Meritor is committed to providing privacy protection of personal data of its employees, suppliers and customers maintained by the company. It is Meritor’s intention to comply with all local data protection regulations worldwide including the European Commission’s Directive on Data Privacy. The company will certify annually with the U.S. Department of Commerce that Meritor is in compliance with the safe harbor framework approved by the European Union. Compliance with the safe harbor framework demonstrates the adequate privacy protection required by the European Commission’s Directive.
For purpose of this Policy, the following definitions shall apply:
Personal Information: any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that is anonymous (e.g. statistical information not relating to an identifiable person).
Sensitive Personal Information: personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or information specifying the sex life of the individual.
Agent: any third party that collects and/or uses personal information provided by Meritor to perform tasks on behalf of and under the instructions of Meritor.
Processing of EEA and Swiss Personal Data:
Meritor may from time to time process certain EEA Personal Information about customers, suppliers , employees and candidates for employment, including information recorded on various media as well as electronic data.
Meritor abides by the following privacy principles, which are based on the Safe Harbor Privacy Principles.
Notice: Where Meritor collects Personal Information directly from individuals in the EEA and/or Switzerland, it will inform those individuals about the purposes for which it collects and uses Personal Information about them; the types of non-agent third parties to which Meritor discloses that information; and the choices and means, if any, Meritor offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Meritor, or as soon as practicable thereafter, and in any event before Meritor uses the information for a purpose other than that for which it was originally collected.
Choice: Meritor will offer individuals the opportunity to choose (opt-out) whether their Personal Information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Meritor will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of their Sensitive Personal Information to (a) a non-agent third party or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Meritor will provide individuals with reasonable (especially clear and conspicuous, readily available and affordable) mechanisms to exercise their choices.
Onward Transfer: Personal data transferred to third parties acting as an agent for Meritor will be required to either subscribe to the safe harbor principles or enter into a written agreement with Meritor requiring the third party to provide at least the same level of privacy protection as is required by the relevant principles.
Access: Upon request, Meritor will grant individuals reasonable access to Personal Information that it holds about them. In addition, Meritor will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Meritor may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.
Security: Meritor will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data Integrity: Personal data maintained by the company will be used for the sole purpose for which it was collected or subsequently authorized by the individual. Meritor includes tasks and procedures to keep personal data accurate, complete, and current.
Enforcement: Meritor utilizes the self-assessment approach to assure its compliance with this Policy. Meritor periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Safe Harbor principles. Meritor encourages interested persons to raise any concerns with it using the contact information below. Meritor will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy.
Any questions or concerns regarding the use or disclosure of personal information by employees should be directed to their local Human Resources representative or to the Meritor Legal Department for anyone else at the address given below. Meritor will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
With respect to any complaints relating to EEA Human Resources data and this Policy that cannot be resolved through Meritor’s internal processes, Meritor has agreed to cooperate with the data protection authorities in the EU and to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor principles. Meritor also agreed to cooperate with the Swiss FDPIC in regard to dispute resolutions concerning Swiss Human Resource data.
Complaints or disputes not relating to Human Resources data which cannot be remedied by the Meritor Legal Department should be forwarded to the Business Standards Compliance Committee located at:
2135 W. Maple Road
Troy, Michigan USA
In the event that Meritor or such Authorities determines that Meritor did not comply with this Policy, Meritor will take appropriate steps to address any adverse effects and to promote future compliance.
Meritor's adherence to these Safe Harbor Principles may be limited (a) to the extent required to comply with any applicable legal and regulatory obligation; (b) to the extent necessary to fulfill national security obligations; and (c) to the extent expressly permitted by any applicable law, rule or regulation.
Meritor complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Meritor has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Meritor's certification, please visit http://www.export.gov/safeharbor/.