此隐私声明由牛津仪器股份公司及其子公司(“我们”)发布。
我们尊重您的隐私,并致力于保护您的个人数据。
此隐私声明旨在说明我们如何保管您的个人数据、确认您的隐私权并概述法律给予您的保护。本声明适用于我们使用、收集和处理您的个人数据时的所有情形,无论您是因为访问我们的网站(无论您从哪里访问)、社交媒体平台、系统和应用,或是采购我们的商品或服务、参与我们的尽职调查,还是因为成为我们的合作伙伴或供应商而与我们互动。
请花时间阅读此隐私声明,包括下面的特定国家和活动部分,仔细了解我们将如何使用您的个人数据。
下文中使用的某些术语的含义请参见附表。
我们作为雇主,在与我们的员工和工作人员互动时,适用另外的隐私声明。员工和工作人员可通过我们的内部网站访问该隐私声明,也可直接向公司人力资源部索取。
我们致力于在涉及使用您的个人数据的所有活动中遵循以下良好实践原则:
此隐私声明旨在提供有关我们如何收集和处理您的个人数据的信息,包括您在注册我们的时事通讯、购买产品或服务、参加活动或竞赛、填写联系支持表、填写尽职调查表、提供身份证明文件、请求定价或报价,或从我们的网站下载文档时可能提供的任何数据。
请注意,本隐私声明必须与我们在收集或处理您的个人数据时的特定场合可能提供的任何其他隐私通知、政策或公平处理通知一并阅读,以便您充分了解我们如何以及为什么使用您的数据。
此隐私声明是对其他通知的补充,并不替代其他通知。
牛津仪器股份公司由不同的法人实体组成,详细信息可在此查看。作为一家全球性公司集团,我们拥有许多跨境业务流程、规程、应用程序、系统和管理制度。
此隐私声明是代表牛津仪器集团发布的,因此当其中提到“牛津仪器”、“我们”或“我们的”时,指的是负责处理您数据的牛津仪器集团中的相关公司。
牛津仪器股份公司是我们主网站(oxinst.com)的数据控制者。牛津仪器法律实体是数据控制者并负责收集和使用您的个人数据,将决定收集哪些数据、如何使用数据、数据存储多长时间以及与谁共享数据,具体取决于您与我们的关系。例如,如果您是我们的客户、供应商、代理商、经销商或业务合作伙伴,或为其工作,则数据控制者是您与之开展业务的牛津仪器法律实体。此信息可在您收到的报价、订单确认书、发票、采购订单或您与我们签订的协议中查看,也可向您的牛津仪器股份公司联系人索取。
我们已任命一名数据隐私经理,负责监管与此隐私声明相关的问题。如果您对此隐私声明有任何疑问,包括对行使您可能享有的任何合法权利的任何请求,请使用下文的详细信息与我们联系。此外,下文中的国别部分也包含我们的联系详情,以便您就所在国的数据隐私问题联系我们的当地团队。
个人数据(也称为个人信息)是指关于个人的、可藉以识别此人的任何信息。但不包括匿名化处理后的数据(匿名数据)。
我们可以收集、使用、存储和传输您的各种个人数据,包括以下几类:
此外,我们还收集、使用和共享汇总数据,例如用于任何目的的统计或人口统计数据。汇总数据可能来自您的个人数据,但不会直接或间接地显示您的身份。例如,我们可能会汇总您的使用数据,以计算访问特定网站功能的用户百分比。
但是,如果我们将汇总数据与您的个人数据合并或关联而使其可以直接或间接对您作出识别,我们会将合并后的数据视为个人数据,并仅根据此隐私声明使用该等数据。
我们不会故意收集任何有关您的特殊类别个人数据(包括有关种族或族裔、宗教或哲学信仰、性生活、性取向、政治观点、工会会员、健康信息以及遗传和生物特征数据的详细信息)。我们也不会收集任何有关刑事定罪和违法行为的信息,除非我们的第三方尽职调查流程中有特殊要求(且法律允许)。
我们使用不同的方法收集来自您的以及与您相关的数据,包括:
我们只在法律允许的情况下才会使用您的个人数据。通常情况下,我们将在以下情况下使用您的个人数据:
一般来说,我们不依赖您的同意作为处理您的个人数据的法律依据,但我们自己和/或第三方向您进行某些直接营销通信的情况除外——详情请参阅下方的“直接营销与选择退订”选项卡。您有权随时联系我们撤销对该营销形式的同意。
我们在下文表格中描述了我们可以使用您的个人数据的所有方式,以及允许我们如此行事的法律依据。我们也确定了我们有哪些合法利益属于适当情况,以及我们依法获得允许使用此法定依据的情况。
请注意,根据我们使用您的个人数据的具体目的,我们可以依据多个法定事由处理您的个人数据。对于下表中列出多项事由的情况,如果您需要了解我们处理您的个人数据所依据的具体法定事由的详细信息,请与我们联系。
目的/活动 |
数据类型 | 处理个人数据的法定依据,包括合法利益的依据 |
将您注册为新客户或老客户,或准备与您签订合同 | (a) 身份 (b) 联系方式 |
履行与您之间的合同 |
处理和交付您的订单,包括: (a)管理付款、费用和收费 (b)收取和收回欠我们的款项 (c)提供客户服务 (d)进行维修 处理我们给您的订单,包括: (a)付款、支付费用和手续费 (b)请求客户服务 (c)请求维修 |
(a) 身份 (b) 联系方式 (c) 财务 (d) 交易 (e) 营销和通信 |
(a) 履行与您之间的合同 (b) 为了我们的合法利益(收回欠我们的债务)所必需的 |
管理我们与您的关系,包括:
(a)通知您有关我们条款或隐私政策的变更 (b)邀请您留下评论或接受调查 |
(a) 身份 (b) 联系方式 (c) 个人资料 (d) 营销和通信 |
(a) 履行与您之间的合同 (b) 履行法定义务所必需的 (c) 为了我们的合法利益(保持我们的记录更新和研究客户如何使用我们的产品/服务)所必需的 |
使您能够参加抽奖、比赛或完成调查 | (a) 身份 (b) 联系方式 (c) 个人资料 (d) 使用情况 (e) 营销和通信 |
(a) 履行与您之间的合同 (b) 为了我们的合法利益(研究客户如何使用我们的产品/服务,开发产品/服务,以及发展我们的业务)所必需的 |
管理和保护我们的业务和本网站(包括故障排除、数据分析、测试、系统维护、支持、报告和数据托管) |
(a) 身份 (b) 联系方式 (c) 技术 |
(a) 为了我们的合法利益(为经营我们的业务、提供行政和IT服务、网络安全、防止欺诈,以及在业务重组或集团重组操作方面)所必需的 (b) 履行法定义务所必需的 |
向您提供相关的网站内容和广告,并衡量或了解我们为您提供的广告的有效性 |
(a) 身份 (b) 联系方式 (c) 个人资料 (d) 使用情况 (e) 营销和通信 (f) 技术 |
为了我们的合法利益(研究客户如何使用我们的产品/服务,开发产品/服务,发展我们的业务,以及告知我们的营销战略)所必需的 |
使用数据分析来改进我们的网站、产品/服务、营销、客户关系和体验,并预测库存管理情况 |
(a) 技术 (b) 使用 |
|
向您建议或推荐您可能感兴趣的商品或服务 |
(a) 身份 (b) 联系方式 (c) 技术 (d) 使用情况 (e) 个人资料 |
为了我们的合法利益(开发我们的产品/服务、发展我们的业务)所必需的 |
授权您作为我们的供应商、合作伙伴、经销商或代理商,代表我们行事或准备与我们签订合同。 |
(a) 身份 (b) 联系方式 (c) 财务 (d) 交易 (e) 个人资料 (f) 营销和通信 |
(a) 履行与您之间的合同
(b) 履行法定义务所必需的
(c) 为了我们的合法利益所必需的 |
我们只会将您的个人数据用于我们收集这些数据的目的,除非我们合理地认为需要基于其他原因使用这些数据,并且该原因与初始目的是相符的。如果您希望获得关于新目的与原始目的如何兼容的处理说明,请联系我们。
如果我们需要将您的个人数据用于不相关的目的,我们会通知您,并解释允许我们这样做的法律依据。请注意,在法律要求或允许的情况下,我们可以在您不知情或未经您同意的情况下,根据上述规则处理您的个人数据。
如果我们需要依照法律或根据与您签订的合同条款收集个人数据,并且如果您未应请求提供该数据,我们可能会无法履行我们已经或正在尝试与您签订的合同(例如,为您提供商品或服务)。在这种情况下,我们可能必须取消您与我们签订的产品或服务订单,但如果当时发生该情况的话,我们将会通知您。
为了上表中所述目的,我们可能需要与下述各方共享您的个人数据。
我们要求所有第三方尊重您的个人数据的安全性,并依法处理个人数据。我们不允许我们的第三方服务提供商将您的个人数据用于其自身目的,并且仅允许他们根据我们的指示处理您的个人数据以达到指定目的。
我们是一家全球性的公司集团,我们使用跨境内部第三方和外部第三方来帮助我们经营业务。我们的一些内部和外部第三方位于收集您的个人数据所在国家的境外,因此您的个人数据可能会由内部和外部第三方在海外处理。我们遵循适用的法律要求,以便在个人数据被传输到海外时保护其安全。
我们已落实适当的安全措施,防止您的个人数据发生意外丢失、使用或被擅自访问、更改或披露。
此外,我们还限制那些出于业务需要而了解您的个人数据的员工、代理人、承包商和其他第三方访问该等数据。他们只能根据我们的指示处理您的个人数据,并且须承担保密义务。
我们已落实各项规程,以处理任何涉嫌的个人数据违规行为,并将按法律要求将违规行为通知您和任何适用的监管机构。
我们将使用技术和组织措施来保护您的个人数据。
特别是以下措施:
虽然我们将尽商业上合理的努力来保护您的个人数据,但您需承认,互联网的使用并不完全安全,因此我们无法保证通过互联网自您或向您传输的任何个人数据的安全性或完整性。
我们保留个人数据的时间取决于我们实现收集这些数据的目的所需的时间,包括满足任何法律、会计或报告要求等目的。
当地法律可能要求我们必须在一段特定时间内保留有关您的基本信息。例如,如果您是我们的客户或为其工作,则我们必须在您购买日期后将您的个人数据(包括联系方式、身份信息、财务和交易数据)保留一定年限。例如,在英国须保留六年。
为了确定个人数据的适当保留期,我们会考虑个人数据的数量、性质和敏感性、擅自使用或披露您的个人数据可能造成的损害风险、我们对您的个人数据进行处理的目的、我们能否通过其他方式实现这些目的,以及适用的法律要求。
在某些情况下:
我们可能会出于质量保证、培训、欺诈预防和合规的目的监控并记录与您的通信(如电子邮件)。
为了使我们和集团其他子公司能够对您和您所在的组织做出信用决策,并且出于预防欺诈和反洗钱目的,我们可能会搜索信用评级和欺诈预防机构的文件(他们将记录该搜索)。
我们可能会向此类机构披露您的账户操作信息。其他授信方可能会将这些信息用于对您和与您有财务联系的组织作出信用决策、防止欺诈、债务人追踪以及反洗钱等目的。如果您提供不实或不准确的信息,并且我们怀疑存在欺诈行为,我们将对此进行记录。
如果您代表他人向我们提供信息,您应确认对方已指定您代表其行事,并同意您可以:
当地法律为您提供了有关您个人数据的某些其他权利。有关您根据当地(如欧洲经济区、瑞士、英国、巴西、日本、澳大利亚、美国或中国)法律可能享有的具体权利以及如何行使该等权利的更多信息,请参阅下方的国别隐私声明。
我们将根据适用的当地法律,做出合理努力,以便及时响应您的请求。当您联系我们时,我们可能会要求您向我们提供信息以验证您的身份,从而协助处理您的请求。如果您无法向我们提供此信息,我们可能无法处理您的请求和/或我们的响应可能会延迟。
我们欢迎您的反馈和问题。
如需联系我们,请发送电子邮件至privacy@oxinst.com,或将书信寄至以下地址:Group Data Privacy Manager, Tubney Woods, Abingdon, Oxon OX13 5QX, UK。
我们的某些国别隐私声明中也包含了具体联系信息,以便您就所在国的隐私问题联系我们的当地团队。以下是部分国家关于隐私问题的特定电子邮件地址,供您使用:
中国 - PrivacyCN@oxinst.com。
日本 - PrivacyJP@oxinst.com。
美国 - PrivacyUS@oxinst.com。
澳大利亚 - PrivacyAU@oxinst.com。
您有权随时向相关监管机构投诉。详细信息请参阅下方的国别隐私声明。
然而,在您联系相关监管机构之前,我们非常希望有机会处理您的关注问题,因此请首先与我们联系。
我们可能会不时更改本隐私声明。您应不时查看本隐私声明,以确保您知悉最新版本。这适用于您对我们的网站、属于或由我们使用的社交媒体平台、系统和应用程序的每一次访问。如需历史版本,请联系我们索取。
请注意,我们必须确保所掌握的关于你的个人数据是准确和最新的。如果在您与我们的关系存续期间,您的个人数据发生变化,请随时通知我们。
请展开各个选项卡,查看各项活动的相关隐私声明。这些特定活动隐私声明是对其他通知的补充,并不替代其他通知。
本节适用于我们根据在英国保留执行的欧盟法律版本《通用数据保护条例(EU)2016/679》和2018年《数据保护法案》(“英国版GDPR”)、《通用数据保护条例(EU) 2016/679》(“欧盟GDPR”)、《瑞士联邦数据保护法案》(“FDPA”),以及这些国家境内的其他适用的地方法律,处理欧洲经济区、英国和瑞士居民的个人数据,并构成对上述通用隐私声明的补充。
我们的一些内部和外部第三方的总部位于欧洲经济区、瑞士和/或英国境外,因此他们处理您的个人数据将涉及在这些国家境外传输数据。我们遵循适用的法律要求,以保障在这些国家境外传输的您的个人数据的安全性。
如果您位于欧洲经济区、瑞士或英国境内,在某些情况下,您可能根据适用的数据保护法享有与您的个人数据相关的一些权利,例如:
如果您想行使上述任何权利,请与我们联系。
您不必为访问您的个人数据(或行使任何其他权利)支付费用。但是,如果您的请求明显缺乏根据、重复或过多,我们可能会收取合理的费用。或者,在这种情况下,我们可能会拒绝满足您的请求。
我们会尽力在一个月内响应所有合法请求。有时,如果您的请求特别复杂,或者您提出了多个请求,则可能需要更长时间。在这种情况下,我们将通知您并随时让您了解最新状态。
我们可能需要向您请求特定信息,以帮助我们确认您的身份,并确保您有权访问您的个人数据(或行使您的任何其他权利)。这是一项安全措施,旨在确保不会把个人数据泄露给任何无权接收个人数据的人。
我们还可能会联系您,向您询问有关您的请求的更多信息,以便加快我们的响应速度。
如果您想行使上述任何权利,您应:
如果您希望我们停止出于直销目的处理您的个人数据,您应:
如果您收到来自牛津仪器不同业务单位销售的不同产品线的电子邮件,请使用每封电子邮件中的选择退订功能,以确保您取消订阅所有产品线。
根据英国版《通用数据保护条例》,适用于个人数据处理的监管机构是信息专员办公室(ICO)(www.ico.org.uk)。
根据欧盟《通用数据保护条例》处理个人数据的相关监管机构的详细信息可在此查阅。
根据《联邦数据保护法》处理个人数据的相关监管机构是瑞士联邦数据保护和信息专员 (DPIC)(www.edoeb.admin.ch)。
代表
我们有许多位于英国境外的法人实体,负责为英国境内的数据主体提供商品和服务。《通用数据保护条例》他们各自根据英国版指定了一家英国代表。我们有许多位于欧盟以外的法律实体,负责为欧盟境内的数据主体提供商品和服务。他们各自根据欧盟《通用数据保护条例》指定了一家欧盟代表。
Oxford Instruments GmbH(牛津仪器有限责任公司)是以下公司指定的欧盟代表:Oxford Instruments plc(牛津仪器股份公司)、Oxford Instruments Industrial Products Limited(牛津仪器工业产品有限公司)、Oxford Instruments Nanotechnology Tools Limited(牛津仪器纳米技术工具有限公司)、安道尔科技有限公司、Oxford Instruments Overseas Marketing Limited(牛津仪器海外营销有限公司)、Oxford Instruments Asylum Research, Inc.(牛津仪器Asylum Research公司)、Oxford Instruments X-Ray Technology, Inc.(牛津仪器X射线技术公司)、Bitplane股份公司。
Oxford Instruments plc(牛津仪器股份公司)是以下公司指定的英国代表:Oxford Instruments Asylum Research, Inc.(牛津仪器Asylum Research公司)、Oxford Instruments X-Ray Technology, Inc.(牛津仪器X射线技术公司)、Bitplane股份公司、WITec Wissenschaftliche Instrumente und Technologie GmbH。
本涵盖我们收集、持有、使用和披露您的个人信息的方式,这些个人信息与您使用我们的网站和属于我们或由我们使用的其他社交媒体平台、系统以及应用程序有关。
我们的网站、平台、系统和应用程序不是针对儿童的,我们不会故意收集与儿童相关的数据。
我们的网站可能包括指向第三方网站、插件和应用程序的链接。单击或启用这些链接可能会允许第三方收集或共享有关您的数据。我们不控制这些第三方网站,也不对其隐私声明负责。当您离开我们的网站时,我们建议您阅读您访问的每个网站的隐私通知。
Cookies - 我们可能会使用Cookies和类似跟踪技术来监控您对网站的使用。例如,我们可能会监控您的访问次数、访问页面、流量数据、位置数据以及用户互联网服务提供商的原始域名。这些信息有助于我们建立用户档案,并为用户提供更多相关信息。其中一些数据将成为汇总或统计数据,这意味着我们将无法识别您的个人身份。
您可以将浏览器设置为拒绝全部或部分浏览器Cookies,或在网站设置或访问Cookies时提醒您。请注意,如果您禁用或拒绝Cookies,我们网站的某些功能可能会无法访问或无法正常运行,但您仍然可以购买产品和/或服务。
我们和谷歌等第三方使用Cookies或其他第三方标识符来编译我们的广告数据。我们还可能使用再营销在其他网站上投放广告。例如,Google将根据您对我们网站的历史访问记录,在您访问的其他网站上显示我们的广告,以确保您收到与您相关的广告。
关于我们使用cookies的更多信息,请参阅我们的Cookie政策。
本节涵盖我们收集、持有、使用和披露您的个人信息的方式,这些个人信息与您使用我们的网站和属于我们或由我们使用的其他社交媒体平台、系统以及应用程序有关。
我们的网站、平台、系统和应用程序不是针对儿童的,我们不会故意收集与儿童相关的数据。
我们的网站可能包括指向第三方网站、插件和应用程序的链接。单击或启用这些链接可能会允许第三方收集或共享有关您的数据。我们不控制这些第三方网站,也不对其隐私声明负责。当您离开我们的网站时,我们建议您阅读您访问的每个网站的隐私通知。
Cookies - 我们可能会使用Cookies和类似跟踪技术来监控您对网站的使用。例如,我们可能会监控您的访问次数、访问页面、流量数据、位置数据以及用户互联网服务提供商的原始域名。这些信息有助于我们建立用户档案,并为用户提供更多相关信息。其中一些数据将成为汇总或统计数据,这意味着我们将无法识别您的个人身份。
您可以将浏览器设置为拒绝全部或部分浏览器Cookies,或在网站设置或访问Cookies时提醒您。请注意,如果您禁用或拒绝Cookies,我们网站的某些功能可能会无法访问或无法正常运行,但您仍然可以购买产品和/或服务。
我们和谷歌等第三方使用Cookies或其他第三方标识符来编译我们的广告数据。我们还可能使用再营销在其他网站上投放广告。例如,Google将根据您对我们网站的历史访问记录,在您访问的其他网站上显示我们的广告,以确保您收到与您相关的广告。
关于我们使用cookies的更多信息,请参阅我们的Cookie政策。
本节涵盖我们对与我们第三方尽职调查流程相关的个人信息进行收集、持有、使用和披露的方式。
为了帮助我们决策是否与个人或公司开展业务,我们会使用筛查工具来执行尽职调查流程。这包括使用公开信息和向我们提供的个人信息,以识别与任何第三方开展业务的潜在风险。
我们在尽职调查过程中会处理个人数据,以确保我们只与值得信赖的第三方开展业务。此外,我们的目的还包括确保遵循适用的法律、法规以及我们的商业行为与道德规范准则。
处理哪些个人数据?
在尽职调查过程中,我们可能会处理的关于您或您所在公司的个人数据的类型包括:
1.您的详细联系方式:例如,您的姓名及电子邮件地址(以便向您发送我们的尽职调查问卷,并与您沟通尽职调查问卷填写事宜)。
2.在尽职调查问卷中,我们可能会询问:
a)贵司知名人士的姓名:(即贵司的所有者、董事会成员、首席执行官、首席财务官和首席运营官)。
b)存续和注册证明:(公司注册文件可能包括姓名、家庭住址和出生日期等个人数据)。
c)与我们开展业务所需的相关执照或许可证的详细信息和副本,可能包括照片、姓名和出生日期。我们建议删除或划掉与我们核实您的执照或许可证无关的任何个人信息。
d)身份证明文件,例如:护照、驾驶执照或身份证。
e)针对贵司、贵司所有者、董事会成员、首席执行官、首席财务官和首席运营官的任何刑事定罪、处罚或制裁的相关证明。
3.我们可能会使用第三方筛查工具来筛查我们考虑与之开展业务的公司或个人。这包括对照公开信息(例如,公共登记册、制裁名单、监管来源、媒体和其他法律来源(如公开的法院案例)中包含的信息)核对您向我们提供的信息。
我们可能会使用您的姓名以及我们能够获得的其他个人数据,例如:中间名、别名、电子邮箱、出生日期、性别、职务、雇主、详细地址、国籍,特殊情况下还会使用您的社会保障号码或税号(仅在适用法律允许的范围内使用后者)。
筛查工具可显示被搜索公司的记录,以及与该公司有关联的个人,例如其首席执行官或首席财务官(如果这些信息是公开的)。
谁有权访问我的个人数据?
牛津仪器内部访问您的个人数据
您的个人数据可供与您有业务往来的牛津仪器法人实体及其母公司Oxford Instruments plc(牛津仪器股份公司)的合规部门使用。我们会限制这些公司对您的个人数据的访问:您的个人数据将仅供有业务需要的人访问,并且仅限于满足上述指定目的。牛津仪器内部有权访问您的个人数据的人员都接受过数据保护和数据处理方面的培训,并受合同保密义务的约束。
我们还会使用防火墙、加密技术和安全服务器等技术措施来保护您的个人数据。
第三方访问您的个人数据
我们收集的个人信息将用于内部业务流程,以决定是否与您或您所在的公司建立业务关系。但我们也使用第三方筛查工具。
为了上表中所述目的,我们可能需要与第三方(参阅上文的“披露您的个人数据”部分)共享您的个人数据。如果第三方有权访问个人数据,我们将采取适当的安全措施来保护这些信息。例如,如果您的个人数据被传输到欧洲经济区之外的国家/地区,而该国家/地区没有提供足够的个人数据保护措施,那么我们将提供适当保障(例如,签订含有欧盟委员会采用的标准数据保护条款的合同)。
我们可能偶尔需要通过外包给专业的第三方公司进行额外筛查。必要时,我们可能会与我们的专业顾问共享个人数据,例如在发生争议或法律问题时。此外,我们还可能需要根据适用法律向政府和监管机构以及其他第三方披露信息(例如,遵循法院命令或监管机构的要求)。
如需了解我们为保护个人数据传输而采取的适当安全措施,请发送电子邮件至privacy@oxinst.com。
个人数据将被保留多长时间?
我们保留个人数据的时间取决于我们实现收集这些数据的目的所需的时间,包括满足任何法律、会计或报告要求等目的。
当地法律可能要求我们在一段特定时间内保留您的个人信息。例如,在英国,我们需要将您的个人数据(包括联系方式、身份、财务和交易数据)保留六年。个人数据也可能会保留更长时间,例如在法律法规要求保留更长时间或在发生(潜在)法律纠纷需要保留更长时间的情况下。
您的权利
您根据适用数据保护法享有的具体权利取决于哪些法律适用于您个人。如需更多关于您的权利的信息,请点击下方特定国家的选项卡,或通过privacy@oxinst.com联系我们。
请展开各个选项卡,查看各个国家的相关隐私声明。
This section applies to our processing of personal data of individuals in the EEA, UK and Switzerland pursuant to the retained EU law version of the General Data Protection Regulation (EU) 2016/679 in the UK and the Data Protection Act 2018 (“UK GDPR”), the General Data Protection Regulations (EU) 2016/679 (“EU GDPR”), the Swiss Federal Data Protection Act (“FDPA”), and other applicable local legislation in these territories, and supplements our general privacy statement above.
Some of our Internal Third Parties and External Third Parties are based outside the European Economic Area (EEA), Switzerland and/or the UK so their processing of your personal data will involve a transfer of data outside these territories. We comply with applicable legal requirements to safeguard your personal data transferred outside of the these territories.
If you are located in the EEA, Switzerland or the UK, under certain circumstances, you may have rights under the applicable data protection laws in relation to your personal data, such as:
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
If you wish to exercise any of these rights, you should therefore:
If you wish us to stop processing your personal data for direct marketing purposes, you should:
If you receive emails from different product lines sold by different Oxford Instruments’ business units, please use the opt-out functionality in each email to be sure you are unsubscribed from all.
The supervisory authority applicable for personal data processing pursuant to the UK GDPR is the Information Commissioner's Office (ICO) (www.ico.org.uk).
The details of the relevant supervisory authorities for personal data processing pursuant to the EU GDPR is available here.
The relevant supervisory authority for personal data processing pursuant to the FDPA is the Swiss Federal Data Protection and Information Commissioner (DPIC) (www.edoeb.admin.ch)
Representatives
Our legal entities located outside the UK who offer goods and services to data subjects within the UK have each appointed a UK representative for the purposes of the UK GDPR. Our legal entities located outside the EU who offer goods and services to data subjects within the EU have each appointed an EU representative for the purposes of the EU GDPR.
Oxford Instruments GmbH is the appointed EU representative for: Oxford Instruments plc, Oxford Instruments Industrial Products Limited, Oxford Instruments Nanotechnology Tools Limited, Andor Technology Limited, Oxford Instruments Overseas Marketing Limited, Oxford Instruments Asylum Research, Inc., Oxford Instruments X-Ray Technology, Inc., Bitplane AG
Oxford Instruments plc is the appointed UK representative for: Oxford Instruments Asylum Research, Inc., Oxford Instruments X-Ray Technology Inc., Bitplane AG, WITec Wissenschaftliche Instrumente und Technologie GmbH
本节适用于我们根据《中华人民共和国个人信息保护法》(以下简称《个人信息保护法》)处理中国居民的个人数据(“中国数据”),并构成对上述通用隐私声明的补充。
我们并不将合法利益作为处理您在中国的个人数据的法定依据——上表中就我们如何处理您的个人数据列出的其他合法依据适用于我们在中国处理您的个人数据。
如据《个人信息保护法》,您的财务数据可能被视为敏感的个人数据。我们严格按照适用的中国法律并且仅出于以下目的处理此类数据:
如果因合并、分立、解散、宣告破产或其他原因有必要传输个人数据,我们将通知您接收人的姓名和联系方式。接收人在处理个人数据时应遵循本隐私声。
我们是一家全球性的公司集团,我们使用跨境内部第三方和外部第三方来帮助我们经营业务。出于本隐私声明中上文所述的目的,我们与中国境外的内部和外部第三方签订个人信息出境标准合同后,我们可能会将您的个人数据传输至中国境外的内部和外部第三方。您作为个人信息出境标准合同的第三方受益人,有权要求向您提供个人信息出境标准合同的副本以及行使其他权利。
我们将利用合法的跨境传输机制将您的个人数据传输到海外,并采取必要措施,确保海外接收者能够按照中国适用法律的要求提供同等程度的保护。
如发生安全事件,我们会立即采取补救措施,并按适用法例规定,通知有关政府部门及受影响的员工。
如果您位于中国境内,在某些情况下,您可能根据适用的数据保护法享有与您的个人数据相关的一些权利,例如:
如果您想行使上述任何权利,请与我们联联。
我们会尽力及时回复合法请求。有时,如果您的请求特别复杂,或者您提出了多个请求,则可能需要更长时间。在这种情况下,我们将通知您并随时让您了解最新状态。
我们可能需要向您请求特定信息,以帮助我们确认您的身份,并确保您有权访问您的个人数据(或行使您的任何其他权利)。这是一项安全措施,旨在确保不会把个人数据泄露给任何无权接收个人数据的人。
我们还可能会联系您,向您询问有关您的请求的更多信息,以便加快我们的响应速度。
如果您想行使上述任何权利,您应:
如果您希望我们停止出于直销目的处理您的个人数据,您应
如果您收到来自牛津仪器不同业务单位销售的不同产品线的电子邮件,请使用每封电子邮件中的选择退订功能,以确保您取消订阅所有产品线。
如吐需就中国的数据隐私问题联系我们,您可以发送电子邮件至PrivacyCN@oxinst.com。
对于于中国数据,中国的数据保护机构是中央网络安全和信息化委员会办公室员 (www.cac.gov.cn)。
This section applies to our processing of personal data of individuals in Brazil pursuant to Brazilian data protection law, Federal Law No. 13,709/2018 Lei Geral de Proteção de Dados Pessoais (the “LGPD”), and supplements our general privacy statement above (“Brazilian Data”).
Our privacy notice explains what personal data (which includes Brazilian Data) we collect, and how and why we use it. We only process Brazilian Data when we have a legal basis for the processing, such as in order to fulfil a contract with you, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or where we need to comply with a legal or regulatory obligation. Generally, we do not rely on your consent as a legal basis for processing your personal data other than in relation to some direct marketing communications to you from ourselves and/or third parties. You have the right to withdraw consent to that form of marketing at any time by contacting us.
As noted in our privacy notice, we may share Brazilian Data for the purposes set out above with Internal Third Parties and External Third Parties as set out in the Schedule. As permitted by the LGPD, we may also share Brazilian Data in connection with the sale of business assets or as required by law.
Brazilian Data may be processed outside of Brazil in countries which may not have equivalent privacy or data protection laws but will be processed with appropriate safeguards in place in compliance with the LGPD.
We retain Brazilian Data for as long as the information is needed for the purposes set forth above and for any additional period that may be required or permitted by law.
We respect the rights of Brazilian residents to access, correct and request erasure or restriction of their personal data as required by LGPD. Subject to some limitations as provided by LGPD, this means:
If you wish to exercise your rights, please send an email to privacy@oxinst.com or you can write to us at Attention: Group Data Privacy Manager, Tubney Woods, Abingdon, Oxon OX13 5QX, UK.
The data protection authority in Brazil for Brazilian Data is the Autoridade Nacional de Proteção de Dados or the “ANPD”.
This section applies to residents within certain states of the USA and supplements our general privacy statement above.
Effective Date: 1st January 2023
Last Updated: 1st January 2022
If you are located in the states of Colorado, Connecticut, Virginia and Utah you have specific rights.
You have the right to:
To exercise any of these rights please send an email to privacyUS@oxinst.com, FAO: Legal Counsel or call the following toll-free number: 800-447-4717. To appeal a decision regarding a consumer rights request send an email addressed to the Oxford Instruments Group Data Privacy Manager at privacy@oxinst.com within 7 days of the date of the decision.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: privacyUS@oxinst.com, FAO: Legal Counsel or call the following toll-free number: 800-447-4717. However, please know we do not currently sell data triggering that statute's opt-out requirements.
If you are located within the state of California, the following is applicable to you and is in compliance with the California Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA) 2022.
Our website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:
In particular, our website has collected the following categories of personal information from consumers within the last twelve (12) months:
Category |
Examples |
Collected |
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
YES |
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
NO |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO |
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
G. Geolocation data. |
Physical location or movements. |
YES |
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
YES |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
NO |
K. Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
Our website obtains the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
Personal Information Category |
Category of Third-Party Recipients |
|
Business Purpose Disclosures |
Sales |
|
A: Identifiers. |
Operating system and platforms; Social networks; Service providers; Affiliates; Parent or Subsidiary Organizations; Sales Representatives |
NONE |
B: California Customer Records personal information categories. |
Operating system and platforms; Social networks; Service providers; Affiliates; Parent or Subsidiary Organizations; Sales Representatives |
NONE |
C: Protected classification characteristics under California or federal law. |
NONE |
NONE |
D: Commercial information. |
Affiliates; Operating system and platforms; Advertising networks; Government entities; Social networks; Service providers; Parent or Subsidiary Organizations; Sales Representatives |
NONE |
E: Biometric information. |
NONE |
NONE |
F: Internet or other similar network activity. |
Advertising networks; Internet service providers; Data analytic providers; Internet cookies data recipients; Service providers; Parent or Subsidiary Organizations |
NONE |
G: Geolocation data. |
Data analytic providers; Internet cookies data recipients; Service providers; Parent or Subsidiary Organizations |
NONE |
H: Sensory data. |
Parent or Subsidiary Organizations; Operating system and platforms |
NONE |
I: Professional or employment-related information. |
Affiliates; Operating system and platforms; Service providers; Parent or Subsidiary Organizations |
NONE |
J: Non-public education information. |
NONE |
NONE |
K: Inferences drawn from other personal information. |
Affiliates; Operating system and platforms; Service providers; Parent or Subsidiary Organizations |
NONE |
Your Rights and Choices
The CCPA and the CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA and CPRA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity we will disclose to you:
Right to Delete or Correct
You have the right to request that we delete or correct any inaccuracies in your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 <em>et. seq.</em>).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We may deny your correction request if responding to the request proves impossible or involves disproportionate effort, or you improperly seek to correct accurate information.
Exercising Your Rights to Know, Delete or Correct
To exercise your rights to know, delete or correct described above, please submit a request by either:
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know, delete or correct. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor's identity or authority to make it and we will delete it immediately following verification of your identification.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact the Group Data Privacy Manager by email at privacy@oxinst.com or by mail to Tubney Woods, Abingdon, Oxon OX13 5QX, UK.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Marketing Opt-Out
If you receive direct marketing from any Oxford Instruments company and you wish to opt out of receiving further communications, please submit a request to us by visiting the following internet web page link:
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or the CPRA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA or the CPRA that can result in different prices, rates, or quality levels. Any CCPA/CPRA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacyUS@oxinst.com, FAO: Legal Counsel or write to us at: Oxford Instruments America Inc, 300 Baker Street, Suite 150, Concord, MA 01742, FAO: Legal Counsel.
Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the website and update the notice's effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under law, please do not hesitate to contact us at:
Toll-Free Phone: 800-447-4717
Email: privacyUS@oxinst.com
Postal Address:
Oxford Instruments America Inc
Attn: Legal Counsel
300 Baker Street
Suite 150
Concord
MA 01742
If you need to access this policy in an alternative format due to having a disability, please email privacyUS@oxinst.com, FAO: Legal Counsel or call the toll-free number 800-447-4717.
Effective Date : January 2023
This section applies to our processing of personal data of individuals in Japan (“Japanese Data”) pursuant to the Japanese Act on the Protection of Personal Information (the “APPI”) and supplements our general privacy statement above.
Our privacy notice explains what personal data (which includes Japanese Data) we collect, and how and why we use it. We only process Japanese Data for the purposes specified in the table in “How we use your personal data” section of our privacy notice.
Some of our Internal Third Parties and External Third Parties are based outside Japan, the European Economic Area (EEA) and/or the UK. We will transfer personal data for Internal Third Parties and External Third Parties located outside Japan, the European Economic Area (EEA) and/or the UK by ensuring that the transferee has established an adequate personal information protection system as required by the APPI.
We do not collect any Sensitive Personal Information (Yo-hairyo-kojin-joho) about you (this includes details about race, creed, social status, medical history, and criminal record).
If you are located in Japan, under certain circumstances, you may have certain rights under the APPI in relation to your personal data, such as the right to:
If you wish to exercise your rights, please send an email to privacy@oxinst.com or you can write to us at Attention: Group Data Privacy Manager, Tubney Woods, Abingdon, Oxon, OX13 5QX, UK
The data protection authority in Japan for Japanese Data is the Personal Information Protection Commission or the “PPC” (https://www.ppc.go.jp/en/index.html).
This section applies to the collection, holding, use and disclosure of personal information for our Australian activities (Australian Data) in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) and supplements our general privacy statement above.
Our privacy statement explains the kind of personal information (which includes Australian Data) we collect, and how and why we collect and hold it. We only use and disclose Australian Data for the purposes specified in the table in “How we use your personal data” and disclose your personal information in accordance with the "Disclosure of your Personal Data" section of our privacy statement.
When the law authorises or requires us to collect information
We may collect your personal information:
What happens if you do not give us your personal information?
You have the option of engaging with us anonymously or under a pseudonym. However, if you chose to interact with us under anonymity or under a pseudonym, this may affect our ability to deliver our products or services to you. Please let us know at the earliest time practicable whether you want to interact with us under these conditions.
Sharing outside of Australia
In order to run our business, we may need to share some of your personal information with organisations (for example, our related entities and service providers) that are located outside Australia. Some of these organisations are located in Brazil, China, the European Economic Area, Switzerland, United Kingdom, Japan, USA.
We currently use cloud service providers, for example, Microsoft 365 and SAP CRM, and other electronic or networked systems, to store your personal information. As such systems can be accessed from various countries through an internet connection, it is not practicable to know in which country your personal information may be held. We may also need to share your personal information overseas if we sell, transfer or disclose our database of personal information to an actual or potential successor or purchaser located outside of Australia.
You consent to the disclosure of your information outside of Australia
Before we disclose your personal information to an organisation that is located outside of Australia, we are required to take reasonable steps to ensure that such an organisation does not breach the Privacy Act (in particular, Australian Privacy Principle 8.1). Whilst we will take steps to ensure that the organisation does not breach the Privacy Act in respect of your personal information disclosed to it, it is not always possible to ensure that the organisation will comply. We do not take any responsibility for the actions of such overseas third party recipients of your personal information. By agreeing to this Policy, you are agreeing that your personal information may be disclosed overseas and that Australian Privacy Principle 8.1 will not apply to that disclosure. This means that you will not have recourse against us under the Privacy Act in the event that an overseas recipient of your personal information breaches the Privacy Act.
Your rights to the personal information we collect and hold about you
You have the right to ask us:
Access to your personal information
If you want access to the personal information we hold about you, please send us an email to privacyAU@oxinst.com.
In some cases, a nominal administration fee may be charged to cover the cost of providing the personal information.
Correcting your personal information
If at any time you wish to change personal information we hold about you that is inaccurate or out of date, please send us an email to privacyAU@oxinst.com and we will amend this record.
In some situations, we may not agree to a request to correct personal information we hold about you, however if this occurs, we will inform you of our reason for not agreeing to the request.
If at any time, you believe on reasonable grounds that you have been a victim of fraud, you may request us not to use or disclose your personal information.
What happens when we no longer need your personal information?
We’ll only keep your information for as long as we require it for our business functions or activities as set out in this Policy. We are also required to keep some of your personal information for certain periods of time under law.
When we no longer require your personal information, we’ll ensure that it is destroyed or de-identified.
We may need to retain your personal information after our relationship has ended, however, we will not retain identifiable personal information longer than reasonably necessary and permitted by law.
Complaints
If we become aware of any concerns or problems concerning our privacy practices, we will take such issues seriously and work to address these concerns.
If you have any queries about this Policy, or have a problem or complaint, please send us an email to privacyAU@oxinst.com.
If your complaint remains unresolved, you may refer the matter to the Office of the Australian Information Commissioner. Its contact details are:
The Office of the Australian Information Commissioner GPO Box 2999
Canberra ACT 2601
Phone: 1300 363 992
Website: www.oaic.gov.au
内部第三方
牛津仪器集团旗下各公司(作为联合控制者或处理者)相互提供各种服务,包括销售和支持服务、IT和系统管理服务以及业务分析报告。
外部第三方
合法利益是指我们在开展和管理业务时的利益,以使我们能够为您提供最好的服务/产品以及最好、最安全的体验。在基于我们的合法利益而处理您的个人数据之前,我们会确保考虑并平衡对您和您的权利的任何潜在影响(包括正面和负面影响)。我们不会将您的个人数据用于那些对您的影响高于我们的利益的活动(除非我们征得您的同意或法律另有要求或允许)。如需更多关于我们如何根据特定活动可能对您产生的影响来评估我们的合法利益的信息,请联系我们。
履行合同是指在履行以您作为缔约方的合同时或在签订此类合同之前应您的要求采取措施而必须处理您的数据。
遵守法律或监管义务是指在遵守我们应承担的法定或监管义务时必须处理您的个人数据。
Oxford Instruments GmbH是以下公司指定的欧盟代表:Oxford Instruments plc、Oxford Instruments Industrial Products Limited、Oxford Instruments Nanotechnology Tools Limited、Andor Technology Limited、Oxford Instruments Overseas Marketing Limited、Oxford Instruments Asylum Research, Inc.、Oxford Instruments X-Ray Technology, Inc.、Bitplane AG、WITec Wissenschaftliche Instrumente und Technologie GmbH。
Oxford Instruments plc是以下公司指定的英国代表:Oxford Instruments Asylum Research, Inc.、Oxford Instruments X-Ray Technology, Inc.、Bitplane AG。
最后更新日期:2023年9月1日