Compliance with Safe Harbor Principles
CCAA complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. CCAA has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view CCAA’s certification, please visit http://www.export.gov/safeharbor/.
What Does CCAA Treat as Personal Information?
"Personal Information" is any information or data about You that in itself, or as part of a unique combination of information, specifically recognizes You by unique descriptors and/or identifiers. Examples of Personal Information are name, address, credit card number, bank or financial account number, and social security number. Personal Information does not, however, include publicly available information. CCAA recognizes that You have an expectation about how Your Personal Information will be used and safeguarded. CCAA takes very seriously its commitment to ensure that such expectations are reasonably met, including the implementation of sound policies and business practices designed to diminish the unauthorized use of Personal Information for purposes such as the falsification of identity, unauthorized transactions in Your name, and/or the sale of Personal Information to third parties such as telemarketing firms. As a general rule, CCAA will not (within the scope of the European Directive 95/46/EC (the "Directive")) disclose any specific Personal Information that We receive about You from Our Affiliates in a manner that connects You with the Personal Information.
How Does CCAA Receive Your Personal Information?
CCAA acts as a data processor for Our Affiliates and supports their business offerings purely as a data processor as defined in the Directive. In doing so, We act at the specific direction of, and in accordance with written instructions provided by, the relevant Affiliate outlining the authority granted to CCAA as the data processor. The data that we receive from Our Affiliates includes customer data (such as Your Personal Information) housed in the databases of the clients of such Affiliate, which data is transmitted by the Affiliate, via a secured link (like a Virtual Private Network) using appropriate encryption mechanisms, to Our database servers. Although it is ultimately the responsibility of the Affiliate to ensure the integrity of the data it transmits to Us, We take reasonable steps to ensure that the data remains reliable, accurate, complete, and current, and that it is used solely for the intended purposes for which it was collected.
As a general rule, CCAA will not disclose any specific Personal Information about You that We receive from Our Affiliates, except when We have Your permission or under special circumstances, as described below. We receive and use Personal Information for Our business purposes only, and as specifically instructed by Our Affiliates. The following describes some of the ways that Your Personal Information may be disclosed:
Third Party Contractors:
How Can You Control the Usage Of Your Personal Information?
Given that CCAA is only acting as a data processor on behalf of, and at the specific direction and instruction of, Our Affiliates, we are not entitled to modify, change, amend or otherwise alter Your Personal Information unless otherwise instructed directly by Our Affiliates. Accordingly, We will promptly forward to the relevant Affiliate from which We received Your Personal Information any request We may receive from You to correct, update or delete such Personal Information. We will coordinate any responses and/or inquiries that We may receive from such Affiliates in response to Your requests, and will promptly comply with any related instructions We may receive from such Affiliates relating to the processing of Your Personal Information (including any corrections, updates or deletions to such Personal Information). We will also reasonably cooperate with the applicable European Data Protection Supervisory Authority in the course of any inquiries it may have, and will reasonably comply with the advice of such Supervisory Authority, with regard to Our processing of Your Personal Information.
If, at any time, You wish to update, change, limit, or delete Your Personal Information, You may contact CCAA’s Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or email@example.com, who will forward Your request to the relevant Affiliate.
The security of all Personal Information associated with Our clients and customers is an important concern to Us. We take reasonable industry-standard precautions to safeguard the confidentiality of Your Personal Information, and to protect Your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We exercise care, as a data recipient, in ensuring a secure transmission of Your Personal Information from Our Affiliates to Our servers. We require that such transmissions be made via a secured link (like a Virtual Private Network ("VPN")) using appropriate encryption mechanisms. Unfortunately, no data transmission over a VPN can be guaranteed to be 100% secure. As a result, while We strive to protect Your Personal Information, CCAA and CCAA-affiliates cannot guarantee or warrant the security of any such Personal Information.
CCAA has instituted a self-regulatory and assessment program for ensuring verification and adherence to the Safe Harbor Privacy Principles. This may consist of regular information protection reviews including privacy information reviews, physical security reviews, disaster recovery planning, testing and reviews, internal and external audits of CCAA’s security, reviews performed by Our Affiliates, and onsite and survey reviews by Our Affiliates’ clients. Vulnerability reviews by CCAA or Our designated third party agents are also performed periodically. CCAA’s privacy polices and practices are in accordance with the aforementioned program and the Safe Harbor Principles.
If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, please follow Our Dispute Resolution process below.
In addition to the establishment of internal controls and dispute resolution procedures for ensuring compliance with the Safe Harbor Principles, CCAA has implemented an independent recourse mechanism whereby Your complaints and disputes can be investigated and resolved. To that end, CCAA has committed to cooperate with data protection authorities located in the European Union, or their authorized representatives.
If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, You may contact CCAA’s Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or firstname.lastname@example.org. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve Your complaint where necessary.