Privacy Notice
Privacy Notice
Effective from 3rd May’21
Introduction
We appreciate the trust you place in us when sharing your personal data. CSS Corp including its subsidiaries and affiliates (CSS (Dalian) Technologies Services Limited, China; CSS Costa Rica Technology Services Limitada, Costa Rica; CSS Corp Private Limited, India; CSS ICT Services SDN BHD, Malaysia; CSS Corp Technologies (Mauritius)( Limited, Mauritius, CSSCorp ICT Services, Inc., Philippines; CSS Corp SP Z.O.O, Poland; CSS Corp ICT Services PTE Ltd., Singapore; Cybernet Software Systems, Inc. USA; Slashsupport Inc., USA; CSS Corp Europe Ltd., UK; CSS Corp Belgium BV, Belgium; CSS Corp ICT Services S.R.L., Romania; CSS Corp Colombia SAS, Colombia.) respects the privacy of its customers, business partners, and all relevant stakeholders. In this document, we will explain how we collect, use, and protect your personal data. We will also explain what rights you have with regards to your personal data and how you can exercise those rights. This document also describes the measures we take to protect the security of the information and how individuals can contact us about our privacy practices.
If you need more information, please contact: privacy.officer@csscorp.com
We take the security of all the data we hold very seriously. We adhere to internationally recognized security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures, and training in place covering data protection, confidentiality, and security and regularly review the appropriateness of the measures we have in place to keep the data secured. We have developed our Data Privacy policy in line with the requirements of the European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable national laws
1. The information we collect
We collect and use the contact details of our customers, clients, and customers in order to manage and maintain our relationship with those individuals. Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes. The personal data may include Name, email ID, Home address, Work address, phone numbers, and job titles. In some cases, we also need invoice details, delivery addresses, payment credit card details, and any other information which you provide to process our activity.
CSS web servers gather your IP address to assist with the diagnosis of problems or support issues with our services, and to monitor the use of our Site, including the monitoring of the location of our users.
We and our service providers use technologies on our sites to collect information that helps us improve the quality of our services and the online experience of our visitors and users. In this Privacy Notice, we refer to these technologies, which include cookies. These are small text files stored on your computer or mobile device to remember your actions or preferences over time such as session cookies, flash cookies, HTML5, and JavaScript. They help deliver and gather usage and performance data and similar technologies from third-party providers and are collectively known as “cookies.” Cookies allow us to personalize your return visits and save you time during certain activities, by remembering your user preferences – remaining logged on our site. Most web browsers support cookies and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our sites.
2. How we use your information
We provide a diverse range of professional services to our clients and customers. Some of our services require us to process personal data in order to provide maintenance, delivery, advice, and troubleshooting services. For example, we will take the customer’s personal details to verify customer credentials in order to ensure the delivery of technological troubleshooting services to the right customer.
We monitor the services provided to the clients and customers for improving the quality of our services, which may involve processing personal data stored on our or our client’s IT platforms / Operating Systems. We have policies and procedures in place to monitor the quality of our services and security risk management. As part of our process, we also carry out searches using publicly available sources like the internet. Where either we or a customer contact by telephone or any similar voice-over channels, we may record the conversation with our customers for improvement of quality, training, and security purposes, in accordance with our legitimate interests. Our Research and Development team sometimes uses your information to invite you to take part in market research or surveys.
We process personal data in order to run our business, including managing our relationship with our clients, customers, and the third party, developing our businesses and services to accommodate customer satisfaction, like identifying client & customer’s needs and improvements in our service delivery, improving technology in our Information and Communications Technology systems, administration and management of our website and client tools. We also use information you provide to personalize (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt out of electronic direct marketing at any time by following the instructions in the relevant communication.
We need to keep certain personal data to demonstrate that our services are provided in compliance with applicable legal and regulatory requirements. In the event we are required to disclose personal data to comply with the direction issued by a governmental, statutory, or law enforcement authority, we will take commercially reasonable steps to disclose only such information that is required, and where permitted by such authorities, we will inform you.
3. With whom and where will we share your personal data?
We may share your personal data with our subsidiaries to process it for the purposes of inter-group administration and to deliver products or services where elements of these are provided by group companies other than those with which you have directly contracted.
We are part of a global network of companies, firms, and other service providers, we use third parties located in other countries to help us run our business in a legitimate way. As a result, personal data may be transferred outside the countries where we and our clients are located. These countries may include countries outside the EU/EEA area. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement that covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality, and security standards.
We use third parties to support us in providing our services and to help provide, run, and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security, and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.
Corporate Transactions: If CSS Corp is involved in a merger, acquisition, dissolution, sale of all or a portion of its assets, or other fundamental corporate transactions, we reserve the right to sell or transfer your information as part of the transaction. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.
EU – US / Swiss-US Privacy Shield Participation
We participate in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and have self-certified to the U.S. Department of Commerce our adherence to the Privacy Shield Principles for all personal information received from countries in the European Economic Area, Switzerland, and the United Kingdom in reliance on the Privacy Shield. To learn more about Privacy Shield, visit the Privacy Shield website at https://www.privacyshield.gov/list. Under Privacy Shield, we are responsible for the processing of personal information we receive and subsequently transfer to a third party acting for or on our behalf. We are liable for ensuring that the third parties we engage support our Privacy Shield commitments. The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Privacy Shield. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
CSS Corp commits to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of personal information about you pursuant to Privacy Shield, including to the panel established by the EU authorities, ICO, and the Swiss FDPIC. This is provided at no cost to you. For more information, you can contact CSS Corp’s Privacy Team using this email address: privacy.officer@csscorp.com.
4. How long will you keep my personal data?
We will not keep your personal information for any purpose for longer than is necessary for our processing purposes and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer, we will keep your information for the length of any contractual relationship you have with us and after that for a period of 12 months or as per the data retention policy of CSS Corp.
Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.
In the case of any contact you may have with our customer services team, we will retain those details for as long as it is necessary to resolve your query and for two weeks after the query is closed.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require CSS Corp to hold certain information for specific periods other than those listed above.
5. Where is my data stored?
The personal data that we collect from you may be transferred to and stored outside the EU/EEA, UK area at a safe and secure place. It may also be processed by staff operating outside the EU/EEA, UK who works for us under strict security contractors for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.
6. What are my rights in relation to my personal data?
As a data subject, you have certain rights over your personal data, and data controllers are responsible for fulfilling these rights. Further information about the rights that individuals have and how to exercise them is given below:
You have the right access to your personal data held by us as a data controller. This right may be exercised by emailing us at privacy.officer@csscorp.com. We will aim to respond to any requests for information promptly and in any event within the legally required time limits of 30 days from the day of request received by us.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine-readable format. If you wish to transmit your personnel data directly from one data controller to another data controller, the same will be processed, wherever it is technically feasible.
At any stage, while your data is in our processing and if you want to update the same, you may email us at privacy.officer@csscorp.com. We will process your request to the extent it is practically possible for us and we will make corrections based on your updated information.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please email us at privacy.officer@csscorp.com. We will process your request as early as practically possible.
Where we process personal data based on consent, individuals have a right to ask to erase their data at any time. To erase your data from our database please email us at privacy.officer@csscorp.com. We will process your request as early as practically possible.
7. Where can I find more information about CSS Corp’s handling of my data?
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. Should you have any queries regarding this Privacy Notice, about CSS Corp’s processing of your personal data, or wish to exercise your rights you can contact CSS Corp’s Privacy Team using this email address: privacy.officer@csscorp.com.
Contact Us. If you have a question about this Privacy Notice or wish to inquire about our personal information handling practices, please contact us as follows:
[CSS Corp,12832 S. Frontrunner Blvd, 4th Floor, Draper, UT 84020]
Changes to Our Privacy Policy
CSS Corp reserves the right to update or change this privacy statement from time to time and as such, we request you to review our privacy statement periodically on our website for any further updates or changes that we may have made. If we propose to make any material changes, we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
A Note to Children and Parents
Children: We do not process the young person’s data age below 16 years. If you are below 16 years of age and someone asks you to share information about yourself. Before sending any information about yourself over the Internet to us or anyone else, be sure to ask your parents for permission.
Parents: CSS Corps encourages parents to talk to their children about safe and responsible use of their personal information while using the Internet
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.