Data Subject Access Rights Policy
Please see the bottom of this page for our DSAR Policy & Request Foms in other languages.
This policy is mandatory for all operations, including Belden’s worldwide subsidiaries and affiliates, that maintain or process Personal Data (as defined herein) of residents of the European Union and that are subject to the provisions of the General Data Protection Regulation (the “GDPR”).
Belden Inc., including its worldwide subsidiaries and affiliates, values the privacy rights of our employees, customers, partners, suppliers, vendors and others. As required by the GDPR, European Union residents are permitted to make certain requests of us relating to Belden’s processing of personal data. Such requests are known as Data Subject Access Requests. This policy outlines the requirements for making such requests and Belden’s corresponding obligations.
As mandated by the GDPR, residents of the European Union are permitted to make certain requests with respect to Personal Data collected and processed by Belden and its worldwide subsidiaries and affiliates. Consistent with this policy, Belden will review data subject requests and respond appropriately within the time periods provided by GDPR, which is normally one month, but may be delayed in certain circumstances by up to two months. Please also note that our response time will be tolled while any request for follow-up or additional information necessary to process a request is outstanding.
a. Data Subject Access Rights
The GDPR provides data subjects with certain access rights with respect to their Personal Data. Those rights are summarized briefly below:
- Basic Information—the right to understand who Belden is & how we process a data subject’s data
- Access—the right to request a summary of the data subject’s Personal Data processed by Belden, along with a copy of such personal data
- Portability—the right to request we provide a copy of a data subject’s Personal Data in machine readable form for transportation to another controller/processor
- Rectification—the right to request we correct errors or update a data subject’s Personal Data
- Erasure—the right to request Belden erase Personal Data in our possession
- Restriction on Use—the right to request Belden stop processing a data subject’s Personal Data
- Objection to Use—the right to object to our assertion that we have a legitimate interest in processing a data subject’s Personal Data
- Objection to Direct Marketing—the right to object to receiving direct marketing materials from Belden &/or Belden subsidiaries & affiliates
- Objection to Automated Processing—the right to object to our use of Personal Data to make automated decisions affecting the data subject
Additional detail regarding each of the above mentioned rights is available in Exhibit A.
Note the data subject access rights described above are not absolute, and in many cases are subject to exceptions or other restrictions. For example, we are not obligated to comply with a request to stop processing a data subject’s personal data if such processing is necessary to facilitate a data subject’s on-going employment or other relationship with Belden or one of its affiliates or subsidiaries. If we determine that a request is invalid or does not correspond with the data subject access rights provided by GDPR, we will inform the data subject of such determination promptly upon reaching that conclusion.
b. Procedure for Submitting Requests
In order to submit a Data Subject Access Request, a data subject must complete the Data Subject Access Request form, or, if you are unable to submit your request online, you may find a paper submission form in the 'Exhibit B' section of this page. Belden’s data privacy team will review all requests received to determine if they are complete and within the scope of the GDPR and respond as required by GDPR.
REQUESTS SUBMITTED IN ANY MANNER OTHER THAN THE SUBMISSION OF BELDEN’S DATA SUBJECT ACCESS REQUEST FORM AS PROVIDED HEREIN SHALL BE CONSIDERED INVALID AND WILL BE REJECTED.
In order to properly process a data subject’s request, it may be necessary for Belden to request additional information. This may include, but is not limited to, requesting that a data subject verify his or her identity and eligibility to make the submitted request by providing certain additional documentation, such a photocopy of his or her passport or other identification or information satisfactory to Belden. If we request additional information necessary to process a data subject’s request, we will do so by contacting the data subject at the email address provided in the Data Subject Access Request Form. Our response time will be delayed by the amount of time it takes the data subject to provide the requested information.
c. Belden’s Response
Belden will review all Data Subject Access Requests that are submitted in the manner provided in this policy. We will acknowledge receipt of a data subject’s request promptly following receipt, and will follow up with the data subject at the email provided in the Data Subject Access Request Form if additional information is needed. As previously stated, our response time will be delayed by the amount of time it takes for a data subject to respond to a request for additional information.
Generally, we will respond to a data subject’s Data Subject Access Request within the one month time period provided by GDPR. In certain circumstances, we may require up to an additional two months to respond to a particular request. If additional time is necessary, we will notify the data subject promptly upon determining additional time is required.
All responses to Data Subject Access Requests will be provided in the form required by GDPR.
IV. Exhibits Index
Exhibit A: Data Subject Access Rights
This Exhibit A summarizes data subject’s rights with respect to the processing of his or her personal data. This Exhibit is provided for the convenience of Belden’s employees, customers and others about whom Belden processes personal data. The rights and exceptions described herein may not be exhaustive, and any omission from this policy document shall not preclude any party from asserting such rights (or claiming exceptions thereto) in the future. This policy is does not, nor is it meant to, convey legal advice of any kind to any data subject or subjects.
- The Right to Basic Information. Data subjects have the right to understand who Belden and its affiliates are, and why and how it/they process his or her personal data. The right to basic information includes, but it not limited to, the right to know the identity of the data controller, the reasons and grounds for processing personal data, and any other information necessary to ensure the fair and transparent processing of personal data
- The Right of Access. Data subjects have a right to obtain confirmation from Belden that it processes certain personal data related to a data subject and a right to obtain a copy of that information, along with other details about how and why Belden uses the data subject’s information, in an intelligible and, in most cases, electronic format. Once the veracity and appropriateness of an access request is affirmatively determined by Belden, Belden will, within the period required by GDPR, provide you with, among other information, a description of the personal data and categories of data processed the purpose for which such data is being held and processed, and details about the source of the personal data if not provided by the data subject.
- The Right of Rectification. Belden must ensure that all personal data that it holds and use about a data subject is correct. If such data is not accurate, a data subject has the right to require that Belden updates such data so it is accurate. In addition, if Belden has passed on incorrect information about a data subject to a third party, the data subject also has a right to oblige Belden to tell those third parties that this information should be updated.
- The Right of Erasure (i.e., "right to be forgotten"). Data subjects have a right to require Belden to erase certain personal data if particular conditions are satisfied. Belden is legally obligated to comply with a request to delete personal data if: the data is no longer needed for the original purpose and no new lawful purpose exists for continued processing; the lawful basis for processing is consent of the data subject and such consent is withdrawn; the data subject exercises his or her right to object to Belden’s processing of his or her personal data, and Belden has no overriding grounds for processing the data; the personal data is processed unlawfully; or erasure of the data is necessary to comply with EU law or the national law of any member state. In addition, if Belden has passed on personal information to a third party, a data subject also has a right to oblige Belden to tell those third parties that the information should be erased.
The right to erasure is not absolute. Even if a data subject falls into one of the categories described above, Belden is entitled to reject the data subject’s request and continue processing data if such processing is: necessary to comply with legal obligations; necessary to establish, exercise or defend legal claims; or is necessary for scientific, historical or statistical purposes and deletion of the data would render such processing impossible.
- Right to Object. In circumstances where Belden processes personal data on the basis that it is in its legitimate interests to do so (i.e., communications with customers; employee matters), a data subject has the right to object to our processing on such grounds. Notwithstanding the receipt of such an objection, Belden shall be permitted to continue processing a data subject’s personal data if: Belden has compelling legitimate grounds for processing the information which overrides the rights, interests and freedoms of the data subject; the data is necessary to establish, exercise or defend a legal claim or right; or the processing is for scientific, historical or statistical purposes carried out in the public interests.
- Right of Restriction. Even if a data subject is not permitted to require Belden to erase his or her personal data, a data subject may limit the purposes for which Belden may process his or her personal data. Belden’s processing activities may be restricted if: the accuracy of the data is contested; processing is unlawful and data subject requests restriction instead of erasure; Belden no longer needs the data for its original purpose, but the data is still required to establish, exercise or defend legal rights; or consideration of overriding grounds in the context of an erasure request.
- Right of Data Portability. In certain scenarios, a data subject can request that Belden send (or "port") his or her personal data to another entity. Portability rights only apply if the data in question was provided by the data subject to the controller, processed automatically, and is processed on the legal bases of either consent or fulfilment of a contract.
- Right not to be Subject to Automated Decision Making. If Belden makes automated (i.e. machine-driven) decisions about a data subject without involving a human and that decision has an impact on the data subject, you have a right to ask us to review that decision to check that the same decision would have been made by a human.
- Right to Opt Out of Direct Marketing. If Belden sends you marketing communications by email or other electronic methods (e.g. by SMS), a data subject has the right to require Belden to stop sending such communications.