Privacy Notice

Effective Date: July 12, 2023

Last Reviewed on: July 12, 2023

Introduction:

Compliance Solutions Strategies (“CSS”) is a global RegTech platform delivering a set of comprehensive and complementary technology-enabled regulatory solutions that serve compliance professionals across the financial services industry.

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. We do not knowingly attempt to solicit or receive information from children.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes CSS’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights.

Changes and updates to the Privacy Notice

As our organization changes from time to time, this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice at this Site. We may e-mail periodic reminders of our notices and terms and conditions, and will e-mail CSS customers of material changes, but you should check our Site frequently to see the current Privacy Notice that is in effect and any changes that may have been made to it.

Data Protection Management Team

CSS has its United States headquarters in New York, and its European Union headquarters in Ireland. CSS has appointed an internal Data Protection Management Team for you to contact if you have any questions or concerns about CSS’s personal data policies or practices. CSS’s Data Protection Management Team contact information is as follows:

  • Data Protection Management Team, Compliance Solutions Strategies, 777 Third Avenue, 10th Floor, New York, NY, 10017
  • Data Protection Management Team, Compliance Solutions Strategies, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland
  • Or you may e-mail us at: data.protection@cssregtech.com

 

Use of cookies by CSS

What are cookies?

Cookies are small text files that are placed on your computer, with your permission, in order to let websites do several important things, including remember what’s in your shopping basket and which pages you have visited.

CSS uses the following categories of cookies:

  1. Performance cookies: These cookies generally help the website operator fix bugs or glitches on the website. They may also provide analytics on which web pages are popular, allowing the website operator to improve the quality of the user’s experience.
  2. Functionality cookies: These may include settings like “remember me” buttons, language settings, text size and anything that remembers the particular settings chosen by the user. These cookies can be persistent or session cookies, which generally have a longer lifespan than other cookies.

Visitors to our websites

When someone visits www.cssregtech.com (or the websites of its subsidiaries and affiliates), we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. For further details on Google’s privacy policies see https://support.google.com/analytics/answer/6004245

Pardot

CSS uses Pardot and their associated cookies for inbound marketing and social media marketing. Every time you visit the CSS website, Pardot will check for the presence of an existing tracking cookie. If one does not exist, Pardot will create a unique cookie and will log every page you visit on the CSS website going forward. For further information on Pardot Cookies and Activity Tracking policy please visit: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5

E-newsletter

We use a third-party provider, Pardot, to deliver our regular e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Pardot’s privacy notice: https://www.salesforce.com/company/privacy/

How to control cookies

When you first visit this website we ask for your consent to use cookies. You can choose not to accept cookies, but please be aware that services you request may not be available. If you delete your cookies or clear your cache, you may be asked to give your consent again. This is because a cookie is usually used to remember the choice you made the first time.

If you wish to revoke your consent to the use of cookies on this website, you can either delete the cookies in your browser’s memory or clear your cache.

If you wish to prevent cookies being set before you visit this website, or most other websites, you can set your browser to block cookies. Most browsers allow you to do this in their settings.

If you would like to know more about cookies, please visit Cookiepedia – all about cookies.

Transferring personal data from the EU to the US

CSS has its headquarters in the United States and Ireland. Information we collect from you may be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. CSS relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, CSS collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of CSS in a manner that does not outweigh your rights and freedoms.

When we share information of customers in the European Economic Area or Switzerland within and among CSS corporate affiliates or third parties, we make use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information we collect from the European Economic Area and Switzerland.

CSS endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with CSS and the practices described in this Privacy Notice. CSS also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.

Legitimate Interests

We retain third-party research services to identify appropriate persons at companies and other organizations who we feel, given their position and role, may be interested in, or benefit from, receiving details of our services or future conferences. These researchers obtain the details of such persons from publicly-available information on the internet. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR. In conducting our legitimate interests’ assessment, consideration was given to the following:

  • The amount of personal data processed is minimal.
  • The data is publicly available and is not sensitive in any way.
  • The relationship is business to business and relevant to the job title.
  • There is minimal privacy risk.
  • There is no viable alternative means of communication.
  • The processing is vital to our business operations.
  • The data subjects are senior business people who would mostly be interested in the services we offer.
  • There is a simple opt-out facility.

On balance, we have concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.

Data subject rights

If you wish to confirm that CSS is processing your personal data, or to have access to the personal data CSS may have about you, please contact us at data.protection@cssregtech.com

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us at data.protection@cssregtech.com

In the event that you wish to complain about how we have handled your personal data, please contact the Data Protection Management Team at:

  • Data Protection Management Team, Compliance Solutions Strategies, 777 Third Avenue, 10th Floor, New York, NY, 10017
  • Data Protection Management Team, Compliance Solutions Strategies, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland
  • Or you may e-mail us at: data.protection@cssregtech.com

We will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Irish Data Protection Commissioner following the instructions at https://forms.dataprotection.ie/contact and file a complaint with them.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Disclosure of your personal data

We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you. We do engage the services of service providers to assist us with our marketing activities.

We may disclose your personal data to:

  • Other companies within the CSS group;
  • Our employees and service providers who assist us with our marketing activities
  • Law enforcement agencies

Data storage and retention

Your personal data is stored by CSS on its servers, and on the servers of the cloud-based database management services CSS engages, located in the United States and the EU. CSS retains data for the duration of the customer’s business relationship with CSS. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact CSS’s Data Protection Management Team at data.protection@cssregtech.com

Privacy Notice for California Residents

You may review the CSS Privacy notice for California residents at the following link.