SPE recognizes that the European Union ("EU") has an "omnibus" data protection regime established pursuant to the European Data Protection Directive (95/46/EC) (the "Directive") and that Switzerland has adopted a data protection law (together, "Data Privacy Laws"). Among other things, the Data Privacy Laws generally require "adequate protection" for the transfer of personally identifiable information about SPE employees in the EU and Switzerland ("European Employee Data"), SPE corporate customers in the EU and Switzerland ("European Corporate Customer Contact Data") and SPE corporate suppliers in the EU and Switzerland ("European Corporate Supplier Contact Data") to SPE operations in the United States. SPE accordingly adheres to the requirements of the US/EU and US/Swiss Safe Harbor Privacy Principles published by the US Department of Commerce ("Safe Harbor") with respect to certain limited European Employee Data, European Corporate Customer Contact Data and European Corporate Supplier Contact Data received in the United States from our affiliated companies in the EU and Switzerland. SPE provides European employees with information regarding the data transfers that are covered by Safe Harbor via internal policies and procedures.
In accordance with the Safe Harbor, SPE may obtain European Corporate Customer Contact Data or European Corporate Supplier Contact Data including names, work contact details (including work telephone, fax, e-mail and address), and titles and username and password information (such as the person SPE deals with or has dealt with at the customer’s or supplier’s organization). SPE may collect and process European Corporate Customer Contact Data and European Corporate Supplier Contact Data and disclose it in order to carry out finance and accounting related activities, IT support, marketing and publicity activities, contracting, sales, project management, asset management, workflow management, contact management, username and password management, web access management, tax purposes, legal compliance activities, and other legitimate business purposes.
SPE maintains reasonable security measures to safeguard data from loss, misuse, unauthorized access, disclosure, alteration or destruction. SPE also maintains reasonable procedures to help ensure that such data is reliable for its intended use, accurate, complete and current. SPE may engage third parties to provide storage and other processing services for SPE including IT support (e.g., software application, development, and maintenance). Such third parties will be required to treat the European Corporate Customer Contact Data and European Corporate Supplier Contact Data solely in accordance with SPE’s instructions, and to implement appropriate technical and organizational measures to protect the security and confidentiality of such data.