Privacy Policy

CPA GLOBAL NORTH AMERICA AFFILIATES PRIVACY POLICIES

CPA Global North America LLC EU-US Privacy Shield Policy

Introduction

CPA Global is the world's leading intellectual property (IP) management and Technology Company.

Protecting personal data is important to CPA Global. CPA Global and its United States affiliates: CPA Global North America LLC, CPA Software Solutions (North America) Limited, CPA Global Services US Inc., CPA Global Support Services LLC, CPA Global (Landon IP), Inc., CPA Global (FTF), Inc., CPA Global (FIP) LLC, Ipendo Inc., and Innography, Inc., (hereinafter collectively referred to as "CPA Global," "we," "us," or "our") comply with the European Union-United States Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union (EU) member countries. 

Accordingly, we certify our compliance with the EU-US Privacy Shield Principles (the “Principles”), including Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. If there is any conflict between the policies in this privacy policy (the “Privacy Policy”) and the Principles, the Principles shall govern. This Privacy Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Privacy Policy applies to all personal information, whether in electronic, paper, or verbal format, received by CPA Global directly from individuals in the EU.

Definitions

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Personal Information" or "Information" means information that (1) is transferred from the EU to the US; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual's health.

Provisions

NOTICE

CPA Global processes Personal Information that comes into our possession through electronic methods (website form, email, FTP sites), by accessing the Personal Information internally on source repositories such as our Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), document databases, billing platforms, or via other technology.

Types of Data Collected

CPA Global are a business to business (B2B) service provider with limited contact with consumers, therefore we will only collect and process a limited amount of personal data for the purposes stated in the ‘Purpose of Data Use’ section below.  Where it concerns existing and prospective business customers, vendors and suppliers, typical categories of data relating to their employees that we will collect include; full names, postal addresses, email address, telephone number, job title and opinions on services provided as well as satisfaction levels.  With regards to employees, contractors and temporary workers, only personal data required to manage and administer their employment with us will be collected and processed.

Personal Data Collected Via Technology

To make web based software products and related services more useful to our clients, our servers (usually hosted by a third party service provider) collect Personal Information, including browser type, Internet Protocol (IP) address (a number that is automatically assigned to a computer when it uses the Internet, which may vary from session to session), domain name, and/or a date/time stamp for use by those web based software products. We also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of the visit, as well as the solutions and information for which our clients search and view. We automatically gather this Personal Information and store it in log files each time a person visits our website or accesses his or her account on our network. “Cookies” are small pieces of information that a website sends to a visitor’s computer’s hard drive while the visitor is viewing a web site. We may use both session Cookies (which expire once the visitor closes the web browser) and persistent Cookies (which stay on visitor’s computer until the visitor deletes them) to provide clients with a more personal and interactive experience on our website. Persistent Cookies can be removed by following Internet browser help file directions. If a visitor chooses to disable Cookies, some areas of our website may not work properly.  Please refer to our Cookie Notice for further information.

Purpose of Data Use

CPA Global processes Personal Information for clients, employees, and vendors for various business related purposes that most frequently support clients’ use of our products and services, enable us to manage employees, or adhere to multinational regulations where we conduct business. Examples of the type of activities that support these objectives include client account management, sales support, software support, client issue resolution, compensation analysis, third party risk management and personnel management and administration.

Feedback

If you provide us with feedback on any of our products or related, we may use such feedback for any purpose, however, we will not associate such feedback with your Personal Information (i.e. we will anonymise the data where possible). CPA Global will collect any information contained in such communication and will treat the Personal Information therein in accordance with this Privacy Policy.

CHOICE

CPA Global will offer individuals the opportunity to (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company will not disclose Personal or Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive personal information, CPA Global will obtain your affirmative express consent (opt in) if such information is to be disclosed to (i) a third party, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorised by you through the opt-in choice.  CPA Global will treat as sensitive, any Personal Information received from a third party where the third party identifies and treats it as sensitive.

ACCOUNTABILITY FOR ONWARD TRANSFERS

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, CPA Global is potentially liable.  Except as otherwise stated in this policy, we do not generally share the Personal Information collected from our services with other entities. However, we may be required to share Personal Information if we believe in good faith that such disclosure is necessary; (a)(i) to comply with relevant laws or to respond to subpoenas or warrants served on CPA Global; (a)(ii) in response to a lawful request by public authorities, including to meet national security or law enforcement requirements (b) protect or defend the rights or property of CPA Global or users of CPA Global’s products or services; or (c) to support our business objectives described in the ‘Purpose of Data Use section’ above. 

CPA Global may transfer personal information to a third party acting as a controller in accordance with the Notice and Choice Principles above.  CPA Global will enter into a contract with the third party controller that provides that; such data will only be processed for the limited and specified purposes consistent with the consent you have provided, that the third party will provide the same level of protection as the Principles and will notify CPA Global it if makes a determination that it can no longer meet its obligations.  Such contract will provide that if such a determination is made, the third party controller will cease processing or take reasonable and appropriate steps to remediate.

When transferring personal data to third party contractors or service providers (i.e. ‘agents’) that may be selected to support the business objectives described in the Purpose of Data Use section of this policy, CPA Global will (1) transfer such data only for limited and specified purposes; (2) obligate the agent to provide at least the same level of privacy protection as is required by the Principals; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with CPA Global’s obligations under the Principles; (4) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (5) upon notice; including under point (4), take reasonable and appropriate steps to stop and remediate unauthorised processing; and (6) provide a summary or a representative copy of the relevant privacy provisions of our contract with our agent to the Department of Commerce upon request.

SECURITY

CPA Global is committed to protecting the security of our data subject’s Personal Information. Therefore, we have implemented reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Such measures include a variety of industry-standard security technologies and procedures, such as policies restricting access to Information to authorized personnel, mechanisms to protect Information from interception during transmission, physical safeguards to protect Information stored in electronic or hard copy form, and training, reviews and audits of our security and operational procedures.

DATA INTEGRITY AND PURPOSE LIMITATION

CPA Global shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, CPA Global shall take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.

CPA Global will take reasonable and appropriate measures to only retain personal information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the previous paragraph.

ACCESS

Individuals have the right to access and change any of their Personal Information, and may do so by contacting their CPA Global’s Compliance Group, company contact or Human Resources (HR) representative. Individuals may correct, amend, or delete inaccurate Information or information processed in violation of these Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may request deletion of their Personal Information by us, but please note that we may be required (by law or otherwise) to keep this Information and not delete it (or to keep this Information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). When we delete any Information, it will be deleted from the active database, but may remain in our archives.

RECOURSE, ENFORCEMENT & LIABILITY

CPA Global uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the Principles. Accordingly, CPA Global is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

We encourage interested persons to raise any concerns using the contact information provided. We will investigate and attempt to resolve any complaints and disputes regarding collection, use, or disclosure of Personal Information in accordance with the Principles.  European Union individuals with inquiries, comments, or complaints regarding this Privacy Policy or data collection and processing practices should first contact CPA Global using the following details:

Attention: The Data Privacy Officer

Subject: Privacy Shield [Query] OR [Complaint] (Select the relevant option)

Compliance@cpaglobal.com

CPA Global has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. 

In addition, CPA Global commit to cooperate with European Union data protection authorities (“DPAs”) in demonstrating the effectiveness of our recourse mechanism and our remediation plan when dealing with instances of failures to comply with the Principles.  CPA Global will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and will comply with any advice given by the DPAs where the DPAs take the view that the organisation needs to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.   Complaints related to human resources data that cannot be resolved between CPA Global and an EU-based employee or prospective employee regarding his or her Personal Information will be handled by the relevant EU Data Protection Authority or a panel established by the European Data Protection Authorities, consistent with the Principles.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield Framework. We will post any revisions to this policy on our website.

Information Subject to Other Policies

CPA Global is committed to following the Principles for all Personal Information within the scope of the Privacy Shield Framework. However, certain information is subject to policies of CPA Global that may differ from the general policies set forth in this privacy policy.

US-Swiss Safe Harbor Policy – Data Transfers from Switzerland to United States

CPA Global and its United States affiliates: CPA Global North America LLC, CPA Software Solutions (North America) Limited, CPA Global Services US Inc., CPA Global Support Services LLC, CPA Global (Landon IP), Inc., CPA Global (FTF), Inc., CPA Global (FIP) LLC, Ipendo, Inc., and Innography, Inc., (hereinafter collectively referred to as "CPA Global," "we," "us," or "our") comply with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. CPA Global has certified that it adheres to the Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement.

If there is any conflict between the policies in this privacy policy (the “Privacy Policy”) and the Principles, the Principles shall govern. This Privacy Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Privacy Policy applies to all personal information, whether in electronic, paper, or verbal format, received by CPA Global directly from individuals in Switzerland.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

Definitions

"Personal Information" or "Information" means information that (1) is transferred from Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual's health.

Provisions

NOTICE

CPA Global processes Personal Information that comes into our possession through electronic methods (email, FTP sites), by accessing the Personal Information internally on source repositories such as our Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), document databases, billing platforms, or via other technology.

Personal Data Collected Via Technology

To make web based software products and related services more useful to our clients, our servers (usually hosted by a third party service provider) collect Personal Information, including browser type, Internet Protocol (IP) address (a number that is automatically assigned to a computer when it uses the Internet, which may vary from session to session), domain name, and/or a date/time stamp for use by those web based software products. We also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of the visit, as well as the solutions and information for which our clients search and view. We automatically gather this Personal Information and store it in log files each time a person visits our website or accesses his or her account on our network. “Cookies” are small pieces of information that a website sends to a visitor’s computer’s hard drive while the visitor is viewing a web site. We may use both session Cookies (which expire once the visitor closes the web browser) and persistent Cookies (which stay on visitor’s computer until the visitor deletes them) to provide clients with a more personal and interactive experience on our website. Persistent Cookies can be removed by following Internet browser help file directions. If a visitor chooses to disable Cookies, some areas of our website may not work properly. Please refer to our Cookie Notice for further information.

Purpose of Data Use

CPA Global processes Personal Information for clients, employees, and vendors for various business related purposes that most frequently support clients’ use of our products and services, enable us to manage employees, or adhere to multinational regulations where we conduct business. Examples of the type of activities that support these objectives include client account management, sales support, software support, client issue resolution, compensation analysis, third party risk management and personnel management and administration

Feedback

If you provide feedback on any of our products or related services to us, we may use such feedback for any purpose, provided we will not associate such feedback with your Personal Information. CPA Global will collect any information contained in such communication and will treat the Personal Information in such communication in accordance with this Privacy Policy.

CHOICE

CPA Global will offer individuals the opportunity to withdraw consent or choose to “opt out” of having their Personal Information (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals will be requested to contact Human Resources (HR) or the Compliance group in such cases. The Company will not disclose Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. CPA Global shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.

ONWARD TRANSFERS

Except as otherwise stated in this policy, we do not generally share the Personal Information collected from our services with other entities. However, we may share Personal Information if we believe in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on CPA Global; (b) protect or defend the rights or property of CPA Global or users of the CPA Global’s products or related services; or (c) to support our business objectives described in the Purpose of Data Use section of this policy.

Third party contractors or service providers that may be selected to support the business objectives described in the Purpose of Data Use section of this policy are required not to use the Personal Information that CPA Global may provide other than for the contractually agreed purpose. Third Parties that manage Personal Information in order to perform contracted services on a either a continual contracted basis or an ad-hoc basis that are not otherwise certified to the Safe Harbor Framework are contractually required to abide by the Principles.

DATA SECURITY

CPA Global is committed to protecting the security of our data subject’s Personal Information. Therefore, we take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. We use a variety of industry-standard security technologies and procedures to help protect our data subject’s Personal Information from unauthorized access, use, or disclosure, such as policies restricting access to Information to authorized personnel, mechanisms to protect Information from interception during transmission, physical safeguards to protect Information stored in electronic or hard copy form, and reviews and audits of our security and operational procedures.

DATA INTEGRITY

CPA Global shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, CPA Global shall take reasonable steps to ensure that Personal Information is accurate, complete, current, and reliable for its intended use.

ACCESS AND CHANGES TO PERSONAL DATA

Individuals may access and change any of their Personal Information by contacting their CPA Global contact or Human Resources representative. Individuals may correct, amend, or delete inaccurate Information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may request deletion of their Personal Information by us, but please note that we may be required (by law or otherwise) to keep this Information and not delete it (or to keep this Information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). When we delete any Information, it will be deleted from the active database, but may remain in our archives.

ENFORCEMENT

CPA Global uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided. We will investigate and attempt to resolve any complaints and disputes regarding collection, use, or disclosure of Personal Information in accordance with the Principles.  Swiss citizens with inquiries, comments, or complaints regarding this Privacy Policy or data collection and processing practices should first contact CPA Global as follows:

Attention: The Data Privacy Officer

Subject: Swiss-US Safe Harbor [Query] OR [Complaint] (Select the relevant option)

Compliance@cpaglobal.com;

CPA Global has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Safe Harbor Framework. We will post any revisions to this policy here on our website.

Information Subject to Other Policies

CPA Global is committed to following the Principles for all Personal Information within the scope of the Safe Harbor Agreements. However, certain information is subject to policies of CPA Global that may differ from the general policies set forth in this privacy policy.

Policies Effective Date: 01 August 2016