of Use), or (iii) to protect
your vital interests or those of any other person;
(4) In connection with the actual or potential
sale or transfer of a business, provided that we inform the buyer (or potential
buyer) it must use your personal information only for the purposes disclosed in
this Notice and
(5) To credit reference agencies to establish
creditworthiness, to the extent permitted by applicable law.
4. Your choices in relation to direct marketing
Consistent with the consent you provide, we
may use the information that you give to us to contact you by mail, telephone,
fax email or electronic messaging service to alert you to updates to the
Websites, and any news and events in which we think you may be interested
(should you opt in to receiving such updates). We will also offer you the
opportunity to unsubscribe in every communication sent.
5. Legal basis for processing personal
information (if EEA data protection law applies)
If EEA data protection law applies, our legal
basis for collecting and using the personal information described above will
depend on the personal information concerned and the specific context in which
we collect it.
However, we will normally collect personal
information from you only (i) where we need the personal information to perform
a contract with you, (ii) where the processing is in our legitimate interests
and not overridden by your rights, or (iii) where we have your consent to do
so. In some cases, we may also have a legal obligation to collect
personal information from you or may otherwise need the personal information to
protect your vital interests or those of another person.
If we collect and use your personal
information in reliance on our legitimate interests (or those of any third
party), this interest will normally be to operate our Website(s) and to
communicate with you as necessary to provide our services to you and for our
legitimate commercial interest, for instance, when responding to your queries,
improving our Website(s), undertaking marketing, or for the purposes of
detecting or preventing illegal activities.
We may have other legitimate interests and if
appropriate we will make clear to you at the relevant time what those
legitimate interests are.
You can choose not to provide personal
information to us, in particular where we rely on your consent for their
processing. However, where the information that we request is necessary
for the purposes of entering into and performing a contract with you or your
organization and/or providing services/website facilities to you or your
organization, failure to provide it will impede the contracting process and/or
the provision of the relevant services or facilities.
6. Links to Other Websites and social media
Websites may contain links to other websites
which are outside our control and are not covered by this Notice. While we try
to link only to websites that share our high standards and respect for privacy,
we are not responsible for the content, security or privacy practices employed
by other websites. If you access other websites using the links
provided, the operators of these websites may collect information from you
which will be used by them in accordance with their privacy notice, which may
differ from ours.
On some Website pages, third parties that
provide content, applications or plug-ins through our Websites may track your
use of content, applications and plug-ins or customize content, applications
and plug-ins for you. For example, when you share a webpage using a
social media sharing button on our Websites (e.g., Facebook, Twitter, or Google
Plus), the social network that has created the button will record that you have
done this. For more information on social media plug-ins on our Websites,
see our Cookies Notice.
6. Data Retention
We retain personal information that we collect
from you where we have an ongoing legitimate business need to do so. If
you are a client or vendor (or a representative of a client for vendor, your
personal information will be retained for a period of time to allow us to
provide or receive the relevant services (as the case may be) and to comply with
applicable legal, tax or accounting requirements. We will not retain your
information for longer than is necessary for our business purposes or for legal
requirements.
When we have no ongoing legitimate business
need to process your personal information, we will either delete or anonymize
it or, if this is not possible and we have legal obligation to do so (for
example, because your personal information has been stored in backup archives),
then we will securely store your personal information and isolate it from any
further processing until deletion is possible.
7. Security
We maintain reasonable and appropriate
technical and organizational security measures to protect the personal
information you provide to us through a Website against unauthorized
disclosure, use, alteration, or destruction. These measures are designed to provide
a level of security appropriate to the risk of processing your personal
information. Please note, however, that perfect security does not exist on the
Internet. Therefore, while we endeavor to protect your personal information,
when data is transferred over the Internet it may potentially be accessed and
used by unauthorized parties.
Where you have a password, which enables you
to access a Website, you are responsible for keeping this password secure and
confidential.
8. Your rights (if EEA data protection law
applies)
If you are from certain territories (such as
Switzerland or the EEA), you may have
the right to access the personal information that we hold about you, or to
correct, amend or delete such information pursuant to the General Data
Protection Regulation (GDPR), EU-U.S. or Swiss-U.S. Privacy Shield Frameworks
(as applicable). If EEA data protection law applies to the processing of
your personal information, you have the following data protection rights,
subject to conditions and exceptions provided in applicable EEA data protection
law:
·
If you wish to access (including requesting a copy of),
correct, update or request deletion of your personal information, you
can do so at any time by contacting us using the contact details provided under
the “Who to contact” heading below.
·
In addition, you can object to processing of
your personal information in certain circumstances, on grounds relating to your
specific situation, ask us to restrict processing of your
personal information or request portability (i.e., receive your personal data in a standardized format in case
you wish to transfer it to another controller) of your personal
information. Again, you can exercise these rights by contacting us using the
contact details provided under the “Who to contact” heading below.
·
You have the right to opt-out of marketing
communications we send you at any time. You can exercise this right by
clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we
send you. To opt-out of other forms of marketing (such as postal
marketing or telemarketing), then please contact us using the contact details
provided under the “Who to contact” heading below.
·
Similarly, if we have collected and process your personal
information with your consent, then you can withdraw your consent at
any time. Withdrawing your consent will not affect the lawfulness of any
processing we conducted prior to your withdrawal, nor will it affect processing
of your personal information conducted in reliance on lawful processing grounds
other than consent.
·
You have the right to complain to a data protection
authority about our collection and use of your personal information.
For more information, please contact your local data protection authority.
·
You have the right not to
be subject to automated decisions (made solely by machines) affecting you,
as defined by applicable EEA data protection law.
If you wish to make such a request, please
contact us at the address below. Before responding to your request, we may ask
you to verify your identity and to provide further details about your request.
We will endeavor to respond within an appropriate timeframe and, in any event,
within any timescales required by law or, where applicable, within the
timescales required by applicable laws and regulations.
9. International transfers
We belong to an international group of
companies. Consequently, we may transfer your personal information
outside your country of residence to countries or jurisdictions where we have
facilities or engage third parties to provide services to us for the purposes
outlined in this Notice. The countries to which we may transfer your
personal information are in the following regions: USA, Europe, or Asia. Such
countries may not have the same level of data protection as within your
country. If we do make such a transfer, we will, take steps in accordance with
applicable laws to protect your personal information. For example, as
described below, we have certified (pursuant to Article 45 of the EU General
Data Protection Regulation 2018) to the EU-U.S. and Swiss-U.S. Privacy Shield
frameworks for international transfers of personal information from our group
companies within the EEA and Switzerland to our group companies in the
US. We have also implemented the EU Commission’s Standard Contractual
Clauses (pursuant to Article 46.2 of the General Data Protection Regulation 2018)
for international transfers of personal information from within the EU to U.S.
legal entities, our service providers, and our non-US group companies located
outside the EEA. Further details can be provided upon request using the
contact details provided under the “Who to contact” heading below.
10. EU-U.S.
and Swiss-U.S. Privacy Shield
OSI Systems Inc. and its controlled U.S.
subsidiaries (including American Science and Engineering, Inc., OSI
Electronics, Inc., OSI Laser Diode, Inc., OSI Laserscan, Inc., OSI
Optoelectronics, Inc., OSI Solutions, Inc., Rapiscan Government Services, Inc.,
Rapiscan Laboratories, Inc., Rapiscan Systems, Inc., S2 Global Inc., Spacelabs
Healthcare Inc., (together “OSI US”) comply with the EU-U.S. Privacy Shield and
Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of
Commerce regarding the collection, use, and retention of personal information
transferred from the EEA or Switzerland to the United States. In
doing so, OSI US has certified that, in respect of all personal information it
receives from the EEA or Switzerland, it will adhere to the Privacy Shield
Principles of: Notice, Choice, Accountability for Onward Transfers,
Security, Data Integrity and Purpose Limitation, Access and Recourse,
Enforcement and Liability. If there is any conflict between the terms in
this Notice and the Privacy Shield Principles, the Privacy Shield Principles
shall govern. To access the Privacy Shield Program, and to find details of OSI
US’s certification, please visit www.privacyshield.gov.
OSI US’s participation in the Privacy Shield
applies to all personal information that is subject to this Notice and is
received from the EEA or Switzerland. OSI US will comply with the Privacy
Shield Principles in respect of such personal information.
Where OSI US transfers personal information
from the EEA or Switzerland to its third party agents and service providers, it
will require such third parties to process the information only for the
purposes described this Notice and to provide the same level of protection for
the information as required by the Privacy Shield Principles. OSI
US remains responsible and liable under the Privacy Shield Principles if
third-party agents that it engages to process the personal information on its
behalf do so in a manner inconsistent with the Principles, unless OSI US proves
that it is not responsible for the event giving rise to the damage.
If you believe that OSI US is processing your
personal information within the scope of its Privacy Shield certification, you
may direct any inquiries or complaints concerning its Privacy Shield compliance
in the following ways:
(1) In the first instance, please send your
inquiry or complaint to privacy@osi-systems.com or by writing to:
OSI Optoelectronics, Inc.
Attention: Data Privacy Officer
Corporate Compliance Department
12525 Chadron Avenue
Hawthorne, California 90250
United States of America
OSI US will respond within 40 days.
(2) If you are not satisfied with OSI US’s
response, or for complaints that cannot be resolved with OSI US directly, OSI
US has chosen to cooperate with EU and Swiss data protection authorities (DPAs)
and comply with the information and advice provided to it by an informal panel
of DPAs in relation to such unresolved complaints EU DPAs are available
here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Swiss individuals may contact the Swiss
Federal Data Protection and Information Commissioner’s (FDPIC) office.
Under certain circumstances, you may be eligible to invoke binding
arbitration.
(3) Further, the European and Swiss DPAs may
refer your complaint to the US Department of Commerce or the Federal Trade
Commission for further investigation.
OSI US’s commitments under the Privacy Shield
are subject to the investigatory and enforcement powers of the United States
Federal Trade Commission.
[Update: August 2020] Last month, the European Commission invalidated aspects of the
U.S.-EU Privacy Shield. We have
carefully reviewed the applicable court ruling and have verified that our
current policy, including the utilization of Standard Contractual Clauses,
complies with applicable laws and regulations.
11. For
California Residents
We provide services and products primarily to
business customers and generally only collect Personal Information of the
employees of those business customers.
In limited circumstances, when an individual consumer who is a
California resident interacts with us directly, this section applies. Pursuant
to the California Consumer Privacy Act of 2018, below is a summary of the
Personal Information we collected from such California residents and the
categories of third parties with whom we’ve shared consumer Personal
Information. Information about the
purposes of information collection and the sources of information are described
in Sections 1-2, above.
Personal Information We Collect | Categories of Third Parties to Whom We Have
Disclosed Personal Information for a Business Purpose |
Identifiers
and other information you provide, such as name, email address, physical address, telephone
number, account number or name and password, and device identifiers (e.g.,
cookie IDs and IP address) | 1.
Affiliates
and subsidiaries 2.
Service
Providers 3.
To
government entities or others for legal, security, or safety purposes 4.
In
connection with a corporate transaction |
Financial
information and other customer records, including credit or debit card number, credit related
information, bank account number, or any other financial information | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
Protected
class and demographic information, such as age, race, gender, education, or date of birth | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
Internet
or other electronic network activity information, such as your browsing history, search
history, and information regarding your interactions with and use of the
Website | 1.
Service
Providers 2.
Social
Media Platforms |
Commercial
information, such as products
or services purchased, obtained, or considered, or other purchase or
subscription information or consumer histories or tendencies | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
Audio,
video, or other sensory information, such as call recordings or video surveillance of our
premises | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
Professional
or employment-related information of business contacts, such as job title, organization,
professional licenses, credentials, specialty, professional affiliations, or
other professional information | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
Inferences drawn from any of the information we
collect to create a profile about you reflecting your preferences | 1.
Affiliates
and subsidiaries 2.
Service
Providers |
California residents who interact with us
outside of business-to-business transactions may have certain rights under the
CCPA, subject to legal limitations, regarding the collection, use, and sharing
of personal information. California residents may exercise the following rights
regarding personal information collected via by contacting us via our Online Request Form or by calling us toll-free at 1-833-308-1010.
Right to Know. You have the right to request information about the categories
of personal information we have collected about you in the prior 12 months
including the categories of sources from which we collected the personal
information, the purposes for collecting the personal information, and the
categories of third parties with whom we shared your personal information,
(“Categories Report”). You may also request information about the specific
pieces of personal information we have collected about you in the prior 12
months (“Specific Pieces Report”). You may also specifically request
information about any third parties with whom we have shared your personal
information for those third parties’ direct marketing purposes in the preceding
calendar year. You may request this information using the contact information
above.
Right to Delete. You have the right to request that we delete personal
information that we have collected from you.
Right to Opt-Out. We do not sell personal information.
In accordance with applicable law, we will not
discriminate against you for exercising these rights.
Verification. In order to process requests, we will need
to obtain information to locate you in our records or verify your identity
depending on the nature of the request. If you are submitting a request on
behalf of a household, we will need to verify each member of the household in
the manner set forth here. For a Right to Know Specific Pieces Report, we will
request applicable documentation to verify your identify in addition to a signed
declaration, under penalty of perjury, to verify your identity. For a Right to
Know Categories Report, we will request a government issued form of
identification to verify your identity. For a Right to Delete request, we will
request that you confirm your identity by confirming a “challenge” question, or
by verifying that you own the email address or phone number originally provided
to us.
Authorized Agents. You may use an authorized agent to exercise
your rights on your behalf. If you are making any of the requests above through
an authorized agent, we will request signed authorization from you and will
seek to verify you as described above or we will accept a legal Power of Attorney
under the California Probate Code to the authorized agent. If you are an
authorized agent, use the Online Request Form. You may be required to
separately upload documentation demonstrating you have authority to exercise
rights on the consumer’s behalf.
Timing. We will respond to Requests to Delete and
Requests to Know within 45 days, unless we need more time in which case we will
notify you and may take up to 90 days total to respond to your request.
12. Updates to this Notice
From time to time we may update this Notice in
response to changing legal, technical or business developments. If
material changes are made to this Notice, we will take appropriate measures to
inform you, consistent with the significance of the changes we make (for
example we may notify you with a notice on our Websites for a period of 30
days).
You can see when this Notice was last updated
by checking the “last updated” date displayed at the top of this Notice.
13. Who to contact
If you have any questions or comments in
relation to this Notice, or our privacy practices or use of your personal
information, please contact us via email at privacy@osi-systems.com or write to:
OSI Systems, Inc.
Attention: Data Privacy Officer
Corporate Compliance Department
12525 Chadron Avenue
Hawthorne, California 90250
United States of America
- or -
OSI Optoelectronics, Inc.
Attention: Data Privacy Officer / Compliance Department
12525 Chadron Avenue
Hawthorne, California 90250
United States of America