Safe Harbor Certification

Safe Harbor Privacy Statement

RICOH USA, Inc. ("RICOH") respects Personal Data which is collected or maintained by or on behalf of RICOH. In furtherance of this commitment, RICOH adheres to the Safe Harbor Agreement concerning the transfer of personal data from Switzerland and the European Union (“EU”) to the United States of America. Accordingly, RICOH follows the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”). From an EU perspective, when RICOH receives, handles and in some cases, stores Personal Data on behalf of our Customers, RICOH is operating as a data processor. RICOH’s Customers are the custodians of the Personal Data and, as such, operate as the data controller.

Scope

This Safe Harbor Privacy Statement sets forth the principles under which RICOH manages the processing of Personal Data transferred to the United States from the EU. The Personal Data that RICOH processes, and that is covered by this Safe Harbor Privacy Statement, is not collected directly from Data Subjects but is received from RICOH Customers, or on behalf of RICOH Customers, who engage RICOH (either directly or through a third party) to process Personal Data on the Customer's behalf. This Safe Harbor Privacy Statement applies to Personal Data received by RICOH in the United States in any format, including electronic or paper records. This Safe Harbor Statement does not apply to Ricoh's managed services offerings or RICOH's human resources data.

Definitions

"RICOH" means RICOH USA, Inc.

"RICOH Customer" means any individual, corporation, or organization that engages RICOH to provide equipment, software, goods, and/or services for a monetary or other valuable consideration.

"Personal Data" means any information relating to an identified or identifiable natural person that is an EU citizen ("Data Subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. Personal Data does not include aggregate data that is not individually identifiable.

Safe Harbor Principles

This Safe Harbor Statement has been developed based on the Principles as outlined below:

Notice: Where Personal Data is supplied to RICOH from a Customer, that Customer maintains the responsibility for ensuring that data subjects are notified about the identity of the data controller or its representative, the purpose(s) for which it collects, processes and maintains the data, and any further information as may be required by the circumstances under which the data are collected.

Choice: The Safe Harbor framework requires that Data Subjects are offered a choice to opt out of uses and disclosures of their data that are incompatible with the purpose for which that data was originally collected or subsequently authorized. RICOH Customer, as the data controller, is responsible for obtaining from its Data Subjects the appropriate consent to transfer any Personal Data to RICOH to process the data for the defined purposes. As the data processor, RICOH will not share, sell, rent or trade with third parties for their marketing purposes any Personal Data collected, unless directed to do so by RICOH Customer with appropriate authorization.

Onward Transfers: RICOH may disclose Personal Data to business partners and subcontractors as necessary in connection with the performance of requested services or solutions. Prior to disclosing Personal Information to a third party, Ricoh may notify RICOH Customer of such disclosure to allow Customer to provide notice to Data Subjects and the choice to opt out of such disclosure. RICOH has taken steps to ensure that any third party for which Personal Information may be disclosed subscribes to the Principles, are subject to law providing the same level of privacy protection as is required by the Principles, or agree in writing to provide an adequate level of privacy protection. Where RICOH has knowledge that a third party that it has transferred Personal Data to is using Personal Data in a way that is contrary to Principles, RICOH will take reasonable and appropriate steps to prevent or stop such practices.

Security: RICOH takes reasonable and appropriate precautions to protect Personal Data in its possession and control from loss, misuse, alteration, destruction, or unauthorized access or disclosure.

Access: Although RICOH receives, handles and in some cases, temporarily stores Personal Data, RICOH’s Customers are the custodians of the permanent copy of such Personal Data and the data is managed by the RICOH Customer as the data controller. All requests by Data Subjects for access to Personal Data should be directed to the appropriate RICOH Customer to ensure access to the permanent copy of Data Subject’s Personal Data.

Data Integrity: RICOH's Customers are responsible for ensuring that any Personal Data collected is accurate, complete, current and reliable for the intended use. RICOH shall only process Personal Information in a way that is compatible with and relevant for the purpose for which Customer has provided it.

Enforcement: RICOH has put in place mechanisms to verify its ongoing compliance to these privacy principles. Any RICOH employee found to have violated the privacy principles in this Safe Harbor Privacy Statement will be subject to appropriate corrective actions.

Dispute Resolution: RICOH is committed to resolving any disputes that may arise by internal investigation and resolution of the issue. Should RICOH's efforts to resolve an issue be unsuccessful, RICOH will facilitate the resolution of such disputes including the submission of disputes to an independent party.

RICOH has agreed to use the American Arbitration Association Dispute Resolution Requirements for disputes relating to our compliance with Safe Harbor. If you have complaints regarding our compliance with the Safe Harbor you should first contact us at safeharbor@ricohusa.com or at RICOH's headquarters at 70 Valley Stream Parkway, Malvern Pennsylvania. If after contacting us your complaint is not resolved, you may then raise your complaint by contacting American Arbitration Association ("AAA") Dispute Resolution Services Worldwide - Case Filing Services [http://www.adr.org/drs] by email [casefiling@adr.org], by fax at (877) 495-4185, or mail at American Arbitration Association Case Filing Services, 1101 Laurel Oak Road, Suite 100, Voorhees, NJ 08032. If you are faxing or mailing AAA to lodge a complaint, you must include the following information: RICOH, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaints shared with RICOH. For information about AAA or the operation of AAA’s worldwide dispute resolution process, please visit AAA [http://www.adr.org/drs] or request this information from AAA at any of the addresses listed above. The AAA dispute resolution process will be conducted in English.

Any questions, comments or complaints about the data practices (including, and without limitation, compliance with the data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of a Ricoh Customer for whom Ricoh processes data should be addressed to that Customer.

Limitation on Scope of Principles

Adherence by RICOH to the Safe Harbor principles may be limited to the extent necessary to meet RICOH’s regulatory, legal, governmental, or national security obligations.

How to Contact Us

Please contact us with any questions concerning this Safe Harbor Statement or any of Ricoh's privacy practices at:

Katie Lester, Senior Counsel
Ricoh USA, Inc.
70 Valley Stream Parkway
Malvern, PA 19355

Changes to this Privacy Statement

This privacy statement may be amended consistent with the requirements of Safe Harbor. If you would like a copy of this Privacy Statement in a permanent form please print a copy for your records. When we do update the privacy statement, we will also revise the "Last Updated" date at the bottom of this document. Any material changes to this privacy statement will also be posted on RICOH’s website, [http://www.ricoh-usa.com].

Last Updated: May 21, 2015

Page Top