Advanced Search

Privacy Restricted Information

Laws and regulations restrict the confidentiality, access to, and use of certain types of personally identifiable information (“PII”). These types of PII – which could derive from Lawson employees, customers, and employees of customers – include but may not be limited to:

  • Individually identifiable health information (referred to as “Protected Health Information” under the Health Insurance Portability and Accountability Act [“HIPAA”]);
  • Nonpublic Personal Information (as defined under the Gramm-Leach-Bliley Act);
  • Sensitive personal information (as defined by the European Directive on Data Protection), including information about racial or ethnic origin, religious or political affiliation, health, and trade-union membership;
  • Personal information (as defined by several U.S. State security-breach notification acts), including credit-card information, bank-account numbers, Social Security Numbers, passport numbers, and driver’s license numbers when associated with a person’s name.

The types of information specified above – including all personal information transmitted from the European Economic Area to another region – constitute Privacy Restricted Information under this Code of Conduct.

 

The restrictions described below and under the Section entitled “Confidential Information” apply to all Privacy Restricted Information:

  • Privacy Restricted Information may not be disclosed to others except only to the extent expressly allowed by applicable laws and regulations.
  • Sensitive Information (information about medical conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or an individual’s sex life) will not be disclosed to any third party or used for a purpose other than the purpose for which it was originally obtained without the consent of the person who is subject of the information, unless disclosure is required by law.
  • Lawson’s employees and other representatives must use appropriate safeguards to prevent the unauthorized use or disclosure of Privacy Restricted Information.
  • Lawson will grant reasonable access to permit individuals to change their Privacy Restricted Information.
  • Subject to local Data Privacy requirements, any Lawson employee or other representative who knows of any interference with system operations or attempted or successful unauthorized access, use, disclosure, modification or destruction of Privacy Restricted Information must track and retain the following: (a) the date of they received the information; (b) the name of the entity or person who received the Privacy Restricted Information and, if known, the address of such entity or person; (c) a brief description of the Privacy Restricted Information disclosed; and (d) a brief statement of the purpose of such disclosure which includes an explanation of the basis for such disclosure.
  • Upon termination of the authorized use, the Lawson employee or representative must return all Privacy Restricted Information to the entity they received it from and shall not retain copies of such information, or, if return of the Privacy Restricted Information is not feasible, the Lawson employee or representative must continue to extend the protections to such Privacy Restricted Information and limit further use of the information to those purposes that make the return or destruction of the information infeasible.
  • Lawson’s General Counsel must be notified in writing immediately upon (a) learning of or receiving any subpoenas, orders or other legal mandates regarding the use or disclosure of Privacy Restricted Information or (b) receiving a request for amendment of an individual’s Personal Information or an accounting of disclosures of Privacy Restricted Information.

Americas-based Lawson employees should review Lawson’s Policy titled “Use of Privacy Restricted Information” policy located on the employee portal under the Employee Self-Service section. Access ERG Policy 3.03 through the Handbook section. EMEA and APAC-based employees should refer to the applicable section of their employee handbook or contact their Human Resources representative for more information.

 

For non-Lawson employees, additional information on this topic may be obtained at the HIPAA and Gramm-Leach-Bliley Compliance website located on this site in the section entitled Corporate Governance."

 

>> Continue reading the next section of the Lawson Code of Conduct

 

All sections of the Lawson Code of Conduct:

A Message from the CEO

 Application of the Policies  
Code of Conduct  Antitrust Laws  
Cellular Telephone Use in Automobiles  Confidential Information  
Conflicts of Interest  Consultants  
Disclosures to the Public  Employee Relations and Policies 
Entertainment and Gifts  Fraud Prevention and SEC Compliance  
Government Investigations Insider Trading
Political Activity and Contributions   Privacy Restricted Information ** 
Record Keeping for Financial Transactions and Product Development  Records Management 
Reporting Violations   Security and Safety 
Signing Contracts and Expenditure Commitments   Trade Restrictions and Export 
Weapons-Free Workplace   Workplace Behavior at Lawson (including how to address issues of discrimination and harassment)  
 
 
 
 
Clear