Flowserve Employee and Customer Data Protection Policy

Flowserve's Employee Data Protection Policy guides the company's conduct regarding the collection and use of all personal information about employees, employee family members and applicants, customers and suppliers when it is conducting company business, including, but not limited to, the provision of appropriate career opportunities, pay programs, and benefits to employees.

Employee and Customer Data Protection Policy

Revised January 1st, 2014.

PURPOSE

Flowserve's Employee Data Protection Policy guides the company's conduct regarding the collection and use of all personal information about employees, employee family members and applicants, customers and suppliers when it is conducting company business, including, but not limited to, the provision of appropriate career opportunities, pay programs, and benefits to employees.

Flowserve's Employee Data Protection Policy covers the collection, processing, transmission and electronic and manual storage of personal data pertaining to any Flowserve customer, supplier, employee or candidate for employment in all of its domestic and international offices, subsidiaries and affiliates. This includes personal data that is transferred across international borders or that is shared with any entity affiliated with Flowserve. The obligations, restrictions and procedures outlined in this policy apply to all Flowserve personnel and third party service providers, even if local laws are less restrictive.

DEFINITIONS

For the purposes of this policy, "personal data" or "personal information" is any information relating to an identified or identifiable natural person, including without limitation such person's name, date of birth, personal home address, home telephone number, work experience and biometric data (i.e. photographs and fingerprints). For the purposes of this policy, "sensitive personal data" includes, among other things, an individual's racial or ethnic origin, religious beliefs, trade-union membership, social security number or other national identification number, medical or health conditions and other similar types of sensitive personal data.

HOW PERSONAL AND SENSITIVE PERSONAL DATA IS COLLECTED, PROCESSED AND STORED

Flowserve collects, processes, stores and transmits applicant and employee-related personal information through the use of two automated processes. First, when appropriate, Flowserve relies on local, in-country personal data management systems for maintaining payroll, benefits, and other routine personal information needs. In such cases, personal data pertaining to an employee or a candidate for employment is ordinarily processed and stored in the country that is the place of employment. In some cases, a regional office may process personal data for several countries. In the second instance, Flowserve uses automated systems and databases to consolidate division-wide or company-wide information pertaining to employees and candidates for employment on a global basis. In this case, personal data may be transferred to another country, including the United States. Because Flowserve is a global company headquartered in the United States, the use of this system necessitates our transfer of aggregate and individual employee data, which could include sensitive personal data (to the extent permitted by applicable local law), through the computers and electronic systems of Flowserve in the United States and, when applicable, to certain Flowserve service providers, under conditions described in this policy. However, Flowserve Corporation has self-certified with the U.S. Department of Commerce and is a member of its "Safe Harbor" regime, which requires Flowserve Corporation to provide an adequate level of privacy protection that fulfils the standards of the EU Data Protection Directive 95/46/EC (the "Directive"). Accordingly, personal data transmissions from Europe to Flowserve Corporation in the United States are permissible under the Directive.

Flowserve may also collect certain limited personal data relating to its customers and suppliers. This is limited to names and contact details such as telephone number or email address. Customer and supplier personal data will be stored in our customer record management systems.

PROTECTING PERSONAL AND SENSITIVE PERSONAL DATA

Maintaining the security and confidentiality of personal and sensitive personal data pertaining to our customers, suppliers, employees and applicants is very important to Flowserve. Flowserve has designed its personal data management systems to protect that data. Records pertaining to customers, suppliers and employees can only be used for legitimate employment-related and business-related purposes and to provide information to government entities and third parties when required by applicable laws. This data will not be used for other purposes without the consent of the person to whom the records pertain. Flowserve's records containing personal data are maintained securely so that no one has access to them except designated Flowserve personnel.

Flowserve has established a process for Flowserve’s customers, suppliers and employees to review their personal and sensitive personal data in employee records. If an employee wishes to review this information, he or she should contact their local human resources manager. Flowserve employees may correct their data if any of the records are inaccurate or out-of-date.

Flowserve prescribes certain specific purposes for which personal and sensitive personal data regarding customers, suppliers and employees are to be used as well as who will have access to the information, the procedures to be used by employees to access their own individual files and to make corrections and the security measures established to protect employee-related data.

PRIMARY USES OF PERSONAL DATA

Flowserve processes and transfers to other countries, including the United States, personal and (subject to applicable local law) sensitive personal data from prospective, current and past employees, including self-employed and contract personnel, secondees, temporary staff, and voluntary workers for a variety of administrative purposes. These administrative purposes may include, among others, recruitment, recording of working time, administration and payment of wages, salaries, pensions and other benefits with deductions, employee assessment and training, negotiation or communication with employees, staffing and career planning, compliance with company policy and/or legislation in relation to health, safety and other employment matters, as well as analysis for management purposes and legally-mandated filings and returns. Examples of the most common uses of personal data include:

  1. Job Applicants. Flowserve collects personal data from job applicants as part of the process of assessing the suitability of candidates for a vacancy within the organization, and to determine offers of employment to applicants who are selected for opportunities with the company.
  2. Employees. Flowserve collects personal data about employees as needed for the supervision, management and remuneration (or compensation) of employees, to develop and maintain the employment relationship and to support Flowserve's development of appropriately skilled staff. This information may also be used to contact employees when absent from the office, in producing tax returns, assessing employees' training and development needs, planning promotions, administering retirement plans to which employees contribute and from which they may benefit, providing internal directories for use by employees in communicating with one another for business purposes and other similar activities.
  3. Post-Employment. Flowserve maintains personal data about former employees to the extent permitted by applicable local data protection law. Flowserve uses this information to provide residual employment-related services to the former employee, such as job references, processing applications for re-employment, matters relating to pensions, retirement scheme payments or healthcare insurance or reimbursement, as well as other activities.

In addition to routine personal data processing, Flowserve may to the extent permitted by applicable data protection law transfer human resources data to its offices in other countries, including the United States, for other employment-related purposes including, but not limited to:

  1. Providing healthcare services such as preventive medical care programs, medical diagnosis, other health-related care or treatment or the management of health-care services.
  2. Processing data relating to offences, criminal convictions or security measures, if authorized under applicable local laws.
  3. Processing necessary for the performance of a contract to which the employee or candidate for employment is a party, or to act upon a request of the employee or candidate for employment prior to entering into a contract.
  4. Processing necessary for compliance with a legal obligation to which Flowserve is subject.
  5. Processing necessary to protect the vital interests of the employee or employment candidate.
  6. Processing necessary for the performance of a task carried out in the public interest subject to applicable laws.
  7. Processing for other purposes consented to by the employee or candidate for employment.

Flowserve may store personal data limited personal data relating to its customers and suppliers in its systems and databases, for marketing, fulfillment, procurement and invoicing purposes. This personal data is not transferred out of the European Economic Area.

PRIMARY USES OF SENSITIVE PERSONAL DATA

Flowserve will process sensitive personal data pertaining to employees only if: (i) it is necessary to meet the obligations and specific rights of Flowserve under applicable employment laws, insofar as national laws authorize such processing; (ii) it is necessary to protect the vital interests of the employee or of another person under circumstances where the employee is physically or legally incapable of giving consent; (iii) it is required under applicable national law for the purposes of preventive medicine, medical diagnosis, or the provision of care or treatment or the management of health-care services by healthcare professionals or other persons subject to national laws or rules relating to professional secrecy; (iv) the employee has given his or her explicit consent to the processing of such sensitive personal data, unless such consent is not sufficient under the laws of the country in which such employee is located; (v) the sensitive personal data is manifestly made public by the employee; or (vi) processing is necessary for the establishment, exercise or defense of legal claims.

Flowserve will not, other than in exceptional circumstances, process sensitive personal data pertaining to customers or suppliers.

THIRD-PARTY USE OF PERSONAL AND SENSITIVE DATA

Personal and sensitive personal data supplied by Flowserve's employees may be shared with Flowserve's insurers, bankers, consultants, legal representatives, human resource consultants, healthcare providers and other third parties that provide services to Flowserve and/or Flowserve's employees and their family members. Retirement fund managers and personnel and, in some countries, relevant labor organizations, may also be provided data. In addition, Flowserve provides personal employee-related information to government organizations when so required by law. Such legal requirements may include the preparation of tax-related material, pension-related material, responses to summonses or other legal processes, compliance with labor and employment laws, or as elsewhere required under local law.

Flowserve may require third-party service providers to perform data processing or other services involving employee data, such as human resource consulting. All third-party service providers who will have access to personal and sensitive personal data must enter into written contracts with Flowserve requiring them to limit their processing of the data to the purposes set forth in Flowserve's Employee Data Protection Policy and only as authorized by Flowserve. Under these contracts, service providers will be required to maintain the same level of protection and security regarding personal and sensitive personal data as that provided by Flowserve itself. Service providers will also be required by these contracts to retain the data only for as long as it is necessary to carry out the services requested by Flowserve. Upon completing these services, service providers will be required to return the data contained in manually processed files to Flowserve and to expunge all personal and sensitive personal data stored on their electronic files.

In certain limited circumstances, third-party service providers may be permitted to use non-personally identifiable employee data in the form of aggregate or statistical data for surveys, research, or similar purposes.

EMPLOYEE ABILITY TO ACCESS AND CORRECT

Every Flowserve job applicant, employee, and former employee may request access to his or her personal records and may correct, amend or delete personal and sensitive personal data that pertains to him or her which is incorrect or outdated. Such requests, as well as any enquiries or complaints, should be referred to Human Resources. Human Resources can also provide assistance in contacting the Data Protection Officer. Flowserve will respond to each request within a reasonable time frame and in accordance with any period specified by applicable data protection law so as to provide appropriate access to personal and sensitive personal data and the ability to correct such data. The Company will require individuals to provide sufficient information to allow Flowserve to confirm their identity before granting them access to their data. If Human Resources is unable to help you, you can contact the Flowserve Data Protection Officer at Flowserve Corporation, 5215 North O'Connor Boulevard, Suite 2300, Irving, Texas 75039 USA. You can also reach the Data Protection Officer by leaving a message on the Flowserve Ethics Hotline, where available.

Flowserve may make certain exceptions to this access in cases involving internal investigations, law enforcement, or other legal restrictions to the extent permitted by applicable law. In addition, access may be denied or limited (in accordance with applicable data protection law) in cases, including, without limitation, where (i) the burden or expense of providing access would be disproportionate to the risks to the employee's privacy; (ii) the privacy of persons other than the person making the request would be violated; (iii) it would interfere with law enforcement, private legal causes of action, a legal or other professional privilege or obligation, future or ongoing mergers and acquisition negotiations or employee succession planning. If Flowserve is unable to provide access to an employee's personal or sensitive personal data, it will provide the individual requesting access with an explanation of why it has made that determination and a contact point for further enquiries.

SECURITY OF PERSONAL AND SENSITIVE PERSONAL DATA

Flowserve may be required by applicable law to take reasonable steps to prevent the loss, misuse, and unauthorized access, disclosure, alteration and destruction of personal data and has established the following practices to protect the security and integrity of such data:

  • Access to personal data, including actual processing, is strictly restricted to those Flowserve persons or service providers who have a defined "need to know" and/or "need to use" function.
  • Flowserve staff and service providers who access and/or process personal data are required to maintain the security and confidentiality of this data through Flowserve's Code of Business Conduct or U.S. Department of Commerce "Safe Harbor" Guidelines.
  • If protocols are breached, Flowserve will take appropriate investigative and enforcement action against staff who have violated the terms and conditions of their confidentiality responsibility. In addition, Flowserve will where required by law, notify those whose personal data has been breached.
  • Flowserve electronic data systems have security features to protect confidential information. These include the use of account names and passwords, audit trails and prohibitions against unauthorized use. Only authorized personnel are allowed to modify security settings.
  • Flowserve requires that all electronic files containing personal data be secured and it forbids the removal of that data from the Company's premises, unless such removal has been determined by Flowserve as being necessary for the performance of a legitimate data processing or business purpose provided for in this policy.

DATA INTEGRITY

Flowserve limits its processing and use of personal and sensitive personal data to those purposes relevant for human resources program and process management as outlined in this policy. Flowserve is committed to ensuring that its personal and sensitive personal data is reliable, accurate, complete and current. Flowserve relies on its current and former employees and employment candidates, as well as any providers of services to these individuals, as the primary source of their personal data. Accordingly, Flowserve has a legitimate expectation that these sources will provide personal data to Flowserve that is reliable, accurate and current.

LIMITATIONS ON USE

Flowserve retains personal and sensitive personal data for as long as is reasonably necessary to fulfill Flowserve's legitimate business needs and will take reasonable care in the destruction of documents containing persona data. Flowserve will collect store and process employee data lawfully. Flowserve will make reasonable efforts to ensure the accuracy of personal data. Flowserve will only authorize the transfer of personal data when such a transfer is lawfully permitted.

NOTICE

Flowserve informs employees and candidates for employment of the Data Protection Policy by posting an electronic version of this policy on Passport, Flowserve's Intranet website.

ENFORCEMENT

If, as a job candidate or current or former employee, you become aware of any violation of this Policy, including any breach of Flowserve's security measures pertaining to personal and sensitive personal data, please contact Flowserve's Data Protection Compliance Officer via the Flowserve Ethics Hotline, where available. If necessary, you may (where permitted by local law) anonymously notify the Data Protection Officer by writing to Data Protection Officer, Flowserve, 5215 North O'Connor Boulevard, Suite 2300, Irving, Texas 75039. The Data Protection Officer will investigate and resolve individual complaints and disputes and will execute procedures for verifying compliance with Flowserve's Data Privacy Policy. If the Data Protection Officer determines that a privacy breach has occurred as the result of an employee or service provider's negligence or intentional misconduct, Flowserve will impose appropriate sanctions, including suspending or terminating such employee/service provider. Flowserve has also established an appeals procedure for individuals whose data has been mishandled and/or who are not satisfied with the investigation results or determinations of the Data Protection Officer. In order to initiate an appeal, individuals should contact Flowserve's Chief Compliance Officer at 5215 North O'Connor Boulevard, Suite 2300, Irving, Texas 75039. Anonymous complaints can also be submitted via the Flowserve Ethics Hotline, where available.

As a member of "Safe Harbor", Flowserve has agreed to co-operate with European Data Protection Authorities. These Authorities can investigate and provide independent recourse in instances where Flowserve's internal recourse mechanisms fail to redress a privacy breach affecting the personal data of European individuals. Employees are encouraged to exhaust all of Flowserve's in-house enforcement mechanisms prior to involving European Data Protection Authorities in these matters.

Flowserve Corporation complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  Flowserve Corporation has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Flowserve Corporation’s certification, please visit http://www.export.gov/safeharbor/.

 

Web Site Privacy

What This Policy Covers

This policy covers how we at Flowserve treat personal information that we collect and receive through our Web site. Personal information is information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available.

We are committed to protecting your information. We want your experience as a visitor to our Web site to be safe, secure, and valuable. We believe that helping you feel comfortable with our information practices will contribute to your ability to effectively use our Web site.

Commitment

We will not share your name, email address, or any other information provided on our Web site with other people or nonaffiliated companies except to provide products or services that you have requested. You are also free to request that we delete any information that you have submitted.

How Information is Used

We use information collected on the Web site to fulfill your requests for product, services, support, contact you, conduct research, and provide anonymous reporting for internal and external clients.

We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products, services, or support to you or in order to do their jobs.

We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.

Information Automatically Collected by our Web sites

Our servers automatically collect certain non-personally identifiable information, such as your computer's IP address, the type of browser in use, and pages viewed, when you visit our Web site. We use this information to understand how visitors navigate through our Web site, to enhance your experience while using our Web site, and to make the materials we post as valuable to visitors as possible. We do not link this information to personally identifiable information on our Web site.

Changes in this Privacy Statement

If we change this privacy statement in ways that affect the personally identifiable information we have collected through our Web site, we will post those changes in this space to advise you of choices you may have as a result of those changes. We will also post a notice on our home page that this privacy statement has changed.

Questions and Compliance

If you have any questions about information submitted you can contact us to discuss our Web site and how we use the information that we gather, or if for any reason you feel that we have not completely complied with this privacy statement, please email us at privacy@flowserve.com.