1. Our commitment to protecting your privacy.
Your privacy is important to us at DUKE Empirical.  We’ve developed this General Privacy Policy to address how DUKE Empirical collects, uses, discloses, transfers and stores your information.  To ensure that your personal data is secure, we communicate our information security and privacy guidelines to all DUKE Empirical employees and enforce privacy safeguards within the company.

2. What information do we collect? 
For visitors to our publicly available website, we collect information from you when you browse or register on our site, place an order, respond to a survey or fill out a form.  When ordering or registering on our site, as appropriate, you may be asked to enter your name, e-mail address, mailing address and/or phone number. We also collect certain information about your session which does not identify individual users when you visit our website, including internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data. We also use cookies as described in Section 5 below. Please note that this online General Privacy Policy applies only to information collected through our website and not to information collected offline.

3. What do we use web visitor’s information for?
We collect personal data for legitimate business purposes, which may include: 
  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
  • To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
  • To process transactions
  • To administer a contest, promotion, survey or other site feature
  • To send periodic emails (the email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions)
  • To meet government, national security, public interest, or law enforcement requirements
  • In an emergency where the health or security of an individual may be endangered
  • Other purposes disclosed at the time of collection or otherwise compatible with the above, the EU-U.S. Privacy Shield Framework, and the Swiss – U.S. Privacy Shield Framework
4. How do we protect your information? 
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.  These precautions may include password protections for online information systems and restricted access to personal data.  
All inquiries from outside the company concerning identity, employment record, or performance of a current or terminated employee are referred to the Human Resources department and/or an attorney in the Law Department, who will verify the credentials of the agency representative before releasing information about a current or terminated employee.  

DUKE Empirical takes reasonable and appropriate measures to secure your personal data.  

Our publicly available website is hosted on a secure server.

5. Do we use cookies? 
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites’ or service providers’ systems to recognize your browser and capture and remember certain information.  Our Cookie Notice conforms to GDPR standards and provides information on the cookies we apply.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and gather information about site traffic and site interaction so that we can offer better site experiences and tools to our online visitors in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

6. Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer information to outside parties.  This excludes third parties who assist us with human capital management, in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.  We may also release your information when we believe release is necessary to comply with the law, enforce our site policies, or protect our or other’s rights, property, or safety, or share personal information as necessary to other corporate entities as part of a business transition such as a merger, acquisition, or sale of assets.
 
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.  Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act.  We will not distribute your personal information to outside parties without your consent.

7. Choice, Data Integrity & Access
DUKE Empirical takes reasonable steps to ensure that personal data is accurate, complete and current.  

DUKE Empirical provides employees the opportunity to opt out from allowing the company to disclose his or her personal information to a third party or to use it for any purpose.  DUKE Empirical reserves the right to maintain any personal information that it is required to keep or maintain for compliance purposes or to protect itself or preserve its legal rights under pending, threatened or potential legal action. All employees are asked to inform the Human Resources or Payroll departments, or his or her manager, immediately in the event of changes in personal information.  If any information is inaccurate or incomplete, the individual may request that inaccurate information be corrected.

8. Collection of Personal Information from Children 
We do not collect any information from anyone under 13 years of age.  Our website, products and services are all directed to people who are at least 13 years old or older.

9. Changes to our General Privacy Policy
DUKE Empirical conducts an annual self-assessment in order to verify that this General Privacy Policy is published and implemented within the Company and that it conforms to the EU-U.S. Privacy Shield Framework, and Swiss – U.S. Privacy Shield Framework.  If we decide to change our General Privacy Policy, we will post those changes on this page, and/or update the General Privacy Policy modification date below.   

10.  EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield
For details on how we process the personal data of website visitors from the EEA and Switzerland, please see DUKE Empirical’s Privacy Notice for European Economic Area Visitors to DUKE Empirical’s Website (“EU Privacy Policy”) and DUKE Empirical’s Privacy Shield Policy for European Economic Area and Switzerland Visitors to DUKE Empirical’s Website (“Privacy Shield Policy”) as set out in Annex A to this General Privacy Policy below. Our EU Privacy Policy applies to the way we collect and process personal data that is covered by the EU General Data Protection Regulation. The EU Privacy Policy and Privacy Shield Policy will prevail to the extent of any inconsistency with this General Privacy Policy. 

11. Inquiries/Contact Us
DUKE Empirical commits to resolve complaints about your privacy and our collection or use of your personal information. Individuals may contact DUKE Empirical: customerservice@dukeempirical.com.

Date: August 12, 2019
 
 
Annex A

Privacy Shield Policy for European Economic Area and Swiss Visitors to DUKE Empirical’s Website


A. Definitions
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of EU Personal Data.

"EU Personal Data" for the purposes of this Privacy Shield Policy means all data about an identified or identifiable individual visitor to DUKE Empirical’s website that are within the scope of Directive 95/46/EC, or equivalent law currently in effect in the EU or Switzerland, which are received by the Company from the European Economic Area and/or Switzerland for Processing, and are recorded in any form.

"General Privacy Policy" means the privacy policy that applies generally to all visitors to DUKE Empirical’s website, wherever located.

"DUKE Empirical" or "Company" means DUKE Empirical Corporation and all of its subsidiaries worldwide.

"DUKE Empirical U.S." means DUKE Empirical Corporation and its U.S. subsidiaries.

"Privacy Shield" means the EU-U.S. Privacy Shield Framework as agreed between the European Commission and the U.S. Department of Commerce, which came into effect on July 12, 2016.

"Privacy Shield Policy" means the EU-U.S. Privacy Shield Framework as agreed between the European Commission and the U.S. Department of Commerce, which came into effect on July 12, 2016 and the Swiss-U.S. Privacy Shield Framework as agreed between the Swiss Federal Data Protection and Information Commissioner the U.S. Department of Commerce, which came into effect on April 12, 2017.

"Processing" of EU Personal Data means any operation or set of operations which is performed upon EU Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction. "Process", "Processing" and "Processed" shall be construed accordingly.

B. Scope & Application
DUKE Empirical U.S. commits to subject to the Privacy Shield Principles and the Supplemental Principles (collectively, the "Principles" and each a "Principle") all EU Personal Data received in reliance on the Privacy Shield.

The controlled U.S. subsidiaries of DUKE Empirical U.S., as identified in the DUKE Empirical Corporation self-certification listing available, and also adhere to the Privacy Shield Principles.

This Privacy Shield Policy supplements the General Privacy Policy and applies to you if you are an EEA and/or Swiss visitor to DUKE Empirical’s publicly available website. Where this Privacy Shield Policy is inconsistent with the General Privacy Policy with regard to the Processing of EU Personal Data, this Privacy Shield Policy will prevail.

C. Compliance with EU-U.S. and Swiss-U.S. Privacy Shield Framework
DUKE Empirical U.S. complies with the Privacy Shield regarding the collection, use, and retention of EU Personal Data transferred from the European Economic Area and Switzerland to the United States. DUKE Empirical adheres to the Principles of:
  • Notice;
  • Choice;
  • Accountability for Onward Transfer;
  • Security;
  • Data Integrity and Purpose Limitation;
  • Access; and
  • Recourse, Enforcement and Liability.
If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/welcome.

1. Notice
DUKE Empirical U.S. adheres to the Notice Principle with regard to all EU Personal Data received in reliance on the Privacy Shield.
  1. What EU Personal Data do we collect?
    When you visit our publicly available website, DUKE Empirical U.S. collects and Processes the types of personal information described in section 2 of the General Privacy Policy.
  2. What do we use your EU Personal Data for?
    We collect your EU Personal Data for a range of legitimate business purposes described in section 3 of the General Privacy Policy.
  3. Who do we disclose your EU Personal Data to?
    DUKE Empirical U.S. does not disclose your EU Personal Data to third parties except as described in section 6 of the General Privacy Policy. Further, DUKE Empirical may transfer your EU Personal Data if the Company sells or transfers all or a portion of its business or assets (for example, in the event of a merger or reorganization, joint venture or liquidation).  DUKE Empirical U.S. may be required to disclose EU Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Your EU Personal Data may be Processed and stored in the U.S. and other countries where DUKE Empirical’s affiliates, subsidiaries or agents are located. DUKE Empirical utilizes a range of methods to transfer EU Personal Data across country borders. These methods include consent, contractual methods, and/or regulatory authority certifications.

2. Choice
DUKE Empirical U.S. adheres to the Choice Principle and the Choice – Timing of Opt Out Supplemental Principle.

You have the opportunity to choose (opt out) from: (1) the disclosure of your EU Personal Data to a third party (other than DUKE Empirical U.S. agents doing work on our instructions); and (2) the use of your EU Personal Data for a purpose materially different to that for which the data was originally collected (as set forth in the General Privacy Policy or this Privacy Shield Policy, or subsequently authorized by you). You may opt out by contacting us using the DUKE Empirical Contact Details provided in Section 7 below.

3. Accountability for Onward Transfer of EU Personal Data
DUKE Empirical U.S. adheres to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.

DUKE Empirical U.S. shares EU Personal Data with third-party suppliers based on contractual arrangements which, among other things, ensure that the Principles are respected as required, that the third-party supplier acts only on its instructions and that the data are appropriately secured by the third-party supplier.

In the context of onward transfers, DUKE Empirical U.S. is responsible for the Processing of the EU Personal Data it receives and subsequently transfers to a third-party agent acting on its behalf. DUKE Empirical remains liable under the Principles if its agent Processes such EU Personal Data in a manner inconsistent with the Principles, unless DUKE Empirical proves that it is not responsible for the event giving rise to the damage.

Please also see Section 2 above relating to Choice.

4. Security
DUKE Empirical U.S. adheres to the Security Principle.

DUKE Empirical U.S. takes reasonable and appropriate measures to protect EU Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the EU Personal Data. For additional information on the data security measures employed by DUKE Empirical, please see section 4 of the General Privacy Policy.

5. Data Integrity and Purpose Limitation
DUKE Empirical U.S. adheres to the Data Integrity and Purpose Limitation Principle.

DUKE Empirical's collection and Processing of EU Personal Data is limited to the purposes for which it was collected as set forth in section 3 of the General Privacy Policy, unless further use has been subsequently authorized by you. DUKE Empirical may also Process EU Personal Data for compliance with our legal obligations, internal and external auditing and due diligence, security and fraud prevention, preserving or defending DUKE Empirical’s legal rights.

DUKE Empirical takes reasonable steps to ensure that the EU Personal Data it holds is accurate, complete and current. We rely on you to update and correct your EU Personal Data, where necessary. If you wish to make a request to update or correct your EU Personal Data, please use the DUKE Empirical Contact Details provided in Section 7 below.

Where DUKE Empirical U.S. is acting as a data Controller, DUKE Empirical may retain EU Personal Data as long as necessary for the Company to: (a) complete the purpose for which it was collected; (b) meet any applicable legal requirements; or (c) protect its legitimate interests, including with respect to actual or potential legal claims.

6. Access
DUKE Empirical U.S. adheres to the Access Principle and Access Supplemental Principle.

You may obtain access to EU Personal Data that DUKE Empirical holds which is relevant to you. You may also correct, amend or delete that information where it is inaccurate, or has been Processed in violation of the Principles. If you wish to request access to your EU Personal Data, please use the DUKE Empirical Contact Details provided in Section 7 below.

DUKE Empirical may limit or deny access as provided in the Principles, including where: (a) the rights of persons other than the requesting individual would be violated; or (b) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question.

7. DUKE Empirical Contact Details
In compliance with the Principles, DUKE Empirical U.S. commits to resolve complaints about our collection or use of your EU Personal Data. If you have queries or complaints about this Privacy Shield Policy or wish to exercise your rights under Sections 2, 5, 6 or 8, you should first contact DUKE Empirical by: 8. Recourse, Enforcement and Liability
DUKE Empirical U.S. adheres to the Recourse, Enforcement and Liability Principle, as well as the Verification and Dispute Resolution and Enforcement Supplemental Principles.

DUKE Empirical has implemented a self-assessment procedure to verify its adherence to the Principles. If you have a query, concern or complaint about the application of this Privacy Shield Policy or the Processing of EU Personal Data by DUKE Empirical U.S., we encourage you to first use the DUKE Empirical Contact Details provided in Section 7 above.

DUKE Empirical U.S. has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information. The services of JAMS are provided at no cost to you. The JAMS complaint and recourse mechanism described here is available to individuals whose EU Personal Data has been collected or Processed by DUKE Empirical under the Principles. The JAMS complaint and recourse mechanism is not available to individuals whose EU Personal Data has been collected or Processed by DUKE Empirical under any other EU data transfer adequacy mechanism.

If your complaint is not resolved through DUKE Empirical’s internal complaint procedure, or JAMS, you may be able, under certain conditions, to invoke binding arbitration pursuant to Annex I to the Principles. For further information, visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

DUKE Empirical is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, which has jurisdiction over DUKE Empirical U.S.’s compliance with the Privacy Shield.