Concerning personal datatransferred from the European Economic Area (“EEA”)  to the United States of America (“U.S.”)
COHERENT, INC. (“COHERENT”) respects the privacy of its customers, business partners and employees and recognizes the need for appropriate protection and management of personal information provided. COHERENT itself and on behalf of its affiliate U.S. companies (Coherent Investments, Inc., Coherent International LLC, Coherent-DEOS LLC, and Coherent Asia, Inc.), has made a decision to voluntarily adhere to EU-U.S. Privacy Shield principles available to U.S. organizations under the European Commission’s implementing decision to provide for an adequate level of data protection as required under the EU Directive 95/46/EC on data protection. Should there be any conflict between the EU-U.S. Privacy Shield principles and this Policy, the EU-U.S. Privacy Shield principles will prevail .
This Policy outlines the general practices for implementing the requirements of the EU-U.S. Privacy Shield in connection with personal data that is transferred from the EEA to the U.S, including the types of information that is collected and transferred, how it is used, and the choices individuals located in the EEA have regarding the use of, and their ability to correct, that information.
For purpose of this Policy, the following definitions shall apply:
“Personal data” and “personal information” refer to data about an identified or identifiable individual that are within the scope of the Directive 95/46/EC, received by an organization in the United States from the European Union, and recorded in any form.
“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Agent” means any third party processor that collects and/or uses personal information provided by COHERENT to perform tasks on behalf of and under the instructions of COHERENT. An example of an Agent is a provider of IT services that processes personal information in order to assist or support COHERENT’s employees with the use of its products.
“Sensitive personal information” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sexual orientation of the individual or where received from third party data that is treated as personally sensitive by the third party.
4. Processing of EEA personal data
COHERENT may from time to time process certain EEA personal information about customers and prospective customers, business partners and prospective business partners such as suppliers, service providers or independent contractors, consultants, consumers, employees, contingent workers and candidates for employment, including information recorded on various media as well as electronic data. COHERENT will process these data in conformity with the EU-U.S. Privacy Shield Principles and will continue to apply the Principles to personal data received under the application of the Privacy Shield.
COHERENT will use personal information concerning business partners and customers to provide customers and business partners with information and services and to help COHERENT personnel better understand the needs and interests of these business partners and/or customers. Specifically, COHERENT uses information to help customers and business partners complete a transaction or order, to facilitate communication, to deliver products/services, to bill for purchased products/services, to provide ongoing service and support, to allow individuals to register for websites and online services, for reporting purposes e.g. assuring customer service levels, to evaluate the quality of products and services, to facilitate Coherent’s internal administrative processes, to maintain, administer and to comply with Coherent’s legal, regulatory, compliance and auditing obligations, policies and procedures, for business continuity and/or disaster recovery procedures, to access sales and order portals and to select service and personnel. Occasionally COHERENT personnel may use personal information to contact customers and business partners to complete surveys that are used for marketing and quality assurance purposes.
COHERENT may also share customer personal information with its service providers (Agents) and suppliers for the sole purpose and only to the extent needed to support the customers’ business
needs. Service providers and suppliers are required to keep confidential personal information received from COHERENT and may not use it for any purpose other than as originally intended. In case of data transfers to non-agent third parties the affected individuals will be informed about the transfer and the underlying purposes respectively.
5. Privacy Principles
A detailed description of the EU-U.S. Privacy Shield Principles can be found on the Privacy Shield website of the Department of Commerce .
Where COHERENT collects personal information directly from individuals in the EEA or receives it from its European affiliates, it or its European affiliates will inform these individuals about the purposes for which they collect and use personal information about them, the transfer to COHERENT in the U.S., the types or identity of third parties to which COHERENT discloses that information, the purposes for which it does so, the choices and means COHERENT offers individuals for limiting the use and disclosure of their personal information, and to access their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to COHERENT, or as soon as practicable thereafter, and in any event before COHERENT uses the information for a purpose other than that for which it was originally collected.
COHERENT will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party acting as a controller, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, COHERENT will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party acting as a controller or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. COHERENT will provide individuals with reasonable mechanisms to exercise their choices.
5.3. Accountability for Onward Transfer
COHERENT will obtain assurances from its Agents that they will safeguard personal information consistent with this Policy and will transfer personal data only for limited and specific purposes. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant EU-U.S. Privacy Shield principles, being subject to EU Data Protection Directive 95/46/EC, EU-U.S. Privacy Shield certification by the Agent, or being subject to another European Commission adequacy finding. COHERENT recognizes its responsibility and potential liability for onward transfers to Agents. Where COHERENT has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy and/or the level of protection as required by the Principles, COHERENT will take reasonable steps to prevent, remedy or stop the use or disclosure.
If COHERENT transfers personal information to non-agent third parties acting as a controller, COHERENT will apply the Notice and Choice Principles unless an exception for specific situations under European data protection law applies and will obtain assurance from these parties that they will provide the same level of protection as is required under the Principles.
Upon request, and to the fullest extent allowed under law, COHERENT will grant individuals reasonable access to personal information that it holds about them. In addition, COHERENT will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate, incomplete or processed in violation of the Principles.
COHERENT will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
5.6. Data Integrity and Purpose Limitation
COHERENT will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). COHERENT will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. COHERENT will adhere to the Principles as long as it retains personal information received under its EU-U.S. Privacy Shield certification.
5.7. Recourse, Enforcement and Liability
6. Limitations and Exceptions
Adherence to these Principles may be limited: (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.
7. Dispute Resolution
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Data Privacy Officer at the address given below. COHERENT will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
With respect to any complaints relating to this Policy that cannot be resolved through COHERENT’s internal processes, COHERENT has agreed to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities to resolve disputes pursuant to the EU-U.S. Privacy Shield principles available at the address given below. In the event that COHERENT or such Authorities determines that COHERENT did not comply with this Policy, COHERENT will take appropriate steps to address any adverse effects and to promote future compliance. COHERENT and its affiliated U.S. companies are also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body under the Privacy Shield.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of ’last resort’.
8. Targeting Minors
COHERENT does not knowingly collect personally identifiable information from persons under the age of 13. If for some reason COHERENT determines that a person with respect to whom it has collected personal information is under 13, COHERENT will promptly delete or destroy that information.
9. Contact Information
Questions or comments regarding this Policy should be submitted to COHERENT by mail or e-mail as follows:
Data Privacy Officer
or by mail
Data Privacy Officer
c/o Coherent, Inc.
5100 Patrick Henry Drive
Santa Clara, CA 95054
You may also address any unresolved complaints to the Data Protection Panel at the following address:
10. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. Privacy Shield principles. Appropriate public notice will be given concerning such amendments.
This Policy has been updated and is effective as of September 09, 2016.
 The EEA currently includes the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovak Republic, Slovenia, Spain, Sweden, United Kingdom, Iceland, Liechtenstein, and Norway.
Please Read Before Continuing
Risk factors: Except for the historical information contained here, many of the matters discussed in this Web site are forward-looking statements, based on expectations at the time they were made, that involve risks and uncertainties that could cause our results to differ materially from those expressed or implied by such statements. These risks are detailed in the “Factors That May Affect Future Results” section of our latest 10-K or 10-Q filing. Coherent assumes no obligation to update these forward-looking statements.