Other Important Privacy Information
Security of Personal Data. Ingram Micro uses appropriate technical and organization controls and measures to secure and protect your Personal Data from unauthorized loss, misuse, and disclosure, such as strong user access controls, segmented network architecture, and comprehensive employee policies and training. Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while Ingram Micro attempts to protect all Personal Data, Ingram Micro cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. Ingram Micro will notify you in the event we become aware of a security breach involving your personally identifiable information (as defined by the applicable foreign, federal, state, and local laws) stored by or for us, in accordance with applicable laws.
Legal Basis for Processing Personal Data (EEA Visitors Only). If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Data information described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you (such as to fulfill your purchase of an Offering), (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third-party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services and Offerings to you, and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If we collect and use your Personal Data based upon your consent, the consequences of denying or withdrawing consent will be made known at the time your consent is provided.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Questions and Contact Information” heading below.
Accuracy. It is your responsibility to provide Ingram Micro with accurate Personal Data. Except as otherwise set forth in this Privacy Statement, Ingram Micro shall only use Personal Data in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. To the extent necessary for these purposes, Ingram Micro shall take reasonable steps to ensure that Personal Data is accurate, complete, current and relevant to its intended use.
International Data Transfers. Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our primary Website servers are in the United States, and our Affiliates and third-party service providers and partners operate around the world. This means that when we collect your Personal Data we may process it in any of these countries. However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Statement. For Personal Data collected in the countries of the European Economic Area and transferred or accessed by Ingram Micro in the United States, Ingram Micro, Inc. has executed the European Commission’s Standard Contractual Clauses.
For additional transfers of Personal Data between our Affiliates outside the EEA and United States we have implemented the European Commission’s Standard Contractual Clauses, which require us to protect Personal Data they process from the EEA in accordance with European Union data protection law. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
Retention Period. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with an Offering you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
If you are a resident of the European Union, all the Personal Data related to you and received and stored by Ingram Micro are erased after 5 years, save for any Personal Data in documents and files we must keep for a longer period under applicable laws. For example, we cannot erase personal data appearing on VAT invoices before we can delete the invoices from our systems.
Your Data Protection Rights. You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us using the contact details provided under the “Questions and Contact Information” heading below.
- In addition, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us using the contact details provided under the “Questions and Contact Information” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Questions and Contact information” heading below or access our preference center.
- Similarly, if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Preference Center. Many of our Affiliates utilize a preference center that allow you to opt out or opt down to receiving messages and communications from us. You can select or unselect your communication preferences at any time through the web form provided by that Affiliate.
Children. The Website is intended solely for use by individuals 18 years of age and older and thus is not directed to children under 18 years of age. Ingram Micro does not knowingly solicit or collect Personal Data from children under 18 years of age.
Do Not Track. Certain web browsers and other devices you may use to access the Website may permit you to indicate your preference that you do not wish to be “tracked” online. At this time, the Website does not respond to “Do Not Track” signals. We do not modify your experience on the Website or modify the Personal Data we collect from you through the Website, based on whether such a preference is indicated.
Your California Privacy Rights. The California Consumer Privacy Act grants California residents certain rights in regards to our collection of their personal information. These rights include:
- The right to be informed of (1) what personal information is collected, (2) the categories of sources from which personal information is collected, (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom we share personal information; and (5) the specific pieces of personal information we have collected about the consumer;
- The right to request deletion of their personal information that has been collected; and
- The right to opt out of the sale of their personal information.
California law also provides that California residents have a right to request that businesses tell them how their personal information has been shared with third parties for their direct marketing purposes. There is an exception to this requirement for businesses that have adopted and disclosed, in their privacy policy, a policy of not disclosing a person’s personal information to third parties for direct marketing purposes if that person has exercised an option to opt-out of the disclosure of their Personal Data to third parties for such purposes. We have adopted a policy of allowing you to opt-out of the disclosure of your personal information to third parties for direct marketing purposes and thus fall within this exception.
To opt-out of the sharing of your personal information to third parties for direct marketing purposes or otherwise exercise your rights under this section, please contact us using the contact details provided under the “Questions and Contact information” heading below.
Your European Union Privacy Rights. The controller for any Personal Data processed by us is the Ingram Micro Affiliate in the European Economic Area country or Switzerland collecting the Personal Data. If you have any questions about the Personal Data you have submitted to the respective Affiliate, please contact the relevant Affiliate.
Sensitive Information. Unless we specifically request or invite it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through this Website or otherwise to us. In those cases where we may request or invite you to provide sensitive personal data, we will do so with your express consent.
Third-party Websites. In addition to providing access to Offerings, the Website may include links to other websites and web services. This Privacy Statement does not apply to those websites and services and the privacy practices of those websites and services may differ from those described in this Privacy Statement. If you submit Personal Data to any of those other websites or services, your Personal Data is governed by the privacy policies applicable to those websites and services. Ingram Micro encourages you to carefully read the privacy policy of any website or web service you visit.
Compliance. Ingram Micro will use a self-assessment approach to verify compliance with this Privacy Statement and periodically verify that the Privacy Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.
If you believe that your Personal Data has been processed or disclosed in violation of this Privacy Statement, Ingram Micro encourages you to raise any concerns using the contact information provided in this Privacy Statement using the contact details provided under the “Questions and Contact information” heading below. Ingram Micro will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data.
Revisions. Ingram Micro may from time to time revise this Privacy Statement in its sole and absolute discretion to reflect changes in our business practices. If we revise this Privacy Statement, we will notify you by posting the updated Privacy Statement on this Website or by sending you a notification by email. Changes to the Privacy Statement will become effective and will apply to the information collected starting on the date Ingram Micro posts the revised Privacy Statement on the Website. If we are required by applicable data protection laws to seek your consent to any changes in use of your Personal Data described in our updated Privacy Statement, then we will do that.