Privacy Shield Policy1. Introduction – FARO Technologies, Inc. (FARO) believes in protecting the privacy of its clients and its employees. FARO has adopted to abide by the rules governed by the Privacy Shield concerning the transfer of Personal Information from the European Union (EU) to the United States of America (U.S.). Accordingly, we comply with the EU-U.S. Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EU member countries.
This privacy notice outlines our general policy and practices for implementing the Privacy Shield Principles, including the types of information we gather, how we use the information, and the choices that individuals have regarding our use of and their ability to correct that information. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. This privacy notice applies to all personal information received by FARO, whether in electronic, paper or verbal format. Additionally, this notice applies to all subsidiaries and affiliates of FARO.
FARO has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, recourse, enforcement, and liability. FARO also complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. FARO also commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. By participating in the Privacy Shield, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.
2.1. “Personal Information” or “Information” means information that (1) is transferred from the EU to the U.S.; (2) is recorded in any form; (3) is about, pertains to a specific individual, and/or (4) can be used to identify an individual, either directly or indirectly.
2.2. “Sensitive Personal Information” is a subset of Personal Information and includes information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.
3.1. Notice – FARO shall inform an individual of the purpose for which it collects and uses the Personal Information, the types of third parties to which FARO discloses or may disclose that Information, and how to contact FARO with privacy concerns or requests to access their Personal Information. FARO shall also provide the individual with choice and means for limiting the uses of disclosures of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to FARO, or as soon as practicable thereafter, and in any event before FARO uses or discloses the Information for a purpose other than for which it was originally collected. Such notice may be disseminated, for example, through the provision of this EU-U.S. Privacy Shield Notice.
FARO develops and markets computer-aided measurement and imaging devices and software. The types of Personal Information that we may collect in order to provide services to our clients include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) product usage data; and (6) billing information. We collect Personal Information from our clients for various purposes, which include, but are not limited to: (1) providing our services to our clients; (2) communicating with our clients regarding the provision of services to them; (3) completing transactions for services rendered; (4) providing software and firmware updates; and (5) marketing our products and services.
3.2. Employee Personal Information – FARO also collects Personal Information from our employees, which include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) national identification numbers; and (6) payroll information. FARO collects personal information from its employees in order to perform human resources functions, including, but not limited to, providing compensation, insurance and other benefits, and employee management-related services.
3.3. Choice – When required by the Privacy Shield, FARO will offer individuals the opportunity to opt out of (1) disclosures of Personal Information to a third party, or (2) our use of Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Regarding Sensitive Personal Information, FARO will give individuals the opportunity, when applicable, to affirmatively or explicitly consent (i.e., provide opt-in consent) to (1) the disclosures of Sensitive Personal Information to a third party, or (2) our use of Sensitive Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. FARO shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
3.4. Accountability for Onward Transfers – We are potentially responsible in cases of onward transfers of Personal Information to third parties, such as when third parties that act as agents on our behalf process Personal Information in a manner inconsistent with the Privacy Shield Principles. FARO shall ensure that any third party to which Personal Information may be disclosed subscribes to the Privacy Shield Principles or will provide the same level of privacy protection as is required by the Privacy Shield Principles and agree in writing to provide an adequate level of privacy protection.
We may transfer Personal Information we collect from our clients to third-party agents, or service providers, who perform functions on our behalf, such as third parties who process payments for clients or third parties who conduct marketing activities for FARO.
We may also transfer Personal Information we collect from our employees to third-party agents, or service providers, who perform human resources functions on our behalf, such as third parties who process our employees’ compensation or benefits information.
At this time, we do not transfer Personal Information to unaffiliated third parties acting as data controllers. If we choose to begin transferring your Personal Information to such third parties, we will notify you by updating this Privacy Shield Policy and comply with the applicable Privacy Shield Principles with respect to disclosures to such third parties.
Please be aware that in rare situations, it may be necessary to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
3.5. Data Security – FARO shall only process Personal Information in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, FARO shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
3.6 Data Integrity – FARO shall only process Personal Information in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, FARO shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
3.7 Access – An individual has the right to obtain FARO’s confirmation of whether we maintain Personal Information relating to him or her. Upon request, we will provide an individual with access to the individual’s Personal Information within a reasonable time period. If an individual becomes aware that personal information we maintain about that individual is inaccurate, or if an individual would like to update, delete, or review his or her personal information, the individual may contact us using the contact information below. In addition, we may limit or deny access to personal information where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, where the rights of persons other than the individual would be violated, or for other reasons permitted by the Privacy Shield. If FARO determines that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
3.8 Recourse, Enforcement, and Liability – FARO uses a self-assessment approach to assure compliance with this privacy notice and periodically verifies that the notice is accurate, comprehensive for the Personal Information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Privacy Shield Principles. We encourage interested individuals or employees to raise any complaint about our privacy practices or our compliance with this notice using the contact information provided, and we will investigate and attempt to resolve any such complaints.
With respect to privacy complaints filed by our employees, we agree to participate in independent dispute resolution with the E.U. data protection authorities (DPAs). We will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and we agree to comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles. FARO utilizes the United States Council for International Business (USCIB) as its DPA. Contact information for USCIB can be found at http://www.uscib.org/contact-uscib-ud-724/.
FARO is also further committed to referring unresolved Privacy Shield complaints to the United States Council for International Business (USCIB), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.uscib.org/contact-uscib-ud-724/ for more information or to file a complaint. The services of USCIB are provided at no cost to you.
Please note that if a complaint filed by either an individual or an employee is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
4. Amendments – This privacy notice may be amended from time to time consistent with the requirements of the Privacy Shield Principles. FARO will post any revised notice on this website. FARO is committed to following the Privacy Shield Principles for all Personal Information within the scope of the EU-U.S. Privacy Shield framework. However, certain information is subject to policies of FARO that may differ in some respects from the general policies set forth in this privacy notice by requiring enhanced privacy protections for that information.
5. Contact Information – To request access to Personal Information, raise questions or concerns about FARO’s Privacy Shield Notice, or file a privacy complaint, an individual may contact us at the following mailing address or email address. Also, in compliance with the Privacy Shield Principles, FARO commits to resolve complaints about our collection or use of your personal information and European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact FARO at:
FARO Technologies, Inc.
Attention: Brooke Blake
Director, Internal Audit and Chief Compliance Officer
125 Technology Park
Lake Mary, FL 32746
Effective Date – This policy was placed in effect on September 29, 2016 and revised in June 2019.