Coherent Privacy Statement EU

Privacy Policy

Concerning personal data transferred from the European Economic Area (“EEA”) [1] and/ or Switzerland to the United States of America (“U.S.”)

1. Introduction

COHERENT, INC. (“COHERENT”) respects the privacy of its customers, business partners and employees and recognizes the need for appropriate protection and management of personal information provided. COHERENT itself and on behalf of its affiliate U.S. companies (Coherent Investments, Inc., Coherent International LLC, Coherent-DEOS LLC, and Coherent Asia, Inc.), has made a decision to voluntarily adhere to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield (together the “Privacy Shield”) principles available to U.S. organizations under the European Commission’s and the Swiss Federal Council’s implementing decisions to provide for an adequate level of data protection as required under the Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR) and the Swiss Federal Act on Data Protection respectively. Should there be any conflict between the Privacy Shield principles and this Policy, the Privacy Shield principles will prevail [2]. This Policy outlines the general practices for implementing the requirements of the Privacy Shield in connection with personal data that is transferred from the EEA and/ or Switzerland to the U.S, including the types of information that is collected and transferred, how it is used, and the choices individuals located in the EEA and/ or Switzerland have regarding the use of, and their ability to correct, that information.

2. Scope

This Privacy Policy applies to COHERENT and its affiliate U.S. operations, divisions and subsidiaries as far as personal information about non-employees from the EEA and/ or Switzerland is received in any format including electronic, paper or verbal. This Policy also applies to Agents (defined below) that handle and process EEA and/ or Swiss personal data on behalf of COHERENT or its affiliate U.S. companies.

3. Definitions

For purpose of this Policy, the following definitions shall apply:

“Personal data” and “personal information” refer to data about an identified or identifiable individual that are within the scope of the GDPR or the Swiss Federal Act on Data Protection, received by an organization in the United States from the European Union and/ or Switzerland, and recorded in any form.

“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Agent” means any third party processor that collects and/or uses personal information provided by COHERENT to perform tasks on behalf of and under the instructions of COHERENT. An example of an Agent is a provider of IT services that processes personal information in order to assist or support COHERENT’s employees with the use of its products.

“Sensitive personal information” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sexual orientation of the individual or where received from third party data that is treated as personally sensitive by the third party. Where Swiss individuals are concerned, “Sensitive personal information” also includes ideological views or activities and information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.

4. Processing of EEA and/ or Swiss personal data

COHERENT may from time to time process certain EEA and/ or Swiss personal information about customers, potential customers and prospective customers, contacts, business partners and prospective business partners such as clients, suppliers or vendors, service providers or independent contractors, contract manufacturers, consultants, consumers, employees, post employee service providers, board of directors, website visitors, contingent workers and candidates for employment, including information recorded on various media as well as electronic data. COHERENT will process these data in conformity with the Privacy Shield Principles and will continue to apply the Principles to personal data received under the application of the Privacy Shield.

COHERENT will use personal information concerning business partners and customers to provide customers and business partners with information and services. Specifically, COHERENT uses information to help customers and business partners complete a transaction or order, to communicate to individuals about products, services and related issues, to facilitate communication and collaboration, to deliver products/services, to bill for purchased products/services, to provide ongoing service and support, to facilitate communication, to design, control and gather data for product manufacturing process, to allow individuals to register for websites and online services, for reporting purposes e.g. assuring customer service levels, to evaluate the quality of products and services, for manufacturing processes and quality control, to manage electronic signatures, to facilitate Coherent’s internal administrative processes, to manage business documents, to maintain, administer and to comply with Coherent’s legal, regulatory, compliance and auditing obligations, policies and procedures, for business continuity and/or disaster recovery procedures, for possible investigation of alleged ethics or fraud violations, to access sales and order portals and to select service and personnel. Occasionally COHERENT personnel may use personal information to contact customers and business partners to complete surveys that are used for (direct) marketing and quality assurance purposes.
COHERENT may also share customer personal information with its service providers (Agents) and suppliers for the sole purpose and only to the extent needed to support the customers’ business needs. Service providers and suppliers are required to keep confidential personal information received from COHERENT and may not use it for any purpose other than as originally intended. In case of data transfers to non-agent third parties the affected individuals will be informed about the transfer and the underlying purposes respectively.

COHERENT also collects personal information concerning its employees (Human Resources Data) in connection with administration of its Human Resources programs and functions and for purpose of communicating with its employees. COHERENT also applies the Privacy Shield Principles to this data. The collection and use of Human Resources Data is not covered by this Policy but instead by COHERENT’s Human Resources Privacy Policy available for employees in the Intranet.

5. Privacy Principles

A detailed description of the Privacy Shield Principles can be found on the Privacy Shield website of the Department of Commerce [2].

5.1. Notice

Where COHERENT collects personal information directly from individuals in the EEA and/ or Switzerland or receives it from its European affiliates, it or its European affiliates will inform these individuals about the purposes for which they collect and use personal information about them, the transfer to COHERENT in the U.S., the types or identity of third parties to which COHERENT discloses that information, the purposes for which it does so, the choices and means COHERENT offers individuals for limiting the use and disclosure of their personal information, and to access their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to COHERENT, or as soon as practicable thereafter, and in any event before COHERENT uses the information for a purpose other than that for which it was originally collected. 5.2. Choice

COHERENT will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party acting as a controller, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, COHERENT will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party acting as a controller or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. COHERENT will provide individuals with reasonable mechanisms to exercise their choices.

5.3. Accountability for Onward Transfer

COHERENT will transfer personal information to Agents only for limited and specific purposes and obtain contractual assurances from its Agents that they will safeguard personal information consistent with this Policy and that they will provide at least the same level of protection as is required by the relevant Privacy Shield principles. COHERENT recognizes its responsibility and potential liability for onward transfers to Agents. Where COHERENT has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy and/or the level of protection as required by the Principles, COHERENT will take reasonable steps to prevent, remedy or stop the use or disclosure.

If COHERENT transfers personal information to non-agent third parties acting as a controller, COHERENT will apply the Notice and Choice Principles unless an exception for specific situations under European data protection law applies and will obtain contractual assurance from these parties that they will provide the same level of protection as is required under the Principles.

5.4. Access

Upon request, and to the fullest extent allowed under law, COHERENT will grant individuals reasonable access to personal information that it holds about them. In addition, COHERENT will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate, incomplete or processed in violation of the Principles.

5.5. Security

COHERENT will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

5.6. Data Integrity and Purpose Limitation

COHERENT will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). COHERENT will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. COHERENT will adhere to the Principles as long as it retains personal information received under its Privacy Shield certification.

5.7. Recourse, Enforcement and Liability

COHERENT utilizes the self-assessment approach to assure its compliance with this Privacy Policy. COHERENT periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Privacy Shield principles. COHERENT encourages interested persons to raise any concerns with it using the contact information below. COHERENT will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

6. Limitations and Exceptions

Adherence to these Principles may be limited: (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the General Data Protection Regulation or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts. If COHERENT determines that any person in its employ is in violation of this Privacy Policy such person will be subject to disciplinary process.

7. Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to the Data Privacy Officer at the address given below. COHERENT will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

With respect to any complaints relating to this Policy that cannot be resolved through COHERENT’s internal processes, COHERENT has agreed to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities and of the Swiss Federal Data Protection and Information Commissioner to resolve disputes pursuant to the Privacy Shield principles available at the addresses given below. In the event that COHERENT or such Authorities determines that COHERENT did not comply with this Policy, COHERENT will take appropriate steps to address any adverse effects and to promote future compliance. COHERENT and its affiliated U.S. companies are also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body under the Privacy Shield.

Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of ’last resort’.

8. Targeting Minors

COHERENT does not knowingly collect personally identifiable information from persons under the age of 13. If for some reason COHERENT determines that a person with respect to whom it has collected personal information is under 13, COHERENT will promptly delete or destroy that information.

9. Contact Information

Questions or comments regarding this Policy should be submitted to COHERENT by mail or e-mail as follows:

Mark Rakic

Data Privacy Officer

.(JavaScript must be enabled to view this email address)

or by mail

Data Privacy Officer

c/o Coherent, Inc.

5100 Patrick Henry Drive

Santa Clara, CA 95054

If you are a citizen of an EEA member State, you may also address any unresolved complaints to the EU Data Protection Panel by contacting your local data Protection Authority at the following address:

If you are a citizen of Switzerland, unresolved complaints can be addressed to the Swiss Federal Data Protection and Information Commissioner at the following address:

10. Changes to this Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield principles. Appropriate public notice will be given concerning such amendments.

This Policy is effective as of September 09, 2016 and was last updated as of November 19, 2019.

[1] The EEA currently includes the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovak Republic, Slovenia, Spain, Sweden, United Kingdom, Iceland, Liechtenstein, and Norway.

[2] Information about the U.S. Department of Commerce Privacy Shield certification can be found at .