PRIVACY Shield Statement

CDS GLOBAL PRIVACY SHIELD STATEMENT
Last Updated: June 11, 2020

CDS Global, Inc. (“CDS Global”, “we”, “our” or “us”) complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred to us from the European Union, United Kingdom or Switzerland, as well as Norway, Liechtenstein and Iceland, (collectively, the “EEA, UK and Switzerland ”) to the United States.  If there is any conflict between the terms in this Privacy Shield Statement and the principles set forth in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield Principles”), the Privacy Shield Principles shall govern.  We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles in processing Privacy Shield Information.  The Federal Trade Commission has jurisdiction over CDS Global’s compliance with the Privacy Shield.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

CDS Global obtains personal information about EEA, UK and Swiss consumers as a data processor when providing services on behalf of and as instructed by our clients or our affiliates (collectively, “Clients”).  In addition, we obtain as a data controller personal information about EEA, UK and Swiss representatives of Clients, potential Clients, service providers, suppliers and other business partners in association with our business operations and in connection with the operation of the CDS Global website, www.cds-global.com and  the country-specific webpages that link to the CDS Global Privacy Notice (collectively, the “Site”). CDS Global also obtains personal information about EEA, UK and Swiss consumers who directly engage with certain CDS Global products directed to consumers (e.g., our digital authentication service (single sign-on))(collectively, the “Consumer Offerings”), which products may be offered on Clients’ websites or apps.

For the purposes of this Privacy Shield Statement, the personal information transferred from the EEA, UK and Switzerland to us, when operating as a data processor or as a data controller, is referred to collectively as “Privacy Shield Information”.  As our processing activities vary depending on whether we are acting as a processor or controller, we have described our processor and controller policies and compliance practices separately below. 

In accordance with the Privacy Shield Principles, CDS Global remains liable for any processing of Privacy Shield Information by third parties that provide services or handle transactions on our behalf where such processing is inconsistent with the Privacy Shield Principles, unless CDS Global was not responsible for the event giving rise to any alleged damage.

CDS Global may be required to disclose Privacy Shield Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

DISPUTE RESOLUTION
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of Privacy Shield Information.  
EEA, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at info@cds-global.com. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States.  Where a privacy complaint or dispute cannot be resolved through our internal processes, EEA, UK and Swiss individuals should visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.  The services of JAMS are provided at no cost to the claimant. In certain circumstances, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

CDS GLOBAL AS A PROCESSOR
CDS Global provides services to Clients pursuant to Client instructions.  Such services include order management, fulfillment, customer support, and marketing.  As a data processor acting on behalf of our Clients, CDS Global obtains Privacy Shield Information about EEA, UK and Swiss consumers.  The information obtained varies from Client to Client and is specified by each Client.  Typically this includes names, mailing addresses, email addresses, telephone numbers, payment information, demographics and information about interactions with emails or digital platforms. 

As a data processor, CDS Global does not have a direct relationship with Clients’ consumers. When processing Privacy Shield Information of EEA, UK and Swiss Consumers, CDS Global applies the Privacy Shield Principles as follows:

• Before processing on behalf of Clients established in the EEA, UK and Switzerland, CDS Global will enter into processing contracts with such Clients to comply with applicable data protection laws.
• Such processing contracts will contain data privacy and data security requirements.
• CDS Global accesses and discloses Privacy Shield Information of EEA, UK and Swiss consumers to third parties only as permitted or required by the relevant processing contracts, Privacy Shield Principles, and applicable European data protection laws. 
• CDS Global has in place measures to protect Privacy Shield Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

EEA, UK and Swiss individuals have rights to access personal information about them and to limit use and disclosure of such information.  EEA, UK and Swiss  consumers who wish to request access to, limit the use of, or limit disclosures of Privacy Shield Information we process on behalf of a Client can contact the relevant Client who is the controller of the Privacy Shield Information.  CDS Global cooperates with Clients to address EEA, UK and Swiss consumers’ requests in relation to Privacy Shield Information and supports Clients as needed to respond to the request. 

CDS GLOBAL AS A CONTROLLER
CDS Global receives Privacy Shield Information in association with providing its Consumer Offerings and operating the Site, and we receive personal information of EEA, UK and Swiss representatives of current and prospective Clients, vendors, and service providers.  CDS Global is a data controller in relation to this type of Privacy Shield Information.

The Consumer Offerings: We collect and handle personal information obtained in connection with our Consumer Offerings as described in the Privacy Notice applicable to each Consumer Offering. If in connection with a Consumer Offering information is transferred to us from the EEA, UK and Switzerland, we process the information in accordance with the Privacy Shield Principles.  The applicable Privacy Notice to each Consumer Offerings provides further information about:

• The types of personal information we collect;
• The purposes for which we collect and use personal information; and
• The types of third parties with which we share personal information.

The Site:  We collect and handle personal information in association with the operation of the Site as described in the CDS Global Privacy Notice posted on the Site.  When the information is transferred to us from the EEA, UK and Switzerland, we process the information in accordance with the Privacy Shield Principles.  The CDS Global Privacy Notice provides further information about:

• The types of personal information we collect;
• The purposes for which we collect and use personal information; and
• The types of third parties with which we share personal information.

Business Operations: In the ordinary course of business, CDS Global receives personal information of EEA, UK and Swiss representatives of current and prospective Clients, vendors, and service providers. The information we receive in such contexts typically consists of names, business contact information, job titles, and organizational affiliations.  We use and share such information to enter into and fulfill our contracts; for our legitimate business purposes, including in the context of corporate transactions or restructuring; and as needed to comply with applicable laws.  Where such information is transferred to us from the EEA, UK and Switzerland, CDS Global handles this information in accordance with the Privacy Shield Principles. 

EEA, UK and Swiss individuals have the following rights with regard to Privacy Shield Information for which CDS Global is a data controller:

• To obtain confirmation of whether CDS Global is processing such information;
• To access such information so that they can verify its accuracy and the lawfulness of processing; and
• To have such information corrected, amended, or deleted where it is inaccurate or processed in violation of the Privacy Shield Principles, except where the legitimate rights of persons other than the individual would be violated or the burden or expense of providing these rights would be disproportionate to the risks to the individual’s privacy in the case in question.

EEA, UK and Swiss individuals who wish to discuss or exercise such rights should contact CDS Global using the details provided below. 

If CDS Global, as a controller, processes Privacy Shield Information for a new purpose that is materially different from that for which the information was originally collected or subsequently authorized, or if such Privacy Shield Information is to be disclosed to a non-agent third party, CDS Global will provide an opportunity for EEA, UK and Swiss individuals to choose whether to have their Privacy Shield Information so used or disclosed.  Requests to opt out of such uses or disclosures of personal information should be sent using the details provided below.

CONTACT US
To contact CDS Global with regard to any issues under this Privacy Shield Statement, please write to us at info@cds-global.com.