EU Data Protection Notice
This EU Data Protection Notice (“Notice”) describes Micron’s Processing of EU Data Subjects’ Personal Data for Micron customers and website users, including the rights you, as a Data Subject, have regarding Micron’s Processing of your Personal Data. This Notice also describes the measures that Micron takes to protect the security of your Personal Data and how you can contact Micron about our data protection practices. Please note that this EU Data Protection Notice is not applicable Micron team members or job applicants – if you are a Micron team member or job applicant, please see Micron’s EU Applicant and Employee Data Protection Notice.
“Data Protection Coordinator” (“DPC”) means a team member designated by Micron as the initial point of contact for issues related to the protection of Personal Data within Micron.
“Data Protection Officer” (“DPO”) means a person (either team member or an external consultant) designated by Micron as a DPO under mandatory rules of EU or EU Member State law.
“Data Subject” means customer, vendor, other third party or agent of Micron whose Personal Data Micron Processes, excluding, for the purposes of this Notice, Micron team member and job applicants.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
II. Contact Details of Data Controllers
The Micron entities responsible for the collection and use of your Personal Data (the Data Controllers) for the purposes described in this Notice are listed below and can be contacted for any clarification or additional information you may need in order to fully understand this Notice:
|Micron Technology, Inc.
8000 South Federal Way
Post Office Box 6
Boise, Idaho 83707-0006
|Micron Europe Limited
Bracknell, Berkshire, RG12 2AA
|Micron Semiconductor Italia S.r.l.
Via Torri Bianche 24
Vimercate, MB 20871
|Micron Semiconductor (Deutschland) GmbH
III. Categories of Processed Personal Data and Purposes of Processing
Micron will Process the following categories of Personal Data: contact information (name, address, business contact information, email address, phone number), IP address, communication history, credit card information, purchase/returns history, and information about items added to online shopping carts.
Micron does not Process Personal Data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership, or sex life.
Micron will maintain Personal Data in a manner that ensures it is accurate, complete and up-to-date.
The processed Personal Data is limited to the data that is necessary for carrying out the purpose for which such Personal Data is collected. Micron processes your Personal Data for the following purposes: email marketing and other marketing activities (when we have obtained your opt-in consent, unless an exception for existing customers or similar products or services applies), order fulfillment, website analytics, and activities related to the sale of Micron products or the purchase of third-party products (payment and logistics administration, quality assessments, promotional activities, and surveys).
The legal basis for the purposes listed above is either (i) in connection with a contract with a customer or supplier, (ii) legitimate business interests (if such interest is not overridden by the Data Subject’s fundamental rights and freedoms or interests), (iii) other applicable legal provisions, or (iv) the Data Subject’s explicit consent. The legitimate business interests are mainly order fulfillment, responding to customer inquiries, communicating with customers who have requested communication from Micron, and promoting Micron’s business. Furthermore, Personal Data of Micron’s customers (including their contact person and sales representatives) may be processed for the purposes of the legitimate interest only if such an interest is not overridden by the Data Subject’s fundamental rights and freedoms, or interests.
Micron ensures that its internal governance procedures clearly specify the reasons behind decisions to use Personal Data for alternative Processing purposes. Prior to using your Personal Data for a purpose other than the one for which it was initially collected, you will be informed about such a new purpose.
IV. Data Security
Micron has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the Data Subject, costs of implementation, and the nature, scope, context and purposes for Data Processing.
V. Recipients or Categories of Recipients of Personal Data
Micron uses a need-to-know standard when granting access to Personal Data. For example, authorization to access Personal Data is often linked to a function instead of granted on a personal basis. In addition, service providers receive Personal Data according to the purposes of the services provided to Micron.
VI. International Data Transfers
International data transfers refer to transfers of Personal Data outside of the European Economic Area (“EEA”). The international footprint of Micron involves the transfer of Personal Data to and from affiliate entities and third parties, which may be located outside the EEA, including the United States of America. Micron will ensure that when Personal Data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the Personal Data are implemented to ensure such data transfers in compliance with applicable data protection laws. Micron has self-certified to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks. Please view our Privacy Shield Policy to learn more about our compliance. Under certain circumstances, Micron has also implemented international data transfer agreements on the basis of EU Standard Contractual Clauses in order to provide appropriate and suitable safeguards for personal data being transferred to countries outside the EEA where an adequate level of protection is not already guaranteed. A copy can be obtained by contacting the applicable Data Controller (contact information provided above).
VII. Retention of Personal Data
Subject to compliance with and exercise of rights under other laws, Micron will not retain your Personal Data for longer than is allowed under the applicable data protection laws and regulations or for longer than is justified for the purpose for which it was originally collected or otherwise processed subject to applicable local retention requirements.
IX. Data Protection Rights
Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time by contacting the local DPO or DPC, where applicable:
- Right to access to, rectification, and erasure of Personal Information;
- Right to restriction of Processing and to object to Processing;
- Right of data portability, to the extent applicable;
- Right to withdraw consent where the Processing is based on consent; and
- Right to lodge a complaint with the supervisory authority.
X. Notice Compliance and Contact Information
Monitoring and ensuring compliance of Personal Data Processing and Micron and with this Notice and applicable data protection laws and regulations is the responsibility of the DPO or DPC. You may contact the DPO or DPC with regard to any issue related to Processing of your Personal Data and to exercise your rights as mentioned above here: firstname.lastname@example.org.
This Notice will be effective as of May 25, 2018. This Notice may be revised and amended from time to time and appropriate notice about any amendments will be given.