NOTICE: Carpenter Technology receives, processes and uses EU HR Personal Data and transfers EU HR Personal Data to third parties to carry out Carpenter Technology’s obligations under employment and benefit laws, to administer participation in Carpenter Technology’s benefit, compensation and human resource plans and programs, for performance management, for compliance and discipline reporting and investigation and purposes for which Carpenter Technology has otherwise provided notice to data subjects. In the event that Carpenter Technology discloses EU HR Personal Data (1) to a third party, other than a third party that is acting as an agent or processor to perform task(s) on behalf of and under the instructions of Carpenter Technology, or (2) for a purpose that is incompatible with the purpose(s) for which the EU HR Personal Data was originally collected or subsequently authorized by the Employee, Carpenter Technology takes reasonable precautions to provide notice prior to the disclosure. Such notice will cover the following items: (a) the purposes and uses for which EU HR Personal Data is being collected, (b) how to contact Carpenter Technology with any inquiries or complaints, (c) the types of third parties to which Carpenter Technology discloses the information, and (d) the choices and means Carpenter Technology offers individuals for limiting the use and disclosure of the EU HR Personal Data.
CHOICE: In the event that Carpenter Technology discloses EU HR Personal Data (1) to a third party, other than a third party that is acting as an agent or processor to perform task(s) on behalf of and under the instructions of Carpenter Technology, or (2) for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the Employee, Carpenter Technology takes reasonable precautions to offer data subjects the opportunity to choose not to have such EU HR Personal Data disclosed. In the case where the EU HR Personal Data referenced in the previous sentence pertains to sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), Carpenter Technology takes reasonable precautions to offer an affirmative or explicit (opt in) choice, to have the EU HR Personal Data disclosed.
ONWARD TRANSFER: Carpenter Technology transfers EU HR Personal Data to third parties, including third parties located outside the EEA in countries that have been deemed by the European Commission as not having sufficient privacy laws or protections, that act as agents or processors to perform task(s) on behalf of and under the instructions of Carpenter Technology, after Carpenter Technology takes reasonable precautions to either (1) ascertain that the third party complies with the Directive by adhering to an adequacy finding from the EU, or (2) obtain a written agreement whereby the third party represents that it provides at least the same level of privacy protection as is required by the relevant Safe Harbor Principles.
SECURITY: Carpenter Technology takes reasonable precautions to protect EU HR Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY: Carpenter Technology takes reasonable precautions to not process EU HR Personal Data in ways that are incompatible with the purposes for which it has been collected or subsequently authorized. To the extent necessary for those purposes, Carpenter Technology will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
ACCESS: Upon request, data subjects will have access to their EU HR Personal Data held by Carpenter Technology and may correct, amend, or delete their EU HR Personal Data held at Carpenter Technology if it is inaccurate. However, access to such EU Personal Data may be denied, when the burden or expense of providing access would be disproportionate to the risks to the data subject’s privacy in the case in question, or where the rights of persons other than the data subject’s would be violated.