Walt Disney Internet Group
Privacy Policy
Kids Privacy Policy
Internet Safety
Terms of Use
Previous Policy


Safe Harbor Privacy Policy For The
Product Approval System of Disney Consumer Products,
(Division of Disney Enterprises, Inc.)


  1. INTRODUCTION
    2.

    Disney Consumer Products Worldwide (Division of Disney Enterprises, Inc.) ("DCPW"), whose principal office is located in the United States of America (the "United States"), controls and operates a Product Approval System database (the "Product Approval Database"). The Product Approval Database contains (or will contain) human resources and financial information. DCPW recognizes the privacy protections afforded to individuals in the European Union and the European Economic Area (collectively the "EEA") with regard to Personal Information (as defined below). For that reason, DCPW has subscribed and will adhere to the voluntary U.S.-EU Safe Harbor program ("Safe Harbor Program") by adopting and implementing this set of Safe Harbor Privacy Principles, which include a set of frequently asked questions (collectively, the "Principles").

  2. SCOPE OF THESE PRINCIPLES
    3.

    The Principles apply to all Personal Information that is: (1) collected by any Affiliated Entity (as defined below) located in the EEA about an Individual located in the EEA; (2) in the course of the Individual's relationship(s) with the Affiliated Entities and/or with companies that provide goods and services to the Affiliated Entities ("Independent Contractors"); and (3) transferred from the EEA to DCPW in the United States after the effective date of these Principles and included in the Product Approval Database. The effective date of these Principles is April 23, 2004.

    FREQUENTLY ASKED QUESTIONS
    1. What is "Personal Information"?
      2.

      Personal Information means any information relating to an Individual that identifies that Individual, or could reasonably be used to identify the Individual, and that is recorded in any form (e.g., paper, electronic, video, audio) and included in the Product Approval Database. Personal Information also includes information relating to an Individual's dependents, beneficiaries, and emergency contacts that is included in the Product Approval Database.

    2. What are Affiliated Entities?
      3.

      Affiliated Entities are corporations or other business organizations present in the EEA that are affiliated with DCPW through direct or indirect common ownership or control.

    3. Who is an Individual for Purposes of these Principles?
      4.

      An Individual is any current or former employee, independent worker, or temporary agent of an Affiliated Entity, any employee of an Independent Contractor, and any applicant for employment, independent work, temporary work, or employment with an Affiliated Entity or Independent Contractor whose Personal Information is included in the Product Approval Database.

    4. What is the relationship between the Principles and the Safe Harbor Program?
      5.

      The Principles implement and satisfy the requirements of the Safe Harbor Program and establish the legally required level of protection for Individuals' Personal Information.


    back to top of page  

  3. NOTICE AND CHOICE
    4.

    1. Collection and Use of Personal Information
      2.

      DCPW collects and uses Personal Information only in a lawful manner and in compliance with the Safe Harbor Program and these Principles.

      FREQUENTLY ASKED QUESTION

      1. Why is Personal Information transferred to DCPW in the Product Approval Database?
        2.

        The collection and use of Personal Information is essential to the conduct of the product licensing approval system of DCPW and the Affiliated Entities.

    2. Informing the Individual and Obtaining Consent
      3.

      Except where an applicable legal exception exists, Affiliated Entities are legally required to inform Individuals (or to request that Independent Contractors inform Individuals) of the ways in which their Personal Information will be collected and used and the types of third parties to which such Information will be disclosed, and to obtain the Individuals' consent.

      Accordingly, except where an applicable legal exception exists, if DCPW either plans to use Personal Information for purposes incompatible with the purposes about which the Affiliated Entities (or Independent Contractors) notified Individuals, or plans to disclose Personal Information to types of third parties other than those about which Affiliated Entities (or Independent Contractors) notified Individuals ("Supplemental Uses"), then DCPW shall notify (or shall request the Independent Contractor, as appropriate, to notify) Individuals of the following with respect to such Supplemental Uses:

      • The type(s) of Personal Information DCPW plans to use;
      • The purposes for which DCPW will process Personal Information;
      • How to contact Affiliated Entities or DCPW with any inquiries or complaints about the use and processing of such Personal Information;
      • The types of parties to whom DCPW will disclose Personal Information;
      • The privacy and security safeguards DCPW employs; and
      • The right of Individuals to access and, if necessary, correct Personal Information about them.

      This information will be provided before DCPW uses or discloses Personal Information for Supplemental Uses or as soon thereafter as is practicable.

      FREQUENTLY ASKED QUESTIONS

      1. Are there cases when DCPW may disclose Personal Information about an Individual without obtaining the Individual's consent?
        2.

        In certain limited or exceptional circumstances, and in accordance with the Safe Harbor Program, DCPW may disclose Personal Information about an Individual without the Individual's consent, such as when DCPW is required to disclose the Information by law or legal process or when the vital interests of the Individual, such as life or health, are at stake. In such circumstances, and at such time as may be required by law or the Safe Harbor Program, DCPW, the relevant Affiliated Entity, or the Independent Contractor, as appropriate, shall inform the Individual concerned regarding whom to contact if the Individual has a legitimate reason to object to the disclosure of the Individual's Personal Information by DCPW.

      2. Under what circumstances may DCPW disclose Personal Information to agents and contractors, and what steps does DCPW take to safeguard that Personal Information?
        3.

        As a part of its normal business operations, DCPW hires agents and contractors to carry out certain functions that require use of Personal Information. DCPW is not required by the Safe Harbor Program to provide notice or obtain the relevant Individual's consent in these circumstances, and DCPW does not generally do so. DCPW does bind such agents and contractors through written agreements to observe the relevant Principles and DCPW restricts the use and retention of the Personal Information to the purposes and duration of such functions.

      3. What happens if an Individual objects to the collection, use, or disclosure of his/her Personal Information by DCPW?

        4. If an Individual objects to DCPW' collection, use, or disclosure of certain Personal Information, DCPW or the appropriate Affiliated Entity will make reasonable efforts to address the concerns of the Individual.

      4. Will DCPW take any adverse action against an Individual for refusing to permit his/her Personal Information to be collected, used, or disclosed?

        5. The Safe Harbor Program prohibits a company that subscribes to the Safe Harbor Program from taking such adverse action. Accordingly, DCPW may not subject an Individual to disciplinary action, sanction, or retaliation for objecting to the collection, use, or disclosure of Personal Information about the Individual.

        An Individual withholding Personal Information or prohibiting its collection, use or disclosure, may, however, be disadvantaged as a result of not making the Information available.


    3. Sensitive Information
      4.

      While recognizing that all Personal Information deserves to be protected in accordance with the Safe Harbor Program, DCPW exercises special precautions and safeguards for any sensitive information it may collect, as defined by the Safe Harbor Program. DCPW does not presently believe that it will collect any sensitive information in the Product Approval Database.


      FREQUENTLY ASKED QUESTIONS

      1. What is "sensitive information"?
        2.

        "Sensitive information" is Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.

      2. What safeguards are required for "sensitive information"?
        3.

        Except as provided by the Safe Harbor Program or where legally required, affirmative permission of the Individual ("opt in" consent) is required if "sensitive information" is to be disclosed to a third party or used for purposes other than those for which it was originally collected or subsequently authorized by the Individual.


    back to top of page  

  4. ACCESS
    5.

    DCPW provides Individuals about whom it maintains Personal Information with a reasonable opportunity to examine their information, to challenge its accuracy, and to have it corrected, amended or deleted as appropriate, subject to certain exceptions.

    FREQUENTLY ASKED QUESTIONS
    1. How do Individuals exercise their rights under the Access Principle?
      2.

      Each individual will have direct access to Personal Information about him/her contained in the Product Approval Database. Each individual will be able to correct his/her Personal Information in the Product Approval Database. Upon request to the appropriate Affiliated Entity or DCPW, each individual will be given reasonable access to any Personal Information about him/her that is not directly available to such individual through the individual's access to the Product Approval Database.

      Reasonable access applies to both the process of accessing Personal Information and the types of Personal Information to be accessed. In terms of process, reasonable access means, for example, that requests for access are made during normal business hours, following standard procedures, and that the frequency of access requests is not excessive. In terms of types of Personal Information to be accessed, reasonable access recognizes certain exceptions discussed in the immediately following FAQ 2. If DCPW or the Affiliated Entity denies an Individual access, however, such Individual will be provided with the reason(s) access was denied and a contact point for further inquiries.

      If DCPW or an Affiliated Entity is notified that Personal Information it maintains is incorrect, is requested to correct the Personal Information, and is provided with appropriate supporting documentation, DCPW or the appropriate Affiliated Entity will either correct the information or direct the Individual to the source of the information for correction. If, upon review, DCPW or the appropriate Affiliated Entity believes that the existing information is correct, the Individual will be informed accordingly.

    2. Is there any Personal Information about an Individual maintained by DCPW that such Individual would not be permitted to access?
      3.

      Yes, there are some exceptions to the obligation to provide access permitted by the Safe Harbor Program. These include access to confidential or proprietary information of either the relevant Affiliated Entity or DCPW, or situations in which granting access might have to be balanced against the privacy interests of others. In addition, access may be denied when the Personal Information requested relates to an ongoing investigation of the Individual, litigation or potential litigation, or where the burden or expense of providing access would be disproportionate to any risks to the Individual's privacy that would arise from not providing access.


    back to top of page  

  5. ONWARD TRANSFER
    6.

    If DCPW performs an onward transfer of information to a third party that is acting as an agent, DCPW will do so only if DCPW verifies that the third party subscribes to the Safe Harbor Principles, or is subject to the Directive or another adequacy finding. Alternatively, DCPW will enter into a written agreement with such third party requiring that the third part provide at least the same level of privacy protection as is required by the relevant Principles.

    back to top of page  

  6. DATA INTEGRITY
    7.

    DCPW employs reasonable steps to keep Personal Information accurate, complete, and up-to-date for the purposes for which such Personal Information is used. Each Individual is responsible for helping to ensure that the Personal Information that DCPW holds about him or her is accurate, complete, and up-to-date.

    FREQUENTLY ASKED QUESTION

    1. Is there a role for Individuals to play in maintaining the accuracy of Personal Information?
      2.

      Yes. It is in the best interests of Individuals, Affiliated Entities, and DCPW to keep Personal Information accurate, complete, and up-to date. DCPW and the Affiliated Entities expect all Individuals to assist in keeping the Personal Information that the SAP holds about them accurate, complete and up-to-date, and DCPW and the Affiliated Entities facilitate cooperation by Individuals in doing so.


    back to top of page  

  7. SECURITY
    8.

    DCPW takes reasonable precautions, including administrative, technical, personnel, and physical measures to safeguard Personal Information against loss, theft and misuse, as well as unauthorized access, disclosure, alteration and destruction.

    FREQUENTLY ASKED QUESTIONS
    1. Is there a role for Individuals to play in maintaining the security of Personal Information?
      2.

      Individuals play a vital role in maintaining security and are held accountable for safeguarding Personal Information, including, for example, by protecting passwords used to access corporate computer systems.

    2. How are decisions reached about who has access to Personal Information about Individuals?
      3.

      It is the policy of DCPW to give access to Personal Information about Individuals only to those entities and persons that DCPW determines have a legitimate need to know the information to carry out their responsibilities.

    3. What keeps those with access to some of an Individual's Personal Information from browsing through other parts of that Personal Information for other reasons?

      4. It is the policy of DCPW to limit the access to Personal Information given to employees, agents, and contractors to such information that DCPW determines is needed to carry out their responsibilities.


    back to top of page  

  8. ENFORCEMENT

    9.
    1. Compliance
      2.

      DCPW maintains an active program to ensure compliance with the Principles, Safe Harbor Program, and DCPW's contractual agreements and other commitments regarding the handling of Personal Information.

      The DCPW Privacy Compliance Office is responsible for implementing and overseeing the administration of the Principles.

      It is the responsibility of all DCPW employees to act in accordance with the Principles with respect to Personal Information. Failure to do so may result in disciplinary action up to and including discharge from employment.

      FREQUENTLY ASKED QUESTIONS

      1. What are the responsibilities of the DCPW Privacy Compliance Office?
        2.

        Responsibilities of the DCPW Privacy Compliance Office include:

        • Ensuring that the privacy guidelines, programs, procedures, training, and other measures necessary to implement the Principles are developed and put into practice;
        • Overseeing responses to inquiries and resolution of complaints relating to Personal Information;
        • Working with legal advisors to ensure DCPW' ongoing compliance with applicable privacy laws and agreements, as well as any obligations DCPW may enter into voluntarily, such as the Principles and the U.S.-EU Safe Harbor Program; and
        • Overseeing periodic assessments of DCPW' internal practices to ensure that they conform to the Principles and related company obligations.

      2. What steps are taken to promote compliance with the Principles?
        3.

        Compliance measures include:

        • Educating DCPW employees as to the purpose and application of the Principles;
        • Training DCPW employees with access to Personal Information on the purposes and application of the Principles;
        • Ensuring that DCPW employees, agents, and contractors with access to Personal Information are legally obligated to abide by the Principles;
        • Holding DCPW employees, agents, and contractors accountable for violations of the Principles, with sanctions up to and including termination of contracts and employment; and
        • Having designated points of contact in DCPW to answer questions regarding the Principles and DCPW' privacy practices and to investigate complaints regarding conduct inconsistent with the Principles or related obligations.

    2. Complaint Resolution
      3.

      DCPW recognizes the importance of having mechanisms in place to address and resolve complaints by Individuals about the processing of Personal Information. Therefore, if an Individual makes a complaint about the processing of his/her Personal Information, and the complaint is not resolved to the Individual's satisfaction through internal DSW procedures, then DCPW will refer such Individual to the national data protection authority in the jurisdiction where the Individual works as required by the Safe Harbor Program.

      FREQUENTLY ASKED QUESTIONS

      1. What are the procedures for filing an internal complaint about the handling of Personal Information by DCPW?
        2.

        Individuals covered by the Principles should contact the Chief Privacy Officer, Mr. Jonathan D. Avila, by phone to 818-560-4194, or email to privacycontact@disney.com, or Human Resources contact (as appropriate) for the relevant Affiliated Entity. These representatives will provide particular information about the mechanics of the complaint process.

      2. What types of independent dispute resolution mechanisms are available?
        3.

        All EEA jurisdictions have established data protection authorities overseeing the processing of Personal Information that are willing to assist in the resolution of complaints. To maintain its certification under the Safe Harbor Program, DCPW must cooperate with these authorities to resolve any complaint and comply with their decisions in such cases.

    3. Changes to the Principles
      4.

      DCPW reserves the right to modify these Principles at any time and will notify affected individuals of such modifications in accordance with applicable law and the Safe Harbor Program. Nonetheless, as long as DCPW continues to store, use, or disclose Personal Information transferred to DCPW under these Principles, DCPW will apply to such Personal Information either these Principles or safeguards that provide no less privacy protection than the Safe Harbor Program then requires.

back to top of page