Privacy Information

KYOCERA AVX Components Corporation (“KAVX”), [One AVX Boulevard, Fountain Inn, SC 29644, US] herewith informs you about the processing of personal data in the context of our tool Data Subject Access Request (“DSAR”), which we use on the KAVX website and in our intranet (KAVXnet), for which KVAX is responsible in the sense of the EU General Data Protection Regulation (GDPR).

Apart from sending us a letter, you may contact us at any time via DPO.AVX@kyocera-avx.com.

You can reach our data protection officer by sending an e-mail to DPO.AVX@kyocera-avx.com or by sending a letter to KAVX.

Where the term "data" is used, only personal data within the meaning of the GDPR are meant. For the purposes of the UK, references to the GDPR mean, as applicable, the GDPR or that Regulation as implemented into the laws of the UK as a result of the UK’s exit from the European Union.

1.    Data-Subject-Access-Request Data

• The purpose of the processing is the fulfillment of the request that the data subject has specified in the DSAR. Specifically, the DSAR process allows us to streamline requests and minimize access to data subject’s personal data when data subjects exercise their rights under the GDPR. A change of purpose is not planned.
• The processed data are:
•  Contact data
• Name, e-mail address, location/region
• Identity verification data (if requested)
• Phone number, personal address, driver’s license, proof of address
• Data within the use of IT systems
• IP address, device, application or browser type and version, browser plug-in type and version, operating system, time zone setting
• The legal basis for the processing is our legal obligation to respond to requests of data subjects (Article 6 (1) (c) GDPR) as well as our legitimate interest in creating an efficient and convenient way for data subjects to make requests (Article 6 (1) (f) GDPR).
•  The data is actively provided by the data subject.
• The data will be transferred internally to the Corporate Data Protection Officer (“DPO”) and KVAX employees assigned to the request (“assignees”) as well as to those necessary to complete the request, in particular members of the cybersecurity department and data managers.

We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially service providers for the provision, maintenance and servicing of IT systems, in particular, the service provider Smartsheet Inc. [179 Lincoln St #200 Boston, MA 02111 USA]. In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. Enforcement of your rights is probably not possible in the USA.

KAVX uses appropriate technical and organizational measures to protect personal information contained within the DSAR form. The measures we use are designed to provide a security level appropriate to the risk of processing your personal information including username, password, and access controls. For example, only the data privacy team and limited cybersecurity employees will have access to the information located in the Smartsheet application. If request are submitted via letter, in person, or by phone call, additional employees may have access but this will be limited to those necessary to complete the appropriate request.

As the KAVX Group is headquartered in the United States, we also transfer data outside the European Economic Area (EEA) or the UK. We have concluded the EU standard contractual clauses with our group companies, so that personal data from the EEA or UK is only processed in accordance with applicable data protection law. Our standard contractual clauses can be provided on request to the HR Department, the Corporate DPO or one of our local Officers who is responsible for the facility with which you interact.

• If a data subject makes a DSAR through any way other than the DSAR Form, the corporate DPO will fulfill the request and manually enter the data into the Smartsheet database to be consistent in record-keeping in storage and processing. The Smartsheet containing the DSAR and results is retained indefinitely as evidence and record of the DSAR received and our procedures. If certain information located in the DSAR is not necessary to hold after processing has been complete, it will be redacted. However, the record itself will remain, for example in case a Data Protection Authority (“DPA”) audits, investigates, or otherwise needs access to the DSARs that have been completed or handled by us. Similarly, we will maintain a record of our response(s) to a DSAR received.
• The provision of data is obligatory for the fulfillment of the DSAR that you have submitted. If you do not provide the relevant personal data to us, we may not be able to comply with your request.

2.    Rights of Data Subjects and Further Information

• We do not use any methods of automated individual decision-making.
• You have the right to request information at any time about all your personal data which we are processing.
• If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
• You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
• If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
• You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
• If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
• If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
• If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
• Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.