Privacy Policy

Privacy Policy of Lemsys

Lemsys SA (hereinafter, referred to as the “Lemsys”), take processing of Personal Data very seriously. Lemsys ensures a reasonable and transparent processing of Personal Data in accordance with all applicable laws, local and international regulations, including Swiss Data Protection Act (“DPA”). Lemsys protects Personal Data and the privacy of individuals within all areas of its business in accordance with the terms of this Privacy Policy of Lemsys (“Privacy Policy”).

1. Personal Data and Data Subject

For purpose of this Privacy Policy, “Personal Data” means any information relating to an identified or an identifiable natural person (a “Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, e.g., by reference to a name, an identification number or online identifiers. To the extent that Swiss data protection law applies, legal persons also qualify as data subjects.

Personal Data is generally categorized as either “Ordinary Personal Data” or “Sensitive Personal Data”. Sensitive Personal Data is always confidential and includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health, sexual orientation, and information related to criminal offences. Ordinary Personal Data is partly confidential, includes national identification numbers, information regarding a person’s salary, pension, debt, application material, etc., and all other types of Ordinary Personal Data, including name, customer number, (business) contact information such as email and telephone number, photos, IP-address, and other usage information collected via cookies.

This Privacy Policy applies to all Personal Data Lemsys collects and processes about individuals, including employees, visitors, customers, suppliers (including third party service providers), other stakeholders and users of Lemsys‘ website and services.

2. Data Controller

Lemsys is data controller (“Data Controller”) of the Personal Data covered by this Privacy Policy.

Contact details:
Chemin des Aulx 18,
1228 Plan-les- Ouates,
Switzerland

Telephone: + 41227061050
Website: https://www.lemsys.com
Email: lemsys@lemsys.com

For any questions related to this Privacy Policy and processing of Personal Data, please contact the Global Data Protection Team.

Lemsys’ parent company is Teradyne, Inc., located at 600 Riverpark Drive, North Reading, Massachusetts 01864, USA.

Personal Data transfer, including cross-border transfer (from one country to another), between Lemsys and its affiliated companies, offices worldwide, and the parent company isin compliance with applicable law. Please see more details in the chapter about transfer of Personal Data of this Privacy Policy.

In the event Lemsys shares Personal Data with its affiliated companies, use of such Personal Data is subject to this Privacy Policy.

All Personal Data transfers, including cross-border transfers between Lemsys and its affiliated companies and Lemsys’ parent company, are made in compliance with applicable law. More information on data transfers can be found in Section 5 of this Privacy Policy.

3. Legal Ground for Processing of Personal Data

Lemsys may process Personal Data if one of the following options applies:

• Individual/company has given prior consent to processing of his/her/its Personal Data for one
  or more specific purposes. Note: Under some legislations Lemsys may be allowed to process
  Personal Data until individual object to such processing (“opt-out”), without having to rely on
  consent or any other of the following legal bases. This, however, does not apply, whenever
  the processing of Personal Data is subject to European Data Protection law;
• processing of data is necessary for the performance of a contract and/or for any precontractual obligations thereof;
• processing is necessary for compliance with any legal obligations;
• processing of your Personal Data is necessary to establish, exercise or defend any legal claims;
• processing is related to a task that is carried out in the public interest or in the exercise of
  official authority vested in Lemsys;
• processing is necessary for the purposes of the legitimate interests pursued by Lemsys or by a
  third party, if such interests are considered to override individual/company interests or
  fundamental rights. Such legitimate interests may be Lemsys’ interests in developing,
  marketing and selling the products and providing services, pursuing and maintaining business
  relationship with customers, suppliers, distributors, partners and other business relations.

Upon request, Lemsys will provide information to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Consent & withdrawal of consent. To the extent that Lemsys’ processing activities are based on the Data Subject’s consent, the Data Subject maintains the right to withdraw his/her/its consent at any time. If Data Subject withdraws his/her/its consent, Lemsys will cease processing of the Data Subject’s Personal Data, unless and to the extent that continued processing is permitted or required according to the applicable Personal Data legislation or other applicable law. If the Data Subject withdraws his/her/its consent, it will not affect the lawfulness of processing conducted prior to the withdrawal.

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in Lemsys or for the purpose of the legitimate interests pursued by Lemsys, an individual may object to such processing by providing a ground related to the individual’s particular situation to justify the objection. However, if Personal Data is processed for direct marketing purposes, an individual can object to such processing at any time without providing any justification by contacting the Data Protection Team.

Notice of statutory or required processing. In cases where Lemsys processes Personal Data based on a legal obligation or a requirement under a contract or a requirement that must be met in order to enter into a contract, the customer is obliged to provide Lemsys with the information so that Lemsys can maintain the customer relationship, fulfill the contract and invoice for our services, etc. If the customer does not wish to provide Lemsys with the information Lemsys needs to comply with contractual and/or statutory obligations, the consequence may be that Lemsys is unable to establish or continue the business relationship.

4. The Types of and Purpose for the Collection of Personal Data

Lemsys collects and processes Personal Data, including sensitive data (if any) only for specified, explicit and legitimate purposes relevant for the business of Lemsys. The purpose of the collection and processing of Personal Data also depends on the type of data subjects. Responsible departments and their employees who have access to Personal Data must follow the legal requirements, the principles of this Privacy Policy and internal guidelines.

Employment. Lemsys collects and processes Personal Data, including sensitive data (if any) of applicants, candidates and employees for employment purposes and in accordance with legal requirements.

Visitors. Lemsys collects and processes Personal Data of visitors including name, title (if applicable) and contact details for security reasons and registers such information in the visitor log prior to granting visitors access to the Lemsys premises.

Lemsys’ Website Users. Lemsys may collect by itself or through third parties Personal Data of website users, which may include: name, contact details, and company information, if applicable. The data is collected and processed for marketing, advertising, and analytics purposes.

Users are responsible for any third-party Personal Data obtained, published or shared through the website and confirm that they have the third party’s consent to provide such Personal Data to Lemsys. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Global Data Protection Team.

Data of Minors. Lemsys’ websites and online services are not directed to children under the age of 16, unless in very specific instances, e.g., issuance of scholarships, under which circumstance parental and/or school consent will be obtained. If Lemsys has Personal Data that pertains to a child under the age of 16, Lemsys will promptly delete such Personal Data from its respective systems.

Cookies. Lemsys’ website does not use cookies and does not collect the data about website users, therefore Lemsys does not have a Cookie Policy.

Marketing. Lemsys collects and processes Personal Data (including name and contact details) about current and new customers, business partners, suppliers, including third-party service providers, distributors, leads and individuals, website users and on individuals who have signed up for Lemsys’ newsletters or other electronical marketing materials, as well as in some cases for the following purposes: analytics, contacting, managing contacts and sending messages, remarketing and behavioral targeting, advertising, and exhibitions.

Such Personal Data is collected and processed under the marketing consent. Lemsys obtains valid consent through an online form. The marketing department and other involved departments must ensure that marketing consent is obtained before collecting and processing such Personal Data.

Lemsys may use third parties as a service provider to send out marketing information on its behalf but only in accordance with applicable legal requirements.

For marketing purposes, Lemsys may share Personal Data (including name and contact details) with third parties (e.g. distributors, business partners, and corporate affiliates). A list of business partners can be found on the Lemsys’s webpage here. The list of other third parties can be provided upon request.

For any further questions related to marketing information, please contact the marketing department.

Contracts. In connection with its sales and purchase transactions, Lemsys collects and processes Personal Data, including the name, contact details, delivery details, correspondence, and payment details necessary for conducting business and to comply with export compliance regulations and other legal due diligence obligations.

Accounting and Finance. Lemsys collects Personal Data for accounting and financial purposes in accordance with applicable requirements. This information is provided to accounting by other internal departments or received directly from the individuals/companies, employees, and includes information such as name, address, company name, registration number, payment details and bank details, delivery address and other mandatory information.

Legal Action. In case of a dispute, Lemsys may retain personal information necessary for its legitimate interest to ensure that Lemsys can properly bring or defend legal claims in court or during the stages leading to possible legal action. Lemsys may need to share this information with third parties such as insurance and/or legal advisers and Lemsys may also be required to reveal Personal Data upon request of public authorities.

Whistleblowing System. Lemsys respects confidentiality of whistleblowers and has several channels in place for such reporting, including electronic/digital systems (www.teradyne.integrityline.com). Lemsys collects and processes Personal Data in the whistleblowing system for the purpose of conducting investigations, and to take remedial or legal actions in accordance with legal requirements; this Privacy Policy; Privacy Policy for Whistleblowers and the Whistleblower Policy

5. Place and International Data Transfer

The Personal Data is processed at the Lemsys’ operating offices and in any other places where the parties involved in the processing are located. Lemsys ensures that: (i) the Personal Data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards that require the recipient to treat the Personal Data in a manner that is essentially equivalent to legal requirements.

Specific rules apply when Lemsys transfers Personal Data from the EU/EEA to third countries or international organizations. When transferring Personal Data to third countries or international organizations, Lemsys is obligated to establish appropriate safeguards prior to the transfer, which in practice are established by entering the European Commission’s Standard Contractual Clauses (“EU SCCs”) or by collecting consent from the Data Subject (Art. 49(1)(a) GDPR).

Lemsys may use electronic communications service providers or share data with partners based outside of EU, including countries where the legal regime for protection of Personal Data might not be as sufficient as within the EU. As an example, transfers to the US may entail that U.S. FISA 702 (surveillance legislation) can require the data to be handed over by U.S authorities. In such a scenario, the legal basis for the transfer is Data Subject consent (Art. 49(1)(a) GDPR).

In accordance with the GDPR, Lemsys has concluded Data Processing Agreement (DPA) and/or Joint Data Controller Agreement (JDCA) and/or agreements with Standard Contractual Clauses (SCCs) with external parties and affiliated companies, as applicable.

The Personal Data relating to individuals in the United Kingdom (“UK”) maybe processed by Lemsys in countries outside of the UK. In this regard the UK International Data Transfer Agreement (“IDTA”) and UK Addendum will apply to data transfer from the UK to other countries.

The Personal Data relating to individuals in China Mainland may be processed by Lemsys in countries outside of China Mainland. Where this occurs, it will be done in compliance with local laws, including the Personal Information Protection Law (“PIPL”). As outlined in this Privacy Policy, Lemsys may also transfer such Personal Data to third parties, who may in turn store or transfer the data outside of China Mainland.

6. Retention Period

Personal data collected by Lemsys shall be processed and stored for as long as required by the purpose for which the Personal Data has been collected. Lemsys may be allowed to retain Personal Data for a longer period if Lemsys has obtained valid consent to the processing activity as long as such consent is not withdrawn. Furthermore, Lemsys may be obliged to retain the Personal Data for a longer period, whenever required to do so for the performance of a legal obligation or to establish, exercise or defend a legal claim.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be accommodated after expiration of the retention period.

7. Individuals’ Rights

Where legally required, Lemsysshall inform individuals of the purpose of processing their Personal Data, rights to have their Personal Data rectified, deleted or blocked, and the identity of the company responsible for the collection and process their Personal Data. In all other cases, users may inquire with Global Data Protection Team to find out which rights apply to them.

Individuals have the following rights:

• Withdrawal of consent – the right at any time to withdraw previously given consent to the
  processing of his/her/its Personal Data.
• Object to processing of Personal Data – the right to object to the processing of Personal Data if
  such processing is carried out on a legal basis other than consent. Further details are provided
  in the dedicated section of this Privacy Policy.
• Access to Personal Data – the right to learn if Personal Data is being processed by Lemsys, obtain
  disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing
  processing.
• Verify and seek rectification – the right to verify the accuracy of his/her/its Personal Data and
  ask for it to be updated or corrected.
• Restrict the processing of Personal Data – the right, under certain circumstances, to restrict the
  processing of his/her/its Personal Data. In this case, Lemsys will not process mentioned Personal
  Data for any purpose other than storing it.
• Have Personal Data deleted or otherwise removed – the right, under certain circumstances, to obtain the erasure of his/her/its Personal Data from Lemsys.
• Have Personal Data transferred to another data controller – the right, under certain circumstances, to have Personal Data transmitted to another controller without any hindrance.
• Lodge a complaint – the right to bring a claim before his/her/its competent data protection authority.

8. Training

To prevent any violation of applicable law, regulations and corporate standards, Lemsys organizes formalized Data Protection training for its employees in accordance with a corporate training plan. Training on Personal Data protection may be conducted via electronic communication, webinars, or in person training. All employees are trained on basic data protection requirements and certain groups have more advanced training on Personal Data processing based on business needs.

9. Ongoing Audit & Monitoring

Through a combination of external and internal controls, ongoing audit and monitoring, Lemsys seeks to maintain secure processing of data and prevent data loss. In case of audit findings, the responsible department must prepare a mitigation plan, including corrective and preventive actions to mitigate risks and bring procedures and policies in compliance with legal requirements, corporate standards and this Privacy Policy.

10. Reporting System and Contact Details

In case of questions and/or possible violations of this Privacy Policy, please contact the Global Data Protection Team:

E-mail: dataprotection@teradyne.com

Any request can be exercised free of charge and will be addressed as expeditiously as possible and always within one (1) month or sooner, if required by applicable law.

11. Changes to this Privacy Policy

Lemsys reserves the right to amend this Privacy Policy. The latest edition will always be available at our website, and we strongly recommend that you continually monitor and update yourself with our Privacy Policy.