PART A: ABOUT FLEX'S USE OF PERSONAL DATA
1. THIS PRIVACY NOTICE
1.1 Our Privacy & Cookies Notice Flex takes its obligations to protect privacy and personal
information very seriously. Please read this Privacy & Cookies Notice ("the Notice") carefully
as it sets out important information relating to how we handle your personal information.
1.2 Flex companies issuing the Notice In this Notice, references to "we", "us", "our" or "Flex"
are references to Flex and all its group companies. This Notice sets out how we, as data
controller, will collect and use personal information, and the choices and rights available to
you in connection with our use of your personal information. On occasion, the Flex group company
who is the data controller in the European Economic Area (EEA) will be a joint controller with
another Flex group company. Where the other Flex group company is based outside the EEA, then
the data controller responsible for responding to requests to exercise data subject rights will
be the relevant company in the EEA. In all cases, any complaints and requests to exercise data
subject rights should be addressed to the Data Privacy Liaison Officer and the Data Privacy
Liaison Officer will arrange for the responsible joint controller to handle the complaint or
request.
1.3 To whose personal information does this Notice apply? This Notice describes our practices
when using: the personal information of the business contacts, employees of clients (including
customers of our clients) of, and suppliers to, all our group companies ("business contacts");
and other persons who (1) may visit our websites ("website users") or (2) who may visit our Flex
pages on social media sites. This Notice will apply whether you have provided the information
directly to us or we have obtained it from a different source, such as a third party.
2. BUSINESS CONTACTS
2.1 Sources of business contact information We collect personal information from our business
contacts directly or from the following sources: Third party referrals; Client checking and
verification processes such as due diligence checks; Social media sites such as LinkedIn and
other public internet sites; Credit reference agencies, insurance information bureaus and
government or financial institutions; and Other public resources such as telephone directories,
newspapers, internet sites, commercially available marketing lists, registries or public
records.
2.2 What personal information we collect about business contacts The categories of information we
collect about business contacts includes: Personal details including name, home address,
employer, office address, personal and work telephone numbers and home and work email addresses;
Financial details including payments made and received and VAT/sales tax; Goods or services
provided or purchased; Communications with our business contacts; Where business contacts have
online accounts, log-in and similar credentials and information about use of these services;
Image capturing, such as photos taken at events, videos, and CCTV footage; In certain
circumstances criminal proceedings, outcomes and sentences, subject to applicable law.
2.3 How we use the personal information we collect about business contacts We use this
information for certain activities, including: Facilitating smooth running of the business
through communication with corporate customers and suppliers, for example, to communicate about
the goods and services we receive from suppliers; Maintaining and building upon customer and
supplier relationships; Business planning; To fulfil a transaction initiated by a business
contact; To fulfil a transaction initiated by a member of the Flex Group such as the purchase of
supplies or equipment; To fulfil a transaction with, or for, Flex customers; Keeping accounts
related to any business or other activity carried on by Flex; Deciding whether to accept any
person as a customer or supplier; Keeping records of purchases, sales or other transactions for
the purpose of ensuring that the required payments and/or deliveries are made or services
provided; Completion of customer satisfaction surveys; Research and development; Business
development; Event management including inviting our business contacts to events and
exhibitions; Database management; Running competitions; Security and crime prevention; For fraud
and theft prevention or investigation, or other risk management purposes; Compliance with
contractual, legal and regulatory obligations; Enabling business contacts to access their online
accounts; and For internal analysis and research to help us improve our services
2.4 Why we use the personal information of business contacts We use this information because: It
is necessary for performing our obligations, or exercising our rights, under our contracts with
customers or suppliers; It is necessary for compliance with any legal or regulatory obligations
that we are subject to; We have a legitimate business interest to: Manage our business and
brand; Provide and improve our services; Operate our business; A legitimate interest will only
apply where we consider that it is not outweighed by a business contact's interests or rights
which require protection of their personal data. If a business contact requires further
information regarding our legitimate interests as applied to their personal information, they
may contact the Global Data Privacy Officer. In limited circumstances, such as in the case of
marketing, a business contact's consent as required under applicable law. Where we rely upon a
business contact's consent, they will have the right to withdraw their consent by contacting the
Data Privacy Liaison Officer. In certain circumstances, where a business contact does not
provide personal information which is required, we will not be able to perform our obligations
under the contract with them or may not be able to provide them with products and services. We
will make it clear if and when this situation arises and what the consequences of not providing
the information will be for the business contact.
2.5 Recipients of business contact information We may disclose personal information of business
contacts to third parties as follows: Flex group companies in order to process the data for the
above mentioned purposes; Business associates and other professional advisers; Third parties
including for the purpose of event management; Claimants, beneficiaries, assignees and payees
Suppliers and/or providers of goods and services and other third parties who work on our behalf
to service or maintain business contact databases and other IT systems, such as suppliers of the
IT systems which we use to process personal information, or who provide other technical
services, such as printing; Third parties providing services to us, such as our professional
advisors (e.g. auditors and lawyers); Competent authorities such as tax authorities, courts,
regulators and security or police authorities where required or requested by law or where we
consider it necessary; and Subject to applicable law, in the event that Flex is merged, sold, or
in the event of a transfer of some or all of our assets (including in bankruptcy), or in the
event of another corporate change, in connection with such transaction.
2.6 Further Information Please see sections 4 to 8 below for further information concerning our
use of personal data.
3. WEBSITE USERS AND WEB-RELATED PRIVACY ISSUES
3.1 What personal data do we collect about website users and visitors to Flex social media pages?
The categories of information we collect about users of our website and Flex webpages on social
media sites such as Facebook, Instagram, LinkedIn and Twitter include: Information users provide
when they enter information on our website, such as when they provide contact details, answer
online questionnaires, feedback forms or applications for employment or submit CVs Information
provided when users subscribe to email newsletters such as name, email address, job title;
Information users provide when registering for an online account through our website;
Information users provide when posting content on social media sites. We also collect personal
information about the use of our website from users, including: Information captured in our web
logs such as device information (e.g. device brand and model, screen dimensions), unique
identification numbers (e.g. IP address and device ID), and browser information (e.g URL,
browser type, pages visited, date/time of access); Advertising information (such as size/type of
ad, ad impressions, location/format of ad, data about interactions with ad); Behavioural
information (such as information on the behaviour or presumed interests of individuals which are
linked to those individuals and may be used to create a user profile); and Information captured
by our cookies (see Cookiessection below). If a website user does submit their data via one of
our forms and they have cookies installed on their browser, all behavioural and web log data
will be associated back to them. The website user will be informed of this when completing our
forms. Flex also uses cookie technologies (e.g. VWO) which fully anonymise your personal
information (such as IP address or keystrokes) therefore the information cannot be traced back
to a website user.
3.2 How do we use the personal information of website users and visitors to Flex social media
pages? We use personal information of users of our website and Flex webpages on social media
sites such as Facebook, Instagram, LinkedIn and Twitter for certain activities, including:
Personalizing the experience of our website; Providing products and services that website users
have requested; Administering the website, investigating any complaints and providing customer
services; Providing website users and individuals accessing our web pages on social media sites
with information and offers on products or services that may be of interest to them; Monitoring
social media content to manage relations with our customers and promote our business and brand.
We use personal information about the use of our website for certain activities, including:
Administering the website; Performing statistical and trend analysis to improve the user
experience and performance of our website.
3.3 Why do we use the personal information of website users and visitors to Flex social media
pages? We use personal information of users of our website and Flex webpages on social media
sites such as Facebook, Instagram, LinkedIn and Twitter because: It is necessary for compliance
with any legal or regulatory obligations we are subject to; We have a legitimate business
interest to: Promote our brand and business through our website and through social media tools;
Monitor, investigate and report any attempts to breach the security of our websites; In the case
of marketing, a user's consent as required under applicable law. Where we rely upon a user's
consent, they will have an option to "Unsubscribe" and will also have the right to withdraw
their consent by contacting the Data Privacy Liaison Officer We use personal information about
the use of our website because: It is necessary for compliance with any legal or regulatory
obligations that we are subject to; We have a legitimate business interest to: Monitor,
investigate and report any attempts to breach the security of our websites; Improve the
performance and user experience of our websites; A legitimate interest will only apply where we
consider that it is not outweighed by a website or social media user's interests or rights which
require protection of their personal data. If a website user or individual accessing our web
pages on social media sites requires further information regarding our legitimate interests as
applied to their personal information, they may contact the Global Data Privacy Officer. In
certain circumstances, where a website user does not provide personal information which is
required (for example, in relation to our online services), we will not be able to perform our
obligations under the contract with them or may not be able to provide them with products and
services. We will make it clear if and when this situation arises and what the consequences of
not providing the information will be for the website user.
3.4 Who are recipients of personal information of website users and visitors to Flex social media
pages? We may disclose website and social media users' personal information to third party
recipients, as follows: to Flex group companies in order to process the data for the above
mentioned purposes; to third parties who work on our behalf to service or maintain Software as a
Service platforms for our websites such as suppliers of IT systems which we use to process
personal information, or third parties who provide other technical services, such as printing;
to third parties providing services to us, such as our professional advisors (e.g. auditors and
lawyers); to competent authorities such as tax authorities, courts, regulators and security or
police authorities where required or requested by law or where we consider it necessary; subject
to applicable law, in the event that Flex is merged, sold, or in the event of a transfer of some
or all of our assets (including in bankruptcy), or in the event of another corporate change, in
connection with such transaction.
3.5 Further Information Our websites and online services are for individuals who are at least 18
years of age. Our online services are not designed to be used by children under the age of 18.
Please see sections 4 to 8 below for further information concerning our use of personal data.
4. INTERNATIONAL TRANSFERS
Flex is a global company and, as such, we may transfer personal information to other Flex group
companies or suppliers outside your home jurisdiction. Flex will take all reasonable steps to
ensure that personal information is protected and any such transfers comply with applicable law.
Flex may transfer and maintain the personal information of individuals covered by this Notice on
servers or databases outside the European Economic Area (EEA) and outside the UK. Some of these
countries may not have the equivalent level of protection under their data protection laws as in
the EEA and as in the UK. The countries to which we transfer data outside of the EEA and outside
the UK include: Brazil, Canada, China, Hong Kong, India, Indonesia, Israel, Japan, Malaysia,
Mauritius, Mexico, Philippines, Russia, Switzerland, Singapore, South Korea, Taiwan, Turkey,
Ukraine and the USA. We also transfer data outside of the UK to the EEA. If we need to transfer
personal data outside the EEA or outside the UK, we will take steps to make sure your personal
data is protected and safeguarded once it leaves the EEA/UK, in particular:
1.the use of EU Binding Corporate Rules (for transfers from the EEA) and UK Binding Corporate
Rules (for transfers from the UK) under Article 47 of the GDPR and the GDPR as modified by the
Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations
2019 (as applicable).
2.the use of Model Clauses approved by the European Commission and permitted under Article 46 of
the GDPR (for transfers from the EEA) and as approved under UK data protection law (for
transfers from the UK). If you would like to obtain the details of such safeguards, you can
request these from the Global Data Privacy Officer. Our Data Privacy Standards (Binding
Corporate Rules) including information on your third party beneficiary rights, are available
here (Data Privacy Standards (EU Binding Corporate Rules)) and here (Data Privacy Standards (UK
Binding Corporate Rules)).
5. RETENTION PERIODS
We will retain your personal information for as long as required to perform the purposes for
which the data was collected, depending on the legal basis for which that data was obtained
and/or whether additional legal/regulatory obligations mandate that we retain your personal
information. We may also retain personal information for the period during which a claim may be
made in relation to our dealings with you. In general terms, this will mean that your personal
data will be kept for the duration of our relationship with you and: the period required by tax
and company laws and regulations; and as long as it is necessary for you to be able to bring a
claim against us and for us to be able to defend ourselves against any legal claims. This will
generally be the length of the relationship plus the length of any applicable statutory
limitation period under local laws In certain circumstances, data may need to be retained for a
longer period of time, for example, where we are in ongoing correspondence or there is a
continuing claim or investigation. If you wish to obtain further information about the retention
periods as applied to your personal information, you may find this in the retention schedule
maintained by Flex or can contact the Global Data Privacy Officer.
6. DATA SUBJECT RIGHTS
You have the following rights in connection with your personal information, if they are
applicable to you under local law:
Right to access personal information.
Right to rectify
personal information.
Right to restrict the use of personal information.
Right to request that
personal information is erased.
Right to object to processing of personal information.
Right
to data portability (in certain specific circumstances).
Right to lodge a complaint with a
supervisory authority.
A summary of each right and how an individual can take steps to exercise it is set out below and
in our Global Data Subject Rights Policy which is available on our website .
If you wish to exercise any of the above rights, please contact your Data Privacy Liaison
Officer. Such requests should include appropriate identity verification information (such as
your name, address, email address or other information reasonably required). Where we receive a
request to exercise one of these rights, we shall provide information on the action we take on
the request without undue delay and in any event within one month of receipt of the request.
This may be extended by a further two months in certain circumstances, for example where
requests are complex or numerous. The information will be provided free of charge, except where
requests are manifestly unfounded or excessive, in particular because of their repetitive
character. In these circumstances we may charge a reasonable fee or may refuse to act on the
request. We will advise an individual of any fees prior to proceeding with a request. We may ask
for additional information to verify an individual's identity before carrying out a request.
Where we do not carry out a request, we shall inform the individual without delay and within one
month of receipt of the request, providing our reasons for not taking the action requested.
6.1 Right to access personal data
Individuals have the right to confirm the following with us:
Whether or not we process
personal data about them
Certain specified information about the processing
Individuals also have a right to access the personal data and be provided with a copy.
6.2 Right to restrict processing of personal data
Individuals have the right to request that we restrict processing of their personal data where
one of the following applies: An individual contests the accuracy of the personal data. The
restriction will apply until we have taken steps to verify the accuracy of the personal data;
The processing is unlawful but an individual does not want the personal data to be erased and
requests restriction instead; We no longer require the personal data for the purposes of
processing, but it is still required by an individual in connection with a legal claim; An
individual has exercised their right to object to the processing. The restriction will apply
until we have taken steps to verify whether we have compelling legitimate grounds to continue
processing.
6.3 Right to object to processing of personal data
Where personal data is used to target marketing to an individual, they have the right to object
to this at any stage. An individual also has the right to object to processing of their personal
data where the legal basis of the processing is our legitimate interests. We will have to stop
processing until we are able to verify that we have compelling legitimate grounds for processing
which override the individual's interests, rights and freedoms, or alternatively that we need to
continue processing for the establishment, exercise or defence of legal claims.
6.4 Right to rectification of personal data
If an individual believes that the personal data we hold on them is inaccurate, they may request
that it be amended. They may also request that incomplete personal data be completed, including
by providing a supplementary statement.
6.5 Right to request erasure of personal data (“right to be forgotten”)
An individual may also request the erasure of their personal data in certain circumstances,
including the following (this is not an exhaustive list): The personal data is no longer
necessary in relation to the purposes for which they were collected or otherwise processed; The
processing was based on consent which has been withdrawn and there is no other legal basis for
processing; There are also certain exceptions where we may refuse a request for erasure, for
example, where the personal data is required to comply with a legal obligation or for the
establishment, exercise or defence of legal claims. If an individual does request erasure of
their personal data, this will potentially remove records which we hold for their benefit, such
as their presence on a suppression list and they will have to contact us to provide personal
information if they wish for us to hold this in future.
6.6 Right to Data Portability
Where we are relying upon the legal basis either of consent or that the processing is necessary
for the performance of a contract to which an individual is a party, and that personal data is
processed by automatic means (e.g. electronically), an individual has the right to receive all
the personal data which they have provided to us in a structured, commonly used and
machine-readable format and to transmit this to another controller directly, where this is
technically feasible.
6.7 Supervisory Authority
An individual also has a right to lodge a complaint with a supervisory authority, in particular
in the Member State in the European Union where they are habitually resident, where they work or
where an alleged infringement of data protection laws has taken place.
7. MISCELLANEOUS
7.1 Security
We have put in place technical and organisational security measures to prevent the loss or
unauthorised access of your personal information. We train our employees in the proper handling
of personal information. However, whilst we have used our best efforts to ensure the security of
your data, please be aware that we cannot guarantee the security of information transmitted over
the Internet. If you have reasons to believe that your interaction with us is no longer secure,
please immediately notify us of the problem by contacting us as set out below.
7.2 Links
Our Website may contain links to other "non-Flex" websites. We do not control and assume no
responsibility for the content, security or the privacy policies and practices on those
websites. Flex encourages all users to read the privacy policies of those sites to determine how
they protect and use personal information.
7.3 Changes to this Notice
From time to time, we may change and/or update this Notice. If this Notice changes in any way, we
will post an updated version on this website. We recommend you regularly review this website to
ensure that you are always aware of our information practices and any changes to such. Any
changes to this Notice will go into effect on posting to this page.
8. COOKIES AND SIMILAR TECHNOLOGIES
A cookie is a small text file which includes a unique identifier that is sent by a web server to
the browser on your computer, mobile phone or any other internet enabled device when you visit
an on-line site. Cookies and similar technologies are widely used to make websites work
efficiently and to collect information about your online preferences. For simplicity, we refer
to all these technologies as "cookies". Some of our website pages may contain electronic images
known as web beacons (also known as clear gifs, tags or pixels) that allow us to count users who
have visited our pages. Web beacons collect only limited information, e.g. a cookie number, time
and date of a page view, and a description of the page on which the web beacon resides. We may
also carry web beacons placed by third party advertisers. These beacons do not carry any
information that could directly identify you.
8.1 How do we use cookies?
We use cookies and other tracking technologies to customise content and advertising, provide
social media features and to see how our visitors move through our website. We use this
information to make decisions about ways to improve the services we offer you. We may engage
third party tracking and advertising providers such as those named below to act on our behalf to
track and analyse your usage of our website through the use of cookies. These third parties
collect, and share with us, usage information about visits to our website and, sometimes by
correlating this information with other information (e.g. your IP address), measure and research
the effectiveness of our advertisements, track page usage, help us target our recommendations
and advertising, and track use of our recommendations and advertisements.
8.2 Cookies and types of cookies what we use
The table below describes the cookies and similar technologies that we use and their
functionality.
Cookie name / provider / type
What these cookies do
Google
Analytics
__utma
__utmb
__utmc
__utmz
These cookies enable the function of Google Analytics. This software allows us to measure and
analyse visitor information such as browser usage, visitor numbers, and which pages are used. We
use this information to help improve our Website.
www.flex.com
investors.flex.com
Google Analytics _ga
The analytics.js library uses a single cookie named _ga to store a unique client identifier
(Client ID), which is a randomly generated number. This ID is used by Google Analytics servers
to calculate visitor, session, and campaign data. We use this information to help improve our
Website. www.flex.com
Act-on
Act-On uses cookies to collect information about the use of this site. The Act-On Cookie tracks
movement through all the sections of Flex's site that are beaconed for marketing information and
persists until browser policy time or cache clear. The session cookie gathers the information
about the IP address to attach a unique identifier for the user, it does not collect any other
personal identification. Although Act-On plants a permanent cookie on your web browser to
identify you as a unique user the next time you visit this site, the cookie cannot be used by
anyone but Act-On. Act-On’s ability to use and share information collected by Act-On about your
visits to this site is restricted by the Act-On Terms of Use and the Act-On Privacy Policy. You
can prevent Act-On from recognizing you on return visits to this site by disabling cookies on
your browser.
Sumo
__smShown
__smListBuilderShown
__smSmartBarShown
__smScrollBoxShown
__smWelcomeMatShown
__smSubscribed
__smUser
__smToken
__smDashView
__smShown
The cookie is set when any of the List Builder, Welcome Mat, Scroll Box or Smart
Bars are shown on your website. If you have any of your Popups/Mats set to "Don't Show to a visitor
until X days have passed", and Sumo detects this cookie in the visitors browser, it will not show
that certain Popup/Mat.
This cookie is unique to the email apps and will display in your browser
cookie list like this:
The __smSubscribed cookie is set when a visitor subscribes via any of the
List Builder, Welcome Mat, Scroll Box or Smart Bars they are shown on your website. If you have any
of your Popups/Mats set to "Not Show To Users Who Already Subscribed", and Sumo detects this cookie
in the visitors browser, it will not show that certain Popup/Mat.
The __smUser cookie is set when
you login to Sumo on your website and the cookie value is your User ID
The __smToken is set once
you login to Sumo and is checked to verify whether you are logged into Sumo or not.
The
__smDashView cookie restores the same tab you were last in when you go back into the "Dashboard"
app. For example, if you close the Dashboard app while in the "Subscriber Stats" tab, the next time
you open the app, the cookie will allow the app to be opened in the exact tab you were last in.
VWO (anonymised)
_vis_opt_exp_EXPERIMENT_ID_goal_GOAL_ID:
_vis_opt_test_cookie
_vis_opt_exp_EXPERIMENT_ID_combi
_vis_opt_exp_EXPERIMENT_ID_exclude
_vis_opt_exp_EXPERIMENT_ID_split
_vis_opt_s
_vis_opt_out
_vwo_uuid
_vis_opt_exp_EXPERIMENT_ID_
This
cookie is generated when a goal is created.
This is a temporary session cookie generated to
detect if the cookies are enabled on the user browser or not.
This cookie is generated when users
reach a particular combination. This cookie ensures that users see the same variation that they saw
on their previous visit to the page.
This cookie is generated when a user is excluded from a
test.
This cookie is generated during a Split URL test.
This cookie detects if the user is new
or returning to a particular test.
This cookie indicates that the visitor is not part of the
test. This cookie is valid for 10 years.
EXPERIMENT ID refers to the ID of the test, and GOAL ID
refers to the ID of the goal.
This cookie generates a unique ID for every visitor and is used for
the report segmentation feature in VWO. It also allows you to view data in a more refined manner. If
you have a test running on multiple domains, you will notice test-specific UUID values.
In the
combi cookie, the Control always has the value of 1, Variation #1 always has the value of 2,
Variation #2 has the value of 3, and so on.
Other targeting cookies
We may use other cookies to target and re-target visitors to our websites with digital
advertising that is most relevant to the user. These cookies are also used to limit the number
of times you see an advert or particular content, as well as help measure the effectiveness of
an advertising or marketing campaign. Using existing cookies from many sites already on your
computer, we partner with 3rd party companies to deliver advertising to specific computers. For
more information about digital advertising visit AdChoices at: www.youradchoices.com.
Social media cookies
These cookies allow users to share our websites on social media such as Facebook and Twitter.
These cookies are not within our control. Please refer to the respective privacy policies of the
social media provider for how their cookies work.
Performance cookies
These cookies collect information on how users use our websites, in order to help us improve
areas such as navigation, and to help us fix technical issues or errors. For example, we use
these cookies to help us understand how you arrive at our website, browse or use our website and
highlight areas where we can improve our website.
Functionality cookies
These cookies help us customise our website content based on a user's preferences. They remember
the user's choices such as identifying the user as a particular investor type (Retail,
Professional or Institutional), their language, the country pages visited and any changes the
user makes to text size or other parts of our website pages. The information these cookies
collect may be anonymised and they cannot track browsing activity on other websites.
Essential cookies
These cookies are essential for parts of our website to operate. They enable users to move around
our website and allow us to recognise a user within our website so that we can provide them with
service they asked for such as remembering the user's sign-in details.
You can find more information about cookies, behavioural advertising and online privacy at
www.allaboutcookies.org or www.youronlinechoices.eu.
8.3 How do I reject cookies?
If you do not want to be tracked by Google Analytics cookies you can opt-out by installing a
browser plug-in here: https://tools.google.com/dlpage/gaoptout/
At any time, you can prevent cookies from being set on your browser. For instructions on how to
block, delete or disable any cookies, please consult your browser's 'Help' or 'Support' section.
Please note that by deleting our cookies or disabling future cookies you may not be able to
access certain areas or features of our website.
Please consult the following links for information on cookie management and blocking according to
your browser:
Explorer:
https://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11.
Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Chrome:
https://support.google.com/chrome/answer/95647?hl=en
Safari:
https://support.apple.com/kb/PH19214?locale=en_GB
You can also find more information and manage
cookie storage at: www.youronlinechoices.eu
How to Contact Us
Our Global Data Privacy Officer is the Data Protection Officer for the purposes of the General
Data Protection Regulation (GDPR). Questions, comments and requests regarding this Privacy
Policy are welcomed and should be addressed to our Global Data Privacy Officer through the
following email address: dataprotection@flex.com