Privacy

It is the policy of Ricoh Production Print Solutions LLC ("RPPS") to comply with all applicable privacy and data protection laws. This policy reflects the importance we place on earning and keeping the trust of our employees, customers, and others who share their personal information with us.

Scope

This policy applies to all employees of and covers all personal information processed by RPPS, whether it relates to internal or external data subjects, and no matter where it is processed.

Effective date

This policy is effective as of June 1, 2007.

Definitions

"Data subject" generally means a natural person who can be individually identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. Note, however, that in certain countries, for example Switzerland and Italy, the term "data subject" may also refer to legal entities.

"Personal information" means any information recorded in any form or format relating to an identified or identifiable data subject.

"Processing" of personal information means doing anything with personal information, whether or not by automatic means, such as collecting, recording, organizing, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, disseminating, accessing or providing access to, combining, erasing, or destroying personal information.

"Affiliate" means any entity that is controlled, directly or indirectly, by RPPS.

Responsibilities of RPPS employees

All RPPS businesses and functions must review their data practices in light of this policy and establish and maintain procedures to implement this policy.

All employees of RPPS must comply with all applicable privacy and data protection laws and all related RPPS policies and procedures.

Privacy principles

Although privacy and data protection laws vary from country to country, most are based on the following privacy principles. Accordingly, to assure compliance with all applicable data protection laws and achieve consistency across the organization, RPPS will adhere to the following privacy principles at a minimum to the extent required by applicable law:

• Notice and Consent – We will collect and process information fairly and lawfully, and where appropriate, with the knowledge or consent of the data subject. The type of notice or consent required will depend on the context and the circumstances, the sensitivity of the personal information, the data subject's reasonable expectations, and legal requirements.
• Specific Purpose – We will collect and process personal information only for specified, limited and legitimate purposes.
• Limitations on Use – We will not process personal information in a manner inconsistent with the purposes for which it was originally collected without first obtaining the data subject's consent. The type of consent required will depend on the context and the circumstances, the sensitivity of the personal information, the data subject's reasonable expectations, and legal requirements.
• Data Proportionality – The personal information we collect will be relevant, adequate and not excessive for the purposes for which it is collected or to which the data subject subsequently consents.
• Direct Marketing – We will not use personal information for direct marketing purposes without the data subject's consent. The data subject's consent may be Express or implied, "opt-out" or "opt-in," depending on the circumstances and legal requirements.
• Automated Decisions – We will not make decisions based solely on automated processing of personal information except as permitted by applicable law.
• Transfers to Third Parties
  • We will disclose personal information to third parties (including our affiliates) only for purposes consistent with those for which the personal information was originally collected or to which the data subject has subsequently consented. We will take appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party.
  • Before we transfer personal information to a third party to use for its own marketing purposes, we will obtain the data subject's consent. The data subject's consent may be Express or implied, "opt-out" or "opt-in," depending on the circumstances and legal requirements.
  • There may be exceptions to these general rules, depending on applicable law, if, for example, the disclosure is required by court order, to comply with a law, to prevent a crime, to enforce a legal right.
• Transfers to Other Countries – We will take appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is transferred from one country to another, including transfers among affiliates. If required by law, we will first obtain the data subject's consent to the transfer. In such cases, the type of consent required will depend on the context and the circumstances, the sensitivity of the personal information, the data subject's reasonable expectations, and legal requirements.

• Quality – We will take appropriate steps to ensure that personal information is accurate and reliable for its intended use and, where necessary for its intended use, kept up-to-date.
• Access – We will maintain procedures to give data subjects appropriate access to their personal information and, when appropriate, an effective means to have their personal information corrected or deleted.
• Security – We will implement reasonable administrative, physical and technological security measures to protect personal information from unauthorized access, unauthorized use, and unauthorized or accidental destruction, modification or disclosure. We will provide a level of security appropriate to the risks and the sensitivity of the personal information.
• Retention – We will not keep personal information in a form that permits identification of data subjects for longer than is necessary for the purposes for which it was collected or to which the data subject has consented, except for legitimate purposes permitted by law, such as regulatory compliance.

• Accountability – We will designate data subjects within RPPS to be accountable for compliance with privacy and data protection laws and our policies and procedures.
• Enforcement – We will provide internal controls for verifying compliance with privacy and data protection laws and our policies and procedures.
• Complaint Process – We will provide a fair process for investigating and resolving complaints and objections regarding our data practices and will take appropriate steps to communicate our process to the data subjects who entrust their personal information to us.