Data protection has always been a fundamental priority at CSG and safeguarding the personal information entrusted to us on behalf of our customers and employees is at the core of what we do.
What Information Do We Collect
We collect personal data about our clients, their customers, people that have expressed interest in obtaining information from us, our suppliers, and our employees.
We attempt to collect only personal data that we need to carry out a specific purpose. As a result, the type of personal data that we collect differs depending upon the person from whom we are collecting it and the purpose for which it is being collected. For example, our clients may provide us with information relating to their customer’s accounts including name, address, and telephone number in order to allow us to service those accounts. As another example, we may collect salary, health, payroll, and demographic information from our employees in order to pay them or provide them with benefits. For those who visit our website, we may collect their contact information if they submit a question.
How Do We Use Information
We use personal data that we collect directly from people for the purposes that are disclosed to the person that provided the data to us, or for purposes that they would reasonably expect. For example, if a person sends us an email they reasonably expect that we may use their email address to respond to them. If you would like to limit our use of your personal data, you can make such a request by contacting us using the information provided in the section below called “How to Communicate With Us.” For example, if you provided personal data to us in order to obtain information about our services you can request that we no longer use your information for future contact concerning service offerings.
We use personal data that we receive from our clients in order to perform services for them. Our clients decide how we will use that data and we do not use it for purposes other than those to which we are directed.
How Do We Collect Information
We typically collect personal data directly from people or directly from our clients. When individuals visit our website, however, we may collect information using certain automated technologies including cookies, or web logs.
Cookies are small text files that are stored on your computer or mobile device. They are used on our website to make our website work, or work in a better, more efficient way. They can do this because websites can read and write these files, enabling them to recognize you and remember important information that will make your use of a website more convenient (e.g., by remembering preference settings). More detailed information about cookies can be found by searching the Internet using the search term “browser cookies”.
We may collect and use the following types of cookies:
- Strictly Necessary Cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/Performance Cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality Cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences.
- Targeting Cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. For more information on tracking cookies, please visit the Internet Advertising Bureau’s guide at http://www.youronlinechoices.eu
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. For more information on how to manage cookies in your browser, please visit http://www.allaboutcookies.org/manage-cookies/.
With Whom Do We Share Information
We may share personal data in the following situations:
- Affiliated Companies. We may share personal data with companies that are affiliated with us (for example companies that control, are controlled by, or are under common control with us). We may also share information that is collected between websites that we, or our affiliates, control. Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. At this time we do not modify your experience based upon whether such a signal is broadcast.
- Service Providers. We may share your personal data with companies that perform services for us, such as fulfilling orders, delivering packages, sending postal mail and e-mails, analyzing customer data, providing marketing assistance, investigating fraudulent activity, conducting customer surveys, and providing customer service. If we share your personal data with a service provider, and that entity takes an action that is contrary to the principles permitted under applicable law, we shall be liable for those actions unless we prove that we were not responsible for causing them.
- Behavioral Advertisers. We may permit third party behavioral advertisers to use technology to collect information about your use of our websites so that they can provide advertising about products and services tailored to your interest. That advertising may appear either on our website, or on other websites.
- Protection. We may share your personal data in order to protect the legal rights of our company, our employees, our agents, our clients, and our affiliates, to protect the safety and security of our visitors, or to protect against fraud.
- Legal Process. We may share your personal data to comply with law or a legal process.
- Government Investigations. We may share your personal data if we receive a lawful request by a public authority. This may include a request by a government agency with responsibility for national security or law enforcement.
- Business Transition. We may share your personal data if we sell all, or part, of our business, sell all, or part, of our business assets, or are otherwise involved in a merger or business acquisition.
- Consent. We may share your personal data if you direct us to do so, or provide your consent to our doing so.
How Do We Share Information Across Borders
If we transmit personal data across national boundaries, we attempt to do so in compliance with any national laws that govern the cross-border transfer of information. For example, we have taken several steps to facilitate the transfer of personal data that we receive about residents of the European Union and Switzerland. These include enacting Binding Corporate Rules, self-certifying under the EU-U.S. Privacy Shield Framework, the Swiss – U.S. Privacy Shield Framework, and using standard contractual clauses.
CSG complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. CSG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
The EU-U.S. Privacy Shield Framework is a legal framework between the European Union and the United States under which personal data can be transferred to an organization in the United States, like CSG, that has certified its compliance with the principles of the framework and is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Standard contractual clauses refer to clauses that the European Union Commission has determined provide an adequate level of protection for data that is transferred outside of the European Economic Area. CSG may use pre-approved standard contractual clauses if it transfers personal data to a service provider that is outside of the EEA, and is located in a country that the European Union does not recognize as having adequate legal structures for protecting personal data.
How Do We Protect Information
We realize that people trust us to protect their personal data. Although we have implemented reasonable and appropriate technical and organization measures that are designed to help protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction, no security system is perfect and we cannot promise that information about you will remain secure in all circumstances.
Your Ability To Access Information
You can ask CSG what, if any, personal data we maintain about you. Although we will attempt in good faith to respond to your request, we may not be able to do so in all situations. For example, we may not be able to respond to your request if it imposes an undue burden or expense, requires us to release confidential commercial information, or requires the disclosure of information relating to another person. If you would like to make a request please refer to the “How to Communicate With Us” section below.
Your Ability To Correct or Modify Information
If the personal data that we maintain about you is inaccurate you can ask that we correct it. Although we will attempt in good faith to respond to your request, we may not be able to make the correction in all situations. For example, we may not be able to correct information about you if it would impose an undue burden or expense, or if it would require us to change information relating to another person. If you would like to make a request to correct or modify information please refer to the “How to Communicate With Us” section below.
Your Ability To Delete Information
You can ask CSG to delete personal data that we maintain about you. Although we will attempt in good faith to respond to your request, we may not be able to do so in all situations. For example, we may not be able to delete information if it imposes an undue burden or expense, if we are required by law to maintain it, or if we need it in order to comply with contractual obligations. If you would like to make a request to delete information please refer to the “How to Communicate With Us” section below.
How To Communicate With Us
You can contact us with any questions, concerns, or requests involving personal data by sending a message to the following address or via email:
Chief Compliance Office
Attn: Chief Compliance Officer
6175 S. Willow Drive
Greenwood Village, CO 80111
If we are required to communicate with you concerning your personal data we may choose to do so by email, mail, or telephone.
If you are a supplier that needs to report a security breach to CSG, please contact us via this form.
How To Raise Complaints
We encourage anyone with a complaint about our collection or use of your personal information (including if and as applicable, an EU or Swiss individual with an inquiry or complaint relative to our Privacy Shield policy or implementation of the corresponding Privacy Shield Principles) to bring it to the attention of our Chief Compliance Officer, whose contact information can be found in the “How to Communicate With Us” section.
If you are dissatisfied with the response that you receive, the Chief Compliance Officer will notify you of particular forums for which CSG has agreed to adjudicate the type of complaint that you raised. For example, if your complaint relates to the transfer of information outside of the EU you may have a right to submit your complaint to the data protection authority in your member state, an alternative dispute resolution (ADR) services provider, the United States Department of Commerce, and, in some cases, to binding arbitration before a panel convened by the Department of Commerce. CSG has specifically committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In addition to its commitment to JAMS, CSG further commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner’s authority (as applicable) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland, respectively, in the context of the employment relationship.
Changes to Our Privacy Policies
Effective Date: November 14, 2016
Last Modified: May 3, 2017