• Our Company
  • About Us
  • Philosophy
  • Key Facts
  • History
  • Leadership
• Core Services
  • Supply Chain Solutions
  • Transportation
  • Customs & Compliance
  • Distribution
  • Order Management
  • Risk Management
• Customer Solutions
  • Industries
  • Project Cargo
  • Network Solutions
  • Tradeflow
  • Tradewin
• Technology
  • Our Systems
  • Online Tools
• Sustainability
  • Our Program
  • Environmental Stewardship
  • Health & Safety
  • Social Responsibility

European Union and Swiss Employee Data Privacy Policy

I. Purpose and Scope of Expeditors' EU and Swiss Employee Data Privacy Policy

A. Purpose

To set forth the policy of Expeditors International of Washington, Inc. ("Expeditors" or "Company") in regard to its compliance with the Safe Harbor Principles of the U.S. Department of Commerce ("DOC") for the protection of employee data transferred from Expeditors' subsidiaries and locations in the European Union ("EU") and Switzerland to the United States ("U.S.") as required by the EU Directive on Data Protection and the Federal Data Protection and Information Commissioner of Switzerland (the "Directives").

Expeditors is the U.S.-based public parent of companies in many locations around the world, including the EU and Switzerland. The EU's and Switzerland's comprehensive privacy legislation, the Directives, require that transfers of personal data take place only (1) where a relevant basis exists upon which a transfer may be made or (2) to non-EU or non-Swiss countries, which provide an "adequate" level of privacy protection for such data. The U.S. has not been recognized by the EU or Switzerland as a country that provides adequate protection for personal data. Nonetheless, the DOC, in consultation with the EU and Switzerland, has developed a "safe harbor" framework to assist U.S. companies in complying with the Directives. The safe harbor framework consists of seven "Safe Harbor Principles" with which Expeditors must comply if it wishes to self-certify under the DOC's safe harbor. (Extensive materials regarding the Safe Harbor Principles can be found online at www.export.gov/safeharbor.) Expeditors complies with the U.S. - EU Safe Harbor Framework and the U.S. - Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European union member countries and Switzerland. Expeditors has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security data integrity, access, and enforcement. This Policy sets forth Expeditors' procedures for complying with the Safe Harbor Principles in regard to employee data transferred from EU subsidiaries (and locations) and Switzerland. Expeditors adheres to and complies with those Safe Harbor Principles.

B. To Whom Does the Policy Apply?

This Employee Data Privacy Policy (the "Policy") applies to Expeditors in its processing of employee data received from Expeditors' subsidiaries and locations in the EU and Switzerland.

This Policy, including the procedures discussed below, shall be communicated to all employees of Expeditors' EU subsidiaries and locations, Expeditors' Switzerland location, and to all Expeditors employees in the U.S. who process or otherwise have access to the "Employee Data" discussed below.

Compliance with this Policy is mandatory and any employee failing to comply will be subject to disciplinary action, up to and including termination of employment.

II. Definitions

A. "Employee Data" means personal data regarding a current, prospective or former employee of an EU or Switzerland subsidiary (or an EU or Switzerland resident) which may, e.g., include one or more of the following: name, home address, job title and other job information, location, compensation information, identification number (including, in some cases, national insurance number), employment history, and copy of employment agreement.

B. "Sensitive Employee Data" means Employee Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or that concerns health or sex life.

III. Responsibility for Managing Expeditors' EU and Swiss Employee Data Privacy Policy

Expeditors' EU and Swiss Employee Data Privacy Policy will be managed by the Document Retention Policy Team, which consists of Expeditors' Chief Operating Officer, Chief Financial Officer, Chief Information Officer, Corporate Controller, Executive Vice President of Global Customs, as well as its General Counsel.

IV. Notice

From time to time, Expeditors receives Employee Data for (a) general employment purposes (specifically, providing compensation benefits and related services, keeping updated organizational information, making employment-related decisions, and employee training) and (b) processing and investigating reports under Expeditors' Code or other corporate policies as applicable. Additionally, in the case of reports under Expeditors' Code or other corporate policies, Expeditors may receive information about an employee's actions or inactions relative to a legal requirement or other legal or ethical issue.

To the extent that third parties may receive Employee Data in the ordinary course of business, such data is transferred only to third parties acting as agents of Expeditors for the purposes described above (i.e., general employment purposes or processing of reports under Expeditors' Code or other applicable corporate policies). In no case does Expeditors transfer Employee Data for any purpose not compatible with these purposes without first notifying the data subject. Further, except in limited and permissible circumstances, Expeditors does not transfer to third parties "Sensitive Employee Data". Examples of circumstances in which the transfer of Sensitive Employee Data is permissible include where the transfer is (a) in the vital interests of the data subject or another person; (b) necessary for the establishment of legal claims or defenses or responses to government inquiry; (c) required to provide medical care or diagnosis; (d) necessary to carry out Expeditors' obligations in the field of employment law; or (e) expressly permitted by an employee for a specific purpose.

Any employee of an EU or Switzerland subsidiary of Expeditors may utilize Expeditors' Open Door Policy as set forth in Section 1.10 of Expeditors' Code with inquires or complaints regarding Expeditors' processing of Employee Data or Sensitive Employee Data. To "opt out" of the transfer of Employee Data as described in the immediately following section, an employee must notify his or her District or Branch Manager or other designated office personnel management administrator.

V. Choice (Opt Out)

Any employee whose Employee Data is to be transferred to third parties as described in this Policy may choose not to have his or her data transferred. The employee must communicate his or her desire to "opt out" by the means described in the section immediately above. An employee exercising his or her right to "opt out" of the transfer of his or her Employee Data should be aware that, by doing so, he or she may lose access to compensation benefits or related services, the employee may be excluded from relevant organizational charts or other employee databases, and/or Expeditors or its agent may be unable to provide training to the employee (which, in turn, may be required training under applicable policy). An employee may not opt out of the transfer of his or her Employee Data which is transferred by Expeditors to a third party for the purpose of (1) meeting applicable legal requirements or (2) permitting the legitimate interests of Expeditors in making promotions, appointments, or other employment decisions.

VI. Onward Transfer

In addition to the limitations of the transfer of Employee Data discussed above, Expeditors transfers Employee Data only to those third parties who (a) have agreed in writing to provide at least the same level of privacy protection to the Employee Data as is required under the Directives or the Safe Harbor Principles and/or (b) adhere to the Safe Harbor Principles. Exceptions to this limitation on onward transfer include where an employee has granted Expeditors express permission to transfer his or her data to the third party or where such transfer is necessary for the purpose of meeting an applicable legal requirement.

VII. Security

Expeditors takes reasonable precautions to protect Employee Data from loss, misuse, or unauthorized access, disclosure, alteration or destruction. Employee Data is maintained in secure electronic and manual files at Expeditors, and access to these files is limited to Expeditors employees for whom access is necessary to properly process the Employee Data consistent with the stated purposes and/or maintenance of storage systems. Employee Data that is transferred to third parties is done so by methods designed to reasonably reduce the risk that the Employee Data is lost, stolen, or inadvertently sent to a person or organization other than the intended recipient. Subject to its DRP, Expeditors retains Employee Data only as long as is necessary for its intended use, after which time the Data is deleted, destroyed, or returned. Expeditors employees who are authorized to access the files for the stated purposes are trained periodically on this Employee Data Privacy Policy, with emphasis on the need to keep Employee Data private and secure and the potential disciplinary consequences for the failure to do so.

VII. Data Integrity

Expeditors personnel will coordinate with personnel from Expeditors' EU and subsidiaries and locations and Switzerland to reasonably ensure that Employee Data is up-to-date, accurate, complete, and reliable for its intended use.

IX. Access

An employee whose Employee Data is processed by Expeditors may request access to that Employee Data for the purpose of correcting, amending, or deleting data that is inaccurate. Expeditors may deny an employee's request to access his or her Employee Data where the burden or expense of providing access would be disproportionate to the risks to the requesting employee's privacy or where the rights of persons other than the requesting employee would be violated.

X. Enforcement

A. Recourse and Remedies

As stated in the "Notice" section, above, employees in the EU and Switzerland whose Employee Data is processed by Expeditors should report any concerns pursuant to Expeditors' Open Door Policy. Expeditors will review and resolve the complaint. If the complaint is not resolved through this internal process, employees may report complaints to the U.S. Federal Trade Commission ("FTC") or the applicable EU and Switzerland Data Protection Authority ("DPA").

B. Verification

To verify its compliance with the Safe Harbor Principles, Expeditors will periodically (at least once a year) conduct a self-assessment to ensure that (a) this EU and Swiss Employee Data Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible, and conforms to the Safe Harbor Principles; (b) employees are informed of the internal arrangements for handling complaints and the independent mechanisms through which they may pursue complaints (see the "Recourse and Remedies" section above); and (c) Expeditors has in place procedures for training the appropriate employees on the implementation of this Policy and disciplining those who fail to comply (see the "Security" section, above).

XI. Other Expeditors Policies Regarding Document Creation and Retention

A. Policies Incorporated By Reference

This Privacy Policy incorporates the following Expeditors policies and guidelines in whole as if fully set forth herein:

Expeditors Code of Business Conduct ("Code")

The Code is available for review on Expeditors' intranet, e.net. For hardcopies of this policy, please send your request to Expeditors' Employee Relations Department at 206-674-3400 or send an e-mail to "employeerelations@expeditors.com."

Your Applicable Expeditors Employee Handbook

The U.S. Employee Handbook is available for review on Expeditors' intranet, e.net. For hardcopies of this policy, please send your request to Expeditors' Employee Relations Department at 206-674-3400 or send an e-mail to "employeerelations@expeditors.com." For country specific employee handbooks, please contact your branch administrator or country administrator.

Expeditors Document Retention Policy ("DRP")

This policy is available for review on Expeditors' intranet, e.net. For hardcopies of this policy, please send your request to Expeditors' Employee Relations Department at 206-674-3400 or send an e-mail to "employeerelations@expeditors.com."

Expeditors Global Data Privacy Policy

This policy is available for review on Expeditors' intranet, e.net. For hardcopies of this policy, please send your request to Expeditors' Employee Relations Department at 206-674-3400 or send an e-mail to "employeerelations@expeditors.com."

Expeditors' Internet and Electronic Communications Policy

This policy is available for review on Expeditors' intranet, e.net. For hardcopies of this policy, please send your request to Expeditors' Employee Relations Department at 206-674-3400 or send an e-mail to "employeerelations@expeditors.com."

Nothing in this Policy may be construed to contradict the Company's at will policies: employment relationships with the Company are terminable at will by either the Company or Employees.

YOUR ACKNOWLEDGMENT OF EXPEDITORS' DOCUMENT RETENTION POLICY CONSTITUTES WRITTEN ACCEPTANCE OF THIS POLICY.

Expeditors reserves the right to revise or amend this EU and Swiss Employee Data Privacy Policy at any time. Any changes will be communicated to all appropriate employees and will take effect immediately upon such communication.