Last updated: May 2018
What does this Privacy Notice cover?
CSG Systems International, Inc. respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice covers CSG Systems International, Inc. and its corporate affiliates and subsidiaries, including CSG Systems, Inc., CSG Interactive Messaging, Inc., CSG Media, LLC and Intec Billing, Inc. (collectively, “CSG” or “We”). For a full list of our global operating companies, please click here. This Privacy Notice only applies to personal information that we collect through our website at csgi.com (“Website”), from you at sales or promotional events or from third parties for marketing purposes. If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.
Data protection has always been a fundamental priority at CSG and safeguarding the personal information entrusted to us on behalf of our customers and employees is at the core of what we do.
What does CSG do?
CSG is a leading business support solutions provider and trusted partner, offering business support solutions, revenue management, customer experience and digital monetization solutions. CSG is headquartered in the United States but has subsidiaries throughout the world. For more information about CSG Systems International, Inc., please see the “About CSG” section of this Website.
What personal information does CSG collect?
Personal information means information that identifies you or allows us to contact you, like your name or email address. The personal information that we may collect about you broadly falls into the following categories:
- Information that you provide voluntarily
Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to subscribe to marketing communications from us, and/or to submit inquiries to us. We may also ask you to provide feedback or a testimonial which we may display on our website or in other promotional materials, with your agreement. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
- Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Union and/or European Economic Area (“EU/EEA”), this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, geographic location, and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further in our upcoming Cookie Notice.
- Information that we obtain from third party sources
From time to time, we may receive personal information about you from third party sources (including from companies that provide marketing lead information), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from third parties include your name and contact information and we use the information we receive from these third parties to provide you with information regarding our products and services, our industry insights and for other direct marketing purposes.
What does CSG use the personal information for?
We use the information collected about you for a variety of reasons, including for the following purposes, as applicable:
- To respond to your requests or provide you with information requested by you.
- To communicate with you about updates to the services.
- To provide, support, personalize, maintain and enhance the services.
- To comply with and enforce applicable legal requirements, agreements and policies.
- To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior and criminal activity.
- To allow businesses or third-party websites we’re affiliated with, who may sell or provide products or services to you through or in connection with the services (either alone or jointly with us).
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our services and to enhance, customize and improve our features, products and services.
- To perform other activities consistent with this Notice.
Personal Information Sharing
We may disclose your personal information to the following categories of recipients:
- Affiliated Companies. We may share personal information with companies that are affiliated with us (for example companies that control, are controlled by, or are under common control with us). We may also share information that is collected between websites that we, or our affiliates, control.
- Service Providers. We may share your personal information with companies that perform services for us, such as fulfilling orders, delivering packages, sending postal mail and e-mails, analyzing customer data, providing marketing assistance, investigating fraudulent activity, conducting customer surveys, and providing customer service.
- Behavioral Advertisers. We may permit third party behavioral advertisers to use technology to collect information about your use of our Website so that they can provide advertising about products and services tailored to your interest. That advertising may appear either on our Website, or on other websites.
- Potential Buyers. We may share your personal information if we sell all, or part, of our business, sell all, or part, of our business assets, or are otherwise involved in a merger or business acquisition.
- Any other parties to comply with a legal obligation; to protect the legal rights of (or otherwise participate in a legal process pertaining to) our company, our employees, our agents, our clients, and our affiliates, to protect the safety and security of our visitors, or to protect against fraud; or with your consent.
Legal basis for processing personal information (EU/EEA visitors only)
If you are a visitor from the EU/EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
How does CSG keep my personal information secure?
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you live. These countries may have data protection laws that are different to the laws of your country. Specifically, while our Website servers are located in the United States, and our affiliated companies and third-party service providers and partners operate around the work. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.
If we transmit personal information across national boundaries, we make reasonable efforts do so in compliance with any national laws that govern the cross-border transfer of information. For example, we have taken several steps to facilitate the transfer of personal information that we receive about residents of the European Union and Switzerland. These include self-certifying under the EU-U.S. Privacy Shield Framework, the Swiss–U.S. Privacy Shield Framework, and entering into appropriate standard contractual clauses.
Our standard contractual clauses can be provided to EU/EEA residents on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
CSG International, CSG Interactive Messaging, Inc., CSG Systems International, Inc, CSG Systems, Inc., Intec Billing, Inc., and CSG Media LLC (collectively, “CSG US”) comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce. CSG US is committed to subjecting all personal information received from the EU/EEA, in reliance on the Privacy Shield, to the Privacy Shield’s applicable principles. You may learn more about the Privacy Shield program here, and view our certification here.
CSG US is responsible for its collection, use, and disclosure of personal information in accordance with the Privacy Shield. CSG US may share personal information with third parties as described in the Personal Information Sharing section above. CSG US will exercise appropriate due diligence in the selection of such third parties and complies with the Privacy Shield principles for all onward transfers of personal information from the EU/EEA, including the onward transfer liability provisions. Regardless of any other provisions in this Notice, CSG US may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as may be otherwise permitted by the Privacy Shield.
You are entitled to access, review, and update your personal information as further described in the Your Data Subject Rights section below.
We encourage anyone with a complaint about our handling of your personal information under Privacy Shield to please contact us at DataPrivacy@csgi.com. If we are unable to satisfactorily resolve your complaint relating to the Privacy Shield, CSG has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed our complaint to your satisfaction, please contact or visit here for more information or to file a complaint. The services of JAMs are provided at no cost to you. CSG US is also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Privacy Shield. In addition, under certain conditions more fully described on the Privacy Shield website, you may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted. To learn more, please visit here.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so or to comply with applicable legal requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your data protection rights (EU/EEA data subjects only, including former CSG employees)
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us by contacting us here.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us here.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us here.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EU are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact our Executive Director of Global Privacy, Lindsay Martin at: DataPrivacy@csgi.com.
Information related to children
We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not use the Website or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please go to DataPrivacy@csgi.com.
Updates to this privacy notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
For our suppliers
Our suppliers that are personal data processors may access a security breach notification form here.
Job applicant data privacy notice
CSG Systems International Inc. and its affiliates (EU/EEA applicants, please see list of EU employers in Annex A) (“CSG”) care about the privacy of our job applicants (“you” or “your”) during the recruitment and application process. CSG is committed to processing your individually identifiable information (“personal data”) in accordance with fair information practices and applicable data protection and data privacy laws.
This notice (“Notice”) explains how CSG collects, uses, and processes the personal data of job applicants. (EU/EEA applicants, for a list of CSG entities in the EU who may be the prospective employer for the position for which you are applying, please see Annex A.) We may amend this Notice from time to time, should it become necessary to do so. This Notice may also be supplemented by other statements, as needed, to comply with local requirements in the country where you live.
II. COLLECTION AND USE OF PERSONAL DATA
A. Types of Personal Data We Collect About Job Applicants
In the normal course of the recruitment and application process, we may collect the following types of personal data:
- Personal Details: Name; birth date; national identification number; education and qualification details; professional work details; and passwords;
- Contact details: E-mail address; telephone number(s); and home address; and
- Qualifications and Talent Management Information: Details contained in letters of application and resume/CV; previous employment or work background; education history; professional qualifications; background check reports; and language and other relevant skills.
There may also be situations where we collect information that reveals information about your health, which is considered by EU data protection law as “sensitive personal data”. For example, you may need to provide us with information about your physical or mental condition so that we can provide work-related accommodations or to assess your fitness for a particular position.
- For EU/EEA Applicants Only
CSG will rely on the following legal grounds for the collection and processing of sensitive personal data:
- Express consent, as permitted by local data protection law;
- Carrying out the obligations and exercising the specific rights of CSG or you in the field of employment and social security and social protection law as permitted by EU or local data protection law or by a collective agreement;
- Establishing, exercising, or defending legal claims or as required whenever courts are acting in their judicial capacity; and
- For assessment of your working capacity, as permitted by local data protection law.
The provision of personal data as described in this Notice is partly a statutory requirement and partly a requirement necessary in order to carry out the potential employment relationship with you. In general, you are required to provide the personal data, except in limited instances when we indicate that the provision of certain information is voluntary. Not providing personal data may prevent CSG from carrying out the potential employment relationship with you.
If you are accepted for a job at CSG, the information collected during the recruitment process will form part of your ongoing employment record. You will be asked to provide additional information at the time in accordance with our applicable Data Privacy Notice.
If you are not successful, you can choose for us to keep your information on file for any future job openings. In such cases, we will retain your application information for one year. You can opt out of this at any time.
B. Sources of Personal Data
Usually you will have provided the information we hold about you but there may be situations where we collect personal data from other sources, such as references supplied by former employers and background check reports. We will seek this information only after the job offer has been made and we will inform you that we are seeking this information from other sources.
C. Purposes for Processing Personal Data and Legal Basis
CSG may collect and use your personal data for the following purposes:
- Management and Administration of Job Applicants: Strategic planning; making business travel arrangements; maintaining records relating to business activities; budgeting, financial management and reporting; communications; and monitoring activities if and as permitted by applicable law (including the monitoring telephone, email, Internet and other resources within the CSG group of companies);
- Planning and Allocating Work: Allocating assets and human resources within the CSG group of companies;
- Human Resources Management: Managing and administering the job application process; and operating and managing the IT and communications systems; and
- Compliance: Complying with applicable legal and other requirements, such as recordkeeping and reporting obligations; conducting audits; administration of the CSG compliance hotline; compliance with law enforcement and similar requests in accordance with applicable law; pursuing legal rights and remedies; defending litigation and managing any internal complaints or claims; and complying with internal policies and procedures.
- For EU/EEA Applicants Only
CSG will rely on the following legal grounds for the collection and processing of personal data:
- In order to take steps to enter into the employment contract with you;
- Legitimate interest of CSG, CSG’s affiliates or other third parties (such as existing or potential business partners, vendors, customers, governmental bodies, or courts) where the legitimate interest could be in particular:
- Implementation and operation of a group-wide matrix structure and group-wide information sharing,
- Prevention of fraud, misuse of CSG IT system, or money laundering,
- Operation of a whistleblowing/compliance hotline,
- Addressing physical security, IT and network security,
- Conducting internal investigations,
- Consent, as permitted by applicable law;
- Compliance with legal obligations, in particular in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws;
- Protection of your vital interests or of another individual;
- Adherence to CSG contractual obligations; and
- Performance of a task carried out in the public interest or in the exercise of official authority vested in CSG.
If CSG is relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us as described in Section J below. This will not however affect the lawfulness of the processing before your consent has been withdrawn.
D. Recipients of Personal Data
CSG takes care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal data, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the confidentiality and integrity of the information is maintained.
- We will share your personal data with other members of the CSG group of companies around the world for the purposes described in Section C above, in particular to manage and administer the job application process, as well as for other legitimate business purposes (such as IT services/security, tax and accounting purposes, general business management, and communicating with you, other CSG staff, and third parties).
- We make certain personal data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection law. For example, some personal data will be available to our employee benefit plans service providers and other third parties who provide us with services such as: job application administration, recruitment or executive search administration, background check administration, travel management, expenses reporting, and IT hosting and support.
- We make certain personal data available to existing or potential business partners, suppliers, independent external advisors (such as auditors), banks, insurance carriers, and other third parties to operate the business.
We may also disclose personal data to other third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, or to meet national security or law enforcement requests, including, but not limited to, a subpoena or search warrant;
- With your consent;
- As necessary to establish, exercise or defend against potential, threatened or actual litigation;
- Where necessary to protect the vital interests of another person; and
- In connection with the sale, assignment or other transfer of all or part of our business.
E. Transfer of Your Personal Data
CSG is a global group of companies headquartered in the United States. As CSG operates at a global level, we may need to transfer personal data to other countries outside of your home country, in particular to our parent company for management purposes. Transfers may also need to be made to other countries where we operate in order to communicate with your potential manager or other staff members regarding your potential employment relationship with CSG.
When we export your personal data to a different country, we will take necessary steps to ensure that such data exports comply with applicable laws and legislation. For example, for transfers of personal data from the European Economic Area (“EEA”) to other affiliates within the CSG group of companies located outside of the EEA, we have implemented intra-group Standard Contractual Clauses approved by the European Commission to enable the transfer of the personal data. For transfers from the EEA and Switzerland to the CSG locations in the United States, CSG has also joined the EU-U.S. Privacy Shield Framework, as further described in section F of this Notice. The Privacy Shield certification provides the primary legal basis for our internal transfers of personal data from our EEA or Swiss operations to our U.S. operations.
Where applicable, when we transfer your personal data to third parties outside of the EEA, we ensure that such transfers to countries not providing an adequate level of data protection are based on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.
You can request a copy of the appropriate safeguards by contacting us as set out in Section J, Questions and Comments, below.
F. (EU/EEA Applicants Only) Privacy Shield
CSG International, CSG Interactive Messaging, Inc., CSG Systems International, Inc, CSG Systems, Inc., Intec Billing, Inc., and CSG Media LLC (collectively, “CSG US”) comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce. CSG US is committed to subjecting all personal data received from the EU/EEA, in reliance on the Privacy Shield, to the Privacy Shield’s applicable principles. CSG US is responsible for its collection, use, and disclosure of personal data in accordance with the Privacy Shield. You may learn more about the Privacy Shield program here, and view our certification here.
i. Types of Personal Data Received and Purposes of Use
The types of personal data that CSG US may receive in the United States include all categories listed in section A above. CSG US may collect and use your personal data for the purposes listed in section C above.
ii. Choice, Onward Transfer, and Disclosures Required or Permitted by Law
CSG US may share personal data to third parties as described in section E of this Notice. CSG US will exercise appropriate due diligence in the section of such third parties and require that such third parties maintain reasonable precautions to protect and otherwise process personal data only as instructed by CSG US and for no other purposes. Moreover, CSG US is generally responsible for any harm to you resulting from CSG US’s disclosure of personal data to its third parties. CSG US intends to use personal data for the purposes for which it was originally collected and does not otherwise use personal data in a manner that is subject to choice requirements under the Privacy Shield. Regardless of any other provisions in this Notice, CSG US may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as may be otherwise permitted by the Privacy Shiel
iii. Access, Recourse, Enforcement, and Liability
You are entitled to access, review, and update your personal data as further described in Section H below. For any inquiries or complaints that cannot be resolved by contacting CSG as described in Section J, Questions and Comments, below, CSG US has committed to cooperate with the panel established by the EU Supervisory Authorities to serve as independent dispute resolution bodies for the Privacy Shield. CSG US is also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Privacy Shield. In addition, under certain conditions more fully described on the Privacy Shield website, you may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted. To learn more, please visit here.
G. Data Retention Periods
Personal data will be stored only as long as is necessary to carry out the purposes described in this Notice or as otherwise required by contractual agreements with third parties, law or other CSG policies. When CSG no longer needs to use your personal data, we will remove it from our systems and records and/or take steps to properly render it unintelligible so that you can no longer be identified from it.
H. (EU/EEA Applicants Only) Your Data Protection Rights
You have data protection rights provided under applicable laws (“Data Subject Rights”), which you may exercise by making a request to CSG. The Data Subject Rights are:
- Right to access personal data;
- Right to rectify personal data;
- Right to erasure of personal data (this right is also referred to as the ‘right to be forgotten‘);
- Right to restrict the processing of their personal data;
- Right to port personal data;
- Right to object to processing of personal data;
- Right not to be subject to automated decision making; and
- Right not to be sent direct marketing with your express consent.
You may learn more about these rights or exercise these rights by going to the CSG Data Rights Request Portal or by contacting us as set out in Section J, Questions and Comments, below. Please note that these rights might be limited under the national data protection law in your home country.
I. Updates to This Notice
This Notice may be updated periodically to reflect any necessary changes in our privacy practices. Where such changes will materially affect your privacy rights, we will inform you through the job application portal and indicate at the top of the Notice when it was most recently updated. We encourage you to check back on this Notice periodically so that you are aware of the most recent version of it.
J. Questions and Comments
You can address any questions or comments relating to this Notice and our privacy practices, including our participation in the Privacy Shield, to firstname.lastname@example.org. You have a right to lodge any complaints with the appropriate data protection supervisory authority although we ask that you raise your objections directly with CSG in the first instance.
ANNEX A – LIST OF CSG EMPLOYERS AND CONTRACTING ENTITIES IN THE EU/EEA
Independent Technology Systems Limited
Wells Court, Albert Drive
Volubill Danmark Aps
TMF Denmark A/S, Købmagergade 60, 1 sal tv, 1150 Copenhagen K, Denmark
Söder Mälarstrand 29 11825
Intec Billing Ireland Ltd
IDA Business Park
Intec Telecom Systems (France) SARL
15 Rue Scribe
9th District, 75009
Independent Technology Systems SL Unlpersonal
198 Calle Aribau
Intec Telecom Systems Deutschland GmbH
Intec Telecom Systems Italia Spa
Via Monte di Pietà
21 – 20121 Milan