European Economic Area
The following section, in conjunction with the information above, describes enVista’s data practices in accordance with the EU General Data Protection Regulation (“GDPR”). Any terms defined in GDPR have the same meaning when used in this section of this Privacy Policy.
Data Processor
In many circumstances, enVista is the Data Processor in relation to your Personal Information and is committed to protecting the privacy rights of individuals, including your rights. enVista’s commitments regarding privacy and data security in these circumstances are memorialized in enVista’s contracts with the relevant Data Controllers.
Methods of Processing
enVista takes commercially reasonable security measures to attempt to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Personal Information.
Personal Information processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, Personal Information may be accessible to certain types of persons in charge, involved with the operation of this Site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by enVista. The updated list of these parties may be requested from enVista at any time.
Legal Basis of Processing
enVista is committed to cooperating with the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complying with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU and Switzerland as required by applicable law.
We will only process Personal Information subject to the GDPR as it is described in this Privacy Policy if we have a lawful basis for doing so, including those listed below. Under some legislation, enVista may be allowed to process Personal Information until you affirmatively object to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases:
- Provision of Personal Information is necessary for the performance of an agreement and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in enVista; or
- Processing is necessary for the purposes of the legitimate interests pursued by enVista or by a third party that are not overridden by the data subject’s interests or fundamental rights and freedoms.
If your affirmative consent is required for certain processing of any Personal Information subject to the GDPR, we will obtain your consent before so processing such information.
In any case, we can help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information subject to the GDPR is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Place
Personal Information is processed at enVista’s operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve transferring the Personal Information to a country other than the one in which the data subject resides.
If broader protection standards are applicable, you are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Information Transfer and Consent
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, enVista is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, enVista may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Your Personal Information may be transferred to and stored the United States, and may be processed and accessed by us, our affiliates and our unaffiliated service providers in the United States and in other jurisdictions where we or they operate. We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States. enVista has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. enVista is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. enVista complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
In compliance with the Privacy Shield Principles, enVista commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact enVista at: security@envistacorp.com. Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
By using the Services, you consent to this transfer, processing, storage and access of your Personal Information in and/or outside of the jurisdiction in which you reside. Courts and other authorities in these jurisdictions may, in certain circumstances, be entitled to access your Personal Information. We will transfer your Personal Information subject to suitable safeguards, including in accordance with Privacy Shield Principles and/or standard contractual clauses where appropriate.
Access to Information and Your Rights
You have certain rights relating to your Personal Information, subject to local data protection laws. These rights may include:
- To access your Personal Information held by us (right to access);
- To rectify inaccurate Personal Information and, taking into account the purpose of processing the Personal Information, ensure it is complete (right to rectification);
- To erase/delete your Personal Information, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
- To restrict our processing of your Personal Information to the extent permitted by law (right to restriction of processing);
- To transfer your Personal Information to another controller or processor, to the extent possible (right to data portability);
- To object to any processing of your Personal Information carried out on the basis of our legitimate interests (right to object). Where we process your Personal Information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites or in our services; and
- To the extent we base the collection, processing, and sharing of your Personal Information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
To exercise these rights, please submit your specific request to exercise these rights by using the information in the “enVista Contact Information” section below.
Timeframe for Responding to Requests
enVista will respond to your request within thirty (30) days of receipt. The period of response may be extended to forty-five (45) or sixty (60) days if more time is required. In that event, we will inform you of the reason and extension period in writing.
Fee
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.