How the EU-US Privacy Shield principles protect EU customers

EU-US Privacy Shield

Privacy Statement

Kingston Technology Company, Inc. (“Kingston”) recognises that privacy is very important to our customers, and we pledge to protect the security and privacy of any Personal Data that customers provide to us. This includes customer's names, addresses, telephone numbers, email addresses, an online identifier (social media account or IP address), date of birth, bank account, financial information, documents used for ID purposes including driver licenses, passports and any information that can be linked to an individual. Not only does Kingston strive to collect, use and disclose, where individuals have consented, Personal Data in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This Personal Data Protection Policy (the "Policy") sets forth the privacy principles that Kingston follows with respect to transfers of Personal Data from the European Union (EU) and other countries with which Kingston does business.

EU-US Privacy Shield

The United States Department of Commerce have worked with the European Commission to develop the EU-U.S. Privacy Shield to allow U.S. companies to meet the EU law requirements that Personal Data transferred from the EU to the United States be adequately protected. Consistent with its pledge to protect personal privacy, Kingston adheres to the Privacy Shield Principles.


This Personal Data Protection Policy (the "Policy") applies to all Personal Data received by Kingston in the United States from the EU and/or other applicable countries, recorded in any form (including electronic, paper or verbal).


The following definitions shall apply throughout this Policy:

  • "Agent" - any third party that uses Personal Data provided to Kingston to perform tasks on behalf of and under the instructions of Kingston.
  • “Kingston” - Kingston Technology Company, Inc. and its affiliates.
  • "Personal Data” - Information or a set of information that identifies or could be used by or on behalf of Kingston to identify an individual. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data.
  • “Sensitive Personal Data" - Personal Data that reveals an individual's race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership or information that specifies the health or sex life of the individual. In addition, Kingston will treat any information as Sensitive Personal Data which is received from a third party where that third party treats and identifies the information as sensitive.

Privacy Principles

The privacy principles in this Policy are based on the Data Protection Directive and Privacy Shield Principles.


When Kingston collects Personal Data directly from individuals in the EU and/or other applicable countries, it will inform them about the purposes for which it collects and uses their Personal Data, the types of third parties (other than Agents), if any, to which Kingston discloses that information, and the choices and means, if any, that Kingston offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Kingston, or as soon as practicable thereafter, and in any event before Kingston uses the information for a purpose other than that for which it was originally collected. If Kingston receives Personal Data from its affiliates or other entities in the EU and other countries with which Kingston does business, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Data relates.


Kingston will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than an Agent), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorised by the individual.

For Sensitive Personal Data, Kingston will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to (a) the disclosure of the information to a third party, or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorised by the individual. Kingston will provide individuals with reasonable methods to exercise their choices.

Accountability For Onward Transfers

Kingston is a global corporation and has developed global data security practices designed to ensure that Personal Data is properly protected. Personal Data may be transferred, accessed and stored globally as necessary for the uses and disclosures stated in accordance with this policy. By providing Personal Data, individuals consent to Kingston transferring their Personal Data to its global affiliates and third-party entities that provide service to Kingston. Kingston will only transfer personal data for limited and specified purposes and complies with the EU-US Privacy Shield Principles of Notice and Choice.

Kingston will obtain assurances from its Agents that the personal data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the Agents will provide the same level of protection as the Notice and Choice Principles. The Agents are required to notify Kingston if they determine that they can no longer meet this obligation. If Kingston has knowledge that an Agent is using or disclosing personal data in a manner contrary to this policy, Kingston will take reasonable steps to prevent or stop the use or disclosure.


The security of Personal Data is important to Kingston. We take appropriate security measures to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Data Integrity & Purpose Limitation

Kingston will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorised by the individual. Kingston will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete and current.

Kingston will retain Personal Data for as long as the account is active; as needed to provide individuals the products or service; as necessary to comply with legal obligations, resolve disputes and enforce agreements; or to the extent permitted by law.


Upon request, Kingston will grant individuals reasonable access to Personal Data that it holds about them, and Kingston will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.

While the issues related to the right of access can be handled quickly, complex requests may take more research and time. In such cases, issues will be addressed, or the individual will be contacted regarding the nature of the compliant, problem and appropriate next steps, within a reasonable amount of time, not to exceed thirty (30) days following the receipt of the individual’s questions or complaints.

Resource, Enforcement and Liability

Kingston will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Kingston determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

Dispute Resolution And Enforcement

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to Kingston at the address given below. Kingston will investigate and respond or attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data in accordance with the principles contained in this Policy within a reasonable amount of time, not to exceed thirty (30) days following the receipt of individuals’ questions or complaints.

For complaints that cannot be resolved between Kingston and individuals, Kingston has further committed to cooperate with EU Data Protection Authorities (DPAs). If we have not addressed the complaint to the individual’s satisfaction, they can contact EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to individuals.

Contact Information

Questions or comments regarding this Policy should be submitted to Kingston by post or e-mail as follows:

Kingston Technology Company, Inc.
Attention: Privacy Compliance
17600 Newhope Street
Fountain Valley, CA. 92708 USA
E-mail : [email protected]

Changes To Personal Data Protection Policy

This Policy may be amended from time to time, consistent with the requirements of the Data Protection Directive and/or Privacy Shield Principles. Kingston will provide appropriate public notice about such amendments.