Privacy | Charles River

It is our policy to respect the privacy of our employees, customers, business partners, and others. Personal Data is used, collected, and retained in a manner consistent with the laws of the countries in which we do business. In furtherance of this commitment, we comply with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union countries (“EU”). We self-certify our adherence to the Safe Harbor Privacy Principles (“Safe Harbor Principles”) of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor Principles, and to view our certification, please visit http://www.export.gov/safeharbor/.

We collect, process, and retain Personal Data for the following purposes:

determining, evaluating and implementing employment-related actions and obligations;
designing, evaluating and administering compensation, benefits and other human resources programs;
designing, evaluating and implementing employment-related education and training programs;
monitoring and evaluating employee conduct and performance;
maintaining plant and employee security, health and safety;
collecting and storing customer information;
maintaining business records relating to past, present and potential customers, suppliers, contractors, joint venture partners and other business associates and employees;
conducting auditing, accounting, financial and economic analyses;
facilitating business communications, negotiations, transactions, conferences and compliance with contractual and legal obligations;
providing goods and services to our customers; and
monitoring our website, which includes processing orders and engaging in transactions and communications.

SCOPE

This policy applies to all of our subsidiaries and affiliates around the world. It sets forth the principles under which we manage the processing of Personal Data collected in the EU and subsequently transferred to the United States in any format, including electronic, paper, or verbal.

DEFINITIONS

For the purposes of this policy, the following definitions apply:

“Agent” means any third party that collects or uses Personal Data under the instructions of, and solely for, us or to which we disclose Personal Data for use on our behalf.
“Personal Data” means information that identifies or describes an identified or identifiable living natural person including, but not limited to, address, credit card information or bank statement.
“Sensitive Data” is a subset of Personal Data and means information pertaining to an individual’s racial or ethnic origin, political opinions or religious or philosophical beliefs, medical or health conditions, trade memberships or sex life.

SAFE HARBOR PRIVACY PRINCIPLES

Notice

Where we collect Personal Data directly from individuals in the EU, we will inform them about the purposes for which we collect and use such Personal Data, the types of non–agent third parties to which we disclose that information, the choices and means, if any, we offer individuals for limiting the use and disclosure of their Personal Data, and how to contact us. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to us, or as soon as practicable thereafter, and in any event before we use or disclose the information for a purpose other than that for which it was originally collected.

Where we receive Personal Data from our subsidiaries, affiliates or other entities in the EU, we will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Data relates.

Choice

We offer individuals the opportunity to choose (opt-out) whether their Personal Data is (1) to be disclosed to a non-agent third party, or (2) to be used for a purpose that is incompatible with the purpose for which it was originally collected or subsequently authorized.

For Sensitive Data, individuals must affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized, unless such new use or transfer is (1) in the vital interests of the individual or another person where the data subject is physically or legally incapable of giving his consent; (2) necessary for the establishment of our legal claims or defenses; (3) required to provide medical care or diagnosis where the data is processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy; (4) necessary to carry out our obligations in the field of employment law in so far as it is authorized by applicable national legislation providing for adequate safeguards; or (5) related to data that is manifestly made public by the individual.

We provide individuals with reasonable mechanisms to exercise their choice.

Transfers To Agents

If we transfer Personal Data to our Agents, we first ascertain whether the Agent subscribes to the Safe Harbor Principles or is subject to the EU 95/46/EC Directive or another adequacy finding or we will enter into a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles. Where we have knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this policy, we take reasonable steps to prevent or stop the use or disclosure.

Security

We take reasonable and appropriate precautions to protect Personal Data in our possession from loss, misuse, alteration, destruction, or unauthorized access or disclosure. We take special care to protect Sensitive Data.

Data Integrity

We use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We take reasonable steps to ensure that Personal Data is relevant to and reliable for its intended use, accurate, complete, and current.

Access

Upon request, we provide individuals with access to their Personal Data. Individuals may request corrections, deletions, or additions, as appropriate, except where the burden or expense of providing such access would be disproportionate to the risks to the individual’s privacy or would violate another individual’s rights.

Enforcement

We conduct a self assessment of relevant privacy practices to verify adherence to this policy at least once per year. Any employee we determine is in violation of this policy will be subject to disciplinary actions.

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to our Chief of Information Security and Compliance, Charles River Laboratories International, Inc., 251 Ballardvale Street, Wilmington, Massachusetts 01887 or 781-222-6000. We investigate and attempt to resolve complaints regarding use and disclosure of Personal Data in accordance with the Safe Harbor Principles. For complaints that cannot be resolved between us, we have agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.

LIMITATION ON APPLICATION OF PRINCIPLES

Adherence by us to these Safe Harbor Principles may be limited (1) to the extent required to respond to a legal or ethical obligation; (2) to the extent necessary to meet national security, public interest, or law enforcement obligations; and (3) to the extent expressly permitted by an applicable law, rule, or regulation.

WEBSITE PRIVACY

We see the Internet and the use of other technology as valuable tools to communicate and interact with customers, employees, healthcare professionals, business partners, and others. We recognize the importance of maintaining the privacy of information collected online and have created a specific Website Privacy Policy (WPP) governing the treatment of Personal Data collected through websites that we operate. With respect to Personal Data that is transferred from the EU, the WPP is subordinate to this policy. However, the WPP also reflects additional legal requirements and evolving standards with respect to privacy.

CONTACT INFORMATION

If you have any questions about this Policy, you may contact us at:

Chief, Information Security and Compliance
Charles River Laboratories
251 Ballardvale Street
Wilmington, MA 01887
Telephone: 781-222-6000
Fax: 978-988-5665
dataprivacypolicy@crl.com

Corporate Legal Department
Charles River Laboratories
251 Ballardvale Street
Wilmington, MA 01887
Telephone: 781-222-6000
Fax: 978-988-5665
dataprivacypolicy@crl.com