General Statement
CSR Privacy Solutions, Inc. (hereinafter “CSR”) values our employees, partners, clients, and vendors. We remain committed to keeping personal information obtained during the general course of business secure. CSR provides this Privacy Policy to explain our practices and policies relating to the collection, use, sharing, retention, destruction, and security practices of personal information. CSR respects laws and regulations from countries around the world and it is our intention to provide individual rights of access and satisfactory security measures.
Personal information
‘Personal information’ is any information about an individual that can directly or indirectly distinguish or trace an individual’s identity, associate or link an individual to private information, distinguish one person from another, or be used to re-identify anonymous data.
Personal nformation is also known as ‘personal data’. This information may be stored both electronically and in physical documents. Personal information may include, but is not limited to, a name, address, phone number, email address, IP address, credit card number, identification number(s), date of birth, photo ID’s, and other similar information. CSR describes the personal information we collect in the sections below.
Privacy Principles
- CSR is committed to protecting the privacy of the personal information of our employees, partners, clients and vendors.
- CSR maintains physical, technological and administrative safeguards to protect personal information.
- CSR permits only authorized employees and approved contractors, including but not limited to consultants, to have access to some or all personal information as needed.
Collection of your Personal Information
Generally, you can visit the CSR websites without providing any personal information. However, in order to access some parts of our websites, we may need to collect personal information from you. CSR obtains and uses personal information, as defined below, for its business use and for local, state, federal and foreign country reporting requirements. We may collect, store and use the following kinds of information. Providing personal information to us is voluntary. If you do not provide personal information to us, then you will not be able to benefit from the respective functionality offered by our websites, including our online solution sets, such as uRISQ, Readiness® or any other solutions offered by CSR Privacy Solutions.
Overall, your personal information may be used for the following reasons:
- Browser based data such as IP Address, geographical location, browser type and version, operating system, referral source, etc.
- Personal information during registration of our online tools such as name, email addresses, full mailing or physical address, company name, title, privacy role, industry, and phone number(s);
- Account number of your provider for our online solution sets;
- Username and password;
- Information for subscribing into our email newsletters; and
- Information submitted as a web request through our web-based forms.
Collection of personal information will occur when responding to a job posting on our website and will consist of the personal information included on the resume and/or cover letter.
Submitted personal information that relates to another person(s) will only be accepted once consent has been received from that person(s) and documented. Some of our services are intended to assist parent(s) or guardian(s) with needs related to their children. We will not knowingly collect, use or disclose personal data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected about or from the minor, and (ii) the opportunity to object to collection, use, or storage of such information. We abide by laws designed to protect children.
Use of your Personal Information
We use the information collected for legally required reporting to governmental or regulatory entities, marketing of our products, supporting products purchased and providing continuing services. Personal information submitted via our websites may be used for the purposes outlined in this policy.
Authorized use of personal information includes:
- Providing CSR’s privacy solutions to you, your business, or your family;
- Providing CSR online product and services to you and your business;
- Personalizing and enhancing your experience on our online solution sets;
- Sending solutions and products purchased through our online solutions;
- Confirmations, statements, invoices, or other necessary emails to ensure a high level of customer service;
- Email communication;
- Newsletters and other email communication mailing lists that you have subscribed to;
- Submission of summary result reporting based on the product and services you are subscribed to;
- Providing statistical information to appropriate parties on overall usage of products and services; and
- Sending notification on updates to this policy.
Where applicable, clients may have the option of providing, or not providing, personal information.
Sharing of Information
CSR may share personal information with third-parties. Doing so allows us to efficiently conduct our business. Information may be shared with or obtained by third-party service providers who provide us with services such as data hosting or processing, credit card processing, credit checks or processing and fulfilling reservations or purchases. We believe these providers exercise reasonable care to protect personal information and third-party contracts restrict the use of personal information to the purposes for which it was provided to them.
Personal information may also be disclosed if necessary: as required by law or regulation; to comply with legal, regulatory or administrative requirements of governmental authorities; to comply with a court order, subpoena, search warrant or other valid legal process; in connection with legal action, claim or dispute, including, but not limited to, the collection of debts; and for the protection of persons or property.
Record Retention and Data Destruction
CSR keeps personal information for as long as is necessary for business purposes, or as legally required by appropriate state, federal and regulatory bodies or other countries. Beyond that time period, records, both physical and electronic, are destroyed.
Data Storage
All data is ultimately transferred to and stored in the United States. CSR’s online solution sets will request consent prior to completion of this transfer. CSR cannot provide the online solution set without consent.
Data Security
CSR uses security safeguards to protect Personal Information from unauthorized access. We have written policies and procedures in place to set forth physical, administrative and technological safeguards around data security. We train our employees in these policies and procedures.
In the event of an actual or suspected breach, CSR follows the steps outlined in its Incident Response Plan. Payment related data, if stored on our secure servers, will be encrypted and stored with a multi-key encryption algorithm or hashed. Transmission of data on the internet is insecure and transmission of data over the internet cannot be 100% guaranteed.
User is responsible for keeping secure passwords generated on CSR online applications. CSR hashes passwords and does not have access to passwords through back-end systems. CSR will never ask for a password other than on the log in page of the CSR online solution.
Links to Third Party Web Sites
CSR websites may contain links to third party sites. These links are provided for convenience purposes and are not under the control of CSR. An example of such a link can be found in our csrps.com news sections, “Privacy News” and “Regulatory Updates,” which provide links to the original news articles or statutes. CSR does not make representations and warranties, expressed or implied, regarding the content of these linked sites. These links do not constitute or imply an endorsement, authorization, sponsorship or affiliation by CSR with respect to a third party, a third party’s web site, the content of a third party’s web site, or products or services provided by a third party.
The information practices of those web sites linked to our website is not covered by this Policy. CSR is not responsible for the privacy policies of websites to which it links. If you provide information to such third parties different rules regarding the collection and use of your Personal Information may apply. We strongly suggest you review such third party’s privacy policies before providing data to them.
Cookies and Other Technologies
Cookies are used on CSR websites. By using on or more of our websites, you agree that cookies are to be placed on your device as further explained below.
Cookies are small pieces of data that a website sends to your computer’s web browser while you are navigating through it. They have many different purposes, but mainly, cookies enable you to navigate between pages easily, remembering your preferences, and eventually improve the user experience. These cookies may then be stored on your machine to identify your computer.
A. Types of Cookies
We use several types of cookies on our Sites, as categorized below:
Strictly necessary cookies
These cookies are essential to enable you to move around the site and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided.
Strictly necessary cookies used on CSR websites:
- Login/authentication cookies
- Session cookies
Functionality cookies
These cookies allow a website to remember choices you make and provide enhanced, more personal features. They may be used to provide services you have asked for such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for advertising or remembering where you have been on the internet outside of our website.
Functionality cookies used on CSR websites:
- Registered visitor functionality cookies
- Social plug-in content sharing cookies
Performance cookies
These cookies are used to collect information about how visitors use a website, for instance which pages they go to more often, and if they get error messages from web pages. All information collected by means of these cookies is anonymized, aggregated and only used to develop and track traffic patterns and the volume of use of our website and to improve how our website works. This information is for CSR’s exclusive use and is not shared with any third-party or connected to any other information.
Performance cookies used on the CSR websites:
- Analytic cookies
Targeting cookies
These cookies are used to deliver advertisements that are targeted to be relevant to you, limit the number of times you see an advertisement, and help measure the effectiveness of the advertising campaign. They are usually placed by advertising agencies with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often they will be linked to a website functionality provided by the other organization.
We do not have third-party advertising on our website.
We use targeting cookies only for our own analytic purposes.
B. Use of Cookies
We may use Personal Information collected from our cookies to identify user behavior and to serve content and offers based on your profile.
The performance cookies used on this website do not collect Personal Information:
Other cookies can collect Personal Information:
- If a user is a registered user
- If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message
- When you click a link in a marketing e-mail you receive from CSR, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.
C. Other Non-Cookie Technologies:
CSR also enables the use of technologies that perform functions similar to cookies such as web beacons or other technologies that may be included in marketing e-mail messages or newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device but may work in conjunction with cookies to monitor website activity.
D. “Do-Not-Track” Signals:
Some web browsers may transmit “do-not-track” signals to the websites with which the browser communicates. As of the Effective Date of this Privacy Policy, an industry standard has not yet been established on how to respond to these signals. Therefore, our website does not currently recognize or respond to these signals. However, at this time you can generally express your privacy preferences regarding the use of most cookies through your web browser.
E. How To Accept Or Refuse Cookies
If you do not want to receive cookies from our website, you may set your browser to refuse cookies or to notify you when you receive a cookie, which you may then accept or refuse upon such notice. You can also generally set your browser to turn off cookies. To understand how to do this, please consult your browser’s “Tools” section, or any other similar heading.
We recommend that you leave the cookies active. Bear in mind that if you block, turn off or otherwise reject our cookies, some web pages may not display properly, or you will not be able to use any website services that require you to sign in.
Conditions of Use
Your use of our website and applications constitutes your acceptance of the terms and conditions in this Privacy Policy as modified from time to time.
How to Access, Correct Personal Information, and Choice
CSR offers choices about the collection, use, and sharing of personal information. For example, you may choose (opt out) whether your personal information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You can contact CSR regarding your choices via email, phone or letter as noted below in the Contact Information section.
CSR offers transparency in the personal information that we collect and maintain. To ensure that your personal information is correct and up to date, you may review and update your profile by logging into your account. Alternatively, users can contact CSR via email, phone or letter as noted below in the Contact Information section.
CSR permits individuals to request deletion of personal information that is demonstrated to be inaccurate or incomplete. If you request access, correction, amendment or deletion of your personal information and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to personal information will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by law or excessive requests. Please note that personal profile information supplied by you on-line via the website can be accessed by you on-line at any time and at no charge. Therefore, transfer of your information to a third-party can be completed by you directly or through CSR, upon request. A formal data access request would be required.
Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email or contacting customer care.
We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have supplied us with, please contact us as set out below. If you desire to make a formal data access request or complaint regarding the handling or protection of your information, CSR will be happy to help you using the contact information listed below. You may also make a request or complaint by filling out the Data Access Request Form on our website csrps.com.
Based on the General Data Protection Regulation and under EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), you have a right to lodge a complaint or inquiry with our organization and, where applicable with your supervisory authority or other applicable enforcing authority.
California Privacy Rights / Notice for California Residents
California residents who have provided personal information to CSR may obtain information regarding CSR’s disclosures, if any, of personal information to third parties for third-party direct marketing purposes. Requests must be submitted to the following address:
Email: [email protected]
CSR Privacy Solutions, Inc.
Customer Care – California Privacy
Data Privacy Division
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Attn: California Privacy
Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal information disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of the third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address that is specified in this section.
EU-U.S. Data Privacy Framework Compliance
CSR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, its treaty countries, Switzerland, and the United Kingdom to the United States in reliance on Data Privacy Framework.
CSR has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. CSR has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CSR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us via:
Email: [email protected]
Or in writing to:
CSR Privacy Solutions, Inc.
Attn: Daniel Federgreen
Data Privacy Division – Data Privacy Framework
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Please include your name, address and phone number or e-mail in all communications and state clearly the nature of your request or concern. Ensure envelopes sent via post/mail are marked confidential. If you would like to exercise your data subject access rights or withdraw consent, you may submit your request directly at https://urisq.net/DSAR/AccessRequest/6506-102357-197-2043.
CSR has provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all personal data except for human resource data. For more information, visit the website for ICDR®/AAA® EU-U.S.DPF and the UK Extension to the EU-U.S DPF: and the Swiss-U.S. DPF International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at https://go.adr.org/dpf_irm.html. Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. Use of the ICDR/AAA recourse mechanism would be free of charge to you. The Federal Trade Commission has jurisdiction over CSR’s compliance with the Data Privacy Framework.
If CSR transfers your personal data to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. DPF and the UK Extension to the EU-U.S DPF and the Swiss-U.S. DPF Principles and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, CSR will remain liable for the mishandling of your information even upon transfer to a third-party; thus, CSR will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of data received pursuant to the EU-U.S. DFP and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CSR is potentially liable.
Changes to this Policy
CSR reserves the right to modify or change this Privacy Policy at any time by posting such changes on the website or within our online solution sets. Any such change, update, or modification will be effective immediately upon posting, and reflected with the updated Date Modified. Your continued provision of information to us or use of our website and applications following the posting of changes to the Privacy Policy means that you accept the changes and our use of your personal information in accordance with the revised Privacy Policy.
We will indicate on the home page of the website or online solution set if a material change to the Privacy Policy has been made.
Contact Information
For questions about this Privacy Policy or in general, you may email CSR at:
[email protected] Attn: Data Privacy Office
If you prefer to mail us a letter, you can reach us at:
CSR Privacy Solutions, Inc.
Attn: Data Privacy Division
830 NE Pop Tilton Place
Jensen Beach, FL 34957
CSR Trademark Disclosure
©2024 All rights reserved worldwide. CSR®, CSR Breach Reporting Service™, and CSR Breach Reporting ToolKit® are federally registered service marks of CSR Privacy Solutions, Inc. All other products and company names are trademarks of their respective companies.
CSRPS Website Disclaimer
While CSR strives to make the information on this website as timely and accurate as possible, CSR makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of this site, and expressly disclaims liability for errors and omissions in the contents of this site. No warranty of any kind, implied, expressed, or statutory, including but not limited to the warranties of non-infringement of third-party rights, title, merchantability, fitness for a particular purpose or freedom from computer virus, is given with respect to the contents of this website or its links to other Internet resources.
Reference in this site to any specific commercial product, process, or service or the use of any trade, firm or corporation name is for the information and convenience of the public and does not constitute endorsement or recommendation by CSR. Some CSR website pages contain links to third-party websites. The linked sites are not under the control of CSR and CSR is not responsible for the contents of any linked website. These links are provided as a convenience only and shall not be construed as an endorsement of, sponsorship of, or affiliated with the linked Website by CSR.
CSR collects information that is used for marketing and information distribution purposes.