Marvell Data Beam

Marvell Concern Line Privacy Notice

Marvell Concern Line Privacy Notice

 

1. INTRODUCTION

Marvell Semiconductor, Inc., 5488 Marvell Ln., Santa Clara, CA, 95054, United States, has implemented a Concern Line (the “Concern Line”) on behalf of itself and its subsidiaries and affiliated entities (collectively “Marvell” or “we”, “us”, and “our”) so that employees and others can report concerns.  The Concern Line is an alternative to other reporting channels, such as management and/or local HR.  You may use whatever reporting channel makes you most comfortable.

2. WHAT INFORMATION MAY BE REPORTED THROUGH THE CONCERN LINE?

The Concern Line may be used to report any possible legal violation, unethical conduct or a violation of our Code of Business Conduct and Ethics (our “Code”).  Some examples of things that may be reported through the Concern Line include:

  1. Actions that violate the law
  2. Fraud, theft, and improper accounting
  3. Corruption, conflicts of interest, kickbacks, and bribery
  4. Unfair competition and insider trading
  5. Actions that pose a serious environmental risk
  6. Actions that endanger health, safety, and employee rights
  7. Breach of confidentiality, privacy, data protection, or IT security
  8. Improper interpersonal behavior such as violence, discrimination, harassment, and sexual harassment
  9. Any other conduct that violates or encourages others to violate our Code or our policies

You can also raise concerns through other reporting channels, such as another manager you trust, Human Resources, Ethics and Compliance at compliance@marvell.com, or the Legal Department.  For more information, please see Marvell’s Investigations Policy.

3. WHAT CATEGORIES OF DATA MAY BE RECORDED?

The following categories of data may be processed:

  1. identity, functions and contact details of the reporter, if not anonymous;
  2. identity, functions and contact details of the persons subject of the reporting;
  3. identity, functions and contact details of the persons involved in the processing of the facts reported;
  4. alleged facts reported;
  5. information collected in connection with the investigation of the reported facts;
  6. identity, functions and contact details of the persons involved in the investigation of the reported facts;
  7. investigation report; and
  8. consequences of the report.

Sensitive personal data relating to race or ethnicity, health, sexual life, religion or belief, or trade union membership may be processed as a consequence of a report. If a report to the Concern Line does contain sensitive personal data, that data will only be processed to the extent it is of relevance to the issue reported and only insofar as allowed for under applicable law.

4. WHAT ARE THE PURPOSES OF AND LEGAL BASES FOR THE DATA PROCESSING?

The purposes of the Concern Line include the following:

  • ensuring and monitoring compliance with laws and statutory codes of practice;
  • investigating accusations of: (i) fraud and misconduct regarding accounting, internal accounting controls and audits, as well as (ii) corruption, financial crimes or insider dealings. 
  • preventing misconduct with respect to account controls, procedures and records (e.g., financial control procedures, auditing practices);
  • enforcing and supporting honesty, integrity, ethics and a healthy work environment;
  • facilitating the reporting of concerns;
  • enabling reporting by phone or web portal via the Concern Line;
  • processing reports made through the Concern Line;
  • determining whether an investigation is needed and conducting/managing the investigation;
  • analyzing the results of investigations of reported matters;
  • determining actions to take pursuant to a report and/or related investigation.

5. WHO WILL ACCESS THE REPORTS?

Reports will be managed by the assigned individuals responsible for handling the report.  The assigned individuals may consist of the local personnel, and may also include personnel who are part of Marvell Semiconductor, Inc.’s Legal, Compliance, Internal Audit, Audit Committee, Board of Directors, and/or Human Resources departments. We will limit the number of individuals involved in any investigation to the extent consistent with a full and complete investigation and proper implementation of any required measures; those persons will be selected based on the seriousness and nature of the reported facts, the subject matter of the report, and the reporting line of the employees involved. 

The information collected in your report may also be disclosed to external business consultants and service providers of Marvell or Marvell's affiliates (such as legal, finance and accounting, information technology and human resources advisors and/or similar consultants and advisors), law enforcement or government authorities as necessary to comply with legal requirements or in the course of a legal action, and to legitimate recipients of communications under applicable laws, where required by law or necessary for the purpose of, or in connection with, any legal proceedings. 

6. DATA SUBJECT RIGHTS

Depending on your location, you may have various rights relating to your personal data. These may include: the right to access your personal data, the right to have your personal data rectified or erased, the right to restriction of the processing, the right to data portability, the right to object to the processing on grounds relating to your particular situation, and the right to revoke your consent where processing is based on consent.  Most of these rights are not absolute and are subject to exemptions under applicable laws.

We will strive to respond to your exercise of right request within one month and may have the right to extend this period based on the applicable laws. If we extend the response period, we will let you know of the extension.  You may also have a right to submit a complaint with the competent supervisory authority in the country of your residence, where you work, or where the alleged infringement of the applicable data protection law took place.   If you would like to exercise a data right regarding your data, you may contact privacy@marvell.com.

7. DATA RETENTION

Personal data collected through the Concern Line is retained for the period necessary to achieve the purposes described above and in accordance with applicable legal requirement

8. QUESTIONS

If you have any additional question regarding the use of the Concern Line, please contact our Ethics and Compliance team at compliance@marvell.com.  For questions related to this Notice or to privacy matters, please contact privacy@marvell.com.

This Notice was last updated in March, 2024.

LOCAL PROVISIONS: EUROPEAN ECONOMIC AREA AND THE UK

1. Controller

If you are located in the EEA and unless otherwise stated in this notice, the controller responsible for the processing of your personal data is the Marvell entity identified in Appendix A and operating in the specified jurisdiction where you file a report.

2. Legal Bases for Processing Personal Data

In accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Marvell relies on the legitimate interests of Marvell, Marvell’s affiliates or other third parties as legal basis for processing the above-mentioned data categories, where such legitimate interests are not overridden by your interests or fundamental rights and freedoms (Article 6(1)(f) GDPR).  “Legitimate interests” could include, without limitation:

  • ensuring and monitoring compliance with laws and statutory codes of practice;
  • investigating accusations of: (i) fraud and misconduct regarding accounting, internal accounting controls and audits, as well as (ii) corruption, financial crimes or insider dealings. 
  • preventing misconduct with respect to account controls, procedures and records (e.g., financial control procedures, auditing practices);
  • enforcing and supporting honesty, integrity, ethics and a healthy work environment;
  • facilitating the reporting of concerns;
  • enabling reporting by phone or web portal via the Concern Line;
  • processing reports made through the Concern Line;
  • determining whether an investigation is needed and conducting/managing the investigation;
  • analyzing the results of investigations of reported matters;
  • determining actions to take pursuant to a report and/or related investigation.

Depending on the circumstances of the individual case, Marvell may alternatively rely on the following legal bases for the processing of the above-mentioned data categories:

(i) the necessity of the processing to comply with legal obligations (Article 6(1)(c) GDPR);

(ii) the necessity of the processing to protect vital interests of employees of Marvell, Marvell’s affiliates or other third parties who use the Concern Line or are the subject of a report (Article 6(1)(d) GDPR); or

(iii) consent, where you have provided your consent (Article 6(1)(a) GDPR).

3. Cross-border Data Transfers

As described above, your personal data may be processed and stored by individuals or entities located in countries where the level of data protection is not recognized as adequate by the European Commission. Transfers of personal data to such countries will be made in compliance with applicable law. In particular, Marvell will take the measures required to protect the security and the confidentiality of the data transferred (such as entering into the Standard Contractual Clauses published by the European Commission or putting in place other appropriate safeguards).

If you have additional questions about the processing of your personal data through the Concern Line, or wish to exercise any of your rights, you may contact Marvell as Privacy@Marvell.com.
 

Appendix A: List of Marvell Entities in Europe and the UK

Controller Entity

Address

Marvell Semiconductor Germany, GmbH

23 Siemensstraße - D-76275
Ettlingen Baden-Württemberg Germany 76275

Marvell Technology Denmark APS

24 Agern Alle, Room no. 55-4221,
Hørsholm Denmark 2970

Marvell Technology Italy S.r.l.

Viale della Repubblica 38 CAP
Pavia Lombardia Italy 27100

Marvell Netherlands B.V.

High Tech Campus 5
Eindhoven Noord-Brabant Netherlands 5656 AE

Marvell Technology Poland Sp. z o.o.

76 Podole
Kraków Małopolskie Poland 30-394

Marvell Technology Romania S.R.L.

Calea Floreasca nr. 246 C, Cladirea Sky Tower, 9th Floor, 22nd Floor and Basement 3, Sector 1,
București Romania 014476

Marvell Technology UK Ltd, Sucursal en Espana (Spain Branch)

Gran Via 6, 4a Planta 28013
Madrid Spain

Marvell Technology Sweden AB

BDO Mälardälen AB
Sveavägen 53 - Box 6343 - 102 35
Stockholm Sweden

Marvell Technology UK Ltd.

5th Floor Halo - Counterslip
Bristol, England United Kingdom BS1 6AJ