At CSC® we value your relationship and respect your trust.
We are a global business headquartered in the U.S. and our group companies deliver diverse services in accordance with local laws..
We comply with the Privacy Shield Frameworks, regarding the collection, use, and retention of personal data transferred to the U.S. CSC has certified that it adheres to the Privacy Shield Principles of Notice, Choice, and Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
To view CSC's Privacy Shield Framework Compliance Statement for Data Privacy, please click here: https://www.cscglobal.com/service/csc/privacy.
CSC is subject to the investigatory and enforcement authority of the United States Federal Trade Commission. Local group companies are supervised by, and accountable to, local data protection authorities (see more below).
1. What is Personal data?
We may refer to your personal data as your information and may sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data.
3. What information we collect, and why
CSC collects, uses, stores and transfers different kinds of personally identifiable information which can be grouped together as follows:
- Identity Data: includes first name, last name, marital status, business or other title or role, date of birth and gender.
- Contact Data: includes home or work address county details, email address and telephone numbers.
- Purchase Data: includes payment information, purchase history, and your reviews and opinions about our products and services.
- Marketing and Communications Data: includes your preferences in receiving marketing from CSC and your communication preferences.
- Website Data: includes your IP address, your browser type and language and information about your visit to our website, including log files, the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling. clicks, and mouse-overs) and methods used to browse away from the page.
- Device Data: includes information about the device which you use to access the website (as set out in more detail in section 4.2 below).
- Compliance Data: includes, if legally required to collect such information, Know Your Customer / Anti Money Laundering information from relevant individuals.
- Contract Information: includes information necessarily processed in a project or contractual relationship with CSC or voluntarily provided by a relevant individual such as personal data relating to orders placed, payments made, requests, and project milestones.
Some CSC services may require additional information which we will inform you of when we request such information.
4. How we collect your information
4.1 Information provided by you
CSC may collect or obtain personal data directly from you (for example by completing a form related to a service request or to a KYC procedure).
If you use this website, its various applications, or during our exchanges or otherwise in connection with our services, you may be required to provide Identity Data, Contact Data, Marketing and Communications Data, Contract Information, Compliance Data, as well as account number, service and product interest information, and intended use of services or products. In addition, you may choose to provide additional information relating to yourself or your companies to take advantage of different services available on this website or elsewhere.
We generally do not require you to provide sensitive or special category personal data, such as that which reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health, biometrics or sexual orientation or life.
4.2. Information we collect about you
CSC may also collect or obtain personal data indirectly because other people give that Personal Data to us (for example your employer or adviser) or because it is publicly available.
We also periodically gather certain information about the device of website users with your consent where required under law where required or automatically and store it in log files. This information includes browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and click-stream data.
We collect information which your device transmits to connect to our website in order to identify the device which you use to log in to the restricted parts of our websites, and to identify logins from new devices. This technique is known as "device fingerprinting" and we use it to keep your account and the services we provide to you or your employer secure. The data which we collect in this manner is comprised of information about your device display, your operating system and your browser, namely the language settings of your browser and system, the fonts used by your system, the dimensions of your display, and the geolocation and time-zone of your device.
Like most websites, we also use "cookies" and similar technology to access or store information on your devices to help us make our site – and the way you use it – better, as well as to provide you with online advertising which is relevant to you. Cookies mean that a website will remember you. They're small text files that sites transfer to your device (computer, phone or tablet etc). They improve website use and speed – for example by automatically filling your name and address in text fields. There are more details in the section on our cookies policy below.
4.4. Children's information
We do not knowingly collect information from children under the age of 18 and we do not target our websites or services to children under 18, and if we determine that an individual under the age of 18 has submitted information to this site or when delivering our services, we delete that information.
5. How we use your information
We may use the personal data we collect:
- to provide you with information, goods, or services which you have requested;
- to contact you in connection with support-related activities;
- for planning, performing and managing our contractual relationships;
- for compliance with statutory and regulatory obligations of CSC or internal policy requirements and the order of a competent court, as well as (but not limited to) accounting, commercial communications, know-your-customer and anti-money laundering requirements, general management of the services or customer relationship purposes;
- to contact you in the event that we have announcements regarding our services, this website or the applications within this website;
- to fulfill any other purpose for which you provided it;
- for billing and collection purposes;
- to analyze the use of our services and websites;
- to secure the services which we provide to you or your employer;
- in any other way we may describe when you provide the data;
- for billing and collection purposes;
- in connection with services CSC receive from professional advisors, such as lawyers and consultants or other service providers either to execute CSC’s contractual obligations towards you or CSC’s clients or our business purposes;
- to solve disputes, enforce our contractual agreements and to establish, exercise or defend legal claims; and/ or
- for any other purpose with your consent.
We do not conduct automated decision-making including profiling.
We may also use your personal data to contact you about our own goods and services that may be of interest to you in line with your preferences and Data Protection Legislation.
If you do not want us to use your information in this way, or any of the ways described above, please contact us using the details below. You have certain rights, set out in sections 8 and 13 below.
6. Legal grounds for using your personal information
The law permits us to process your personal data in the way that it does because the processing is:
- necessary for the purposes of the legitimate interests that we pursue, which are to run and administer our business, to ensure the security our services, to discharge our legal obligations to store and disclose information where necessary and to evaluate, develop and improve our services and market new and improved services; and/or
- necessary for the performance of our contract to provide you with the services you have ordered; and/or
- necessary in order to comply with a legal obligation to which we are subject.
7. Disclosure and transfer of your information
7.1. CSC affiliates and service providers
Some CSC group companies may have their own websites with their own unique privacy policies, tailored to the services they provide. We encourage you to read those privacy policies carefully when you visit those affiliated sites or receive their services.
From time to time, we may engage our affiliated entities or other carefully selected third parties to provide services on our behalf, such as legal advisors, accounting firms and information technology providers in particular to collect, process, and use your personal data as required to provide services to you. We may disclose your information to such service providers in compliance with applicable data protection law, and provided that they agree to use your information only for the purposes of providing the services. We will not disclose your personal data to a third party data controller without complying with the Privacy Shield Principles and/or Data Protection Legislation including those relating to notice and choice unless otherwise required by law.
When using third-party vendors or agents to which CSC intends to transfer personal data, CSC shall perform adequate due diligence to help ensure the security of such information, including ensuring that such third party has entered into a written agreement with CSC requiring the third party to provide at least the same level of privacy protection as is required by the Data Protection Legislation and/or the Privacy Shield Framework. CSC shall continue to be liable under the Data Protection Legislation and/or Privacy Shield Principles if third parties to which CSC has transferred personal data for processing on CSC's behalf do so in a manner that is inconsistent with the Data Protection Legislation and/or Privacy Shield Principles. However, CSC will not be liable if it can prove that it is not responsible for the event that caused damage.
7.2. Transfers overseas
The personal data we receive will be held on our computers and systems in the United States and may be accessed by or given to our staff, one of our affiliates or carefully selected suppliers working in the United States or otherwise outside the European Economic Area.
Where recipients are outside the EEA, we ensure that the recipient provides an adequate level of protection for your personal data or the transfer is otherwise permitted under applicable Data Protection Legislation, by methods including using standard contractual clauses, or by relying on a relevant adequacy decision by the European Commission or any other competent body.
8. Opting Out
Where required by Data Protection Legislation, you will be given a choice when you provide us with your personal information to opt into certain uses we may intend to make of that information, such as sending you our newsletter, information or offers containing updated information about us, our goods, services and promotions. You may also be asked if you would like to receive marketing from third-party organizations. You will be able to indicate your consent to each specific proposed use by checking the relevant box to opt in. We will not send you direct marketing, or pass your details to third parties for the purpose of them sending you direct marketing, without your consent.
You also have the option of "unsubscribing" from our mailing list for newsletters, alerts and updates at any time, thereby disabling any further such e-mail communication from being sent to you.
We will action any opt out request from you without delay, and in any event within one month.
9. Website links to other sites
For your convenience, our website may contain links to websites that are owned or operated by third parties not affiliated with CSC. We can make no promises or guarantees regarding personal data collection or privacy practices on websites that are not owned or operated by CSC. We strongly suggest that you review each such third parties' privacy policies before providing any personal data to them. These other sites may send their own cookies to users, collect data, or solicit personal data. You should contact these entities directly if you have any questions about their use of the information that they collect.
10. Steps we take to ensure your privacy
The security of your personal data is important to us. We use generally accepted, industry standard tools and techniques to protect your personal data against unauthorized disclosure. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.
10.1. Perimeter security
We use firewalls to secure the perimeter of our information network and monitor our systems regularly.
10.2. Data security
An authentication and authorization mechanism based on (i) user identification (ID) and password, and (ii) device identification, is used to restrict access to information on CSC's websites. Each authenticated user only has access to the information that he or she is authorized to use. We use physical, administrative, and technical procedures to limit access to personal information.
We identify devices through the use of device fingerprinting. A description of the data which we collect for this purpose can be found in section 4.2 of this policy.
10.3. Transaction security
All personal data exchanged between our servers and your web browser is encrypted using Secure Sockets Layer.
11. Social engineering (our employees)
All of our employees are made aware of and reminded of our Confidentiality of Client Information Policy regularly, and must acknowledge that they have received and read it.
12. Steps you can take to ensure your privacy
Remember that you play a vital role in ensuring the security of your information on this website and the applications within. Here are a few steps you can take to maintain the privacy of your information:
12.1. Managing your personal data
Registration for access to this website requires that you provide personal data (including name, company name, company address, including city, state, country, ZIP code, company email address, and company phone number). It is your responsibility to make sure this information is accurate and current. If your personal data changes, you should update it by logging into the site and visiting the account detail page or by contacting us using the contact details above. If you require assistance to update this information, you may contact our staff twenty-four hours a day, seven days a week, at +1 (302) 636-5400 X 68952 or your local office.
We will process all information update requests in a timely manner.
12.2. Safeguard passwords
You should take the necessary precautions to safeguard your user ID and password to prevent unauthorized access to your personal data stored on this website and the applications within. If you feel that your user ID and password have been compromised, access our website and reset your password or contact our Technical Support staff immediately twenty-four hours a day, seven days a week, at: +1 (302) 636-5400 X 68952 or your local office.
Your password will be reset and emailed to you at the address maintained on record.
12.3. Erase temporary files
Any information you entered during your session may be temporarily stored in the memory storage area of your computer. Closing the browser will erase this information if you have your browser set to automatically erase temporary files when it is closed.
12.4. Use of a firewall
Consider using a firewall to help prevent unauthorized access to your network or personal computer, especially if you are using a DSL or cable modem to access the internet.
13. Your rights in relation to your personal information
At any time, you have the right:
- to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from it was obtained, data transfers outside the EEA, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance, and envisaged consequences);
- to request access to or a copy of any personal data which we hold about you;
- to rectification of your personal data, if you consider that it is inaccurate;
- to ask us to delete your personal data, if you consider that we do not have the right to hold it;
- to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
- to ask us to stop or start sending you marketing messages (e.g. our newsletter) at any time by using the below contact details;
- to restrict processing of your personal data;
- to data portability (moving some of your personal data elsewhere) in certain circumstances;
- to object to your personal data being processed in certain circumstances; and
- to not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change.
13.1. Suspected or known security events
CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, and/or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.
14. How long we keep your information
We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our purposes or files to check that information is accurate, up-to-date and still required.
We may send you direct marketing communications, and retain your contact information necessary for this purpose, (provided that we are entitled to send you these) for as long as you do not unsubscribe from receiving the same from us.
15. California Consumer Privacy Act Rights
The CCPA provides California residents with rights with respect to CCPA Personal Information. “CCPA Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. The information practices described in this section include CCPA Personal Information we receive either online or off-line in any format.
15.1. As of January 1, 2020, verified California residents will have the right:
- to request and receive disclosure of our CCPA Personal Information collection practices during the prior 12 months, including the categories of CCPA Personal Information we collect, the categories of sources of such information, our business purpose for collecting o sharing such information, and the categories of third parties with whom we share such information.
- to request and receive a copy of the CCPA Personal Information we have collected about them during the prior 12 months.
- to request and receive disclosure of our information sale practices during the prior 12 months, including a list of the categories of CCPA Personal Information disclosed for monetary or other valuable consideration and the categories of third party recipients and a list of the categories of CCPA Personal Information that we disclosed for a business purpose and the categories of third party recipients.
- to request that we not sell CCPA Personal Information about them and
- to request that we delete (and direct our service providers to delete) their CCPA Personal Information subject to certain exceptions.
We will not discriminate against you as a result of your exercise of any of these rights.
You may make a request up to twice within a 12-month period. We will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
If you are over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here. We do not sell personal information of individuals we actually know are less than 16 years of age. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorize personal information sales.
15.3. Information Collection, Use and Disclosure. The information practices described below include information collected from our site visitors, registered users, employees, vendors, suppliers, and any other person that interacts with us either online or offline. Not all types of information are collected about all people interacting with us. For instance, we may collect different information from applicants for employment than we do from our customers.
15.3.1. Our Collection of CCPA Personal Information during the past 12 months. We may have collected the following categories of information directly from you: information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from third parties : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from our own observations : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
15.3.2. Our use and disclosure of CCPA Personal Information during the past 12 months.
We have used the collected information for the purposes set forth in Section 5 above.
We may have disclosed the following categories of information in order to conduct our business operations and for our business purposes (for instance providing services to you, completing transactions, managing employees and vendors, security, quality control, marketing and analytics): information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
We do not provide your data to third parties in exchange for monetary consideration but during the past 12 months we may have disclosed data to certain third parties that provide us with services such as data analysis and security information, which may fall under the definition of “consideration” and therefore be deemed a “sale” under the CCPA. We have disclosed the following categories of information to third parties for valuable (but not monetary) consideration: information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
16. Contact details and independent recourse mechanism
If your complaint is not satisfactorily addressed by CSC, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel the data protection authority ("DPA") in your jurisdiction (for example in the UK the Information Commissioner's Office ("ICO"), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner ("FDPIC").
To do so, you should contact the state or national DPA in your jurisdiction (e.g. the ICO in the UK). CSC agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.
CSC has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit Process For Consumers (bbbprograms.org) for more information or to file a complaint. The services of The Better Business Bureau are provided at no cost to you.
Should your complaint remain fully or partially unresolved after a review by CSC and the relevant DPA, you may be able to, under certain conditions commence legal proceedings in your local jurisdiction or possibly, under certain conditions, individuals may invoke binding arbitration.
17. Controller and local representatives
18.1 What are cookies (and similar technologies)?
When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
You are free to refuse consent but please be aware that restricting cookies will impact your user experience and may prevent you from using part of our website.
Cookies can be removed from your browser in two ways: automatically (when they expire), or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use and how you can manage them.
Technologies similar to cookies: Device fingerprinting
In addition to cookies, we also use "device fingerprinting". This entails collecting information which you affirmatively provide (such as a mobile phone number associated with your device) or your device automatically transmits to connect to our websites that builds a unique image of your device.
Unlike cookies, this does not involve issuing pieces of code to your device. However, similar to cookies, it enables us to recognize your device.
We only use device fingerprinting to keep your account and the services we provide to you or your employer secure. We consider this to be strictly necessary for providing our services therefore we do not require consent to use device fingerprinting.
CSC's primary reason for using cookies is to make our website work more effectively.
As explained above, we only use device fingerprinting to keep our services secure.
18.3 What kinds of cookies does CSC use and why?
Our website use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site. We do not require your consent to place these cookies. Nevertheless, you may be able to block these cookies yourself on your device/ browser, but restricting these cookies is likely to mean that our site will not work as you would expect and certain functionality may be inoperable.
Our use of device fingerprinting also falls under this category.
- Non-essential cookies. These include the following:
- Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser. We use session cookies to grant our customers access to content and to enable commenting.
- Persistent cookies: These usually have an expiration date in the distant future and remain in your browser until they expire or you manually delete them. Persistent cookies may be used for a variety of purposes including remembering our users' preferences and choices when using our site or to target advertising. First- and third-party cookies: Whether a cookie is "first" or "third" party refers to the website or domain placing the cookie. In basic terms, first-party cookies are set by a website visited by the user—the website displayed in the URL window. Third-party cookies are cookies that are set by a domain, such as google.com, other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website, this would be a third-party cookie.
These cookies may be:
18.4 What other cookies might you encounter on a CSC website?
We may also use third-party cookies on the site. In keeping with our policies, these session or persistent cookies are set only by trusted partners of CSC. These cookies may collect information about your online activities across websites and over time.
The third parties who set cookies through our site include LinkedIn, Maxmind, Youtube, Facebook and Doubleclick.
If you prefer not to receive cookies through our website, you can set your browser to either reject all cookies (see below), to allow only "trusted" websites to set them, or to accept only those cookies from those sites you currently use. If you access our website in Europe, you can refuse to click the "I accept" box or click the "I disagree" box when you are presented with a cookie notice on our homepage.
When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
18.5 Cookies we do not use
We do not use flash cookies (sometimes known as local shared objects or LSOs).
18.7 Will the site work if you disable cookies?
You can browse our site with cookies disabled, though some interactions may not work properly.
18.8 EU cookie law
18.9 Manage your cookies
There are several ways you can manage your cookie settings and preferences.
- Learn about cookies: http://www.allaboutcookies.org/
- US Based
- UK Based
- DoubleClick opt-out page
- Manage companies' cookies (US) or EU based based
- Manage cookies in your web browser
18.10 Do Not Track
This website currently does not recognize Do-Not-Track signals from your web browser.