CDS GLOBAL PRIVACY SHIELD STATEMENT
Last Updated: March 25, 2019
CDS Global, Inc. (“CDS Global”, “we”, “our” or “us”) complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred to us from the European Union, United Kingdom or Switzerland, as well as Norway, Liechtenstein and Iceland, (collectively, the “EEA, UK and Switzerland ”) to the United States. If there is any conflict between the terms in this Privacy Shield Statement and the principles set forth in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield Principles”), the Privacy Shield Principles shall govern. We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles in processing Privacy Shield Information. The Federal Trade Commission has jurisdiction over CDS Global’s compliance with the Privacy Shield. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
CDS Global obtains personal information about EEA, UK and Swiss consumers as a data processor when providing services on behalf of and as instructed by our clients or our affiliates (collectively, “Clients”). In addition, we obtain as a data controller personal information about EEA, UK and Swiss representatives of Clients, potential Clients, service providers, suppliers and other business partners in association with our business operations and in connection with the operation of the CDS Global website, www.cds-global.com and the country-specific webpages that link to the CDS Global Privacy Notice (collectively, the “Site”).
For the purposes of this Privacy Shield Statement, the personal information transferred from the EEA, UK and Switzerland to us, when operating as a data processor or as a data controller, is referred to collectively as “Privacy Shield Information”. As our processing activities vary depending on whether we are acting as a processor or controller, we have described our processor and controller policies and compliance practices separately below.
In accordance with the Privacy Shield Principles, CDS Global remains liable for any processing of Privacy Shield Information by third parties that provide services or handle transactions on our behalf where such processing is inconsistent with the Privacy Shield Principles, unless CDS Global was not responsible for the event giving rise to any alleged damage.
CDS Global may be required to disclose Privacy Shield Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of Privacy Shield Information.
EEA, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at email@example.com. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. Where a privacy complaint or dispute cannot be resolved through our internal processes, EEA, UK and Swiss individuals should visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to the claimant. In certain circumstances, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.
CDS GLOBAL AS A PROCESSOR
CDS Global provides services to Clients pursuant to Client instructions. Such services include order management, fulfillment, customer support, and marketing. As a data processor acting on behalf of our Clients, CDS Global obtains Privacy Shield Information about EEA, UK and Swiss consumers. The information obtained varies from Client to Client and is specified by each Client. Typically this includes names, mailing addresses, email addresses, telephone numbers, payment information, demographics and information about interactions with emails or digital platforms.
As a data processor, CDS Global does not have a direct relationship with Clients’ consumers. When processing Privacy Shield Information of EEA, UK and Swiss Consumers, CDS Global applies the Privacy Shield Principles as follows:
EEA, UK and Swiss individuals have rights to access personal information about them and to limit use and disclosure of such information. EEA, UK and Swiss consumers who wish to request access to, limit the use of, or limit disclosures of Privacy Shield Information we process on behalf of a Client can contact the relevant Client who is the controller of the Privacy Shield Information. CDS Global cooperates with Clients to address EEA, UK and Swiss consumers’ requests in relation to Privacy Shield Information and supports Clients as needed to respond to the request.
CDS GLOBAL AS A CONTROLLER
CDS Global receives Privacy Shield Information in association with operating the Site, and we receive personal information of EEA, UK and Swiss representatives of current and prospective Clients, vendors, and service providers. CDS Global is a data controller in relation to this type of Privacy Shield Information.
The Site: We collect and handle personal information in association with the operation of the Site as described in the CDS Global Privacy Notice posted on the Site. When the information is transferred to us from the EEA, UK and Switzerland, we process the information in accordance with the Privacy Shield Principles. The CDS Global Privacy Notice provides further information about:
Business Operations: In the ordinary course of business, CDS Global receives personal information of EEA, UK and Swiss representatives of current and prospective Clients, vendors, and service providers. The information we receive in such contexts typically consists of names, business contact information, job titles, and organizational affiliations. We use and share such information to enter into and fulfill our contracts; for our legitimate business purposes, including in the context of corporate transactions or restructuring; and as needed to comply with applicable laws. Where such information is transferred to us from the EEA, UK and Switzerland, CDS Global handles this information in accordance with the Privacy Shield Principles.
EEA, UK and Swiss individuals have the following rights with regard to Privacy Shield Information for which CDS Global is a data controller:
EEA, UK and Swiss individuals who wish to discuss or exercise such rights should contact CDS Global using the details provided below.
If CDS Global, as a controller, processes Privacy Shield Information for a new purpose that is materially different from that for which the information was originally collected or subsequently authorized, or if such Privacy Shield Information is to be disclosed to a non-agent third party, CDS Global will provide an opportunity for EEA, UK and Swiss individuals to choose whether to have their Privacy Shield Information so used or disclosed. Requests to opt out of such uses or disclosures of personal information should be sent using the details provided below.
To contact CDS Global with regard to any issues under this Privacy Shield Statement, please write to us at firstname.lastname@example.org.