Ricoh USA, Inc. and its affiliates (“Ricoh”) respect Personal Data, including Sensitive Personal Data, which is collected or maintained by or on behalf of Ricoh. In furtherance of this commitment, Ricoh has certified its compliance with the US-EU Safe Harbor Framework regarding Personal Data collected in the European Economic Area (EEA) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and transferred to the United States. Ricoh has also certified its compliance with the U.S.-Swiss Safe Harbor Framework regarding Personal Data collected in Switzerland and transferred to the United States. Consistent with its pledge to protect personal privacy, Ricoh adheres to the Safe Harbor principles as agreed to separately by the U.S. Department of Commerce and the European Commission and the Federal Data Protection and Information Commissioner of Switzerland, and as outlined in this Safe Harbor Privacy Statement (the “Safe Harbor Statement”).
Although Ricoh receives, handles and in some cases, stores Personal Data, as defined below, Ricoh’s Customers are typically the custodians of such Personal Data. For example, Ricoh receives and temporarily stores documents and/or media that may contain Personal Data but the documents and/or media are managed by the Ricoh Customer. Ricoh returns the documents and/or media containing the Personal Data to its Customer and does not retain or control the documents and/or media containing Personal Data.
This Safe Harbor Statement sets forth the principles under which Ricoh manages the processing of Personal Data collected in the EEA or Switzerland and subsequently transferred to the United States. It applies to all Personal Data received by Ricoh in the United States in any format, including electronic or paper records.
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Ricoh or to which Ricoh discloses personal information for use on Ricoh's behalf.
“Ricoh” means Ricoh USA, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States.
“Ricoh Customer” means any individual, corporation, or organization that engages Ricoh to provide equipment, goods, and/or services for a monetary or other valuable consideration.
“Personal Data” means any information collected in the EEA or Switzerland that identifies or describes an identified or identifiable living natural person. “Personal Data” may include, for example, name, signature, employee identification number, social security number, telephone number, insurance policy number, job title, financial information, account numbers, or any other information that is capable of being associated with a particular identifiable individual. Personal Data does not include aggregate data that is not individually identifiable.
“Sensitive Personal Data” is a subset of Personal Data, and includes information pertaining to an individual’s racial or ethnic origin, political or religious beliefs or information related to an individual’s health or sex life.
Safe Harbor Principles
This Safe Harbor Statement has been developed based on the principles as outlined below:
Notice: The majority of the Personal Data Ricoh holds is not collected directly from individuals (“data subjects”) but is received from Ricoh Customers who engage Ricoh (either directly or through a third party) to process Personal Data on the Customer’s behalf. Ricoh may collect some Personal Data directly, including data related to people who have made inquiries about using Ricoh’s services. Where Personal Data is supplied to Ricoh from a Customer, that Customer maintains the responsibility for ensuring that data subjects are notified about the identity of the data controller or its representative, the purpose(s) for which it collects, processes and maintains the data, and any further information as may be required by the circumstances under which the data are collected.
Choice: In the event Personal Data is to be used for a new purpose incompatible with the purposes for which the data was originally collected by Ricoh Customers, or subsequently authorized or transferred to the control of a third party that is not acting as an agent of Ricoh, Ricoh’s Customers are given notice of such use so that such Customers can provide notice to data subjects and, where feasible and appropriate, an opportunity to decline to have their data so used or transferred. Sensitive Personal Data will not be used by Ricoh for a new purpose or transferred to the control of a third party not acting as an agent of Ricoh.
Onward Transfers: Ricoh does not typically transfer Personal Data to a third party but may on occasion, rely on third parties for various services. In such cases, Ricoh will only transfer Personal Data to a service provider, vendor or other third party acting as a processor of Personal Data for Ricoh (an “agent”) where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where Ricoh has knowledge that one of its agents is using or sharing Personal Data in a way that is contrary to these principles, Ricoh will take reasonable and appropriate steps to prevent or stop such processing.
Security: Ricoh takes reasonable and appropriate precautions to protect Personal Data in its possession and control from loss, misuse, alteration, destruction, or unauthorized access or disclosure.
Access: Although Ricoh receives, handles and in some cases, temporarily stores Personal Data, Ricoh’s Customers are typically the custodians of the permanent copy of such Personal Data and the data is managed by the Ricoh Customer. All requests by data subjects for access to Personal Data should be directed to the appropriate Ricoh Customer to ensure access to the data subject’s Personal Data.
Data Integrity: Ricoh’s Customers are responsible for ensuring that any Personal Data collected is accurate, complete, current and reliable for the intended use. The documents generated by Ricoh for its Customers are copies of documents provided to Ricoh by its Customers and may not be considered reliable, accurate, or complete, but is subsequently reviewed, and approved by the Customer. The approval steps in this workflow occur outside the Ricoh system.
Enforcement: Ricoh has put in place mechanisms to verify its ongoing compliance to these privacy principles. Any Ricoh employee found to have violated the privacy principles in this Safe Harbor Statement will be subject to appropriate corrective actions.
Dispute Resolution: Ricoh is committed to resolving any disputes that may arise by internal investigation and resolution of the issue. Should Ricoh’s efforts to resolve an issue be unsuccessful, Ricoh will facilitate the resolution of such disputes including the submission of disputes to an independent party.
Ricoh participates in the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks as set forth by the United States Department of Commerce. As part of our participation, Ricoh has agreed to the American Arbitration Association Dispute Resolution Requirements for disputes relating to our compliance with Safe Harbor. If you have complaints regarding our compliance with the Safe Harbor you should first contact Don Peyton via email at email@example.com or at Ricoh’s headquarters at 70 Valley Stream Parkway, Malvern Pennsylvania. If after contacting us your complaint is not resolved, you may then raise your complaint by contacting American Arbitration Association (“AAA”) Dispute Resolution Services Worldwide - Case Filing Services [http://www.adr.org/drs] by email [firstname.lastname@example.org], by fax at (877) 495-4185, or mail at American Arbitration Association Case Filing Services, 1101 Laurel Oak Road, Suite 100, Voorhees, NJ 08032. If you are faxing or mailing AAA to lodge a complaint, you must include the following information: Ricoh, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaints shared with Ricoh. For information about AAA or the operation of AAA’s worldwide dispute resolution process, please visit AAA [http://www.adr.org/drs] or request this information from AAA at any of the addresses listed above. The AAA dispute resolution process will be conducted in English.
Any questions, comments or complaints about the data practices (including, and without limitation, compliance with the data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of a Ricoh Customer for whom Ricoh processes data should be addressed to that Customer.
Limitation on Scope of Principles
Adherence by Ricoh to the Safe Harbor principles may be limited to the extent necessary to meet Ricoh’s regulatory, legal, governmental, or national security obligations.
How to Contact Us
Please contact us with any questions concerning this Safe Harbor Statement or any of Ricoh’s privacy practices at:
Ricoh USA, Inc.
70 Valley Stream Parkway
Malvern, PA 19355
To learn more about the Safe Harbor program, and to view Ricoh’s certification, please visit http://www.export.gov/safeharbor/.
Changes to this Privacy Statement
This privacy statement may be amended consistent with the requirements of Safe Harbor. If you would like a copy of this Privacy Statement in a permanent form please print a copy for your records. When we do update the privacy statement, we will also revise the “Last Updated” date at the bottom of this document. Any material changes to this privacy statement will also be posted on Ricoh’s website, [http://www.ricoh-usa.com].
Last Updated: May 21, 2012