Data Privacy and Protection

rev. 18 May 2018

Introduction

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation (“GDPR”) and other applicable data protection laws, regulations, and policies, Plexus International has developed our Plexus websites in accordance with appropriate and required data protection and privacy principles.  To the full extent possible, Plexus has implemented appropriate safeguards to ensure your personal data is collected only to the extent necessary to provide the product/services you request or require of us, and to reduce any personal risk to you in the unlikely event of a data breach.  We do this through industry best practices, including encryption, tokenization, pseudonymization, and more.  Plexus is also committed to providing transparent information regarding your rights related to the information we collect, including – whenever possible – the ability to review and amend any information you provide and any additional information we collected from you as a result of your use of our services.

 

Data controller

“Plexus” (referred to as “we”, “us”, “our”, Plexus International”, “Plexus Corporation” in this policy) primarily refers to Plexus Corporation. Plexus Corporation is the Data Controller of all personal information that is collected by or through our website(s) and used about Plexus’ customers.

 

Data protection officer

We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. The DPO can be contacted at dpo@plexusintl.com. You also have the right to make a complaint at any time to a supervisory authority.

 

EU representative

As Plexus is based outside of the European Union (“EU”), we have appointed a representative in a jurisdiction in which we operate to act on behalf of Plexus and deal with supervisory authorities. The Italian Data Protection Authority is the lead data protection supervisory authority for Plexus as an outside-based data controller and/or processor with our EU representative in this jurisdiction. Our EU representative can be contacted at plexus-ms.com@pec.it

 

EU Data Protection Rights

GDPR grants all EU natural persons several data protection rights.  For more information about these rights, please visit our EU Data Protection Rights page.  The policy below outlines how we will support you in exercising these rights.

 

The information we collect/process and why:

Our websites and related services collect and process needed personal information for the following reasons:

  1. So that we can provide you with the products and services you purchase or use on our website.  (In other words, it is necessary to perform our contract with you.)
  2. So that we can better understand, through statistical analysis, who visits our website and provide better products/services.
  3. So that we can provide you with recommendations on additional products/services you can purchase from us.
  4. So that we can comply with legal requirements and protect ourselves from legal liability.

We collect general aggregate telemetry data whenever anyone visits our website including:

  1. Name, organization name, billing address, email address, telephone number.
  2. IP Address, computer/web browser configuration
  3. Language preference, time zone settings
  4. Access history
  5. Any information you provide while using our products/services (such as answers to assessment questions, work files, notes, etc.)

Personal information, listed above, is processed in conjunction with your creation and use of an account with us.  Without providing us with this personal data as requested/required, you will not be able to use (or successfully use) the products and services on this website; it is a requirement necessary (1) to enter into a contract with us, (2) for us to fulfill our contract with you, and (3) for us to meet our applicable statutory requirements.

 

How we use your personal data:

In addition to allowing the proper functioning of this website, your information may be used or transmitted as follows:

  1. Your information may be reviewed, either individually or in aggregate, by members of our staff to support you and our company in the provision of products and services.
  2. Your information may be reviewed, either individually or in aggregate, by organizations that are partnered with us (e.g. industry groups, regulatory bodies, training providers, proctoring service providers, etc.) to create, support, manage, or qualify/certify the products or services we provide.
  3. Some of your information may be reviewed, either individually or in aggregate, by designated contact people at your employer charged with overseeing training/assessment activities and/or making necessary billing arrangements.
  4. Some of your information may be collected and provided to us by third-party services that collect telemetry data on our behalf.
  5. Some of your information may be transferred to our payment provider(s), associated financial institutions, and your bank, to facilitate the processing of payments.
  6. Some of your information may be provided to governmental agencies if we are legally required to do so.

If our company were to be sold or acquired, your personal data may be provided to the purchasing entity.  However, your personal information will not be shared with (except as noted above) and will not be sold to third-parties.

 

International data transfer

We are located outside of the EU and we operate servers in many countries around the world, some of which are not in the European Economic Area (“EEA”) (such as Canada and USA) and your personal information may be transferred between these servers.  While countries outside the EEA may not always have strong data protection laws, your data will be treated with the same high degree of safeguards (and in line with EU law on data protection), regardless of the country where we collect, store, or process your data.  Our partners, including payment processors and those providing telemetry services, may also operate servers around the world, but our selection of these partners is based on their compliance with the same data protection principles and legal requirements we adhere to.

 

Data retention, access, rectification, and erasure

When you create an account on this website, this account will remain active until you indicate that you wish to close it.  Data collected related to your use of products and services on this website will be retained and securely associated with your account.  When you close your account with us, we must retain certain personal information (including records of your purchases) for a period no less than seven (7) years to comply with legal and financial requirements imposed on us.  This retained information can also include a high-level summary of the courses/assessments completed with us, including scoring results achieved for the purposes of statistical analysis.  We may also securely archive this information both to ensure compliance and for aggregate statistical analysis.

To the extent possible, notwithstanding limitations related to intellectual property and our legal requirements, we will provide you with access to the information you provide in our system through the “Account” and/or “History” section(s) of our websites.  This includes the ability to download invoices generated and other similar data.  If you notice an error in the information you provide to us, or that we collected from you, we will either provide you with tools to directly correct this information through the aforementioned sections of our websites, or support you in the correction process when you contact our Customer Support Team (customersupport@plexusintl.com).

You may request to have your account closed and personal information erased by contacting our Customer Support Team (customersupport@plexusintl.com).  Notwithstanding the aspects we must preserve for legal and financial reasons, as outlined above, we will promptly remove any/all unnecessary personal data from our system within 30 days.

 

Cookies and site tracking

This site uses cookies, and other similar browser technology, to enable us to improve our service to you and to support certain essential aspects of our sites’ functionality (please view the Plexus Cookie Policy).

Cookies are small text files that are transferred to your computer's hard drive through your web browser to enable us to recognize your browser and track visitors to our site. A cookie contains an identifier that allows us to recognize your computer and/or account when you travel around our site, helping you accomplish your purchase or task. Most Web browsers automatically accept cookies, but, if you wish, you can change these browser settings by accepting, rejecting and deleting cookies. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to change these settings, you may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on your computer.

For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org. (NOTE: This is a third-party informational website not managed by Plexus or its partners.)

 

Decisions we make based on your personal information

This website does not use automated decision-making, such as profiling, based on any data provided or received external to this website.  When you complete a training course or assessment on this website, your provided information (such as selected answers to multiple-choice questions) may be automatically graded by the website.  In some cases, you may also submit assessment or project information to us (such as long-form examination answers, or work files) that will be manually reviewed and graded by authorized grading personnel.  All grading will be performed according to objective criteria established by subject matter experts in a fair and impartial manner.  You may also request an appeal of scoring decisions (whether automatic or manual) by contacting appeals@plexusintl.com.  We will perform such reviews in a fair and impartial manner and, to the extent possible, inform you of the results of said review within 10 business days.  When it is not possible to change the examination results, we will take appropriate action to remediate the situation.

 

Your rights

If you have concerns related to our application of this policy and data protection principles, we invite you to contact our DPO at dpo@plexusintl.com.  You may also contact our DPO by mail at Plexus’ Data Protection Officer, Plexus International, 5550 Nicollet Avenue, Minneapolis, MN USA 55419.  We will make every effort to remedy the situation promptly and to our mutual satisfaction.  If you live in the European Union, you also have the right to lodge a complaint with your country’s supervisory authority (per Regulation (EU) No 2016/679 Article 77).

You will not have to pay a fee to access your personal information (or to exercise any of your legal rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the unlikely event of a data breach that compromises some or all the personal information you provided on this website (including any breach that impacts processing organizations we rely on), we will notify you and applicable authorities within 72 hours of being made aware of the situation and make every effort to promptly rectify the situation.  We do not store or process sensitive personal data (such as credit card details, or other categories outlined in Regulation (EU) No 2016/679 Article 9) on our servers.

 

Notification for Revisions to this Document

This document may be updated periodically to further clarify our data protection policies and provisions.  In the event we make a change to this document that significantly impacts the personal information we process or impacts your rights as it relates to this data, we will contact all account-holders through the email address we have on file.