Privacy Policy

SMK Privacy Policy

Effective Date: January 6, 2025

This Privacy Policy describes how we collect, use, process, and disclose personal information (“PI”) in the operation of our business, including on our “Service” which means our online services such as this website and any other service, platform, website, or application that links to this Privacy Policy and any communications between you and us, such as through customer service interactions and emails and other communications we send. As you will note, this Privacy Policy includes details regarding our data practices in both human resources (HR) and non-HR contexts. References to “we,” “us,” “our,” and “SMK” refer to SMK Electronics Corporation, U.S.A. and SMK Manufacturing, Inc.

California Residents. If you are a California resident (referred to as “Consumers”), in accordance with our obligations under California’s privacy law, the California Consumer Privacy Act (“CCPA”), please see Section 1 below, which describes our privacy practices generally, and Section 7, which describes your privacy rights and how to make a request regarding your privacy rights. This Privacy Policy is designed to provide you with notice of our recent, historical data practices over the prior 12 months (from the Effective Date listed at the top of this Privacy Policy). This Privacy Policy also applies to our current data practices, such that it is also meant to provide you with “Notice at Collection,” which is notice of personal information we collect online and offline, and the purposes for which we process personal information. For any new or substantially different processing activities that are not described in this Privacy Policy, we will notify you as required by applicable law, including by either notifying you at the time of collecting personal information, or by updating this Privacy Policy.

Visitors from EEA. If you are a visitor from EEA (European Economic Area), click here to see the SMK Electronics (Europe) Limited Privacy Policy.

Questions regarding our privacy practices. If you have questions about the privacy of your personal information, you can contact us at the information provided in the Contact Us section below.

Amending this Privacy Policy. We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post an updated version on the Service (as defined in the Privacy Policy) and update the Effective Date.

Scope of Policy/Exclusions. Notably, this Privacy Policy does not apply to data that is not treated as PI under the CCPA or to the extent the data is subject to an exemption under applicable law. This Privacy Policy also does not apply to information collected independently by third-party content, websites, applications, platform, code (e.g., plus-ins, application programming interfaces, and software development kits, and certain cookies and other tracking technologies (collectively, “Third-Party Services”).

Table of Contents

• 1.PI COLLECTION, USE, AND DISCLOSURES
• 2.COOKIES AND THIRD-PARTY DIGITAL BUSINESSES, AND YOUR CHOICES
• 3.COMMUNICATIONS – YOUR CHOICES
• 4.DATA SECURITY AND MONITORING
• 5.INTERNATIONAL TRANSFER
• 6.CHILDREN’S PRIVACY
• 7.CALIFORNIA RESIDENTS ONLY - CONSUMER RIGHTS REQUESTS
• 8.CONTACT US

1.PI COLLECTION, USE, AND DISCLOSURES

Generally, we collect, retain, use, and disclose your PI in order to provide you services and as otherwise related to the operation of our business, which include both business purposes and commercial purposes, such as:

• The specifically listed CCPA business purposes (below in italics).
• The purposes explained at the time of collection (such as in the applicable privacy policy or notice).
• Other purposes that are related to or compatible with the context in which we collected your PI, or that are required or permitted by applicable law

Our business purposes also include the disclosure of PI (which may include all of the categories of PI in the tables below) to certain recipients, such as:

• Our vendors that perform services for us (including “Service Providers” and “Processors” defined under applicable laws, which we refer to as “Service Providers” herein) (“Vendors”).
• You or other parties at your direction or through your intentional action or consent.
• The government or private parties to comply with law or legal process.
• Assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”), or to applicable parties in connection with or during negotiations related to a Corporate Transaction.
• In addition, our Vendors and other recipients listed in the below table may, subject to contractual restrictions imposed by us and/or legal obligations, also use and disclose your PI for business purposes. For example, our Vendors and the other categories listed in the table below may themselves engage Service Providers or subcontractors to enable them to perform services for us or process for our business purposes.

CCPA-Listed Business Purposes

• Performing Services
• Providing Certain Advertising or Marketing Services
• Research and Development and Improving Our Products and Services
• Quality Assurance
• Security and Fraud Prevention
• Debugging and Fixing Errors
• Processing Interactions and Transactions on the Service (e.g., Short-Term, Transient Use of PI)
• Managing Interactions and Transactions on the Service (e.g., Auditing Relating to a Current Interaction with the Consumer and Concurrent Transactions)

In addition to the above purposes, in the HR context, we collect, retain, use, and disclose your personal information for HR business purposes and as otherwise related to the operation of our business. Our HR business purposes include the following:

• Recruitment
• Intake/ Onboarding/ Offboarding
• Payroll, Reimbursements, and Timekeeping
• Benefits
• Employee activation initiatives
• Training programs and education
• HR IT Systems and Security
• Employee and Performance Management
• Health & Safety/Occupational Health
• Communicating with you
• Security (including electronic security and security of premises)
• Other purposes disclosed at the time you provide your information or done at your direction

The tables immediately below describe our data collection and disclosure practices in further detail. Table 1 describes this information in non-HR contexts, while Table 2 describes this information in HR contexts, such as if you are an employee, former employee, job applicant, or an emergency contact, beneficiary, or dependent of a SMK employee.

In each table below, we describe the categories of PI we collect (left column), examples of types of data that fit within such categories (middle column), and the categories of recipients that receive such PI as part of disclosures for business purposes, as well as disclosures which may be considered a Sale or Sharing under the CCPA (right column).

SOURCES OF PI

We collect PI directly from you or from your Device, third parties (e.g., background check and vendors, references, job agencies), including public sources of data and Third-Party Services, Vendors, our affiliates and related entities, and other third parties. In addition, if you are an emergency contact, beneficiary, or dependent, we may collect PI about you from your family member or friend who is employed by us.

DATA RETENTION

Because there are so many different types of PI in each category, and so many purposes and use cases for different data, we are unable to provide retention ranges based on categories of PI in a way that would be meaningful and transparent to you. Retention periods for each category of PI will depend upon how long we have a legitimate purpose for the retention consistent with the collection purposes and applicable law. For instance, we may maintain business records for so long as relevant to our business, and may have a legal obligation to hold PI for so long as potentially relevant to prospective or actual litigation or government investigation. We apply the same criteria for determining if we have a legitimate purpose for retaining your PI that you ask us to delete. If you make a deletion request, we will conduct a review of your PI to confirm if legitimate ongoing retention purposes exist, will limit the retention period to such purposes for so long as the purpose continues, and will respond to you with information on any retention purposes on which we rely for not deleting your PI. For more information on deletion requests, see the Right to Delete section.

2.COOKIES AND THIRD-PARTY DIGITAL BUSINESSES, AND YOUR CHOICES

Below is further information on use of cookies and other tracking technologies on our Service, and available choices. Please note that you will need to exercise the below choices on each browser and/or device that you use. Please be aware that if you disable or remove certain cookies or other tracking technologies, some parts of the Service may not work or will function with more limited capabilities. In addition, please note that your choices sometimes rely on cookies or other tracking technologies, such that when you clear or disable them, your choices are reset.

Ad Industry Tools: Some third parties that may collect PI in association with your use of our online services for advertising (including interest-based advertising), analytics, and other purposes Please visit https://www.privacyrights.info/ for information on how to submit applicable opt-outs to participating third parties. However, opting out does not mean you will stop seeing ads and you may continue to still see interest-based ads. To learn more about interest-based advertising and additional opt-out choices related to it, please visit https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1.

Please note, clearing cookies or changing settings may affect your choices and you have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices, tools, or choices.

Browser Settings: You can exercise control over browser-based cookies by adjusting the settings on your browser, and mobile devices may offer ad and data limitation choices. Use the help function on your browser or click on the applicable links below to learn more: * [Google Chrome] (https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en) * [Firefox] (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences) * [Internet Explorer] (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies) * [Edge] (https://support.microsoft.com/en-us/help/4027947/microsoft-edge-delete-cookies) * [Safari] (https://support.apple.com/en-gb/HT201265)

Mobile Device Settings: You can use mobile device settings to limit mobile tracking technologies and associated activities. For instance, you can adjust or reset the advertising identifiers on your mobile device in the device settings. iOS users can visit Settings > Privacy > Advertising > Reset Advertising Identifier. Android users can visit Google settings > Ads > Reset advertising ID. These controls work much like deleting cookies in a browser—the device is harder to associate with past activity, but tracking may still occur using the new advertising identifier. In addition, third party tools may enable you to search for and opt-out of some of these trackers, such as the Ghostery browser plug-in available at [https://www.ghostery.com/] (https://www.ghostery.com/).

3.COMMUNICATIONS – YOUR CHOICES

You can opt out of receiving certain promotional communications from SMK at any time by (i) for promotional e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; (ii) for text messages, following the instructions provided in text messages from SMK to text the word, “STOP”; and (iii) for app push notifications turn off push notifications on the settings of your device and/or the app, as applicable. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, SMK may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or SMK’s ongoing business relations.

4.DATA SECURITY AND MONITORING.

SMK takes reasonable measures to protect your information (excluding public UGC) from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and SMK does not guarantee the security of your information collected through the Service.

5.INTERNATIONAL TRANSFER.

SMK is based in the U.S. and the information SMK and its Service Providers collect is governed by U.S. law. If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information, including Personally Identifiable Information, in the U.S. as set forth in this Privacy Policy.

6.CHILDREN’S PRIVACY.

The Service is intended for a general audience and not directed to children less than 13 years of age. SMK does not intend to collect personal information as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) (“Children’s Personal Information”) in a manner that is not permitted by COPPA. If we obtain knowledge that we have collected Children’s Personal Information in a manner not permitted by COPPA, we will remove such data to the extent required by COPPA.

Any California residents under the age of eighteen (18) who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting SMK here, detailing where the content or information is posted and attesting that you posted it. SMK will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that SMK does not control.

7.CALIFORNIA RESIDENTS ONLY - CONSUMER RIGHTS REQUESTS

As described in further detail below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), we provide Consumers – which are, for clarity, residents of California – the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests, but will apply our discretion in how we process such requests. For states that have passed consumer privacy laws, but are not yet in effect, we will also consider applying state law rights prior to the effective date of such laws, but will do so at our discretion.

MAKING A REQUEST AND SCOPE OF REQUESTS

As permitted by the CCPA, any request you submit to us is subject to an identity verification process (“Verifiable Consumer Request”) as described below in the “Verifying Your Request” section below. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.

To make a request, please submit your request to us by one of the methods below. For instructions on how to submit a Do Not Sell/Share request as to cookie PI (defined below), please go to the DO NOT SELL/SHARE section below.

For PI collected in non-HR Context:

• Calling us at (833) 454-0923
• Email us at privacy@smkusa.com

For PI collected in HR context:

• Calling us at (833) 454-0923
• For current employees, contact HR Manager

Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer’s request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response.

You are not required to create a password-protected account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify PI that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

VERIFYING YOUR REQUEST

When you make a request, we will verify that you are the person you say you are, or, if you are seeking information on behalf of another person, that you are authorized to make the request on their behalf. In addition, we will compare the information you have provided to ensure that we maintain personal information about you in our systems. As an initial matter, if we have collected PI about you in the non-HR context, we ask that you provide us with, at a minimum, your full name and phone number and/or business email, and the nature in which you have transacted or interacted with us. For the HR context, please provide us with your full name and last four digits of your social security number. Depending on the nature of the request and whether we have the phone number or email address you have provided in our systems, we will request further information from you in order to verify that you are the Consumer about whom we have collected information. We will review the information provided as part of your request, and may ask you to provide additional information via e-mail or other means as part of this verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of Sensitive PI requests, but we may apply some verification measures if we suspect fraud.

The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal information that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal information is the subject of the request.

If we cannot verify you with respect to certain requests, such as if you do not provide the requested information, we will still take certain action as required by the CCPA. For example:

• If we cannot verify your deletion request, we will refer you to this Privacy Policy for a general description of our data practices.
• If we cannot verify your specific pieces request, we will treat it as a categories request.

AUTHORIZING AN AGENT

You may designate an authorized agent to submit your Consumer request on your behalf by submitting a request in the manners described above. If you are an authorized agent who would like to make a request, the CCPA requires that we ensure that a request made by an agent is a Verifiable Consumer Request and allows us to request further information to ensure that the Consumer has authorized the agent to make the request on their behalf. Generally, we will request that an agent provide proof that the Consumer gave the agent signed permission to submit the request, and, as permitted under the CCPA, we also may require the Consumer to either verify their own identity or directly confirm with us that they provided the agent permission to submit the request.

YOUR CONSUMER PRIVACY RIGHTS
RIGHT TO LIMIT SENSITIVE PI PROCESSING

Certain personal information qualifies as Sensitive PI under the CCPA, which we refer to in this Privacy Policy as “Sensitive PI.” The CCPA provides Consumers the right to direct businesses to limit their use and disclosure of Sensitive PI if we use or disclose it beyond certain internal business purposes. However, we do not use or disclose Sensitive PI beyond such internal business purposes.

RIGHT TO KNOW/ACCESS
RIGHT TO KNOW CATEGORIES

If you are a California resident, you have the right to request that we share with you certain information to you about our collection, use, and disclosure of your PI over the 12-month period prior to the request date, related to categories of PI. You can request that we disclose to you: (1) the categories of PI we collected about you; (2) the categories of sources for the PI; (3) our business or commercial purpose for collecting or selling that PI (i.e., if we have, in fact, sold PI); (4) the categories of third parties with whom we shared that PI; (5) a list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each, the categories of recipients, or that no disclosure occurred; and (6) a list of the categories of PI sold about you in the prior 12 months and, for each, the categories of recipients, or that no sale occurred.

RIGHT TO KNOW SPECIFIC PIECES

You have the right to request a transportable copy of the specific pieces of PI we collected about you in the 12-month period preceding your request. Please note that PI is retained by us for various time periods, so there may be certain information that we have collected about you that we do not even retain for 12 months (and thus, it would not be able to be included in our response to you). Please also note that you are limited to making two “right to know” requests in any 12-month period.

RIGHT TO DELETE

You have the right to request that we delete any of your PI that we have collected directly from you and retained, subject to certain exceptions which we will explain if they apply. After we confirm that your deletion request is a Verifiable Consumer Request, subject to permitted retention exemptions, we will carry out one or more of the following: (i) permanently erase your PI on our existing systems with the exception of archived or back-up systems; (ii) deidentify your PI; or (iii) aggregate your PI with other information. In our response to your request to delete, we will tell you the method for deleting your PI. Where legal exceptions will apply to your request for deletion, we will tell you which one (s) and will limit retention to the permitted purpose (s).

RIGHT TO CORRECT

You have the right to request that we correct inaccuracies that you find in your personal information maintained by us. Your request to correct is subject to our verification (discussed above) and the response standards set forth in the CCPA.

DO NOT SELL/SHARE

Under the CCPA, Consumers have the right to opt-out of certain processing activities. California has opt-outs specific to targeted advertising activities – which the CCPA refers to as “cross-context behavioral advertising” – and which involves the use of PI from different businesses or services to target advertisements to you. The CCPA provides Consumers the right to opt-out of Sharing, which includes providing or making available PI to third parties for such targeted advertising activities. The CCPA also has opt-outs specific to the Sale of PI, which at a minimum requires providing or otherwise making PI available to a third party.

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate various now and later developed methods and technologies to store or collect certain information whenever you visit or interact with the Service that collect PI about you on the Service, or otherwise collect and process PI that we make available about you, including digital activity information. Giving access to PI on the Service, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing. Therefore, we will treat such PI collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the PI we make available about you is collected directly by such Third-Party Digital Businesses using cookies and other tracking technologies on the Service or our advertisements that are served on third-party sites (which we refer to as “cookie PI”). We do not Sell/Share non-cookie PI.

When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale and Sharing, such that our opt-out process is intended to combine both activities into a single opt-out.

Opt-Out for Cookie PI. If you would like to submit a request to opt-out of our processing of your cookie-PI relating to the Sale or Sharing of Such data, you can exercise a request on our cookie management tool, which you can access through the “Do Not Sell or Share My Personal Information” link on the footer of our website. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our cookie management tool.

See also the section COOKIES AND THIRD-PARTY DIGITAL BUSINESSES, AND YOUR CHOICES above for further information on how to exercise choice with respect to cookies and certain advertising and analytics activities.

The CCPA also requires us to state that we do not knowingly Sell or Share the PI of Consumers under 16.

We may disclose your PI for the following purposes, which are not a Sale or Sharing: (i) if you direct us to share your PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute SMK as defined above, to SMK’s service providers, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

OPT-OUT PREFERENCE SIGNALS (ALSO KNOWN AS GLOBAL PRIVACY CONTROL OR GPC)

The CCPA requires businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism enabled by individuals on their devices or browsers that communicate the individual’s choice to opt-out of the Sale and Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC.

AUTOMATED DECISION-MAKING AND PROFILING

We may engage in processing that constitutes automated decision-making or profiling under the CCPA. However, as of the Effective Date, the definitions of these concepts, and any associated opt-out and access rights have not been added to the updated regulations of the CCPA.

RIGHT TO NON-DISCRIMINATION; NOTICE OF FINANCIAL INCENTIVE

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your privacy rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, retention, and use of your PI as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms.

8.CONTACT US

If you have any questions about the Privacy Policy or practices described in it, including this Privacy Policy, you should contact us in the following ways: Call: (833) 454-0923, Email: privacy@smkusa.com

• [1]

  Inferences drawn from any of the Information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.