C.H. Robinson Worldwide, Inc. ("C.H. Robinson") places high importance on earning and keeping the trust of individuals who share their personal information with us. In an effort to comply with all applicable privacy and data protection laws, C.H. Robinson has certified that it abides by the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area ("EEA") or Switzerland to the United States.
For purposes of this policy, "Personal Data" means any information that is transferred from the EEA or Switzerland to C.H. Robinson in the United States and that relates to an identified or identifiable natural or legal person (to the extent a legal person is subject to national data protection law).
"Affiliate" means any entity that is controlled, directly or indirectly, by C.H. Robinson.
C.H. Robinson's Safe Harbor certification can be found at safeharbor.export.gov/list.aspx and safeharbor.export.gov/swisslist.aspx. For more information about the Safe Harbor privacy principles, please visit the U.S. Department of Commerce's Web site at www.export.gov/safeharbor.
This policy is effective as of July 1, 2011.
Responsibilities of C.H. Robinson Employees
All C.H. Robinson businesses and functions are required to review their data practices in light of this policy and establish and maintain procedures to implement this policy.
All employees of C.H. Robinson are required to comply with all applicable privacy and data protection laws, this policy, and all related C.H. Robinson procedures.
Although privacy and data protection laws vary from country to country, those of the EEA and Switzerland are based on the following privacy principles. Accordingly, to assure compliance with all applicable data protection laws, and to achieve consistency across the organization, C.H. Robinson will adhere to the following privacy principles to the extent required by applicable law with respect to Personal Data:
Limitations on the Collection, Use and Disclosure of Personal Data
- Notice and Consent—We will collect and process Personal Data fairly and lawfully, and where appropriate, with the knowledge or consent of the data subject. The type of notice or consent required will depend on the context and the circumstances, the sensitivity of the Personal Data, the data subject's reasonable expectations, and legal requirements. C.H. Robinson has informed its Affiliates based in the EEA and Switzerland that they may be responsible for providing appropriate notice to data subjects whose Personal Data are transferred to the United States.
- Specific Purpose—We will collect and process Personal Data only for specified, limited, and legitimate purposes.
- Limitations on Use—We will not process Personal Data in a manner inconsistent with the purposes for which it was originally collected without first obtaining the data subject's consent. The type of consent required will depend on the context and the circumstances, the sensitivity of the Personal Data, the data subject's reasonable expectations, and legal requirements. C.H. Robinson has informed its Affiliates based in the EEA and Switzerland that they may be responsible for providing data subjects with a choice as to whether their Personal Data may be used for a purpose that is inconsistent with the purposes for which the information was originally collected or subsequently authorized by the individual.
- Data Proportionality—The Personal Data we collect will be relevant, adequate, and not excessive for the purposes for which it is collected or to which the data subject subsequently consents.
- Direct Marketing—We will not use Personal Data for direct marketing purposes without the data subject's consent. The data subject's consent may be express or implied, "opt-out" or "opt-in," depending on the circumstances and legal requirements.
- Transfers to Third Parties
- We will disclose Personal Data to third parties (including our Affiliates) only for purposes consistent with those for which the Personal Data was originally collected or to which the data subject has subsequently consented. For example, we may disclose Personal Data to third parties we have retained to perform services on our behalf. C.H. Robinson requires service providers to whom it discloses Personal Data and who are not subject to laws based on the EU Data Protection Directive or Swiss Federal Data Protection Law to either certify to the Safe Harbor privacy principles or contractually agree to provide at least the same level of protection for Personal Data as is required by the Safe Harbor privacy principles.
- Before we transfer Personal Data to a third party to use for its own marketing purposes, we will obtain the data subject's consent. The data subject's consent may be express or implied, "opt-out" or "opt-in," depending on the circumstances and legal requirements. C.H. Robinson has informed its Affiliates based in the EEA and Switzerland that they may be responsible for providing data subjects with a choice as to whether their Personal Data may be transferred to a third party for its own marketing purposes.
- There may be exceptions to these general rules, depending on applicable law, if, for example, the disclosure is required by court order, to comply with a law, to prevent a crime, to enforce a legal right. C.H. Robinson also reserves the right to transfer Personal Data in the event the company sells or transfers all or a portion of its business or assets. Should such a sale or transfer occur, C.H. Robinson will use reasonable efforts to direct the transferee to use Personal Data in a manner that is consistent with this policy. Following such a sale or transfer, data subjects may contact the entity to which C.H. Robinson transferred their Personal Data with any inquiries concerning the processing of that information.
Management of Personal Data
- Quality—We will take appropriate steps to ensure that Personal Data is reliable for its intended use and accurate, complete, and current. C.H. Robinson depends on data subjects to update and correct their Personal Data. In addition, C.H. Robinson has informed its Affiliates that they are responsible for taking reasonable steps to ensure that the Personal Data of data subjects with whom they have a direct relationship are reliable for their intended use and are accurate, complete, and current.
- Access—We will maintain procedures to give data subjects appropriate access to their Personal Data and, when appropriate, an effective means to have their Personal Data corrected, amended or deleted. C.H. Robinson may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor privacy principles. In circumstances in which C.H. Robinson receives Personal Data about data subjects with whom it does not have a direct relationship, C.H. Robinson has informed its Affiliates that they are responsible for providing access to the Personal Data and the right to correct, amend, or delete the information where it is inaccurate.
- Security—We will implement reasonable administrative, physical, and technological security measures to protect Personal Data from unauthorized access, unauthorized use, and unauthorized or accidental destruction, modification or disclosure. We will provide a level of security appropriate to the risks and the sensitivity of the Personal Data.
- Retention—We will not keep Personal Data in a form that permits identification of data subjects for longer than is necessary for the purposes for which it was collected or to which the data subject has consented, except for legitimate purposes permitted by law, such as regulatory compliance.
Accountability and Enforcement
- Accountability—We will designate individuals within C.H. Robinson to be accountable for compliance with privacy and data protection laws, this policy, and related procedures.
- Enforcement—We will periodically verify compliance with privacy and data protection laws, this policy, and related procedures.
- Complaint Process—We will provide a fair process for investigating and resolving complaints and objections regarding our data practices.
Data subjects may file a complaint concerning C.H. Robinson's processing of their Personal Data using the contact information below. If the complaint cannot be resolved through our internal processes, C.H. Robinson will cooperate with local data protection authorities. C.H. Robinson will take steps to remedy any issues arising out of a failure to comply the Safe Harbor privacy principles.
In circumstances in which C.H. Robinson receives Personal Data about data subjects with whom C.H. Robinson does not have a direct relationship, data subjects may submit complaints concerning the processing of their Personal Data to the relevant C.H. Robinson Affiliate, in accordance with the Affiliate's dispute resolution process. C.H. Robinson will participate in this process at the request of the Affiliate or data subject. If the complaint cannot be resolved through the Affiliate's internal processes, the data subject may submit the complaint to firstname.lastname@example.org.
This policy may be amended from time to time consistent with the requirements of the Safe Harbor privacy principles. We will post any revised policy on this Web site.
To contact C.H. Robinson about questions or concerns about this policy or C.H. Robinson's practices concerning Personal Data, either click here or you may write to us at:
Corporate Data Protection Officer
C.H. Robinson Worldwide, Inc.
8100 Mitchell Road, Suite 1300
Eden Prairie, MN 55344