Privacy & Cookies
To view CSC’s Privacy Shield Framework Compliance Statement for Data Privacy, please click here: https://www.cscglobal.com/service/csc/privacy.
CSC is subject to the investigatory and enforcement authority of the United States Federal Trade Commission.
1. Personal data
This Privacy Statement applies to personal data submitted to us through this website and CSC’s various service applications.
Any questions or concerns about the interpretation or operation of this Policy or about what may or may not be done with regard to personal information should be directed in the first instance to our legal department, which can be contacted at +1 (302) 636-5400.
4. What information we collect, and why
The information we collect from you may include the following: your name, gender, date of birth, home, and work contact details such as business title, email address, IP address, telephone number, country in which you reside, payment information, purchase history, and your reviews and opinions about our products and services. Some CSC services may require additional information which we will inform you of when we request such information.
4.1. Information provided by you
If you use this website or its various applications, you may be required to provide the following information as part of registration: first name, last name, company name, title, address, city, state, zip, telephone, email address, preferred method of contact (email, phone, postal), account number, service and product interest information, and intended use of services or products. In addition, you may choose to provide additional information relating to yourself or your companies to take advantage of different services available on this website.
We generally do not require you to provide sensitive personal data, such as that which reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life.
4.2. Log files
We also periodically gather certain information automatically and store it in log files. This information includes browser type, Internet service provider, referring/exit pages, operating system, date/time stamp, and click-stream data.
4.3.1. What are cookies?
Cookies can be removed from your browser in two ways: automatically (when they expire), or when you manually delete them. We’ve included more details below to help you understand what kinds of cookies we use and how you can manage them.
CSC’s primary reason for using cookies is to make our website work more effectively.
4.3.3. What kinds of cookies does Corporation Service Company use and why?
- Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser. We use session cookies to grant our customers access to content and to enable commenting.
- Persistent cookies: These usually have an expiration date in the distant future and remain in your browser until they expire or you manually delete them. Persistent cookies may be used for a variety of purposes including remembering our users’ preferences and choices when using our site or to target advertising.
- First- and third-party cookies: Whether a cookie is “first” or “third” party refers to the website or domain placing the cookie. In basic terms, first-party cookies are set by a website visited by the user—the website displayed in the URL window. Third-party cookies are cookies that are set by a domain, such as google.com, other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website, this would be a third-party cookie.
4.3.4. What other cookies might you encounter on the CSC website?
We may also use third-party cookies on the site. In keeping with our policies, these session or persistent cookies are set only by trusted partners of Corporation Service Company.
If you prefer not to receive cookies through our website you can set your browser to either reject all cookies (see below), to allow only “trusted” websites to set them, or to accept only those cookies from those sites you currently use. If you access our website in Europe, you can refuse to click the “I accept” box or click the “I disagree” box when you are presented with a cookie notice on our homepage.
When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
4.3.5. Cookies we do not use
We do not use flash cookies (sometimes known as local shared objects or LSOs).
4.3.7. Will the site work if you disable cookies?
You can browse our site with cookies disabled, though some interactions may not work properly.
4.3.8. EU cookie law
4.3.9. Manage your cookies
There are several ways you can manage your cookie settings and preferences.
- Learn about cookies: http://www.allaboutcookies.org/
- US Based:
- UK Based
- DoubleClick opt-out page
- Manage companies' cookies (US) or EU based
- Manage cookies in your web browser
4.4. Children's information
We do not knowingly collect information from children under the age of 18 and we do not target our websites to children under 18. If we determine that an individual under the age of 18 has submitted information to this site, we delete that information.
5. Use of your personal data
We may use the personal data we collect:
- to provide you with information, goods, or services which you have requested;
- to contact you in connection with support-related activities;
- to contact you in the event that we have announcements regarding this website or the applications within this website;
- to fulfill any other purpose for which you provided it;
- for billing and collection purposes;
- to analyze the use of our websites;
- in any other way we may describe when you provide the data; or
- for any other purpose with your consent
We may also use your personal data to contact you about our own goods and services that may be of interest to you. If you do not want us to use your information in this way, or any of the ways described above, please (i) contact us at the address below, (ii) check the relevant box or ensure the relevant box is checked on the form on which we collect your personal data for this purpose, or (iii) follow the unsubscribe instructions in the email or other communication you have received.
5.1. Log files
Log files give us a general picture of who is visiting our website and which pages are viewed most often. Log files are collected mainly for research purposes to see what pages, services and information are of greatest interest to current and potential clients.
6. Disclosure and transfer of your information
6.1. Corporation Service Company affiliates and service providers
We may disclose your personal data on a need-to-know basis to any member of our company group. Some affiliates of Corporation Service Company have their own websites with their own unique privacy policies, tailored to the services they provide. We encourage you to read those privacy policies carefully when you visit those affiliated sites.
From time to time, we may engage our affiliated entities or other carefully selected third parties to provide services on our behalf, in particular to collect, process, and use your personal data as required to provide services to you. We may disclose your information to such service providers in compliance with applicable data protection law, and provided that they agree to use your information only for the purposes of providing the services. We will not disclose your personal data to a third party data controller without complying with the Privacy Shield Principles including those relating to notice and choice unless otherwise required by law.
When using third-party vendors or agents to which CSC intends to transfer personal data, CSC shall perform adequate due diligence to help ensure the security of such information, including ensuring that such third party has entered into a written agreement with CSC requiring the third party to provide at least the same level of privacy protection as is required by the Privacy Shield Framework. CSC shall continue to be liable under the Privacy Shield Principles if third parties to which CSC has transferred personal data for processing on CSC’s behalf do so in a manner that is inconsistent with the Privacy Shield Principles. However, CSC will not be liable if it can prove that it is not responsible for the event that caused damage.
6.2. Transfers overseas
The personal data we receive will be held on our computers and systems in the United States and may be accessed by or given to our staff, one of our affiliates or carefully selected suppliers working in the United States or otherwise outside the European Economic Area. By submitting your information to us, you agree to this transfer, storing and processing of your personal data for the purposes which you provided the information.
7. Revocation of consent
You may revoke your consent to your information being used by us. To revoke your consent, please contact us between the hours of 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: +1 (302) 636-5400.
We will promptly process your request, but you may continue to receive some communications from us while your request is being processed. Thereafter, we may still communicate with you to respond to your new inquiries or in connection with services you have engaged.
8. Website links to other sites
For your convenience, our website may contain links to websites that are owned or operated by third parties not affiliated with Corporation Service Company. We can make no promises or guarantees regarding personal data collection or privacy practices on websites that are not owned or operated by Corporation Service Company. We strongly suggest that you review each such third parties’ privacy policies before providing any personal data to them. These other sites may send their own cookies to users, collect data, or solicit personal data. You should contact these entities directly if you have any questions about their use of the information that they collect.
9. Steps we take to ensure your privacy
The security of your personal data is important to us. We use generally accepted, industry standard tools and techniques to protect your personal data against unauthorized disclosure. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.
9.1. Perimeter security
We use firewalls to secure the perimeter of our information network and monitor our systems regularly.
An authentication and authorization mechanism based on user identification (ID) and password is used to restrict access to information on Corporation Service Company’s websites. Each authenticated user only has access to the information that he or she is authorized to use. We use physical, administrative, and technical procedures to limit access to personal information.
9.3. Transaction security
All personal data exchanged between our servers and your web browser is encrypted using Secure Sockets Layer.
10. Social engineering (our employees)
All of our employees are made aware of and reminded of our Confidentiality of Client Information Policy regularly, and must acknowledge that they have received and read it.
11. Steps you can take to ensure your privacy
Remember that you play a vital role in ensuring the security of your information on this website and the applications within. Here are a few steps you can take to maintain the privacy of your information:
11.1. Managing your personal data
Registration for access to this website requires that you provide personal data (including name, company name, company address, including city, state, country, zip code, company email address, and company phone number). It is your responsibility to make sure this information is accurate and current. If your personal data changes, you should update it by logging into the site and visiting the account detail page or by contacting us using the contact details above. If you require assistance to update this information, you may contact our Customer Service staff from 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: +1 (302) 636-5400.
We will process all information update requests in a timely manner.
11.2. Safeguard passwords
You should take the necessary precautions to safeguard your user ID and password to prevent unauthorized access to your personal data stored on this website and the applications within. If you feel that your user ID and password have been compromised, access our website and reset your password or contact our Technical Support staff immediately between the hours of 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: +1 (302) 636-5400.
Your password will be reset and emailed to you at the address maintained on record.
11.3. Erase temporary files
Any information you entered during your session may be temporarily stored in the memory storage area of your computer. Closing the browser will erase this information if you have your browser set to automatically erase temporary files when it is closed.
11.4. Use of a firewall
Consider using a firewall to help prevent unauthorized access to your network or personal computer, especially if you are using a DSL or cable modem to access the Internet.
12. Access to your information
CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.
12.1. Suspected or known security events
CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, and/or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.
13. Contact details and independent recourse mechanism
CSC has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-Privacy-Shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. For additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
CSC commits to cooperate with the panel established by the EU data protection authorities and to comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship.
14. Controller and local representatives
Corporation Service Company, 2711 Centerville Road, Wilmington, DE 19808, United States, acts as controller in the meaning of the Directive 95/46/EC when collecting, processing, and using personal data collected through this website. Our local representative in the United Kingdom is Corporation Service Company (UK) Limited, 40 Bank Street, 29th Floor, London E14 5DS, United Kingdom. Our local representative in Germany is Corporation Service Company (DBS) GmbH, Borsigstrasse 20, 65205 Wiesbaden, Germany.
Complaints or concerns about this Policy should be directed to our legal department who can be contacted at +1 (302) 636-5400. We will investigate and attempt to resolve such complaints in accordance with the principles contained in this Policy.
U.S. - Swiss Safe Harbor Compliance Statement
U.S. - Swiss Safe Harbor Compliance Statement for Data Privacy
At Corporation Service Company (CSC), we recognize the importance of securing the private information of our customers, employees, and business partners, and we strive to safeguard the personal information (defined below) we collect and use. This U.S. - Swiss Safe Harbor Compliance Statement for Data Privacy (Statement) sets out the privacy principles published by the U.S. Department of Commerce as part of the Safe Harbor Framework relating to personal information transferred from Switzerland to the United States.
CSC complies with these principles insofar as they are applicable to CSC’s business. CSC shall not be responsible for the compliance of its customers in Switzerland or the data privacy laws and regulations of any country.
Certain words and phrases are defined within this Statement. In addition, the words set out below have the following meaning:
- “Personal information” or “personal data” means any information or set of information that identifies an individual, or could be used by or on behalf of CSC to identify an individual. Personal information does not include information which is encrypted or anonymous.
Seven Safe Harbor privacy principles
- Notice – Companies collecting personal data must notify data subjects that they are collecting their personal data, and state the purpose for collecting such data. The company must identify to whom the data will be disclosed and provide notice about how data subjects can contact the company with complaints or questions and how disclosure of their personal information can be limited.
- Choice – The data subjects must be given a clear and conspicuous choice to opt-out of allowing their information to be disclosed to third parties or used for a purpose which is incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, data subjects must be given the affirmative or explicit choice whether their information is given to a third party or purpose other than its original purpose or the purpose authorized subsequently by the individual.
- Onward transfer of data to third parties – Where a company or organization wishes to transfer information to a third party, it must apply the “notice” and “choice” principles. Where a company or organization wishes to transfer to a third party acting as agent, it may do so if it first either ascertains that the third party subscribes to the Safe Harbor, is subject to the Swiss or some other qualifying rule, or enters into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the Safe Harbor. If a company meets this requirement, it will not be held responsible if the third party handles data in a way contrary to any restrictions or representations, unless the company knew or should have known that the third party would process the data in such a contrary way and took no reasonable steps to prevent or stop such activity. As an alternative, the organization can enter into a written agreement with the third party requiring that the third party provide at least the same level of privacy protection as is required by these principles.
- Access – Companies must allow data subjects to access their personal data and to correct erroneous information, unless the burden of providing access is greater than the risks associated with the erroneous information or giving access to the information would violate another person’s rights. This requirement is subject to the reasonableness standard. In the event a data subject corrects their personal data, the Company will ensure such changes are updated in the corresponding records storage at CSC.
- Security – Companies must take reasonable measures to protect personal information from tampering, destruction, loss, misuse, alteration, disclosure, unauthorized access, and any other potential abuses.
- Data integrity – Companies collecting personal data must have reasonable procedures designed to keep the information reliable, accurate, complete, current, and relevant for the lawful purposes for which it was collected.
- Enforcement – Three elements are required to satisfy this principle: (a) readily affordable and independent recourse mechanisms so that each individual’s complaints and disputes can be investigated and resolved, and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments companies make to adhere to the Safe Harbor Principles have been implemented; and (c) obligations to remedy problems arising out of failure to comply with the principles. Sanctions must be sufficiently rigorous to ensure compliance by the organization.
CSC has further committed to refer unresolved privacy complaints under the U.S. - Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
With regard to unresolved privacy complaints involving human resources data, CSC will cooperate and comply with the advice of the Swiss Federal Data Protection and Information Commissioner regarding employee data of Swiss citizens collected in the context of the employment relationship.
See https://www.cscglobal.com/service/csc/privacy for details of:
- CSC’s information handling practices regarding personal information and the choices that CSC offers individuals with respect to the use and disclosure of their personal information;
- CSC’s accountability for personal information that it receives under the Privacy Shield and subsequently transfers to a third party (and in particular for details of CSC’s continued liability under the Privacy Shield Principles where it transfers personal information onwards to a third party for processing on CSC’s behalf); and
- CSC’s chosen Independent Recourse Mechanism for the investigation of unresolved complaints regarding CSC’s compliance with the Privacy Shield Framework and Principles, including contact details for such Independent Recourse Mechanism.