Privacy Notice for Federation Service

This Privacy Notice was last changed on 5 October 2017.

Koninklijke Philips N.V. and its subsidiaries or affiliates (jointly hereafter "Philips") are committed to protect the privacy of individuals and their personal data in accordance with Philips Privacy Rules. We also believe it is important to inform you about, among others, which personal data we will process, for which purposes we will use them, and what your rights are. Therefore, we encourage you to read this Privacy Notice carefully.

This Privacy Notice applies to all personal data of employees, contractors and suppliers processed in the Federation Service that are controlled by or under the control of Philips.

About Federation Service

The Federation Service ("PingFederate") provides authentication services to Philips applications whether accessed from within the Philips network or from the internet. It offers to option to centralize authentication of Philips employees and business partners on behalf of other IT solutions in order to protect Philips resources worldwide. The Federation Service offers three authentication methods to applications: single sign-on, Active Directory (AD) authentication and multi-factor authentication via SafeNet.

Data Controller

The data controller is Koninklijke Philips N.V. and its group companies.

Type of information and why we process it

For the use of Federation Service, your corresponding personal data is processed for the following purposes:
  • Authentication
    • Authentication is the main purpose of the Federation Service.
    • The following personal data are processed for this purpose:
    1. User identification, including first & last name, email address and account ID.
    2. User accounts, including Active Directory (AD) account, Philips Identity Management ID and the account name you use to log into the applications.

  • Support activities
    • In order to facilitate root cause analysis or investigation of detected irregularities in the Federation Service, logging is enabled on the authentications performed by the Federation Service.
    • The following personal data are processed for this purpose:
    1. Date & time
    2. User account
    3. Application for which you authenticated
    4. Result of authentication attempt
The processing of personal data by Federation Service is necessary for the purposes of safety, security and protection of Philips and employee assets, and the authentication of employee status and rights in accordance with article 2.1 of the Philips Privacy Rules. Authentication is indeed a critical control in ensuring adequate security of Philips information and assets.

Please note that profiling and automated decision making does not take place within Federation Service.

Sharing of information with others

Philips makes use of third parties who act on behalf of Philips, in order to provide the necessary IT services and equipment required to run Federation Service. Our agreements with these third parties limit, amongst others, the purposes for which your personal data can be used and disclosed, and will require your personal data to be adequately safeguarded.

For Federation Service, Philips uses the following third parties to provide IT services: Wipro Limited (“Wipro”) provides Federation Service to Philips. For data center and network services, Wipro leverages Tata Communications Limited (“TCL”). In exceptional cases, PingIdentity is involved in IT service management for expert support.

Philips will disclose personal data only under this Privacy Notice and/or when required by law or Philips Privacy Rules.

Transfer of your information across borders

Your personal data may be transferred from your country to other Philips group companies in different locations across the world. All such transfers are governed by the Philips Privacy Rules (Binding Corporate Rules). Where the personal data is transferred to third parties in other countries, including countries that do not provide an adequate level of protection, our agreements with these third parties ensure a level of data protection in line with Philips Privacy Rules and applicable local laws.

Security of your information

We take our responsibility to protect your personal data seriously. Philips uses a variety of security technologies, technical and organizational measures to help protect your personal data against accidental or unauthorized access loss, or misuse. For this purpose, we implement, among others, access controls, network security controls and we encrypt certain types of data.

Storage and retention of your information

Personal data processed by Federation Service is retained by Philips no longer than required for the purpose for which it was collected. Personal data processed by Federation Service for the purpose of authentication is immediately removed upon authentication in the IT solution. Personal data processed for the purpose of support activities is stored in log files and retained for a maximum of 6 months after creation of the respective log file. Once the retention time has passed, Philips will delete the data. For an individual user, it means that the last personal data is removed from the service maximum 6 months after your last login through the Federation Service.

Your rights

You have the right to reasonably access your personal data. If such personal data is incorrect, incomplete, or not processed in compliance with Philips Privacy Rules or applicable law, you have rights to have your personal data rectified, deleted, or blocked. Where applicable, you have the right to object to the processing of your personal data on the basis of compelling grounds related to your particular situation.

Contact details Philips and Privacy office

If you have any questions or concerns regarding the processing of your personal data, you may contact your line or HR manager, or the Philips Global Privacy Office privacy lead for Federation is Edward Oud.

Changes to this privacy notice

The services that Philips provides are always evolving, and the form and nature thereof may change from time to time. For this reason, we reserve the right to change or amend this Privacy Notice from time to time. We encourage you to regularly review the latest version of this notice.