GENERAL STATEMENT

CSR Privacy Solutions, Inc. (hereinafter “CSR”, we, us, our) values our employees, partners, clients, and vendors. We remain committed to keeping Personal Information obtained during the general course of business secure. CSR provides this Privacy Policy to explain our practices and policies related to Personal Information (defined below) through our websites, including www.csrps.com, and the Readiness and V3 site (collectively “Sites”), and any services related to those Sites and other services including the Breach Reporting Service, Consulting Services, and other services as described below (collectively referred to as “Services”). CSR respects laws and regulations from countries around the world and it is our intention to provide individual rights of access and satisfactory security measures.

PERSONAL INFORMATION

“Personal information” is any information about an individual that can directly or indirectly distinguish or trace an individual’s identity, associate or link an individual to private information, distinguish one person from another, or be used to re-identify anonymous data.

Personal information is also known as Personal Data, Private Information, or Personally Identifiable Information.  In some instances, organization (business) information is also considered personal information.  This information may be stored both electronically and in physical documents. Personal Information may include, but is not limited to, a name, address, phone number, email address, IP address, credit card number, identification number(s), date of birth, photo ID’s, and other similar information. CSR describes the Personal Information we collect in the sections below.





		

PRIVACY PRINCIPLES

  • CSR is committed to protecting the privacy of the Personal Information of our employees, partners, clients and vendors.
  • CSR maintains physical, technological and administrative safeguards to protect Personal Information.
  • CSR permits only authorized employees and approved contractors, including but not limited to consultants, to have access to some or all Personal Information as needed.
  • CSR practices data minimization, meaning our intention is only to collect personal information essential for provision and improvement of our services and products.  Further, our retention and destruction practices keep Personal Information only as long as needed.
  • CSR supports your data access rights related to Personal Information and provides multiple ways for you to exercise those rights.



		

COLLECTION, CONSENT, AND USE OF YOUR PERSONAL INFORMATION

Providing personal information to us is voluntary; however, not providing the information could affect how you view some of our websites, our ability to respond to your request, or to provide requested services.

Except for limited circumstances, it is CSR’s practice to receive your consent prior to collection of your personal information.  Consent may be withdrawn at any time through a variety of methods which are listed in the section “How To Access, Update, and Correct Personal Information,” or go to https://www.csrps.com/data-access-request/.

Overall, your personal information may be used for the following reasons:

  1. Providing CSR privacy solutions to you, your organization, or your family, as requested;
  2. Providing CSR online products and services to you, your organization, and/or your vendors;
  3. Authentication and identification of users on our online solution sets;
  4. Personalizing and enhancing your CSR online experience;
  5. Confirmations, statements, invoices, or other necessary mailings or emails;
  6. Digital (email) or physical (paper) communication(s) in relation to a service, product, sale or other organization function;
  7. Newsletters and other communication lists that you have subscribed to or receive as part of our Service(s);
  8. Summary result reporting based on the product and services you are subscribed to;
  9. Providing statistical information to appropriate parties on usage of products and services; and
  10. Sending notification on updates to this policy.

Following is a more detailed description of our collection and use practices for personal information based on our various websites, solutions, and services.  As we endeavor to improve our Services or as required by new laws or legal mandates, CSR reserves the right to update the information regarding our collection, use, and vendor involvement as needed.  If updates effect your rights, particularly as required in certain jurisdictions, you will be notified.  The term “Vendor” refers to a pre-approved third-party, processor, consultant, contractor, or other business entity.


CSR Website, www.csrps.com (Does not include websites for CSR on-line solution sets)

  1. Browser based data such as browser type and version, operating system, referral source, geographic location, etc.  This allows for enhancing your experience, such as ensuring you are presented a view in an appropriate format for your laptop or mobile phone screen.  CSR does not store the information.  CSR uses third parties, such as Google analytics, to determine usage rates, and other information that will help us improve.
  2. Submittal by you of a request for Contact, Data Access, or Breach Reporting may include name, email, phone number, and if needed, organization information such as name, address, service provider, account number, country or state/province, or other information.  The information is needed to respond to you.


CSR Readiness (on-line solution set)

  1. Registration/account information for Channel Partners:  This is strictly personal business information:  organization contact information including name, title, email address(es), mailing or physical address, and phone numbers.  This information is received during the contractual process, the customization and registration set-up of the Channel Partner’s Readiness site and URL, to establish and complete customized training for their organization, and to establish a Partner Representative to contact with User concerns or questions.
  2. Registration/account information for Users:  As the product is meant to be completed by business organizations, we only collect personal business information and organization contact information.  Organization contact information includes email address(es), mailing or physical address, phone numbers, usernames, passwords*, provider name, and account number.  This allows CSR to provide the on-line solution in a secure environment; provide you with status and other notifications; provide free and purchased products; respond to your inquiries and requests; and periodically provide you with information regarding CSR or breaking regulation news. (*Passwords are hashed and irretrievable.)
  3. Browser based data such as IP Address, geographical location, browser type and version, operating system, etc.  This information is used for user authentication, user assistance, allowing the user to start where he/she last left off in the solution, analytics such as utilization information, enhanced user workflow, and in helping us improve user experience.
  4. CSR monitors the activity and responses of our online solutions.  This allows us to gather usage statistics, trends in privacy programs, improve our privacy practices and templates, and provide feedback to our users and channel partners.
  5. Payment information for purchase of Readiness products is passed directly through to PayPal or our secure payment card processor.  CSR retains your name and billing address for customer service reasons.


CSR V3 (on-line solution set)

  1. This product is designed for use by business organizations.  The information entered during use of the product is business and personal business information.
  2. Registration/account information for controller, joint controller and/or vendors includes one or more of the following:  organization name, organization contact names, organization information including email addresses, mailing or physical address, location, phone numbers, account numbers, usernames, and passwords*.  This allows CSR to provide the on-line solution in a secure environment; provide you, your joint controller and/or vendors with status and other notifications; provide free and purchased products; respond to inquiries and requests; and periodically provide information regarding CSR or breaking regulation news.  (*Passwords are hashed and irretrievable.)
  3. Browser based data such as IP Address, geographical location, browser type and version, operating system, etc. This information is used for user authentication, user assistance, allowing the user to start where he/she last left off in the solution, analytics such as utilization information, enhanced user workflow, and in helping us improve user experience;
  4. CSR monitors the activity and responses of our online solutions.  This allows us to gather usage statistics, trends in vendor management programs, improve our privacy practices and educational documents, and provide feedback.
  5. Payment for the V3 solution is made directly through our secure payment card provider or PayPal.  (If ACH is offered in a future version, financial information such as bank routing and accounting numbers will be collected.)  CSR retains your name and billing address for customer service reasons.


CSR Breach Reporting Service (BRS)

  1. The organization’s service provider name and account number.  CSR reserves the right to confirm an organization’s participation in the BRS program prior to or during rendering of BRS services.  BRS services are only provided for paid active accounts.  (Payments must be up-to-date and active for a minimum of 30 days prior (with the exception to services only initiated within the previous 30 days). 
  2. Organization information directly collected pertains to the organization that has experienced a confirmed or suspected breach incident, and their vendors, consultants, attorneys, or others directly involved, and may include one or more of the following:  Organization name, contact names, email addresses, mailing or physical address, locations, and phone numbers.
  3. All BRS calls are recorded.  Personal information is sometimes collected during the interview or evaluation process such as the names of individuals or employees also involved with the incident.
  4. Incoming BRS calls may be answered by an answering service to ensure no calls are missed.  The information is scheduled for deletion every three months.
  5. If consumer notification is required, and you have approved this process to be provided on your behalf, CSR or a third-party provider (such as an entity providing credit monitoring services) may have need to receive the contact information of the affected individuals including one or more of the following:  name, company name, email address, mailing address, telephone number, social security number, or other information required in order to complete the service.  CSR or third-party providers may require payment or other additional information.  The information is only to be kept long enough to provide the service and then destroyed.


CSR Professional Consulting Services

  1. Professional Consulting Services are provided to business organizations.
  2. Organization information may include one or more of the following:  Organization name, contact names, titles, departments, email addresses, mailing or physical address, phone numbers, tax or other identification numbers, financial information sufficient to allow for payment, and information that allows us to evaluate and provide consulting services to the client.
  3. CSR does not actively gather but sometime receives or views multiple types of personal information in the course of providing our consulting services.  We request that our Clients take steps to redact, truncate, or delete personal information from documents or systems prior to transfer or viewing by CSR.  Categories of personal information types sometimes include contact information, general information, identification numbers, financial data, human resource information, web browsing data, medical/health/insurance information, biometric and other descriptors, etc.
  4. If vendor management services are requested, CSR may receive information related to your third-party vendors such organization contact information, contracts, and other information required to provide due diligence, assessment, and/or audit services.
  5. CSR may utilize vendors to assist in completion of PI data probes, reports, printing/assembly of reports, or as needed for a specific request.


Other

  1. Recruitment/application for employment:  Collection of personal information will occur when and if you respond to a CSR job posting or are invited to participate in an interview process, background check, or hiring process.  This will include any personal information you include on your resume or cover letter and as requested on our application, background check authorization, and other application documents.  This generally includes and is not limited to: contact information, education, previous experience, previous employment, reference information, proof of identification and corresponding numbers.  Hired employees receive a CSR Employee Privacy Policy.
  2. Request and General Receipt:  CSR employees may attend conferences, sales expos, meetings, or other events in which organization contact information (personal business information) is collected either by request, mutual exchange, or general receipt.  In certain related instances, CSR may receive contact information from a third party, such as a referral.  In the general course of business, our sales representatives may collect personal business information or provide their own to other business organizations.
  3. Other:  CSR obtains and uses personal information for its business use and for local, state, federal or foreign country reporting requirements.

SHARING OF INFORMATION

CSR does not sell your personal information.

We may share your Personal Information as follows:

  1. Affiliates:  We may disclose the Personal Information we collect from you with our affiliates; however, if we do so, their use and disclosure of your Personal Information will be maintained by them in accordance with this Privacy Policy.
  2. Service Providers:  We may disclose the information we collect from you to vendors, third-party service providers, contractors or agents who perform functions on our behalf (“Service Providers”).  For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management, property management, and marketing and promotions.  As described above, we only provide our Service Providers with the information or access to information necessary for them to perform these services on our behalf.  Each Service Provider must agree to use commercially reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized acquisition, access, use, or disclosure.  Service Providers may only use the Personal Information to provide services to Us and are prohibited from using Personal Information other than as authorized by Us under this Policy.
  3. Business Transfers:  If we are acquired by, or merged with, another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, or if we are in negotiations with respect to any such transaction, we may transfer, or make available, the Personal Information we have collected from you to the other company or resulting legal entity.
  4. In Response to Legal Process:  We also may disclose the Personal Information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.  We respect vendor rights of notification prior to release of information if legally allowable.
  5. To Protect Us and Others:  We also may disclose the Personal Information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of any applicable End User Legal Agreements for Services provided through our Sites, or as evidence in litigation in which we are involved.
  6. Audits:  CSR may be audited under varying circumstances.  Although it is CSR’s intention to redact, truncate, or block access to Personal Information, occasionally an auditor may be able to view various data.  These audits may include, but are not limited to, those completed by government or regulatory agencies, financial and tax entities, organizations authorized to certify businesses for SOC and ISO certifications, and organizations that are considered a Controller to CSR.
  7. Aggregate and De-Identified Information:  We may share aggregate or de-identified Personal Information about users with third parties and publicly for marketing, advertising, research, or similar purposes.





		

RECORD RETENTION AND DATA DESTRUCTION

CSR keeps Personal Information for as long as is necessary for business purposes, or as legally required by appropriate state, federal and regulatory bodies or other countries. Beyond that time period, records, both physical and electronic, are destroyed.

DATA STORAGE

All data is ultimately transferred to and stored in the United States. CSR’s online solution sets will request consent prior to completion of this transfer. CSR cannot provide the online solution set without consent.





		

DATA SECURITY

CSR uses security safeguards to protect Personal Information from unauthorized access. We have written policies and procedures in place to set forth physical, administrative and technological safeguards around data security. We train our employees in these policies and procedures.

In the event of an actual or suspected breach, CSR follows the steps outlined in its Incident Response Plan.  Payment related data, if stored on our secure servers, will be encrypted and stored with a multi-key encryption algorithm or hashed.  Transmission of data on the internet is insecure and transmission of data over the internet cannot be 100% guaranteed.

You are responsible for keeping and securing passwords. CSR hashes passwords and does not have access to passwords through back end systems. CSR will never ask for a password other than on the log in page of the CSR online solution.  Links are available on these Sites to request assistance.

LINKS TO THIRD PARTY WEB SITE

CSR websites may contain links to third party sites. These links are provided for convenience purposes and are not under the control of CSR.  An example of such a link can be found in our csrps.com news sections, “Privacy News” and “Regulatory Updates,” which provide links to the original news articles or statutes. CSR does not make representations and warranties, expressed or implied, regarding the content of these linked sites. These links do not constitute or imply an endorsement, authorization, sponsorship or affiliation by CSR with respect to a third party, a third party’s web site, the content of a third party’s web site, or products or services provided by a third party.

The information practices of those web sites linked to our website is not covered by this Policy. CSR is not responsible for the privacy policies of websites to which it links. If you provide information to such third parties different rules regarding the collection and use of your Personal Information may apply. We strongly suggest you review such third party’s privacy policies before providing data to them.




		

COOKIES AND OTHER TECHNOLOGIES

Cookies are used on CSR websites. By using on or more of our websites, you agree that cookies are to be placed on your device as further explained below.

Cookies are small pieces of data that a website sends to your computer’s web browser while you are navigating through it. They have many different purposes, but mainly, cookies enable you to navigate between pages easily, remembering your preferences, and eventually improve the user experience. These cookies may then be stored on your machine to identify your computer.

A. COOKIES

We use several types of cookies on our Sites, as categorized below:

Strictly necessary cookies

These cookies are essential to enable you to move around the site and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided.
Strictly necessary cookies used on CSR websites:

  • Login/authentication cookies
  • Session cookies

Functionality cookies

These cookies allow a website to remember choices you make and provide enhanced, more personal features. They may be used to provide services you have asked for such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for advertising or remembering where you have been on the internet outside of our website.

Functionality cookies used on CSR websites:

  • Registered visitor functionality cookies
  • Social plug-in content sharing cookies

Performance cookies

These cookies are used to collect information about how visitors use a website, for instance which pages they go to more often, and if they get error messages from web pages. All information collected by means of these cookies is anonymized, aggregated and only used to develop and track traffic patterns and the volume of use of our website and to improve how our website works. This information is for CSRPS’ exclusive use.

Performance cookies used on the CSR websites:

  • Analytic cookies

Targeting cookies

These cookies are used to deliver advertisements that are targeted to be relevant to you, limit the number of times you see an advertisement, and help measure the effectiveness of the advertising campaign. We use targeting cookies only for our own analytic purposes.

B. USE OF COOKIES

We may use Personal Information collected from our cookies to identify user behavior and to serve content and offers based on your profile.

The performance cookies used on this website do not collect Personal Information:

Other cookies can collect Personal Information:

  • If a user is a registered user
  • If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message
  • When you click a link in a marketing e-mail you receive from CSR, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.

C. OTHER NON-COOKIE TECHNOLOGIES:

CSR also enables the use of technologies that perform functions similar to cookies such as web beacons or other technologies that may be included in marketing e-mail messages or newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device but may work in conjunction with cookies to monitor website activity.

D. “DO-NOT-TRACK” SIGNALS:

Some web browsers may transmit “do-not-track” signals to the websites with which the browser communicates. As of the Effective Date of this Privacy Policy, an industry standard has not yet been established on how to respond to these signals. Therefore, our website does not currently recognize or respond to these signals. However, at this time you can generally express your privacy preferences regarding the use of most cookies through your web browser.

E. HOW TO ACCEPT OR REFUSE COOKIES

You will be asked to provide consent for your cookies when accessing our website.  The request does not always reappear when you revisit the site.  You may use a Data Access Request, (DAR Click Here), to receive assistance in turning off or removing cookies.

Otherwise, if you do not want to receive cookies from our website, you may set your browser to refuse cookies or to notify you when you receive a cookie, which you may then accept or refuse upon such notice.  You can also generally set your browser to turn off cookies. To understand how to do this, please consult your browser’s “Tools” section, or any other similar heading.

We recommend that you leave the cookies active. Bear in mind that if you block, turn off or otherwise reject our cookies, some web pages may not display properly, or you will not be able to use any website services that require you to sign in.

CONDITIONS OF USE

Your use of our website and applications constitutes your acceptance of the terms and conditions in this Privacy Policy as modified from time to time.  As required in certain jurisdictions, CSR will provide notice and collect consent.  If changes, updates, or modifications are made, please see the section below labeled “Changes To This Policy”.

HOW TO ACCESS, UPDATE AND CORRECT PERSONAL INFORMATION

CSR offers transparency in the Personal Information that we collect and maintain. In order to ensure that your Personal Information is correct and up to date, you may review and update your profile by logging into your account. Alternatively, you can contact CSR to exercise your Data Access Rights via email, phone or letter as noted below in the Contact Information section or completing a Data Access Request form, (DAR Click Here).

CSR permits individuals to request deletion of Personal Information that is demonstrated to be inaccurate or incomplete. If you request access, correction, amendment or deletion of your Personal Information and you have more than one account with us, you will need to instruct us on each account separately. Reasonable access to Personal Information will generally be provided within thirty (30) calendar days at no cost to you, subject to limited exceptions prescribed by law or excessive requests. Please note that personal profile information supplied by you on-line via the website can be accessed by you on-line at any time and at no charge. Therefore, transfer of your information to a third-party can be completed by you directly or through CSR, upon request. A formal Data Access Request would be required.

If you no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking the unsubscribe link at the bottom of the email or contacting us as described below.

We aim to keep our information about you as accurate as possible. If you would like to access, update, review or change the details you have supplied us with, please contact us as set out below. If you desire to make a formal Data Access Request or complaint regarding the handling or protection of your information, use the contact information listed below and CSR will make our best effort to resolve your inquiry or complaint.

You may submit your request or file a complaint by using one of the following methods:

  1. Submit this online Data Access Request form (DAR Click Here)
  2. Call the following toll free number: 1-888-294-6971
  3. Email: [email protected].  You will be requested to complete the form in line 1; or
  4. Send a completed printed form (as found in Line 1) to the following address:

CSR Privacy Solutions, Inc.
Attn:  Data Protection Officer: Lorie Schrameck
Data Privacy Division
830 NE Pop Tilton Place
Jensen Beach, FL  34957

In order to submit a request, we will need to verify your identity.  If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account. We may request two or more data points of Personal Information and other proof of identification depending on the nature of the request and the Personal Information requested to verify your identity.  Response to requests are dependent on the ability to verify your identity.

A response to your request will be provided in within 30 days.  The response may include a request for additional information,

Based on the General Data Protection Regulation and under EU/US Privacy Shield Principles, you have a right to lodge a complaint or inquiry with our organization and, where applicable with your supervisory authority or other applicable enforcing authority.  Please see the section below regarding Privacy Shield for more information.






		

CALIFORNIA PRIVACY RIGHTS / NOTICE FOR CALIFORNIA RESIDENTS   (and NEVADA)

CSR does not sell your Personal Information as that term is defined in the CCPA or under Nevada Law (Section Chapter 603A of the Nevada Revised Statutes).

For individuals who are California residents, the California Consumer Privacy Act (“CCPA”) requires certain disclosures about the categories of Personal Information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it.  This information is explained under “Collection, Consent, And Use Of Your Personal Information” and other sections above.

Please note that for California residents, the term Personal Information means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in the CCPA.  All other capitalized terms have the same meanings as given them in this Privacy Policy.

If you are a California resident who has provided Personal Information to us, or a California resident that reasonably believes that we collect or store your Personal Information, you may exercise your rights under the CCPA and submit your requests in one of the following methods:

  1. Submit this online Data Access Request form (DAR Click Here)
  2. Call the following toll free number: 1-888-294-6971
  3. Email: [email protected].  You will be requested to complete the form in line 1; or
  4. Send a completed printed form (as found in Line 1) to the following address:

CSR Privacy Solutions, Inc.
Attn:  Data Protection Officer: Lorie Schrameck
Data Privacy Division
830 NE Pop Tilton Place
Jensen Beach, FL  34957

You have the following rights under the CCPA:

  • Right to know about Personal Information collected, disclosed or sold
  • Right to request deletion of your Personal Information

In order to submit a request, we will need to verify your identity.  If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account. We may request two or more data points of Personal Information and other proof of identification depending on the nature of the request and the Personal Information requested to verify your identity.  As a California resident, you also have the right to designate an agent to exercise these rights on your behalf.  We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us.

Requests will be responded to within 30 days.  You may only make two such requests in a 12-month period, and the information provided need only cover the 12-month period prior to your request.

EU/US PRIVACY SHIELD COMPLIANCE

CSR complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, its treaty countries, Switzerland, and the United Kingdom to the United States in reliance on Privacy Shield.

CSR has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the EU-U.S. Privacy Shield and Swiss-U.S. Principles, CSR commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union citizens or citizens of Iceland, Liechtenstein, Norway, Switzerland, or the United Kingdom with inquiries or complaints regarding this privacy policy should first contact us via:

Email:  [email protected]

Or in writing to:

CSR Privacy Solutions, Inc.
Attn:  Lorie Schrameck, Data Protection Officer
Data Privacy Division – Privacy Shield
830 NE Pop Tilton Place
Jensen Beach, FL  34957

Please include your name, address and phone number or e-mail in all communications and state clearly the nature of your request or concern. Ensure envelopes sent via post/mail are marked confidential. If you would like to exercise your data subject access rights or withdraw consent, you may submit your request directly at https://csrps.com/data-access-request/.

CSR has provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all personal data except for human resource data. For more information, visit the website for ICDR®/AAA® EU-U.S. Privacy Shield: International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at http://go.adr.org/privacyshield.html.  Under certain limited conditions and as a last resort, the individual can invoke binding arbitration. Use of the ICDR/AAA recourse mechanism would be free of charge to you. The Federal Trade Commission has jurisdiction over CSR’s compliance with the Privacy Shield.

If CSR transfers your personal data to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, CSR will remain liable for the mishandling of your information even upon transfer to a third-party; thus, CSR will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of data received pursuant to the EU-US Privacy Shield and Swiss-U.S. Privacy Shield, CSR is potentially liable.

CHANGES TO THIS POLICY

CSR reserves the right to modify or change this Privacy Policy at any time by posting such changes on the website or within our online solution sets. Any such change, update, or modification will be effective immediately upon posting, and reflected with the updated Effective Date. Your continued provision of information to us or use of our website and applications following the posting of changes to the Privacy Policy means that you accept the changes and our use of your Personal Information in accordance with the revised Privacy Policy.  If the changes, updates, or modifications will adversely affect previously received consent relating to collection and use of your Personal Information for one or more of our Services, you may be sent notification directly with a request to update your consent.

We will indicate on the home page of the website or online solution set if a material change to the Privacy Policy has been made.

CONTACT INFORMATION

For questions about this Privacy Policy or in general, you may:

Email CSR at:
[email protected]

Write to us at:

CSR Privacy Solutions, Inc.
Attn: Data Privacy Division
830 NE Pop Tilton Place
Jensen Beach, FL  34957

Call us at: +1-888-294-6971

CSR Trademark Disclosure

©2017 All rights reserved worldwide. CSR®, CSR Breach Reporting Service™, CSR Breach Reporting ToolKit®, CSR Readiness™ Suite and ID Stay Safe™ are federally registered service marks of CSR Privacy Solutions, Inc. All other products and company names are trademarks of their respective companies.

CSR Website Disclaimer

While CSR strives to make the information on this website as timely and accurate as possible, CSR makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of this site, and expressly disclaims liability for errors and omissions in the contents of this site. No warranty of any kind, implied, expressed, or statutory, including but not limited to the warranties of non-infringement of third party rights, title, merchantability, fitness for a particular purpose or freedom from computer virus, is given with respect to the contents of this website or its links to other Internet resources.

Reference in this site to any specific commercial product, process, or service or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement or recommendation by CSR. Some CSR website pages contain links to third party websites. The linked sites are not under the control of CSR and CSR is not responsible for the contents of any linked website. These links are provided as a convenience only and shall not be construed as an endorsement of, sponsorship of, or affiliated with the linked Website by CSR.

CSR collects information that is used for marketing and information distribution purposes.

Versions

Dec. 2019, Ver 3 – Revised for easier reading, provision of greater transparency, update to California Privacy Rights, and addition of Swiss-U.S. Privacy Shield information.

Dec. 2018, Ver 2.2 –DPO information, Data Rights, Transfer Liabilities, Recourse fees – Updated

Dec. 2017, Ver 2.1 – Update web address of ICDR/AAA

Nov. 2016, Ver 2 – Privacy Shield Information added

April 2014, Ver 1 – Original

Effective Date: December 19, 2019