- information collection and use
- website links
- security measures
- data retention
- children’s privacy
- access and data integrity
- policy changes
- contact information
Information collection and use
A. General sources
There are various methods by which CEVA collects Personal Data. We may collect Personal Data from individuals as voluntarily disclosed via our websites, in person, over the phone, through the postal mail service or e-mail. In addition, as part of the way in which our website interacts with Internet users, when users access CEVA’s website, CEVA’s systems automatically obtain the IP address/details of that user.
Where we collect Personal Data, we make clear the nature of the information and the specific purpose(s) for which it is used, or may be used, and we offer individuals the choice to opt-out of providing such information.
B. Sensitive information
While recognizing that all Personal Data deserves to be protected, CEVA exercises special precautions and safeguards for any Sensitive Personal Data we may collect. Sensitive Personal Data includes Personal Data specifying medical or health data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying details of a conviction or criminal offense.
CEVA does not collect Sensitive Personal Data regarding its customers or vendors, unless it is required or authorized by law, or unless the customer or vendor has provided its express consent. However, when necessary to support its relationship with its employees, or when required by local law, CEVA may collect “Sensitive Personal Data” regarding its employees.
CEVA makes available a specific detailed “Privacy Notice” to its customers, vendors and employees describing what Personal Data we may collect, how we use it, when it may be shared with others, choices of what Personal Data an individual may provide, and how we safeguard its confidentiality. Where a legal requirement exists, we will request consent from individuals to the collection and use of that information as set forth in the Privacy Notice. A copy of the Privacy Notice may be obtained by written request to CEVA’s Data Privacy Office (contact details available below).
We collect Personal Data that is knowingly and voluntarily provided to us related to the following:
CUSTOMER: CEVA collects and processes Personal Data about our customers in order to efficiently provide the services necessary to support an entire supply chain solution, and other services that involve the transport and storage of goods more generally. In addition, we may use collected customer Personal Data in order to correspond with customers Personal Data regarding possible new or enhanced business opportunities.
VENDOR: CEVA collects and processes Personal Data about any vendor we retain in order to ensure that we are able to contact our vendors when necessary, and to ensure that CEVA’s standards of service/care are met.
EMPLOYEE: CEVA collects and processes Personal Data about its employees to carry out human resources management and to provide benefits for employees.
CEVA may contract with other companies or individuals (“Third Party Service Providers”) to perform certain duties on our behalf. In so doing, it may be necessary that we provide Third Party Service Providers with access to Personal Data. Our Third Party Service Providers are required to maintain the confidentiality of the Personal Data, and are restricted from using the information for any other purpose than the purposes defined by CEVA. Examples of duties performed by Third Party Service Providers include transporting shipments, unloading or assembling freight, delivering packages, providing IT services, sending postal mail, auditing or analyzing data, processing credit card and online bill payments, processing payments, processing payroll, administrating benefits, and recruiting employees, agents, or contractors.
We take appropriate measures, by contract or otherwise, to provide adequate protection for Personal Data that is disclosed to our Third Party Service Providers, and to ensure that our Third Party Service Providers have sufficient legal, organizational and technical procedures in place to protect Personal Data in accordance with applicable data protection law.
We also may provide Personal Data to government agencies and regulatory and legal authorities as required by law or regulation.
Personal Data collected and used by CEVA may reside in or be transferred to any country where CEVA conducts business. CEVA has, or will, enter into corresponding data protection agreements in accordance with applicable European Union and Swiss standards with respect to any such transfers. As noted above, we use the data entrusted to us to provide our services, or to otherwise support and engage with the individual providing the Personal Data; we do not disclose Personal Data for personal gain, nor do we sell any Personal Data entrusted to us.
CEVA is committed to complying with all local and worldwide privacy laws, and with the “safe harbor” frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland (collectively, the “Safe Harbor Framework”). For more information, visit: www.export.gov/safeharbor
CEVA’s internal and external websites may provide links to third party websites. Upon accessing these links, the CEVA website is automatically exited. CEVA controls neither the websites, nor the privacy practices, of the third parties managing these websites. The privacy practices of third party website providers may differ from CEVA’s, so we cannot endorse or make any representations about third party websites.
CEVA is a global organization, with legal entities, business processes, management structures, and technical systems that cross borders. Therefore, our privacy practices are designed to provide protection for Personal Data all over the world. CEVA takes appropriate legal, organizational, and technical measures to protect Personal Data consistent with applicable data protection law. Recognizing the importance of data security, CEVA has established an information security program and policy based on ISO 27001, an internationally recognized standard covering information security management best practices.
It is CEVA’s policy to give access to Personal Data only to those authorized employees, agents, contractors, entities and Third Party Service Providers that CEVA determines have a legitimate need to know, or have access to, the information in order to carry out their responsibilities, each of whom is held to CEVA’s standards of privacy. We also maintain physical, electronic and procedural safeguards to protect Personal Data against loss, misuse, damage, modification and unauthorized access or disclosure.
CEVA retains Personal Data we collect for reasonable periods of time, in accordance with specific policies or as required by law. Personal Data collected for a specified purpose will only be used for that purpose and, unless that information is otherwise required to be retained, after a reasonable period of time, the Personal Data will no longer be actively stored when that purpose has been fulfilled.
CEVA’s website is not intended for children under 13 and we will not knowingly collect any Personal Data from children below this age, except as permitted under applicable law.
Any individual who objects to CEVA’s collection of certain Personal Data may refuse to provide such information at the time requested. If an individual refuses to provide requested Personal Data, CEVA will advise that individual whether and how such refusal will impact CEVA’s ability to provide services or engage with that individual.
As noted above, we use Personal Data only for purposes consistent with the reason(s) such Personal Data was provided. We offer customers who provide us with Personal Data choices about receiving further communications from us. Our electronic marketing messages all have a link to use to opt out of receiving further messages. In addition, customers who wish to opt-out of receipt of our marketing messages may do so by making a written request to CEVA’s Data Privacy office (contact details available below).
Access and data integrity
CEVA welcomes amendments and updates from individuals regarding their Personal Data.
If CEVA is provided with the appropriate supporting documentation to amend Personal Data it maintains, then the appropriate CEVA entity will either amend the information or direct the person to the source of the information for amendment. Individuals may request an amendment to, or deletion of, or review of, their Personal Data, by written request directly to the employee, agent or contractor with whom the individual conducts business, or to CEVA’s Data Privacy office (contact details available below).
CEVA is committed to complying with all local and worldwide privacy laws, including the European Union’s Data Protection Directive and the United States Department of Commerce Safe Harbor framework (“Safe Harbor Framework”). For more information, visit: www.export.gov/safeharbor/
Some of the enforcement measures that CEVA undertakes include:
- Periodical compliance audits and modifications/updates of security measures.
Attention: Data Privacy Office
Siriusdreef 20, 2132 WT
Hoofddorp, The Netherlands