SugarCRM (USER) Privacy Notice

Introduction

AVX Corporation and all the members of AVX Group (“AVX” or “We”) respect your right to privacy. This privacy notice explains what we do with any personal data of individuals with access to the SugarCRM system. These individuals will be referred to as Users. Users can be employees of AVX or contracted Manufacturers Representatives acting as the AVX sales force.

If you prefer your personal information not be processed, please inform us. In such a case, we will return or destroy the relevant information which you do not want to be processed, and we will inform you about the potential negative consequences of failure to provide such information, which will include denial of access to SugarCRM.

Under the General Data Protection Regulation (“GDPR”), you have certain rights in relation to your personal information, including how it will be used and stored. If you have any questions or concerns about or use of your personal data, please contact us using the contact details provided at the bottom of this Policy.

What Personal Data Do We Collect?

In order to gain access to the AVX SugarCRM system, certain information is collected to create a User account. User data is collected and stored in the User profile. Profiles are used to manage access controls, enable notifications, and assist with improved reporting. To create your account, we collect the following information:

  • Name
  • Mobile Phone Number
  • Work Region and Location or Site
  • Role
  • Work Phone Number
  • Work Email Address
Information Collected for AVX Employees

Your data is collected by the Human Resource (“HR”) department when AVX hires you. Based on your department and job title, a Security Access Request form is completed with the above information and sent to the IT department. The IT department, along with the AVX SugarCRM administrative team, uses this information to create your user profile.

An employee may also become a User as a result of a change in the job responsibilities. In this instance, a Security Access Request is completed by the employee’s supervisor or department head, and a SugarCRM administrator follows the same set-up process. Upon login, Users may add additional personal information but are not obligated to do so.

Information Collected from Third Party Sources

If you are a User employed outside the AVX corporation, such as a Manufacturer Representative, the set-up request is sent via email from the Representative organization to the SugarCRM administration team. As with employees, the same minimum data is collected, and each User has the ability to add additional information if they choose to.

Purpose of Personal Data Collection and Use

AVX uses SugarCRM to manage customer data, deliver actionable insights, facilitate team communications, and support sales management. AVX has a legitimate interest in building customer relationships and managing business records. By using SugarCRM, AVX can advance these relationships and business activities with universal security.

Collecting and processing the personal data of Users allows AVX to grant access rights for the use of SugarCRM as well as to control content visibility within the system. AVX uses the User’s location and employment data to assign roles and teams within SugarCRM. Roles limit the User’s actions within the application, specifically what they can view, edit, or delete. By assigning roles to Users, AVX can limit the User’s access to specific modules in the system and the actions they can take within those modules. Teams control the visibility within the system and add more security to the records being stored in the application. The primary reason for using the team function is to allow or limit access to certain records.

How Do We Protect Your Personal Data?

AVX uses appropriate technical and organizational measures to protect your personal information, which we collect and process. These measures are designed to provide a level of security appropriate to the risk of processing personal information. In particular, AVX has implemented cybersecurity protocols to protect your personal information from the intrusion of unauthorized third parties and only allows access to your information by authorized employees bound by confidentiality provisions.

All AVX Group entities have executed agreements that include the standard contractual clauses. AVX has also executed agreements with the entity hosting SugarCRM and with Manufacturer’s Representatives that also include such standard contractual clauses.

Additionally, SugarCRM guarantees appropriate technical and organizational measures have been taken through their services to safeguard personal information against loss, theft, and unauthorized use, access, and modifications.

Your Data Protection Rights

AVX wishes to be open as we reasonably can about the personal information we process. If you would like to obtain specific information, please do not hesitate to contact our Data Protection Officer (“DPO”).

To ensure you are fully aware of all your data protection rights, each subscriber is entitled to the following:

  • The right to access- You have the right to request copies of your personal data. You have the right to obtain information about why your personal data is being processed.
  • The right to rectification- You have the right to request AVX to complete information you believe is inaccurate or incomplete. Please note that given the limited range of personal information use for access purposes, there is a very limited possibility that this information is incorrect.
  • The right to erasure- You have the right to request that AVX erase your personal data. Please note, however, that such request may result in denial of access to SugarCRM, in which case your ability to carry out your job responsibilities may be adversely affected.
  • The right to restrict processing- You have the right to request that AVX restrict the processing of your personal data under certain conditions. Please note that this right is likely to be unavailable because the information gathered is only used for a very limited purpose and is necessary for granting access rights.
  • The right to object to processing- You have the right to object to AVX’s processing of your personal data under certain conditions. Please note that this right is likely to be unavailable because the information gathered is only used for a very limited purpose and is necessary for granting access rights.
  • The right to data portability- You have the right to request that AVX transfer the data we have collected to another organization, or directly to you, under certain conditions. This right is not applicable to User personal information involved in access rights.

We respond to all requests we receive from individuals wishing to exercise their data protection rights within one week. If you would like to exercise any of these rights, please provide appropriate notice, addressed to the Contact identified at the bottom of this notice.

Use and Transfer of Personal Data

Your personal data will not be disclosed outside the AVX Group (entities directly or indirectly controlled by AVX Corporation) without your express consent, except under legal obligation. Further, your personal data (including your email) will never be shared with any third parties for marketing purposes. AVX processes your personal data in SugarCRM to create a User profile and grant access rights to content and modules. This access is assigned by an administrative user and is based only on what is required by that role.

International Transfers of Personal Data

If an AVX employee Security Access Form is completed outside of the United States, it must be transferred from the home country to Corporate AVX to be processed. All AVX employees who process such data must comply with the AVX Acceptable Computer Use Policy. Similarly, an access request may also be sent by a contracted Manufacturers Representative from outside the United States for processing.

Accordingly, your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective). Specifically, our Website servers may be located in the United States, and the AVX Group operates worldwide. This means that when we collect your personal data, we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal data will remain protected under this Policy. These include implementing the European Commission’s standard contractual clauses for transfers of personal information between AVX Group, which require all AVX Group companies to protect personal data they process from the EEA in accordance with European Union data protection law.

Retention of Personal Data

Your personal data is stored in SugarCRM indefinitely. As you work in the system, transactional documents become associated with your user profile and may remain after your access has been terminated. Access can be terminated by:

  • Employment termination with AVX;
  • Employment termination with a representative organization;
  • Integration partner is terminated; or
  • Any other reasons deemed appropriate by administrators of the system.
Update to This Policy

We may update this notice from time to time in response to changing legal, technical, or business developments. When we update our notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if applicable data protection laws require this.

You can see when this notice was last updated by checking the “last revised” date displayed at the end of this notice.

How to Contact Us
If you have any questions about how your personal information is stored, handled, or processed in SugarCRM, you may contact the AVX SugarCRM support team at sugar.support@kyocera-avx.com.

If you have any questions related to this Policy and the protection of your data, you may contact the AVX Data Protection Officer at dpo.avx@kyocera-avx.com.