Our Services
NAES CORPORATION
POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION:
-
Scope
This policy applies to all employees of NAES Corporation and its subsidiary companies (collectively, “NAES”). From time to time, this policy may be supplemented by communications from the Information Technology, Human Resources, or Law Departments. All supervisors are responsible for enforcing this policy. Employees are expected to be familiar with and comply with all statements of policy in this area. Failure to do so may result in disciplinary action up to and including termination. -
Intent
This policy's purpose is to inform employees of the principles under which NAES processes personal information received from countries belonging to the European Union ("EU"). This policy complies with the U.S. Department of Commerce safe harbor framework, which has been approved by the EU as an adequate way for NAES to demonstrate that it complies with the protections outlined in the EU Directive on Data Privacy. -
Policy and Procedure
Definitions
"Personal data" and "personal information" are data about an identified or identifiable individual, received by NAES in the U.S. from the EU, and recorded in any form.
A "data subject" is the individual who is the subject of personal data or information.
"Processing" means any online and offline processing, and includes such activities as copying, filing and inputting personal information into a database.
"Sensitive data" is data that pertains to racial or ethnic origins, political or religious beliefs, or health or sex life. Sensitive data may not be processed at all, unless the individual has given explicit consent.
The Safe Harbor Principles
In processing personal data, NAES complies with the following Safe Harbor Principles. Adherence to the principles may be limited in certain cases to the extent necessary to meet national security, public interest or law enforcement requirements.
Notice
NAES notifies all identified data subjects about the purposes for which personal information is collected and used. In certain situations, data is "anonymized" so that the names of the data subjects are not known by data processors within NAES. In these cases, data subjects do not need to be notified.
Choice
NAES gives each data subject the opportunity to opt out from allowing the Company to disclose his/her personal information to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected or authorized. For sensitive data, affirmative choice (opt-in) must be received if the data is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized.
Onward Transfer (to Third Parties)
NAES may transfer information to a third party acting as an agent for NAES, such as an outside benefits administrator, by making sure that the third party enters into an agreement with NAES in which the third party promises to provide the same level of protection as required by the Safe Harbor Principles.
Security
NAES takes reasonable precautions to protect personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction. These precautions include password protections for online information systems and restricted access to personal data processed by the Human Resources Department. All inquiries from outside NAES, either written or verbal, concerning the identity, employment record, or performance of a current or terminated employee shall be referred, without exception, to the Human Resources Department for handling. If the request is from a government agency, a Human Resources representative and an attorney in the Law Department will verify the credentials of the agency representative before releasing information about a current or terminated employee.
Data Integrity
NAES takes reasonable steps to ensure that personal data is accurate, complete, and current. All employees are asked to inform the Human Resources and Accounting Department (payroll) immediately in the event of changes in personal information.
Access
Upon request, data subjects may access personal information about them and are able to have inaccurate information corrected.
Enforcement
Data subjects may contact the Vice President of Human Resources at NAES corporate offices in Issaquah, Washington, in order to register complaints, to submit access requests, or to address any other issues arising under the Safe Harbor Principles. In addition, NAES self-certifies annually with the U.S. Department of Commerce as a data controller, and the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress for individuals if NAES fails to comply with the Safe Harbor Principles.
Verification
NAES conducts an annual self-assessment in order to verify that this Policy on Data Protection and Privacy of Personal Information is published and implemented within the Company and that it conforms to the Safe Harbor Principles.
