Last Updated: December 11, 2017
PERSONALLY IDENTIFIABLE INFORMATION
"Personally Identifiable Information" (PII) is any information about an individual that can directly or indirectly distinguish or trace an individual's identity, associate or link an individual to private information, distinguish one person from another, or be used to re-identify anonymous data.
Personally Identifiable Information is also known as ‘personal data’ or ‘personal information.’ This information may be stored both electronically and in physical documents. PII may include, but is not limited to, a name, address, phone number, email address, IP address, credit card number, identification number(s), date of birth, photo ID’s, and other similar information. CSR describes the PII we collect in the sections below.
- CSR is committed to protecting the privacy of the personally identifiable information of our employees, partners, clients and vendors.
- CSR maintains physical, technological and administrative safeguards to protect PII.
- CSR permits only authorized employees and contractors, including but not limited to consultants, to have access to some or all PII as needed.
COLLECTION OF YOUR PERSONAL INFORMATION
Generally, you can visit the CSR websites without providing any PII. However, in order to access some parts of our websites, we may need to collect PII from you. CSR obtains and uses PII, as defined below, for its business use and for local, state, federal and foreign country reporting requirements.
We may collect, store and use the following kinds of information. Providing PII to us is voluntary. If you do not provide PII to us, then you will not be able to benefit from the respective functionality offered by our websites, including our online solution sets, such as Readiness®.
- Browser based data such as IP Address, geographical location, browser type and version, operating system, referral source, etc.
- Personal information during registration of our online tools such as name, email addresses, full mailing or physical address, company name, title, privacy role, industry, and phone number(s);
- Account number of your provider for our online solution sets, including as Readiness®;
- User name and password;
- Information for subscribing into our email newsletters; and
- Information submitted as a web request through our web based online forms.
Collection of PII will occur when responding to a job posting on our website and will consist of the PII included on the resume and/or cover letter.
Submitted PII that that relates to another person(s) will only be accepted once consent has been received from that person(s) and documented.
Some of our services are intended to assist parent(s) or guardian(s) with needs related their children. We will not knowingly collect, use or disclose personal data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected about or from the minor, and (ii) the opportunity to object to collection, use, or storage of such information. We abide by laws designed to protect children.
USE OF YOUR PERSONAL INFORMATION
We use the information collected for legally required reporting to governmental or regulatory entities, marketing of our products, supporting products purchased and providing continuing services. Personal information submitted via our websites may be used for the purposes outlined in this policy.
Authorized use of personally identifiable information (PII)includes:
- Providing CSR professional services to you, your business, or your family;
- Providing CSR online product and services to you and your business;
- Personalizing and enhancing your experience on our online solution sets;
- Sending solutions and products purchased through our online solutions;
- Confirmations, statements, invoices, or other necessary emails to ensure a high level of customer service;
- Email communication;
- Newsletters and other email communication mailing lists that you have subscribed to;
- Submission of summary result reporting based on the product and services you are subscribed to;
- Providing statistical information to appropriate parties on overall usage of products and services; and
- Sending notification on updates to this policy.
Where applicable, clients may have the option of providing, or not providing, PII.
SHARING OF INFORMATION
CSR may share PII with third-parties. Doing so allows us to efficiently conduct our business. Information may be shared with or obtained by third-party service providers who provide us with services such as data hosting or processing, credit card processing, credit checks or processing and fulfilling reservations or purchases. We believe these providers exercise reasonable care to protect personal information and third-party contracts restrict the use of personal information to the purposes for which it was provided to them.
Personal information may also be disclosed if necessary: as required by law or regulation; to comply with legal, regulatory or administrative requirements of governmental authorities; to comply with a court order, subpoena, search warrant or other valid legal process; in connection with legal action, claim or dispute, including, but not limited to, the collection of debts; and for the protection of persons or property.
RECORD RETENTION AND DATA DESTRUCTION
CSR keeps employee and client information for as long as is necessary for business purposes, or as legally required by appropriate state, federal and regulatory bodies or other countries. Beyond that time period, records, both physical and electronic, are destroyed.
All data is ultimately transferred to and stored in the United States. CSR’s online solution sets will request consent to complete this transfer. CSR cannot provide the online solution set without consent.
CSR is self-certified through the EU/US Privacy Shield. A full description is provided in the “EU/US Privacy Shield Compliance” section below.
CSR uses security safeguards to protect PII from unauthorized access. We have policies and procedures in place to set forth physical, administrative and technological safeguards around data security. We train our employees in these policies and procedures. In the event of an actual or suspected breach, CSR follows the steps outlined in its 11-11 Incident Response Plan Policy to respond to same.
Payment related data, if stored on our secure servers, will be encrypted and stored with a multi key encryption algorithm or hashed.
User acknowledges that transmission of data on the internet is insecure and transmission of data over the internet cannot be 100% guaranteed.
User is responsible for keeping secure passwords generated on CSR online applications. CSR hashes passwords and does not have access to passwords through back end systems. CSR will never ask for a password other than on the log in page of the CSR online solution.
LINKS TO THIRD PARTY WEB SITES
CSR websites may contain links to third party sites. These links are provided for convenience purposes and are not under the control of CSR. An example of such a link can be found in our csrps.com news sections, “Privacy News” and “Regulatory Updates,” which provide links to the original news articles. CSR does not make representations and warranties, expressed or implied, regarding the content of these linked sites. These links do not constitute or imply an endorsement, authorization, sponsorship or affiliation by CSR with respect to a third party, a third party's web site, the content of a third party's web site, or products or services provided by a third party.
The information practices of those web sites linked to our website is not covered by this Policy. CSR is not responsible for the privacy policies of websites to which it links. If you provide information to such third parties different rules regarding the collection and use of your personal information may apply. We strongly suggest you review such third party’s privacy policies before providing data to them.
COOKIES AND OTHER TECHNOLOGIES
Cookies are used on CSR websites. By using on or more of our websites, you agree that cookies are to be placed on your device as further explained below.
Cookies are small pieces of data that a website sends to your computer's web browser while you are navigating through it. They have many different purposes, but mainly, cookies enable you to navigate between pages easily, remembering your preferences, and eventually improve the user experience. These cookies may then be stored on your machine to identify your computer.
A. Types of cookies
We use several types of cookies on this website, as categorized in four categories.
Strictly necessary cookies
These cookies are essential to enable you to move around the site and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided.
Strictly necessary cookies used on CSR websites:
- Login/authentication cookies
- Session cookies
These cookies allow a website to remember choices you make and provide enhanced, more personal features. For instance, a website may be able to provide you with local information or news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for advertising or remembering where you have been on the internet outside of our website.
Functionality cookies used on CSR websites:
- Registered visitor functionality cookies
- Social plug-in content sharing cookies
These cookies are used to collect information about how visitors use a website, for instance which pages they go to more often, and if they get error messages from web pages. All information collected by means of these cookies is anonymized, aggregated and only used to develop and track traffic patterns and the volume of use of our website and to improve how our website works. This information is for CSRPS’ exclusive use and is not shared with any third-party or connected to any other information.
Performance cookies used on the CSR websites:
- Analytic cookies
These cookies are used to deliver advertisements that are targeted to be relevant to you, limit the number of times you see an advertisement, and help measure the effectiveness of the advertising campaign. They are usually placed by advertising agencies with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often they will be linked to a website functionality provided by the other organization.
We do not have third-party advertising on our website
We use targeting cookies only for our own analytic purposes.
We may use PII collected from our cookies to identify user behavior and to serve content and offers based on your profile.
The performance cookies used on this website do not collect PII:
Other cookies can collect PII (including information from cookies placed via our advertisements on third party websites):
- If a user is a registered user
- If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message
- When you click a link in a marketing e-mail you receive from CSR, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site
C. Other non-cookie technologies:
CSR also enables the use of technologies that perform functions similar to cookies such as web beacons or other technologies that may be included in marketing e-mail messages or newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but may work in conjunction with cookies to monitor website activity.
D. “Do-not-track” signals:
We recommend that you leave the cookies active. Bear in mind that if you block, turn off or otherwise reject our cookies, some web pages may not display properly or you will not be able to use any website services that require you to sign in.
CONDITIONS OF USE
HOW TO ACCESS, UPDATE AND CORRECT PERSONAL INFORMATION
CSR offers transparency in the PII that we collect and maintain. In order to ensure that your personal information is correct and up to date, you may review and update your profile by logging into your account. Alternatively, users can contact CSR via email, phone or letter as noted below in the Contact Information section.
CSR permits individuals to request deletion of PII that is demonstrated to be inaccurate or incomplete. If you request access, correction, amendment or deletion of your PII and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to PII will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by law or excessive requests. Please note that personal profile information supplied by you on-line via the website can be accessed by you on-line at any time and at no charge.
Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email or contacting customer care.
We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have supplied us with, please contact us as set out below.
CALIFORNIA PRIVACY RIGHTS / NOTICE FOR CALIFORNIA RESIDENTS
California residents who have provided personal information to CSR may obtain information regarding CSR's disclosures, if any, of personal information to third parties for third-party direct marketing purposes. Requests must be submitted to the following address:
Email: email@example.com or
CSR Professional Services, Inc.
Customer Care - California Privacy
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Attn.: California Privacy. Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal information disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of the third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address that is specified in this section.
EU/US PRIVACY SHIELD COMPLIANCE
CSR complies with the EU/US Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member states and includes Iceland, Liechtenstein and Norway. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
CSR Professional Services, Inc.
Attn: Lorie Schrameck
Customer Care – Privacy Shield
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Please include your name, address and phone number or e-mail in all communications and state clearly the nature of your request or concern.
CSR has provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all personal data except for human resource data. For more information, visit the website for ICDR®/AAA® EU-U.S. Privacy Shield: International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at http://go.adr.org/privacyshield.html. Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. The Federal Trade Commission has jurisdiction over CSR’s compliance with the Privacy Shield.
If CSR transfers your personal data to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, CSR will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of data received pursuant to the EU-US Privacy Shield, CSR is potentially liable.
CHANGES TO THIS POLICY
If you prefer to mail us a letter, you can reach us at:
CSR Professional Services, Inc.
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Or you can reach us by phone at:
CSR Trademark Disclosure
©2017 All rights reserved worldwide. CSR®, CSR Breach Reporting Service™, CSR Breach Reporting ToolKit®, CSR Readiness™ Suite and ID Stay Safe™ are federally registered service marks of CSR Professional Services, Inc. All other products and company names are trademarks of their respective companies.
CSRPS Website Disclaimer
While CSRPS strives to make the information on this website as timely and accurate as possible, CSRPS makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of this site, and expressly disclaims liability for errors and omissions in the contents of this site. No warranty of any kind, implied, expressed, or statutory, including but not limited to the warranties of non-infringement of third party rights, title, merchantability, fitness for a particular purpose or freedom from computer virus, is given with respect to the contents of this website or its links to other Internet resources.
Reference in this site to any specific commercial product, process, or service or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement or recommendation by CSRPS. Some CSRPS website pages contain links to third party websites. The linked sites are not under the control of CSRPS and CSRPS is not responsible for the contents of any linked website. These links are provided as a convenience only and shall not be construed as an endorsement of, sponsorship of, or affiliated with the linked Website by CSRPS.
CSRPS collects information that is used for marketing and information distribution purposes.
Dec. 2017, Ver 2.1 – Updated web address of ICDR/AAA
Nov. 2016, Ver 2 – Privacy Shield Information added
April 2014, Ver 1 – Original