Ingram Micro maintains a global data protection and privacy program focused on properly processing the personal data of its employees, customers, and business partners. There are several core tenants to Ingram Micro’s program, as described below.
- Information Security – Ingram Micro understands it cannot maintain adequate privacy without strong information security. Ingram Micro’s robust information security program focuses on protecting the IT infrastructure and information assets, using principles and best practices established by the International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS) and other industry recognized security standards.
- Information Security Risk Assessment - Ingram Micro has an established process to conduct Risk Assessment following NIST 800-53 guidelines on Company information systems and information assets for determining areas of vulnerability that affect confidentiality, integrity, and availability
- The European Union’s General Data Protection Regulation (“GDPR”) Compliance – Ingram Micro has a data protection and privacy program that meets the requirements of the GDPR. This includes training, documentation, global policies, business processes for responding to data subject requests, appropriate legal terms and conditions for the processing of personal data, and technical solutions incorporating the GDPR requirements.
- Compliance with other Data Protection and Privacy Laws – Ingram Micro has operations throughout the world, and recognizes that many countries and states are adopting laws similar to the GDPR. This includes, but is not limited to, California’s Consumer Privacy Act (“CCPA”), Brazil’s General Data Protection Law (“LGDP”), and Thailand’s Personal Data Protection Act (“PDPA”). By extending the work done for GDPR to these other countries and regions, Ingram Micro can comply with any new regulations..
- Performance of Privacy Impact Assessments and a Culture of Privacy by Design – Ingram Micro understands the importance of managing the risk of processing personal data and developed a comprehensive process to identify this risk in new projects and core organizational changes to embed privacy by design into project requirements.
- Marketing Choice and Consent Management – Ingram Micro believes in allowing its customers and partners to choose how they interact and receive marketing messages from Ingram Micro. Ingram Micro utilizes several leading technology platforms to manage marketing efforts and requires opt-in consent from new customers or partners prior to sending them marketing messages. Ingram Micro also respects any opt-out or unsubscribe requests. Ingram Micro deploys a cookie consent management tool across its core websites to enable website users to choose the types of cookies utilized.
- International Data Transfer – Ingram Micro utilizes the European Union’s Standard Contractual Model Clauses to transfer personal data from the European Economic Area to countries outside the European Economic Area, including to the United States. Ingram Micro also employs additional technical measures, such as encryption of data transfers.
- Policies and Training – Ingram Micro has several policies governing the processing of personal data. This includes internal policies and Ingram Micro’s externally facing Privacy Statement available in multiple languages at Privacy statement | Ingram Micro. Ingram Micro promotes a strong culture of data privacy and information security through training both online and in person.
- Data Protection Terms and Conditions and Third-Party Management – Ingram Micro incorporates standard data protection terms and conditions into its agreements and executes Data Processing Agreements where necessary. Additionally, Ingram Micro requires security assessments and terms and conditions for any third-party service provider processing personal data on behalf of Ingram Micro.
- Compliance Hotline and Data Subject Requests – To support Ingram Micro’s global employees, Ingram Micro offers a compliance hotline to allow employees to report issues and concerns, including those related to data protection and privacy. Ingram Micro also has a process for supporting queries and data subject requests from outside parties. Data subjects and concerned parties are asked to submit requests or questions through Contact Us
- Audits –Ingram Micro’s audit program regularly reviews the sufficiency of its internal controls for applications and business processes that process personal data.
For additional questions or concerns regarding data protection, privacy, GDPR, CCPA, or the processing of personal data please contact our Global Data Privacy Office via Contact Us.