To view CSC's Privacy Shield Framework Compliance Statement for Data Privacy, please click here: https://www.cscglobal.com/service/csc/privacy.
CSC is subject to the investigatory and enforcement authority of the United States Federal Trade Commission.
1. What is Personal data?
We may refer to your personal data as your information and may sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data.
3. What information we collect, and why
The information we collect from you may include the following: your name, gender, date of birth, home, and work contact details such as business title, email address, IP address, information about the device which you use to access the website (as set out in more detail in section 4.2 below), telephone number, country in which you reside, payment information, purchase history, and your reviews and opinions about our products and services.
Some CSC services may require additional information which we will inform you of when we request such information.
4. How we collect your information
4.1 Information provided by you
If you use this website or its various applications, you may be required to provide the following information as part of registration: first name, last name, company name, title, address, city, state, zip, telephone, email address, preferred method of contact (email, phone, postal), account number, service and product interest information, and intended use of services or products. In addition, you may choose to provide additional information relating to yourself or your companies to take advantage of different services available on this website.
We generally do not require you to provide sensitive personal data, such as that which reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life.
4.2. Information we collect about you
We also periodically gather certain information automatically and store it in log files. This information includes browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and click-stream data.
We collect information which your device transmits to connect to our website in order to identify the device which you use to log in to the restricted parts of our websites, and to identify logins from new devices. This technique is known as "device fingerprinting" and we use it to keep your account and the services we provide to you or your employer secure. The data which we collect in this manner is comprised of information about your device display, your operating system and your browser, namely the language settings of your browser and system, the fonts used by your system, the dimensions of your display, and the geolocation and time-zone of your device.
Like most websites, we also use "cookies" to help us make our site – and the way you use it – better, as well as to provide you with online advertising which is relevant to you. Cookies mean that a website will remember you. They're small text files that sites transfer to your computer (or phone/tablet). They improve website use and speed – for example by automatically filling your name and address in text fields. There are more details in the section on our cookies policy below.
In addition, with regard to each of your visits to our site we will automatically collect certain information (e.g. your IP address) used to connect your computer to the internet.
4.4. Children's information
We do not knowingly collect information from children under the age of 18 and we do not target our websites to children under 18, and we determine that an individual under the age of 18 has submitted information to this site, we delete that information.
5. How we use your information
We may use the personal data we collect:
- to provide you with information, goods, or services which you have requested;
- to contact you in connection with support-related activities;
- to contact you in the event that we have announcements regarding this website or the applications within this website;
- to fulfill any other purpose for which you provided it;
- for billing and collection purposes;
- to analyze the use of our websites;
- to secure the services which we provide to you or your employer;
- in any other way we may describe when you provide the data; and/ or
- for any other purpose with your consent
We do not conduct automated decision-making including profiling
We may also use your personal data to contact you about our own goods and services that may be of interest to you. If you do not want us to use your information in this way, or any of the ways described above, please (i) contact us at the address below, (ii) check the relevant box or ensure the relevant box is checked on the form on which we collect your personal data for this purpose, or (iii) follow the unsubscribe instructions in the email or other communication you have received.
5.1. Log files
Log files give us a general picture of who is visiting our website and which pages are viewed most often. Log files are collected mainly for research purposes to see what pages, services and information are of greatest interest to current and potential clients.
6. Legal grounds for using your personal information
The law permits us to process your personal data in the way that it does because the processing is:
- necessary for the purposes of the legitimate interests that we pursue, which are to run and administer our business, to ensure the security our services, to discharge our legal obligations to store and disclose information where necessary and to evaluate, develop and improve our services and market new and improved services; and/or
- necessary for the performance of our contract to provide you with the services you have ordered; and/or
- necessary in order to comply with a legal obligation to which we are subject.
7. Disclosure and transfer of your information
7.1. CSC affiliates and service providers
Subject to all applicable laws, we may disclose your personal data on a need-to-know basis to any member of our company group to include the following: Corporation Service Company (CSC), CSC Corporate Domains Inc., Delaware Trust Company, CSC Entity Services LLC, Corptax Inc.,Tax Compliance Inc., The Company Corporation, eBrand Secure LLC, CSC Netherlands B.V., CSC Depositary B.V., CSC Fund Services B.V, CSC Governance B.V..
Some affiliates of CSC have their own websites with their own unique privacy policies, tailored to the services they provide. We encourage you to read those privacy policies carefully when you visit those affiliated sites.
From time to time, we may engage our affiliated entities or other carefully selected third parties to provide services on our behalf, in particular to collect, process, and use your personal data as required to provide services to you. We may disclose your information to such service providers in compliance with applicable data protection law, and provided that they agree to use your information only for the purposes of providing the services. We will not disclose your personal data to a third party data controller without complying with the Privacy Shield Principles including those relating to notice and choice unless otherwise required by law.
When using third-party vendors or agents to which CSC intends to transfer personal data, CSC shall perform adequate due diligence to help ensure the security of such information, including ensuring that such third party has entered into a written agreement with CSC requiring the third party to provide at least the same level of privacy protection as is required by the Privacy Shield Framework. CSC shall continue to be liable under the Privacy Shield Principles if third parties to which CSC has transferred personal data for processing on CSC's behalf do so in a manner that is inconsistent with the Privacy Shield Principles. However, CSC will not be liable if it can prove that it is not responsible for the event that caused damage.
7.2. Transfers overseas
The personal data we receive will be held on our computers and systems in the United States and may be accessed by or given to our staff, one of our affiliates or carefully selected suppliers working in the United States or otherwise outside the European Economic Area.
Where recipients are outside the EEA, we ensure that the recipient provides an adequate level of protection for your personal data or the transfer is otherwise permitted under applicable Data Protection Legislation, by methods including using standard contractual clauses, by registering for the Privacy Shield program, or by relying on a relevant adequacy decision by the European Commission.
8. Opting Out
Where required by Data Protection Legislation, you will be given a choice when you provide us with your personal information to opt into certain uses we may intend to make of that information, such as sending you our newsletter, information or offers containing updated information about us, our goods, services and promotions. You may also be asked if you would like to receive marketing from third-party organizations. You will be able to indicate your consent to each specific proposed use by checking the relevant box to opt in. We will not send you direct marketing, or pass your details to third parties for the purpose of them sending you direct marketing, without your consent.
You also have the option of "unsubscribing" from our mailing list for newsletters, alerts and updates at any time, thereby disabling any further such e-mail communication from being sent to you.
We will action any opt out request from You without delay, and in any event within one month.
9. Website links to other sites
For your convenience, our website may contain links to websites that are owned or operated by third parties not affiliated with CSC. We can make no promises or guarantees regarding personal data collection or privacy practices on websites that are not owned or operated by CSC. We strongly suggest that you review each such third parties' privacy policies before providing any personal data to them. These other sites may send their own cookies to users, collect data, or solicit personal data. You should contact these entities directly if you have any questions about their use of the information that they collect.
10. Steps we take to ensure your privacy
The security of your personal data is important to us. We use generally accepted, industry standard tools and techniques to protect your personal data against unauthorized disclosure. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.
10.1. Perimeter security
We use firewalls to secure the perimeter of our information network and monitor our systems regularly.
10.2. Data security
An authentication and authorization mechanism based on (i) user identification (ID) and password, and (ii) device identification, is used to restrict access to information on CSC's websites. Each authenticated user only has access to the information that he or she is authorized to use. We use physical, administrative, and technical procedures to limit access to personal information.
We identify devices through the use of device fingerprinting. A description of the data which we collect for this purpose can be found in section 4.2 of this policy.
10.3. Transaction security
All personal data exchanged between our servers and your web browser is encrypted using Secure Sockets Layer.
11. Social engineering (our employees)
All of our employees are made aware of and reminded of our Confidentiality of Client Information Policy regularly, and must acknowledge that they have received and read it.
12. Steps you can take to ensure your privacy
Remember that you play a vital role in ensuring the security of your information on this website and the applications within. Here are a few steps you can take to maintain the privacy of your information:
12.1. Managing your personal data
Registration for access to this website requires that you provide personal data (including name, company name, company address, including city, state, country, ZIP code, company email address, and company phone number). It is your responsibility to make sure this information is accurate and current. If your personal data changes, you should update it by logging into the site and visiting the account detail page or by contacting us using the contact details above. If you require assistance to update this information, you may contact our Customer Service staff from 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: +1 (302) 636-5400.
We will process all information update requests in a timely manner.
12.2. Safeguard passwords
You should take the necessary precautions to safeguard your user ID and password to prevent unauthorized access to your personal data stored on this website and the applications within. If you feel that your user ID and password have been compromised, access our website and reset your password or contact our Technical Support staff immediately between the hours of 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: +1 (302) 636-5400.
Your password will be reset and emailed to you at the address maintained on record.
12.3. Erase temporary files
Any information you entered during your session may be temporarily stored in the memory storage area of your computer. Closing the browser will erase this information if you have your browser set to automatically erase temporary files when it is closed.
12.4. Use of a firewall
Consider using a firewall to help prevent unauthorized access to your network or personal computer, especially if you are using a DSL or cable modem to access the internet.
13. Your rights in relation to your personal information
At any time, you have the right:
- to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance, and envisaged consequences);
- to request access to or a copy of any personal data which we hold about you;
- to rectification of your personal data, if you consider that it is inaccurate;
- to ask us to delete your personal data, if you consider that we do not have the right to hold it;
- to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
- to ask us to stop or start sending you marketing messages (e.g. our newsletter) at any time by using the below contact details;
- to restrict processing of your personal data;
- to data portability (moving some of your personal data elsewhere) in certain circumstances;
- to object to your personal data being processed in certain circumstances; and
- to not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change.
CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.
13.1. Suspected or known security events
CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, and/or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.
14. How long we keep your information
We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.
We may send you direct marketing communications, and retain your contact information necessary for this purpose, (provided that you have consented to receiving them) for as long as you do not unsubscribe from receiving the same from us.
15. California Consumer Privacy Act Rights
The CCPA provides California residents with rights with respect to CCPA Personal Information. “CCPA Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. The information practices described in this section include CCPA Personal Information we receive either online or off-line in any format.
15.1. As of January 1, 2020, verified California residents will have the right:
- to request and receive disclosure of our CCPA Personal Information collection practices during the prior 12 months, including the categories of CCPA Personal Information we collect, the categories of sources of such information, our business purpose for collecting o sharing such information, and the categories of third parties with whom we share such information.
- to request and receive a copy of the CCPA Personal Information we have collected about them during the prior 12 months.
- to request and receive disclosure of our information sale practices during the prior 12 months, including a list of the categories of CCPA Personal Information disclosed for monetary or other valuable consideration and the categories of third party recipients and a list of the categories of CCPA Personal Information that we disclosed for a business purpose and the categories of third party recipients.
- to request that we not sell CCPA Personal Information about them and
- to request that we delete (and direct our service providers to delete) their CCPA Personal Information subject to certain exceptions.
We will not discriminate against you as a result of your exercise of any of these rights.
You may make a request up to twice within a 12-month period. We will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
If you are over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here. We do not sell personal information of individuals we actually know are less than 16 years of age. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorize personal information sales.
15.3. Information Collection, Use and Disclosure. The information practices described below include information collected from our site visitors, registered users, employees, vendors, suppliers, and any other person that interacts with us either online or offline. Not all types of information are collected about all people interacting with us. For instance, we may collect different information from applicants for employment than we do from our customers.
15.3.1. Our Collection of CCPA Personal Information during the past 12 months. We may have collected the following categories of information directly from you: information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from third parties : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from our own observations : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
15.3.2. Our use and disclosure of CCPA Personal Information during the past 12 months.
We have used the collected information for the purposes set forth in Section 5 above.
We may have disclosed the following categories of information in order to conduct our business operations and for our business purposes (for instance providing services to you, completing transactions, managing employees and vendors, security, quality control, marketing and analytics): information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
We do not provide your data to third parties in exchange for monetary consideration but during the past 12 months we may have disclosed data to certain third parties that provide us with services such as data analysis and security information, which may fall under the definition of “consideration” and therefore be deemed a “sale” under the CCPA. We have disclosed the following categories of information to third parties for valuable (but not monetary) consideration: information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.
16. Contact details and independent recourse mechanism
CSC has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-Privacy-Shield/for-eu-consumers/ for more information and to file a complaint.
If your complaint is not satisfactorily addressed, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel the data protection authority ("DPA") in your jurisdiction (for example in the UK the Information Commissioner's Office), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner ("FDPIC").
To do so, you should contact the state or national data protection or labor authority in your jurisdiction (e.g. the ICO in the UK). CSC agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.
Should your complaint remain fully or partially unresolved after a review by CSC, BBB EU Privacy Shield and the relevant DPA, you may be able to, under certain conditions, seek arbitration before the Privacy Shield Panel. For more information, please visit www.privacyshield.gov.
With regard to unresolved privacy complaints involving human resources data, CSC will cooperate and comply with the advice of the Swiss Federal Data Protection and Information Commissioner regarding employee data of Swiss citizens collected in the context of the employment relationship.
17. Controller and local representatives
CSC, 251 Little Falls Drive, Wilmington, DE 19808, United States, acts as controller (when collecting, processing, and using personal data collected through this website. Our local representative in the United Kingdom is CSC Administrative Services Limited, 25 Canada Square, 37th Floor, London E14 5LQ, United Kingdom. Our local representative in Germany is Corporation Service Company (DBS) GmbH, Georg-August-Zinn Strasse 2, 65183 Wiesbaden, Germany.
18.1 What are cookies (and similar technologies)?
When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
You are free to refuse consent but please be aware that restricting cookies will impact your user experience and may prevent you from using part of our website.
Cookies can be removed from your browser in two ways: automatically (when they expire), or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use and how you can manage them.
Technologies similar to cookies: Device fingerprinting
In addition to cookies, we also use "device fingerprinting". This entails collecting information which you affirmatively provide (such as a mobile phone number associated with your device) or your device automatically transmits to connect to our websites that builds a unique image of your device.
Unlike cookies, this does not involve issuing pieces of code to your device. However, similar to cookies, it enables us to recognize your computer.
We only use device fingerprinting to keep your account and the services we provide to you or your employer secure. We consider this to be strictly necessary for providing our services therefore we do not require consent to use device fingerprinting.
CSC's primary reason for using cookies is to make our website work more effectively.
As explained above, we only use device fingerprinting to keep our services secure.
18.3 What kinds of cookies does CSC use and why?
Our website use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site. We do not require your consent to place these cookies. Nevertheless, you may be able to block these cookies yourself on your device/ browser, but restricting these cookies is likely to mean that our site will not work as you would expect and certain functionality may be inoperable.
Our use of device fingerprinting also falls under this category.
- Non-essential cookies. These include the following:
- Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser. We use session cookies to grant our customers access to content and to enable commenting.
- Persistent cookies: These usually have an expiration date in the distant future and remain in your browser until they expire or you manually delete them. Persistent cookies may be used for a variety of purposes including remembering our users' preferences and choices when using our site or to target advertising. First- and third-party cookies: Whether a cookie is "first" or "third" party refers to the website or domain placing the cookie. In basic terms, first-party cookies are set by a website visited by the user—the website displayed in the URL window. Third-party cookies are cookies that are set by a domain, such as google.com, other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website, this would be a third-party cookie.
These cookies may be:
18.4 What other cookies might you encounter on the CSC website?
We may also use third-party cookies on the site. In keeping with our policies, these session or persistent cookies are set only by trusted partners of CSC. These cookies may collect information about your online activities across websites and over time.
The third parties who set cookies through our site include Maxmind, Youtube, Facebook and Doubleclick.
If you prefer not to receive cookies through our website you can set your browser to either reject all cookies (see below), to allow only "trusted" websites to set them, or to accept only those cookies from those sites you currently use. If you access our website in Europe, you can refuse to click the "I accept" box or click the "I disagree" box when you are presented with a cookie notice on our homepage.
When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
18.5 Cookies we do not use
We do not use flash cookies (sometimes known as local shared objects or LSOs).
18.7 Will the site work if you disable cookies?
You can browse our site with cookies disabled, though some interactions may not work properly.
18.8 EU cookie law
18.9 Manage your cookies
There are several ways you can manage your cookie settings and preferences.
- Learn about cookies: http://www.allaboutcookies.org/
- US Based
- UK Based
- DoubleClick opt-out page
- Manage companies' cookies (US) or EU based based
- Manage cookies in your web browser
18.10 Do Not Track
This website currently does not recognize Do-Not-Track signals from your web browser.