Supplier Social and Environmental Responsibility and Compliance
HSE Specifications for Products, Parts and Packaging (EKSP-2285)
Eastman Kodak Company (Kodak) expects that products supplied to Kodak will meet all applicable legal requirements during manufacture, distribution, and sale. Supplier products must also meet additional Kodak requirements that go beyond compliance to reduce the environmental impact of Kodak products.
The purpose of EKSP-2285, Kodak Health, Safety, and Environmental (HSE) Specifications for Products, Parts and Packaging is to communicate product requirements to Kodak suppliers. This document is revised periodically and suppliers are expected to meet the most current specifications.
The Supplier is expected to complete Kodak's Declaration Form (DF) in order to document product conformance for all Supplier sites that supply products to Kodak. Send completed Declaration Forms to: WW-MCD@kodak.com.
Kodak's Health, Safety, and Environmental Specifications for Products, Parts and Packaging
EKSP-2285, Revision 7.0, February 19, 2020, (707-01100A)
Supplier SDS Requirements
Suppliers are required to provide a Safety Data Sheet (SDS) for chemicals, solutions or mixtures to the Kodak purchasing representative and to Kodak Health, Safety, and Environment at email@example.com. The SDS must comply with applicable provisions of GHS (Globally Harmonized System of Classification and Labeling of Chemicals), or the comparable regulation for the country where the material is transported. The SDS must be provided in English and in the official languages of all countries to which it is supplied.
Kodak further requires that:
- Each SDS, or its cover sheet, shall have the Kodak Purchase Order Number referenced on it.
- Seller shall electronically send all SDSs to WW-SDS@kodak.com
Kodak Supplier Privacy and Security Terms
Kodak is committed to protecting the privacy and security of all personal information – when we are processing the personal information ourselves and when we entrust that information to a third party for processing on our behalf. The Kodak Data Processing Agreement documents the privacy protections that we expect our service providers to maintain when they process personal information for us. Similarly, the Information Security Requirements for Kodak Data documents the security protections that we expect our service providers to maintain when they process our personal information or confidential data.
Each supplier that accesses, collects or receives any personal information as a data processor or service provider for Kodak, must comply with the terms of the Kodak Data Processing Agreement and the Information Security Requirements for Kodak Data. These terms allow us to demonstrate compliance with applicable privacy and data protection laws. Additionally, each such Supplier must provide Kodak with a description of its processing activities and maintain this record, if the nature of the processing activities change. Click here if you need to complete or update your records: Supplier Record of Data Processing Activities
As a data processor for Kodak, each Supplier must comply with all privacy laws applicable to it and promptly notify Kodak of any circumstances that may prevent it from complying with any privacy law. In the event of a security breach, the Supplier will notify Kodak of any security breach within twenty-four (24) hours of determining a security breach impacts any Kodak personal information. This notification must be made via email to WW-CISO-Mail@kodak.com.
To the extent that Supplier engages in any “restricted transfers” of personal information (as defined in the Kodak Data Processing Agreement), Supplier also understands and agrees that (unless there is another basis for transfer), it must also agree to be bound by the Standard Contractual Clauses for the transfer of European Economic Area personal data (2021, Module 2, Controller to Processor) and the International Data Transfer Addendum to the Standard Contractual Clauses to authorize transfers of UK personal data.
To the extent that Supplier processes any personal information that is also “protected health information” as defined in the Privacy, Security and Breach Notification Rules issued under the Health Insurance Portability and Accountability Act ("HIPAA"), Supplier agrees to be bound by Kodak’s Business Associate Agreement as required by HIPAA.
Supply Chain Transparency
Eastman Kodak Company (“Kodak”) believes that doing business on a global basis means acting right by customers, employees, and its neighbors in every location it operates. The operation of Kodak facilities, as well as those operated by our suppliers, should increase value by developing the individual, supporting the well-being of the community, and promoting respect for the environment.
Kodak expects its suppliers to contribute to these goals. Accordingly, Kodak suppliers are required to act according to Kodak’s Health, Safety and Environment (HSE) Supplier Performance Standard. They must also comply with the Code of Conduct of the Responsible Business Alliance (RBA) and Kodak’s Corporate Responsibility Principles. RBA standards outline practices expressly geared toward upholding the dignity and respect of workers and prohibiting the use of forced, bonded, indentured labor or involuntary prison labor. The Company has developed processes to review its supply chain to identify potential risk areas, require adherence with the principles stated in the above documents as part of its contractual relations with suppliers, require Suppliers to certify that they will comply with applicable laws and regulations in any country in which they operate, and directly evaluate compliance as a basis for their continued association with Kodak. Suppliers may be subject to audit, with reasonable notice, by a third party under the RBA Validated Audit Program and/or by Kodak directly. Within Kodak, employees responsible for procurement receive training on both RBA member requirements and expectations outlined in the Kodak HSE Supplier Performance Standard and Corporate Responsibility Principles.