CSG Systems International, Inc. respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, the user of the CSG web site acting on behalf of yourself or the business entity you represent (“You”, “Your”, or “Yourself”), and how You can exercise Your privacy rights. This Privacy Notice covers CSG Systems International, Inc. and its corporate affiliates and subsidiaries, including CSG Systems, Inc., CSG Interactive Messaging, Inc., CSG Media, LLC and Intec Billing, Inc. (collectively, “CSG” or “We”). For a full list of our global operating companies, please click here. This Privacy Notice only applies to personal information that We collect through our website at csgi.com (“Site”), from Your use of CSG’s systems, applications, and services (the “Services”), from You at sales or promotional events or from third parties for marketing purposes. If You have any questions or concerns about our use of Your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
We recommend that You read this Privacy Notice in full to ensure You are fully informed. However, if You only want to access a particular section of this Privacy Notice, then You can click on the relevant link below to jump to that section.
Data protection has always been a fundamental priority at CSG and safeguarding the personal information entrusted to us on behalf of our customers and employees is at the core of what we do.
CSG is a leading business support solutions provider and trusted partner, offering business support solutions, revenue management, customer experience and digital monetization solutions. CSG is headquartered in the United States but has subsidiaries throughout the world. For more information about CSG Systems International, Inc., please see the “About CSG” section of this Site.
Personal information means information that identifies You or allows us to contact You, like Your name or email address. The personal information that we may collect about You, or have collected about you in the past 12 months, broadly falls into the following categories:
Certain parts of our Site or certain Services that You use may ask You to provide personal information voluntarily: for example, we may ask You to provide Your contact details in order to subscribe to marketing communications from us, and/or to submit inquiries to us. We may also ask You to provide feedback or a testimonial which we may display on our website or in other promotional materials, with Your agreement. The personal information that You are asked to provide, and the reasons why You are asked to provide it, will be made clear to You at the point we ask You to provide Your personal information.
When You visit our Site or use our Services, we may collect certain information automatically from Your device. In some countries, including countries in the European Union and/or European Economic Area (“EU/EEA”), this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like Your IP address, device type, unique device identification numbers, browser-type, geographic location, and other technical information. We may also collect information about how Your device has interacted with our Site or our Services, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Site or use our Services, where they come from, and what content on our Site or connected to our Services is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Site and our Services to our visitors and customers.
Some of this information may be collected using cookies and similar tracking technology, as explained further in our upcoming Cookie Notice.
From time to time, we may receive personal information about You from third party sources (including from companies that provide marketing lead information), but only where we have checked that these third parties either have Your consent or are otherwise legally permitted or required to disclose Your personal information to us.
The types of information we collect from third parties include Your name and contact information and we use the information we receive from these third parties to provide You with information regarding our products and services, our industry insights and for other direct marketing purposes.
We use the information collected about You for a variety of reasons, including for the following purposes, as applicable:
We may disclose, or in the past 12 months have disclosed, Your personal information to the following categories of recipients:
If You are a visitor from the EU/EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from You only where we have Your consent to do so, where we need the personal information to perform a contract with You or where the processing is in our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms.
If You have questions about or need further information concerning the legal basis on which we collect and use Your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
We use appropriate technical and organizational measures to protect the personal information that we collect and process about You. The measures we use are designed to provide a level of security appropriate to the risk of processing Your personal information.
Your personal information may be transferred to, and processed in, countries other than the country in which You live. These countries may have data protection laws that are different to the laws of Your country. Specifically, while our Site servers are located in the United States, our affiliated companies and third-party service providers and partners operate around the world. This means that when we collect Your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that Your personal information will remain protected in accordance with this Privacy Notice.
If we transmit personal information across national boundaries, we make reasonable efforts do so in compliance with any national laws that govern the cross-border transfer of information. For example, we have taken several steps to facilitate the transfer of personal information that we receive about residents of the European Union and Switzerland. These include self-certifying under the EU-U.S. Privacy Shield Framework, the Swiss–U.S. Privacy Shield Framework, and entering into appropriate standard contractual clauses.
Our standard contractual clauses can be provided to EU/EEA residents on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
CSG International, CSG Interactive Messaging, Inc., CSG Systems International, Inc, CSG Systems, Inc., Intec Billing, Inc., and CSG Media LLC (collectively, “CSG US”) comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce. CSG US is committed to subjecting all personal information received from the EU/EEA, in reliance on the Privacy Shield, to the Privacy Shield’s applicable principles. You may learn more about the Privacy Shield program here, and view our certification here.
CSG US is responsible for its collection, use, and disclosure of personal information in accordance with the Privacy Shield. CSG US may share personal information with third parties as described in the Personal Information Sharing section above. CSG US will exercise appropriate due diligence in the selection of such third parties and complies with the Privacy Shield principles for all onward transfers of personal information from the EU/EEA, including the onward transfer liability provisions. Regardless of any other provisions in this Notice, CSG US may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as may be otherwise permitted by the Privacy Shield.
You are entitled to access, review, and update Your personal information as further described in the Your Data Subject Rights section below.
We encourage anyone with a complaint about our handling of Your personal information under Privacy Shield to please contact us at [email protected]. If we are unable to satisfactorily resolve Your complaint relating to the Privacy Shield, CSG has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If You do not receive timely acknowledgment of Your complaint from us, or if we have not addressed our complaint to Your satisfaction, please contact or visit here for more information or to file a complaint. The services of JAMs are provided at no cost to You. CSG US is also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Privacy Shield. In addition, under certain conditions more fully described on the Privacy Shield website, You may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted. To learn more, please visit here.
We retain personal information we collect from You where we have an ongoing legitimate business need to do so or to comply with applicable legal requirements.
When we have no ongoing legitimate business need to process Your personal information, we will either delete or anonymize it or, if this is not possible (for example, because Your personal information has been stored in backup archives), then we will securely store Your personal information and isolate it from any further processing until deletion is possible.
You have the following data protection rights:
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Your data protection rights (CALIFORNIA RESIDENTS only)
The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents) with specific rights regarding their personal information. This section describes Your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that We disclose certain information to You about our collection and use of Your personal information over the past 12 months. Once We receive and confirm Your verifiable consumer request, We will disclose to You:
Deletion Request Rights
You have the right to request that We delete any of Your personal information that We collected from You and retained, subject to certain exceptions. Once We receive and confirm Your verifiable consumer request, We will delete (and direct our service providers to delete) Your personal information from our records, unless an exception applies.
We may deny Your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
You may learn more about these rights or exercise these rights by going to the CSG Data Rights Request Portal or by contacting us as set out in the How to Contact Us section below.
Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable consumer request related to Your personal information. You may also make a verifiable consumer request on behalf of Your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to Your request or provide You with personal information if We cannot verify Your identity or authority to make the request and confirm the personal information relates to You. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If We require more time We will inform You of the reason and extension period in writing. We will deliver our written response by mail or electronically, at Your option. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell You why We made that decision and provide You with a cost estimate before completing Your request.
If You have any questions or concerns about our use of Your personal information, please contact our Executive Director of Global Privacy, Lindsay Martin at: [email protected].
We do not knowingly collect or solicit personal information from anyone under the age of 16. If You are under 16, please do not use the Site or send any personal information about Yourself to us. If We learn that We have collected personal information from a child under age 16, We will delete that information as quickly as possible. If You believe that a child under 16 may have provided us personal information, please go to [email protected].
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When We update our Privacy Notice, We will take appropriate measures to inform You, consistent with the significance of the changes We make. We will obtain Your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
Our suppliers that are personal data processors may access a security breach notification form here.
CSG Systems International Inc. and its affiliates (EU/EEA applicants, please see list of EU employers in Annex A) (“CSG”) care about the privacy of our job applicants (“You” or “Your”) during the recruitment and application process. CSG is committed to processing Your individually identifiable information (“personal data”) in accordance with fair information practices and applicable data protection and data privacy laws.
This notice (“Notice”) explains how CSG collects, uses, and processes the personal data of job applicants. (EU/EEA applicants, for a list of CSG entities in the EU who may be the prospective employer for the position for which You are applying, please see Annex A.) We may amend this Notice from time to time, should it become necessary to do so. This Notice may also be supplemented by other statements, as needed, to comply with local requirements in the country where You live.
COLLECTION AND USE OF PERSONAL DATA
Types of Personal Data We Collect About Job Applicants
In the normal course of the recruitment and application process, We may collect the following types of personal data:
There may also be situations where We collect information that reveals information about Your health, which is considered by EU data protection law as “sensitive personal data”. For example, You may need to provide us with information about Your physical or mental condition so that We can provide work-related accommodations or to assess Your fitness for a particular position.
For EU/EEA Applicants Only
CSG will rely on the following legal grounds for the collection and processing of sensitive personal data:
The provision of personal data as described in this Notice is partly a statutory requirement and partly a requirement necessary in order to carry out the potential employment relationship with You. In general, You are required to provide the personal data, except in limited instances when We indicate that the provision of certain information is voluntary. Not providing personal data may prevent CSG from carrying out the potential employment relationship with You.
If You are accepted for a job at CSG, the information collected during the recruitment process will form part of Your ongoing employment record. You will be asked to provide additional information at the time in accordance with our applicable Data Privacy Notice.
If You are not successful, You can choose for us to keep Your information on file for any future job openings. In such cases, We will retain Your application information for one year. You can opt out of this at any time.
Sources of Personal Data
Usually You will have provided the information We hold about You but there may be situations where We collect personal data from other sources, such as references supplied by former employers and background check reports. We will seek this information only after the job offer has been made and We will inform You that We are seeking this information from other sources.
Purposes for Processing Personal Data and Legal Basis
CSG may collect and use Your personal data for the following purposes:
For EU/EEA Applicants Only
CSG will rely on the following legal grounds for the collection and processing of personal data:
If CSG is relying on Your consent to process Your personal data, You have the right to withdraw Your consent at any time by contacting us as described in Section J below. This will not hoWever affect the lawfulness of the processing before Your consent has been withdrawn.
Recipients of Personal Data
CSG takes care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever We permit a third party to access personal data, We will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the confidentiality and integrity of the information is maintained.
We may also disclose personal data to other third parties on other lawful grounds, including:
Transfer of Your Personal Data
CSG is a global group of companies headquartered in the United States. As CSG operates at a global level, We may need to transfer personal data to other countries outside of Your home country, in particular to our parent company for management purposes. Transfers may also need to be made to other countries where We operate in order to communicate with Your potential manager or other staff members regarding Your potential employment relationship with CSG.
When We export Your personal data to a different country, We will take necessary steps to ensure that such data exports comply with applicable laws and legislation. For example, for transfers of personal data from the European Economic Area (“EEA”) to other affiliates within the CSG group of companies located outside of the EEA, We have implemented intra-group Standard Contractual Clauses approved by the European Commission to enable the transfer of the personal data. For transfers from the EEA and Switzerland to the CSG locations in the United States, CSG has also joined the EU-U.S. Privacy Shield Framework, as further described in section F of this Notice. The Privacy Shield certification provides the primary legal basis for our internal transfers of personal data from our EEA or Swiss operations to our U.S. operations.
Where applicable, when We transfer Your personal data to third parties outside of the EEA, We ensure that such transfers to countries not providing an adequate level of data protection are based on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.
You can request a copy of the appropriate safeguards by contacting us as set out in Section J, Questions and Comments, below.
(EU/EEA Applicants Only) Privacy Shield
CSG International, CSG Interactive Messaging, Inc., CSG Systems International, Inc, CSG Systems, Inc., Intec Billing, Inc., and CSG Media LLC (collectively, “CSG US”) comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce. CSG US is committed to subjecting all personal data received from the EU/EEA, in reliance on the Privacy Shield, to the Privacy Shield’s applicable principles. CSG US is responsible for its collection, use, and disclosure of personal data in accordance with the Privacy Shield. You may learn more about the Privacy Shield program here, and view our certification here.
Types of Personal Data Received and Purposes of Use
The types of personal data that CSG US may receive in the United States include all categories listed in section A above. CSG US may collect and use Your personal data for the purposes listed in section C above.
Choice, Onward Transfer, and Disclosures Required or Permitted by Law
CSG US may share personal data to third parties as described in section E of this Notice. CSG US will exercise appropriate due diligence in the selection of such third parties and require that such third parties maintain reasonable precautions to protect and otherwise process personal data only as instructed by CSG US and for no other purposes. Moreover, CSG US is generally responsible for any harm to You resulting from CSG US’s disclosure of personal data to its third parties. CSG US intends to use personal data for the purposes for which it was originally collected and does not otherwise use personal data in a manner that is subject to choice requirements under the Privacy Shield. Regardless of any other provisions in this Notice, CSG US may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as may be otherwise permitted by the Privacy Shield.
Access, Recourse, Enforcement, and Liability
You are entitled to access, review, and update Your personal data as further described in Section H below. For any inquiries or complaints that cannot be resolved by contacting CSG as described in Section J, Questions and Comments, below, CSG US has committed to cooperate with the panel established by the EU Supervisory Authorities to serve as independent dispute resolution bodies for the Privacy Shield. CSG US is also subject to the investigatory and enforcement poWers of the Federal Trade Commission with respect to the Privacy Shield. In addition, under certain conditions more fully described on the Privacy Shield Website, You may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted. To learn more, please visit here.
Data Retention Periods
Personal data will be stored only as long as is necessary to carry out the purposes described in this Notice or as otherwise required by contractual agreements with third parties, law or other CSG policies. When CSG no longer needs to use Your personal data, We will remove it from our systems and records and/or take steps to properly render it unintelligible so that You can no longer be identified from it.
(EU/EEA Applicants Only) Your Data Protection Rights
You have data protection rights provided under applicable laws (“Data Subject Rights”), which You may exercise by making a request to CSG. The Data Subject Rights are:
You may learn more about these rights or exercise these rights by going to the CSG Data Rights Request Portal or by contacting us as set out in Section J, Questions and Comments, below. Please note that these rights might be limited under the national data protection law in Your home country.
Updates to This Notice
This Notice may be updated periodically to reflect any necessary changes in our privacy practices. Where such changes will materially affect Your privacy rights, We will inform You through the job application portal and indicate at the top of the Notice when it was most recently updated. We encourage You to check back on this Notice periodically so that You are aware of the most recent version of it.
Questions and Comments
You can address any questions or comments relating to this Notice and our privacy practices, including our participation in the Privacy Shield, to [email protected]. You have a right to lodge any complaints with the appropriate data protection supervisory authority although We ask that You raise Your objections directly with CSG in the first instance.
ANNEX A – LIST OF CSG EMPLOYERS AND CONTRACTING ENTITIES IN THE EU/EEA
Independent Technology Systems Limited
Wells Court, Albert Drive
Volubill Danmark Aps
TMF Denmark A/S, Købmagergade 60, 1 sal tv, 1150 Copenhagen K, Denmark
Söder Mälarstrand 29 11825
Intec Billing Ireland Ltd
IDA Business Park
Intec Telecom Systems (France) SARL
15 Rue Scribe
9th District, 75009
Independent Technology Systems SL Unlpersonal
198 Calle Aribau
Intec Telecom Systems Deutschland GmbH
Intec Telecom Systems Italia Spa
Via Monte di Pietà
21 – 20121 Milan