ADVANTECH RMA SECURITY POLICY
This statement provides Advantech’s customers with the general information about how Advantech handles the returned products for repairs under the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereafter referred as “GDPR”) enforcement.
GDPR is the regulation for privacy and personal data protection, which came into effect on May 25th, 2018. It is applicable to all the organizations based in the European Union (hereafter referred as the EU), as well as any organizations around the world that provide goods and services or monitor the behaviours of individuals located in the EU.
The returned products from the Customer for repair purposes may contain personal data of You or Your end-customers. Personal data is defined as any information related to an individual. Advantech respects and takes the major principles of GDPR into account.
We will only collect and process personal data about You where we have lawful bases. Lawful bases for this particular situation is the contract due to the fact that complying with Our obligation to repair and/or replace the product returned to us is not always possible without processing Your personal data or the personal data of your end-customers.
We understand how important the data privacy and security to You is, therefore, we take data protection very seriously with the measures detailed in this statement as follows:
- 1. To protect Your privacy and personal data, we suggest that You back up all the data, including both confidential and Personal Data, first and remove them from the storage devices before returning to Us for repairs.
- 2. Upon our Customers’requests, we can also provide a data wiping tool with various purging and block level erasing data methods, which meet the highest industrial and national standards, such as NIST 800-88 and DoD 5220.22-M. The Customers can erase both the confidential and Personal Data prior to returning the products to Us for repair, or we can offer our assistance to wipe the data stored on the returned devices with prior written requests from the Customers to our service team.
- 3. To monitor the Customers’data handling process at our end, all the devices that have been requested and authorized by the Customers in writing to wipe the data will be handled with a complete record including the device serial number, the data erasing method, the date of data wiping executed, the name of our employee handling the data wiping, the data wiping processing time, and all the related information.
Provided the Customers’ data cannot be removed completely from the returned devices for any reasons, or there is no request to clear the data during the repair, We will protect the physical security of the returned products. We are committed to establishing the appropriate process of handling the data in a careful and safe manner, and in accordance with GDPR. We also provide a comprehensive training program to our service staff on respecting and handling all the data stored on the returned devices ethically and lawfully. Preventive measures of unauthorized access, unlawful processing, unauthorized or accidental loss and destruction, and/or damage to personal information are also in place.
Advantech understands the importance of respecting the privacy and security of all the data provided to us through the returns of our products, and we are committed to protecting Your data in full compliance with GDPR. We will make the utmost effort on handling the data stored on the returned devices with care.
For more information on Your Rights with regard to the processing of personal data as described under this RMA Security Policy, please check the Privacy Policy of Advantech here: https://www.advantech.com/legal/privacy
