Data Privacy / Data Protection and Privacy / IM Global Data Protection

Ingram Micro Global Data Protection and Privacy Program Overview

For clarity, CloudBlue is a wholly owned subsidiary of Ingram Micro Inc. (“Ingram Micro”) and therefore any references in this section to Ingram Micro should be construed as references to CloudBlue 

Ingram Micro maintains a global data protection and privacy program focused on properly processing the personal data of its employees, customers, and business partners. There are several core tenants to Ingram Micro’s program, as described below.

1. Information Security – Ingram Micro understands it cannot maintain adequate privacy without strong information security. Ingram Micro has a robust information security program focused on protecting the IT infrastructure and information assets, using principles and best practices established by the International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS) and other industry recognized security standards.

2. The European Union’s General Data Protection Regulation (“GDPR”) Compliance – Ingram Micro has developed a data protection and privacy program that meets the requirements of the GDPR. This includes trainings, documentation, global policies, business processes for responding to data subject requests, appropriate legal terms and conditions for the processing of personal data, and technical solutions that incorporate the GDPR requirements.

3. Compliance with other Data Protection and Privacy Laws – Ingram Micro has operations throughout the world, and it recognizes that the many countries and states are adopting laws similar to the GDPR. This includes, but is not limited to, California’s Consumer Privacy Act (“CCPA”), Brazil’s General Data Protection Law (“LGDP”), and Thailand’s Personal Data Protection Act (“PDPA”). By extending the work done for GDPR to these other countries and regions, Ingram Micro can comply with these new regulations as well.

4. Performance of Privacy Impact Assessments and a culture of Privacy by Design – Ingram Micro understands the importance of managing the risk of processing personal data and has developed a comprehensive process to identify this risk in new projects and core organizational changes to embed privacy by design into the project requirements. 

5. Marketing Choice and Consent Management – Ingram Micro believes in allowing its customers and partners to choose how they interact and receive marketing messages from Ingram Micro. Ingram Micro utilizes several leading technology platforms to manage marketing efforts and requires opt-in consent from new customers or partners prior to sending them marketing messages. Ingram Micro also respects any opt-out or unsubscribe requests. Ingram Micro has also deployed a cookie consent management tool across its core websites to enable website users to choose the types of cookies utilized. 

6. International Data Transfer – Ingram Micro utilizes the European Union’s Standard Contractual Model Clauses to transfer personal data from the European Economic Area to countries outside the European Economic Area, including to the United States. We also employ additional technical measures, such as encryption of data transfers.

7. Policies and Training – Ingram Micro has developed several policies to govern the processing of personal data. This includes internal policies and Ingram Micro’s externally facing Privacy Statement available in 27 languages at https://corp.ingrammicro.com/privacy-statement.aspx.

Ingram Micro also has a strong culture of data privacy and information security training provided online and in person.

8. Data Protection Terms and Conditions and Third-Party Management – Ingram Micro incorporates standard data protection terms and conditions into its agreements and executes Data Processing Agreements where necessary. Additionally, Ingram Micro has developed security assessments and terms and conditions required for any third-party service provider processing personal data on behalf of Ingram Micro.

9. Compliance Hotline and Data Subject Requests – To support Ingram Micro’s global employees, Ingram Micro has implemented a compliance hotline to allow employees to report issues and concerns, including those related to data protection and privacy. Ingram Micro has also developed a process for supporting queries and data subject requests from outside parties. Data subjects and concerned parties are asked to submit requests or questions through the form at https://corp.ingrammicro.com/Contact-Us.aspx or by sending an email to privacy@ingrammicro.com.

10. Audits –Ingram Micro has developed an audit program to regularly review the sufficiency of its internal controls for applications and business processes that process personal data.

For additional questions or concerns regarding data protection, privacy, GDPR, CCPA, or the processing of personal data please contact our Global Data Privacy Office at privacy@ingrammicro.com.