This Privacy Shield Framework Statement (“Framework Statement”) applies to the processing of Personal Data obtained from Individual Consumers located in the European Union. Consolidated Delivery Group, Inc. (CDGcommerce) complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. CDGcommerce complies with these regulations regarding the collection, use, and retention of personal information from Customers, Employees, Users, and Applicants in the European Union member countries. If there is any conflict between the Privacy Shields and our policies (including this Framework Statement), the principles of the Privacy Shields shall govern where applicable.
ACCESS AND CHOICE
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, CDGcommerce commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact email@example.com.
CDGcommerce has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and CDGcommerce does not address it satisfactorily, CDGcommerce commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) as applicable and to comply with the advice given by the DPA panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm . Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
CERTIFICATION AND JURISDICTION/ENFORCEMENT
CDGcommerce will maintain compliance with the U.S.-EU Privacy Shield. Certification of this compliance will be renewed annually, unless it is determined that certification is no longer needed, or we enact a decision to use a different mechanism to ensure adequate privacy controls for Personal Data. In such an event, we will continue to treat data already transferred under Privacy Shield in keeping with the Privacy Shield Principles.
As a part of re-certification, CDGcommerce will internally review and verify the enforcement of all the policies concerning treatment of Personal Data. This internal review will consist, at minimum, of the following steps:
- Review of Privacy Shield Framework Statement
- Ensure Public Access to Personal Data Policies for Customers
- Ensure Compliance with all Posted Personal Data Policies
- Verify Contact Information for Inquiries or Complaints
- Verify Compliance with the EU-US Privacy Shield Framework
- Review Employee Processes and Procedures
- Update/Reinforce Employee Training on Confidentiality and Security
Third Party Sharing
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Inquiries or Complaints
CDGcommerce has appointed individual(s) within the organization that are authorized to respond to incidents or inquiries concerning Personal Data as the Data Protection Officer. Questions and requests can be sent by emailing firstname.lastname@example.org.
Complaints that cannot be satisfactorily handled by direct contact to the designated Data Protection Officer, may be submitted to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. Under certain limited conditions, Customers may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction.