Coherent Global Privacy Notice
Last Updated: October 8, 2024
II-VI Incorporated has recently acquired Coherent, Inc., and is now Coherent Corp.
Coherent Corp. and its subsidiaries (collectively, “Coherent,” “Coherent Group Entities,” “we,” “us,” “ours”) understand the importance of privacy. This Privacy Notice (“Notice”) describes how Coherent collects, uses, discloses, and otherwise processes the personal data described in this Notice, as well as the rights and choices individuals have regarding such personal data.
1. SCOPE
Except as otherwise noted below, this Notice applies to the personal data that Coherent processes related to:
- Users of our websites where this Notice is posted, including www.coherent.com (each a “Site” and together the “Sites”), the services we provide through the Sites, and any downloadable software, applications, and other products and services provided by us that display or include a link to this Notice (collectively, the “Services”);
- Current, former and prospective customers, vendors and partners;
- Individuals who register for or participate in our webinars and other events;
- Individuals who are subscribed to receive news, information and marketing communications from us;
- Individuals who participate in surveys, contests and research conducted by us; and
- Individuals who communicate with us or otherwise engage with us related to our Services.
This Notice does not apply to the personal data that we collect and process related to our employees, personnel, job applicants, and candidates, or to any information that is exempt under applicable privacy laws.
Additional Notices. Additional or supplemental notices and disclosures (each an “additional notice”) may be provided and will apply to certain personal data collected and processed by us. Generally, we provide additional notices in order to clarify our privacy practices in specific circumstances and provide you with additional information about certain processing activities. To the extent there is a conflict with this Notice, the additional notice will control with respect to the personal data subject to that additional notice.
Additional Information and Rights. For information about the privacy choices you have regarding your personal data, review Section 9. Your Privacy Rights and Choices below, as well as Section 14. Additional Information for Individuals in Certain Jurisdictions, which includes additional information about privacy rights for residents of certain jurisdictions. If you are a California resident, please see Section 14. C. Additional Information for California Residents below for more information pursuant to the California Consumer Privacy Act (“CCPA”).
Your use of our Sites and Services, and any dispute over privacy, is subject to this Notice and our applicable terms of service.
Controller and Responsible Entity. For purposes of this Notice, the controller determining the purposes and the means for the processing of your personal data is Coherent Corp., registered at World Headquarters, 375 Saxonburg Blvd., Saxonburg, Pennsylvania 16056-9499, United States (“Coherent Corp.”), and where personal data is also collected and processed by other Coherent Group Entities, they are also controllers. Please see the list of the subsidiaries by clicking https://coherent.com/legal/list-of-the-subsidiaries/.
2. PERSONAL DATA WE COLLECT
The actual personal data we collect, and how we use it, varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal data.
Information Provided Directly. We collect personal data (including where necessary and subject to applicable law and where required with your explicit consent, special categories of personal data (as defined under applicable privacy laws)) that you provide to us, our affiliates or share on the Sites, including related to:
- Registration: If you create a login account on any of our Sites that offer this option, we collect certain personal data from you, such as your name, business address, email address, phone number, company name, and job title; where the account registration is related to a purchase through our online store, we also collect billing address and shipping address;
- Customer service and support: When you contact us for support or other customer service requests, we maintain support tickets and other records about your requests and related communications. For example, where you use one of our support request forms, we collect details about you, including your name, contact details, state and region, company, request type, request details you provide, your preferred contact, product name and serial number;
- Communications: If you contact us by email, mail, phone, chat or otherwise regarding our products or the Services, we collect and maintain a record of name and contact information, contact details, your communications and our responses, including a transcript of the communication and any information (including attachments) you may provide to us. If you call us, we may also record calls and maintain logs and records of those calls;
- Transactions and billing information: We also collect personal data about you in connection with a purchase or payment you submit to us. This may include collection of your name, shipping and billing address, credit card and other payment information, and other transaction details. If you use our online shop(s), we may also maintain transactional records about your past purchases, as well as items that you view or add to your online shopping cart; and
- Events and other information: We also collect personal data related to your participation in our events as well as other requests that you submit to us related to our Services. For example, if you register for or attend an event that we host or sponsor, we may collect data related to your registration for and participation in such event. When you fill out a ‘Contact Us’ form, sign up for our mailing lists, or otherwise request information from us, we collect and maintain records of your requests. When you complete a survey, we collect personal data about you, including your responses.
Personal Data Collected Automatically. We may collect personal data about how you use our Services and your interactions with us and others, including information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:
- Device and browser information: we use cookies, log files, pixel tags and other technologies to automatically collect information when users access or use our Services, such as IP address, general location information, domain name, browser type, device type, device ID, internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. We may also collect or derive location information about you, such as through your IP address.
- Usage data: we also collect activity information related to your use of our Sites and Services, such as information regarding what pages you accessed and when, date and time of your visit, the links clicked, searches, features used, items viewed, and time spent within the Services. We may also use pixels in HTML emails to understand if individuals read or open the emails we send to you.
For more information, see Section 5. Cookies, Advertising and Tracking below and our separate Cookie Notice at https://www.coherent.com/legal/privacy-statement/coherent-cookie-policy.
Personal Data Collected from Third Parties. We may also collect certain personal data from third parties, such as:
- Third-party platforms: Social networks or other platforms (such as Facebook, Twitter, LinkedIn or other third-party social network sites) that you may connect with or share information about us through, or when you log in to our Services using your login information and your username, personal profiles, and the actual social media networks you used. These third-party platforms and services control the personal data they collect and share about you. For information about how they may use and disclose your personal data, including any data you make public, please consult their respective privacy policies; and
- Prospective customer information: We may receive lead and prospect information from third parties about prospective customers that may be interested in our Services. We may also engage with third parties to enhance or update our customer information.
Anonymous and Aggregate Data. We use anonymous and aggregate data (i.e., data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) related to our business and the Services.
3. PURPOSES AND LEGAL BASES FOR COLLECTING AND PROCESSING PERSONAL DATA
In this section, we explain the purposes for which we process your personal data, as well as the legal bases for doing so as required under certain applicable laws.
A. Legal Bases for Processing.
Certain data protection laws, including the General Data Protection Regulation (“GDPR”), UK data protection laws and Brazil data protection laws, require that we inform you of the legal bases for our processing of your personal data. Pursuant to such data protection laws (where applicable), we process personal data generally for the following legal bases:
- Performance of contract: The processing is necessary to perform a contract with you or take steps to enter into a contract at your request;
- Compliance with law: The processing is necessary for us to comply with a relevant legal obligation (for example, laws which require us to collect tax information from customers, carry out checks on customers, or which compel us to disclose information to public authorities or regulators);
- Our legitimate interests: The processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities, such as developing and maintaining relationships with our customers (the majority of the processing covered by this Notice is legitimate interest based). Where we rely on our legitimate interests as a lawful basis for processing, we take steps to ensure that our legitimate interests are not outweighed by any prejudice to data subject rights and freedoms. This is achieved in a number of ways, including the application of principles of data minimization and security, and by taking steps to ensure that personal data is collected where it is relevant to the lawful business activities, and where using personal data is reasonably necessary for those activities;
- Defend our rights: Where the processing is necessary to the establishment, exercise or defense of legal claims; and
- With your consent: Where you have consented to the processing (for example, where we are required by local law to rely upon your prior consent for the purposes of direct marketing).
In Section 3. B. Purposes of Collection and Processing below, we describe the purposes for which we process personal data (including the relevant legal basis under certain data protection laws (where applicable)).
B. Purposes of Collection and Processing.
The purposes for which we collect, use, disclose and otherwise process personal data vary depending upon the circumstances. Generally, we process personal data for the business and commercial purposes described below:
- Services and support: To operate the Sites and Services, including to communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries and requests, fulfill your orders and requests, process your payments, for customer support purposes, and to carry out our obligations arising from our contracts with you (Legal basis: performance of contract; our legitimate interests);
- Communications: To seek your views or comments on the products or Services we provide and send you communications by post or e-mail, which you have requested or that may be of interest to you, including newsletters, or promotions of our products or Services or events, and to notify you of changes to our products and Services (Legal basis: our legitimate interests; your consent);
- Research and analytics: To measure the adequate performance of our interactions with you, improve our Services, for our internal purposes, and for other research and analytical purposes (Legal basis: our legitimate interests; your consent);
- Customization and personalization: To tailor content we may send or display on our Sites, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences (Legal basis: our legitimate interests; your consent);
- Marketing and advertising: To promote our products and services on third-party websites, as well as for direct marketing purposes, including to send you newsletters, alerts and information we think may interest you (Legal basis: your consent);
- Planning and managing events: For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services (Legal basis: performance of contract; our legitimate interests);
- Legal proceedings and obligations: To obtain or maintain insurance coverage, manage risks or obtain professional advice and defend our rights and establish, exercise and defend our legal claims (Legal basis: meeting our legal or statutory obligations; for the establishment, exercise or defense of a legal claim);
- Account administration: Facilitate your use of your web account on the Site (Legal basis: performance of contract; our legitimate interests);
- Security and protection of rights: To provide, create and maintain a trusted and safe environment and comply with our legal obligations. For example, to protect our Sites, Services and our business operations; to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Notice and our applicable agreements and terms of use (Legal basis: meeting our legal or statutory obligations; for the establishment, exercise or defense of a legal claim); and
- General business and operational support: To consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions (Legal basis: meeting our legal or statutory obligations; for the establishment, exercise or defense of a legal claim; our legitimate interest).
Anonymous and Aggregate Data. We use anonymous and aggregate data related to our business and the Services, for research, analytics, development and other purposes.
4. DISCLOSURE OF PERSONAL DATA
In general, we may disclose and make available personal ‘data to third parties as described in this section:
- Coherent Group Entities: Coherent and the Coherent Group Entities are a global group of companies. As such, we may disclose personal data to the Coherent Group Entities as part of our business operations and administration of our Sites and Services;
- Processors and service providers: We may disclose personal data to third-party processors (including contractors and service providers) who perform services on our behalf. For example, we use third-party processors to provide us with technical support, payment processing, and to perform analytics and other work that we may need to outsource. These processors are bound by law and/or contract to protect the confidentiality of and to implement adequate security measures to protect your personal data. They only process your personal data to provide us with requested services and only act on our documented instructions;
- Vendors and business partners: We may also disclose your personal data to other companies, vendors and business partners that perform certain functions for us. These companies are themselves responsible for determining the purposes and/or means of the processing and for the lawfulness of the processing. They include insurance companies, online gateway payment providers, including credit card companies, and banks;
- Third-party platforms and services: We may disclose or make available personal data to third-party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests;
- Marketing, advertising and analytics providers: We may disclose certain information that includes personal data to third-party ad network providers, sponsors and/or traffic measurement services, who may use this data to improve and measure the effectiveness of our ads and those of third parties. For more information, see Section 5. Cookies, Advertising and Tracking below. We may also engage third party analytics companies to collect information about Site usage in order to help us to understand how users access and use the Services, to improve our Services and other products and offerings, and for other research and analytical purposes;
- In support of our legal and compliance obligations: We may disclose your personal data to others where such disclosure is necessary for compliance with a legal obligation to which we are subject insofar as reasonably necessary for these purposes and as permitted by law, whether in court proceedings or in an administrative or out-of-court procedure;
- In connection with a business transaction: We may disclose your personal data in connection with a business transaction (such as a merger, acquisition, restructuring, or transfer of assets), to buyers, their lawyers or professional advisors, where needed to affect the sale or transfer of business assets (such as a merger or acquisition) including related to due diligence conducted prior to such event, where permitted by law; and
- Security and protection of rights: We may disclose personal data where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our terms of use and other agreements, to respond to claims asserted against us, or as evidence in litigation in which we are involved. We may also share personal data where necessary in order to protect your vital interests or the vital interests of another natural person, or where we believe necessary to protect the Services, our business operations and our rights, such as to prevent and detect fraud, unauthorized activities and access, and other misuse.
Aggregate and Anonymous data. We may also disclose aggregate and anonymous data related to our business and the Services, subject to applicable laws.
5. COOKIES, ADVERTISING AND TRACKING
We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, and use of the Sites and Services. We may combine this “usage data” with other personal data we collect about you.
- Cookies: These are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites, while others are used to enable a faster login process or to allow us to track your activities while using our Sites. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Some of the Services may not work properly if you disable cookies.
- Pixels (sometimes referred to as tags, pixel tags or clear GIFs) and other technologies: These are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixels are embedded invisibly on web pages. We may use pixels (also referred to as web beacons, web bugs or pixel tags) in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Advertising and Targeting. We work with third parties, such as ad networks, channel partners, mobile ad networks, analytics and measurement services and others (“third-party ad companies”) to personalize content and display advertising on our Sites and Services, as well as to manage our advertising on third-party sites, mobile apps and online services. We and these third-party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Sites (as well as on third-party sites and services), as well as IP address, location information, device ID, cookie and advertising IDs, and other identifiers. We and these third-party ad companies use this information to provide you more relevant ads and content on our Sites and on third-party sites and apps, and to evaluate the success of such ads and content.
Managing Your Preferences. You can review and manage your cookie preferences for our Sites and opt out of certain cookies, including targeting cookies and tags on our Sites, either by editing your browser options as explained below or by reviewing and changing your preferences for most cookies on our Sites (including to opt out of all but ‘required’ cookies) by adjusting your preferences through our Cookie Preferences Tool. This can be done by clicking the “Cookie Preferences” link (or if you are in California the “Do Not Sell or Share My Personal Information” link) in the footer of each of our Sites. Cookie preferences are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Sites; in addition, if you delete or block cookies, you may need to reapply these preferences. Further, opting out of cookies and advertising as discussed below does not mean that you will no longer receive advertising content from us. You may continue to receive generic or “contextual” ads from us, they may just be less relevant to you. For more information and options for managing your preferences, see also our Cookie Notice. If you are a California resident, please review Section 14. C. Additional Information for California Residents for additional information about your CCPA opt-out rights.
Third-Party Analytics. We may use third-party analytics tools (such as Google Analytics) to evaluate use of our Services. We use these tools to help us understand use of, and to improve, our Services, performance, ad campaigns, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Do Not Track (DNT). Our Sites currently do not respond to Do Not Track signals. You may, however, disable certain tracking mechanisms in the cookie preference settings of your web browser and opt out of certain third-party ad cookies on our Sites.
6. INTERNATIONAL TRANSFERS OF INFORMATION
Coherent Group Entities. Coherent and our service providers may transfer your personal data to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements and/or other legally acceptable mechanisms according to applicable local laws.
Individuals in the European Economic Area (EEA) and United Kingdom (UK). If you are in the EEA, UK, or Switzerland and we process your personal data in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal data, such as by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en). To obtain additional details of the mechanism under which your personal data is transferred outside of the EEA, UK, or Switzerland, you may request such details by contacting the Coherent Data Privacy Coordinator at the contact details listed in Section 13. Contact Details below.
7. THIRD-PARTY LINKS AND SERVICES
Our Sites may provide links to third-party websites, such as social networking sites. Coherent has no control over such third-party websites and is not responsible for the privacy practices of such parties. Please note that we are not responsible for the availability of such third-party sites, and do not endorse and are not responsible or liable for any content, advertising, products or other materials on or available from such websites. Coherent is not liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, advertising, products, or other materials on or available from such websites. We encourage you to review the privacy policies of these third-party sites.
8. RETENTION OF PERSONAL DATA
We retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it (as described in this Notice), and we may also retain your personal data for an additional period of time where necessary to comply with our legal obligations or to establish, exercise or defend our legal rights (including to respond to actual or potential legal claims). For more information on how long your personal data is stored, please contact the Coherent Data Privacy Coordinator (for contact details, see Section 13. Contact Details below).
9. YOUR PRIVACY RIGHTS AND CHOICES
In this section we describe the choices you have regarding our collection, use and handling of your personal data.
Access, Deletion and Correction. You may submit a request to us to access, correct or delete personal data by contacting our Data Privacy Coordinator as set out in Section 13. Contact Details below. We will process your request in accordance with applicable privacy and data protection laws. We may ask you for additional information so that we can confirm your identity or process your request.
Direct Marketing. You may always opt out of our direct marketing emails by clicking the unsubscribing link contained in our marketing or promotional emails or by contacting us as set out below. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages, as far as allowed by applicable laws. In addition, where required by applicable law (including for individuals who reside within the People’s Republic of China (“PRC” or “China” herein), South Korea and Vietnam), we will only send you direct marketing emails on an opt-in basis.
Cookie and Ad Preferences. As described in Section 5. Cookies, Advertising and Tracking, you can review and adjust your preferences for cookies and targeted advertising on our Sites using our Cookie Preferences Tool, which can be accessed by clicking the “Cookie Preferences” link (or if you are in California the “Do Not Sell or Share My Personal Information” link) in the footer of each of our Sites.
Additional Information for Certain Jurisdictions. In Section 14. Additional Information for Individuals in Certain Jurisdictions, we provide additional information, as required under certain privacy laws, including the rights certain individuals have under the privacy laws of California, the EEA, the UK, South Korea, Vietnam and the PRC.
10. SECURITY
We have implemented physical, technical and organizational measures intended to protect the personal data that we process. However, no environment or security procedures or protocols are ever guaranteed to be 100% secure or error-free.
11. PRIVACY OF CHILDREN
Our Sites are not designed for, or directed at, children under the age of 16 and we do not knowingly collect personal data from individuals in this age group. If you believe we have inadvertently collected personal data about a child, please contact us and we will take steps to delete this data.
12. CHANGES AND UPDATES TO THIS PRIVACY NOTICE
This Notice is current as of the Last Updated date set forth above. We may change this Notice from time to time, so please be sure to check back periodically. We will post any changes to this Notice on our Sites. If we make any changes to this Notice that materially affect our practices with regard to the personal data we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Sites or notifying you electronically. Where required by law, we will obtain your consent to such changes.
13. CONTACT DETAILS
If you have questions about this Notice or wish to exercise any of your rights, please contact our data privacy office at [email protected].
14. ADDITIONAL INFORMATION FOR INDIVIDUALS IN CERTAIN JURISDICTIONS
A. Additional Information for EEA/UK Users.
Below we provide additional information to users within the EEA and UK.
Subject to applicable law, you may also have some or all of the following rights available to you as to your personal data:
- Access: You have the right to obtain from us confirmation of whether we process your personal data, relevant information about such processing as provided under applicable law, and a copy of the personal data undergoing processing;
- Rectification: You have the right to request us to correct inaccurate personal data and to have incomplete personal data completed;
- Objection: You have the right to object to the processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. In addition, you have the right to object at any time where your personal data is processed for direct marketing purposes;
- Portability: You may request your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit it to other data controllers without hindrance;
- Restriction: You may request to restrict processing of your personal data;
- Erasure: You may request to have your personal data erased in certain limited circumstances;
- Right to lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in the jurisdictions of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred; and
- Right to withdraw consent: Please note that where our processing is based on your consent, you are free to refuse to give the consent and you can withdraw your consent at any time. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
To exercise such rights, please contact us as set forth above in Section 13. Contact Details. Please note that we may request proof of identity, and we reserve the right to charge a fee, where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes required by law. Data subjects in Germany may contact the DPO for the Coherent Germany entities:
Peter Suhren, First Privacy GmBH
Email: [email protected]
Phone: +49 421 69 66 32-822
B. Additional Information for PRC Users
Below we provide additional information to users within the PRC about how we handle their personal data.
Your Rights. In addition to your rights mentioned above in this Notice, you may also have, subject to and to the extent permitted by applicable law, the right to (1) withdraw your consent to processing of your personal data; (2) restrict or object to processing of your personal data in certain circumstances; (3) de-register the account(s) (if any) you have with our Sites; (4) request elaboration on an automatically made decision that significantly impacts your rights or interests, and refuse to be subject to such decision to the extent that it is solely based on automated decision-making; (5) request a copy of your personal data and/or information about how your personal data has been processed; and (6) lodge a complaint with us and/or a supervisory authority if you consider that the processing of your personal data infringes applicable data protection laws and regulations.
Sensitive Personal Data. “Sensitive Personal Data” refers to the personal data that, once leaked or illegally used, will easily lead to infringement of human dignity or harm to the personal or property safety of a natural person, including (but not limited to): (i) biometric identification, (ii) religious belief, (iii) specific social status, (iv) medical health information, (v) financial accounts, (vi) tracking/location information, and (vii) the personal data of minors under the age of fourteen (14). We will process your Sensitive Personal Data with your separate consent.
International Transfers. With your separate consent, we may transfer your personal data to Coherent Group Entities or third parties outside of PRC. We will ensure that the recipients provide an adequate level of data protection that is at least comparable to that required under applicable PRC laws to protect the integrity and security of your personal data. You can find a full list of Coherent Group Entities at https://coherent.com/legal/list-of-the-subsidiaries/.
C. Additional Information for California Residents.
In this section, we provide additional information to California residents about the categories of personal information we collect about you and your privacy rights under applicable California privacy laws, as required under California privacy laws including the California Consumer Privacy Act (“CCPA”). This section does not address or apply to our collection and processing of data that is exempt from CCPA (including publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA), or information about our employees, personnel, applicants and candidates.
Categories of Personal Information under the CCPA. While our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected and disclosed personal information about California residents in the prior 12 months (from the Last Update date above).
The table below identifies, generally, the categories of personal information (as defined by the CCPA) that we may collect about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.
Personal information collected |
Categories of third parties to whom we may disclose this information for a business or commercial purpose |
|
Categories |
Description |
|
Identifiers |
Includes direct identifiers, such as name, alias user ID, username, account number, email address, phone number, address and other contact information; IP address and other online identifiers; SSN, driver’s license number, passport number, tax ID and other government identifiers; and other similar identifiers. |
|
Customer records |
Includes personal information, such as name, account name, user ID, contact information, employment information, account number, and financial or payment information, that individuals provide us in order to purchase or obtain our products and services. For example, this may include account registration information, or information collected when an individual purchases or orders our products and services, or enters into an agreement with us related to our products and services. |
|
Commercial information |
Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. |
|
Usage data |
Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our Sites and Services, and our marketing emails and online ads. |
|
Audio, video and electronic data |
Includes audio, electronic, visual, thermal, olfactory, or similar information such as thermal screenings and CCTV footage (e.g., collected from visitors to our offices/premises), photographs and images (e.g., that you provide us) and call recordings (e.g., of customer support calls). |
|
Professional information |
Includes professional and employment-related information such as business contact information and professional memberships. |
|
Protected classifications |
Includes characteristics of protected classifications under applicable laws, such as disability information and medical conditions provided by you when you register for events and other activities. |
|
Education information |
Information about an individual’s educational history such as the schools attended, degrees you were awarded, and associated dates. |
|
Inferences |
Includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads. |
|
Sensitive personal information |
In limited circumstances, we collect and process driver’s license, state identification card and/or passport number.
|
|
Sources of Personal Information. In general, we may collect the categories of personal information identified in the table above from the following categories of sources:
- Directly from the individual
- Collected automatically
- Data analytics providers
- Social networks
- Internet service providers
- Operating systems and platforms
- Government entities
- Third-party and publicly available data sources
- Business customers
Purposes for Collecting and Disclosing. As described in more detail in Section 3. B. Purposes of Collection and Processing, in general, we collect and otherwise process the personal information set forth in the table above for the following business or commercial purposes:
- Services and support
- Communications
- Research and analytics
- Customization and personalization
- Marketing and advertising
- Planning and managing events
- Legal proceedings and obligations
- Account administration
- Security and protection of rights
- General business and operational support
Retention. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain your account data for as long as you have an active account with us, transactional data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, administer applicable returns and warranty programs, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, comply with legal obligations and as may otherwise be required by law.
Sales and Sharing of Personal Information. Under the CCPA, a ‘sale’ is defined broadly to include disclosing or making available personal information to a third party in exchange for monetary compensation or other benefits or value, and ‘share’ broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. As such, while we do not disclose personal information to third parties in exchange for monetary compensation, we may, pursuant to the CCPA, sell or share identifiers, usage data and inferences to/with advertising networks and third-party ad companies, data analytics providers and social networks in order to analyze use of the Services, optimize and develop our products and services, improve and measure our ad campaigns, and reach users with more relevant ads and content. However, we do not knowingly sell or share personal information about California residents who are younger than 16.
California Residents’ Rights. In general, California residents have the following rights with respect to their personal information:
- Do not sell or share (opt-out): To opt out of our sale and sharing of their personal information by us, by using our Cookie Preference Tool.
- Right to limit use of sensitive personal information: The right to limit the use or disclosure of sensitive personal information to those uses authorized by the CCPA.
- Right of deletion: To request deletion of their personal information that we have collected about them and to have such personal information deleted (without charge), subject to certain exceptions.
· Correct: To request correction of inaccurate personal information that we maintain about them.
- Right to know: With respect to the personal information we have collected about them in the prior 12 months, to require that we disclose the following to them (up to twice per year and subject to certain exemptions):
- categories of personal information collected;
- categories of sources of personal information;
- categories of personal information about them we have disclosed for a business purpose or sold;
- categories of third parties to whom we have sold or disclosed for a business purpose their personal information;
- the business or commercial purposes for collecting or selling their personal information; and
- a copy of the specific pieces of personal information we have collected about them.
- Right to non-discrimination: The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
Submitting Requests to Know, Correct and Delete. California residents may submit requests to know, correct and delete their personal information through:
- Our online webform
- Via email to: [email protected]
When you submit a request to know, correct, or delete, we will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log in to your account, if you have one. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law. Authorized agents may initiate a request on behalf of another individual by contacting us at [email protected]; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verifies their identity and the authority of the authorized agent.
Requests to Opt Out of Sales and Sharing. California residents may submit a request to opt out of sales or sharing by us, by:
- Using our Cookie Preference Tool: The cookie Preference Tool can be accessed by clicking the “Do Not Sell or Share My Personal Information” or “Cookie Settings” link in the footer of each of our Sites.
- Turning on the Global Privacy Control—or “GPC”—signal through your browser: If our Sites detect that your browser is transmitting a GPC signal, we will process that as a request to opt you out of sales and sharing for that browser and device. Please note that if you come back to a Site from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well.
D. Additional Information for Users in South Korea
In this section we provide additional information for individuals located in South Korea about how we handle your personal data.
How We Disclose Your Personal Data. As described in more detail in Section 4. Disclosure of Personal Data above, we disclose your data, for the purposes listed in Section 3.B Purposes of Collection and Processing as follows. If you do not wish to have your personal data transferred overseas, please contact the Data Privacy Office ([email protected]). In such case, however, you may not be able to use our services or enter into or maintain an agreement with us.
Third Party Provision:
Recipient Name (Contact Information) |
Recipient’s Purpose of Using the Personal Data |
Types of Personal Data to be Provided |
Period of Retention and Use by Recipient |
Coherent Group Entities (for a full list of Coherent Group Entities see https://coherent.com/legal/list-of-the-subsidiaries/) |
As listed under Section 3.B above |
As listed under Section 2. above |
As reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection |
We do not process your personal data beyond the original scope or provide personal data to a third party without your prior consent, unless otherwise permitted under the Personal Information Protection Act (“PIPA”).
Third Party Delegation:
Delegatee |
Country is Located |
Timing and Method of Transfer |
Purpose of the Delegated Tasks |
Items of Personal Data |
Period of Retention and Use by Delegatee |
Coherent Corp. |
USA |
Transferred through telecommunication network from time to time as needed |
As listed under Section 3.B above |
As listed under Section 2. above |
As reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection |
Coherent Group Entities (for a full list of Coherent Group Entities see https://coherent.com/legal/list-of-the-subsidiaries/.) |
See listed at https://coherent.com/legal/list-of-the-subsidiaries/.) |
Transferred through telecommunication network from time to time as needed |
As listed under Section 3.B above |
As listed under Section 2. above |
|
Salesforce |
USA |
Transferred through telecommunication network from time to time as needed |
As listed under Section 3.B above |
As listed under Section 2. above |
As reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection |
Korea Industrial Safety Association |
USA |
Transferred through telecommunication network from time to time as needed |
As listed under Section 3.B above |
As listed under Section 2. above |
As reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection |
To the extent required under applicable law, including the PIPA, we will seek your prior consent again for any disclosures or processing activities of your personal data that go beyond the purposes and recipients disclosed in this Notice.
Retention. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain your account data for as long as you have an active account with us, transactional data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, administer applicable returns and warranty programs, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, comply with legal obligations and as may otherwise required by law
How to Exercise Your Privacy Rights. You can exercise your rights under the Personal Information Protection Act (“PIPA"), including your right to access, correction, deletion, or request that we restrict certain processing of your data by submitting a request yourself, through a legal representative or a delegate. If you use a representative or delegate, you must submit a power of attorney in accordance with Annex Form No. 11 of the Notification on Processing of Personal Information (Notification No. 2020-7).
Destruction of Personal Data. Once the purpose(s) of collecting and using personal data are fulfilled, Coherent will delete your personal data without undue delay, unless we are required to retain the personal data to comply with other laws and regulations. In such case, we will only retain such personal data and files for such limited purpose and store and manage it separately from other personal data we process. When deleting your personal information, we will take reasonable and technically feasible measures to ensure that the personal information is irrecoverable. For example, electronic files which contain personal information will be deleted permanently using a technical method which makes the files irrecoverable and any other records, print-outs, documents or any other recording media will be shredded or incinerated.
Security. Coherent has taken the following organizational, technical and physical measures designed to protect your personal data:
- Organizational measures: Establishment and implementation of internal management plan, periodic education for employees handling personal data of South Korean individuals;
- Technical measures: including management of access rights such as personal data processing systems, installation of access control systems, encryption of passwords, and installation of reasonable security programs.
- Physical measures: Control of access to personal data storage areas such as computer rooms and data storage rooms.
Contact Information. Users in South Korea may contact our Data Privacy Office, which handles personal data protection inquiries and related grievances, via email at [email protected]. We will use our best endeavors to respond to complaints from users in a timely manner.
E. Additional Information for Users in Vietnam
Below we provide additional information to individuals within Vietnam about how we handle their personal data. This section is intended to supplement the Notice to satisfy our applicable notice requirements under Decree No. 13/2023/ND-CP (“Decree 13”). We may provide you additional notices about our data collection practices that are covered by other laws.
Personal Data We Collect
The actual personal data we collect, and how we use it, varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal data. Among the personal data we collect, certain personal data may be considered sensitive personal data, including related to:
- Transactions and billing information: We also collect personal data about you in connection with a purchase or payment you submit to us. This may include collection of your name, shipping and billing address, credit card and other payment information, and other transaction details. If you use our online shop(s), we may also maintain transactional records about your past purchases, as well as items that you view or add to your online shopping cart.
Processing Methods
Your personal data may be processed by us or by our processor, manually or using automated algorithm.
Potential Unwanted Consequences
In compliance with applicable laws and regulations, Coherent strives to maintain legal, organizational, physical, technical and procedural safeguards that are appropriate in relation to the sensitivity of the personal data in question. These safeguards are designed to keep your personal data confidential and to protect your personal data from unauthorized and unlawful processing, accidental loss, destruction or damage, as well as unauthorized access, copying, use, modification or disclosure. Unfortunately, no safeguards can be fully secured, and incidents may happen. Coherent cannot accept responsibility for any unauthorized access or loss of personal data that is beyond our control.
Processing Duration
We may start processing your personal data upon our receipt of your personal information, pursuant to the legal bases for processing of the personal data, until the expiry of the personal data retention period above.
F. Additional Information for Users in Singapore
Contact Information. Users in Singapore may contact our Data Privacy Officer, which handles personal data protection inquiries and related grievances, via email at [email protected]. We will use our best endeavors to respond to complaints from users in a timely manner.