CDI PRIVACY STATEMENT
Computer Design & Integration, LLC (“CDI” or “We”) takes measures to ensure that the use and disclosure of your private personal information is consistent with applicable law.
This Privacy Statement explains what personal data we collect, why we collect it, how we protect it, how we use it, and how and why, in certain cases, we share such information with other parties. Our Privacy Statement is effective January 1 2012, and may be amended from time to time.
Our Privacy Statement applies to personal data collected or used by our website and when we offer products or services to our customers.
CDI also provides systems and services to customers who may also collect your information as needed for them to provide their services to you. In such circumstances, this statement does not directly apply and you should review that customer’s privacy statement.
By accessing or using any of the services provided by CDI, and affirmatively giving consent to process your personal data, you are affirmatively “opting-in” and giving us consent to the use or process your personal information. If you are providing any data from data subjects from the European Union that is regulated under the General Data Protection Regulation (“GDPR”), you must receive consent from that data subject to process their information before sending it to CDI for processing (“Data Subject Consent”). Client shall indemnify and hold CDI harmless for any claims related to failure to provide proof of Data Subject Consent, or from claims from any data protection regulatory authority enforcing GDPR compliance related to consent. At any time, you can opt-out of consent to the use or processing of your personal information by notifying CDI [email protected], at which time your personal information will be deleted from CDI’s systems.
INFORMATION THAT WE COLLECT AND MAY DISCLOSE
We collect information from and about you in order to comply with applicable laws and to provide the superior level of service that you expect. Personal data may include: names, addresses, phone numbers, e-mail addresses, IP addresses, web cookies, social security number; driver’s license information; income tax documents for you and your family; bank statements; and investment records.
Specific examples of personal information that we collect and may disclose to affiliates and certain third parties may include:
- Information we receive from you on new account and service request forms.
- Information about your transactions with us, our affiliates, and others such as account balances, payment history, account activity and statements.
- If you visit our Internet web site, www.cdillc.com (the “website”), information you may submit to us on our website forms and information we may collect from your web browser and through “cookies” (explained below).
- If you use any of our services, we may collect your IP address and other identifying information as part of the normal operations of those services.
HOW WE USE YOUR INFORMATION
CDI and third-party service providers may work together to provide a variety of services, and these providers may need to share your personal data to maintain an efficient and effective level of service.
The responsible use and disclosure of the personal data we collect is crucial to our ability to provide you with the services that you expect, and may occur under a variety of different circumstances. For example, we may:
- Use personal data internally for the purposes of furthering our business, which may include analyzing information we receive from you, matching that information with the information of others, processing services, maintaining accounts, resolving disputes, preventing fraud, and verifying your identity.
- Disclose personal data when required by law, such as requests for personal data in connection with a judicial, administrative or investigative matter.
- Use and disclose personal data on an aggregate basis. This means that we may combine parts of your information with parts of the information from our other users without including other identifying components of that information, such as name, complete telephone number, complete e-mail address or your street address, in the combination.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of CDI’s services.
SHARING WITH NONAFFILIATED SERVICE PROVIDERS
We may disclose personal data to nonaffiliated service providers who perform business functions on our behalf, which may include marketing of our products and services, check printing, and data processing. Nonaffiliated third party service providers often aid us in the efficient and effective delivery of services and there may be circumstances where it is necessary to disclose personal data we collect to such parties. However, before we disclose personal data to a nonaffiliated party, we require them to agree to keep that information confidential and secure and to use it only as authorized by us. Also, we will only share your nonpublic information with nonaffiliated third parties where permitted by applicable law. All data shared with nonaffiliated service providers is kept to the minimum elements needed for the service provider to provide service.
CDI does not share, sell, or rent personal data with outside marketers.
Information about your CDI purchases are maintained in association with your profile account. The personal data that CDI collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, CDI engages third parties to mail information to you.
HOW WE PROTECT YOUR INFORMATION
To help protect your privacy and any personal data received by CDI, we maintain a comprehensive information security program designed, overseeing the security and confidentiality of your personal data, protecting it against threats or hazards to the security of such information, and preventing unauthorized access. This program includes:
- Procedures and specifications for administrative, technical and physical safeguards.
- Security procedures related to the processing, storage, retention and disposal of confidential information.
- Programs to detect, prevent and when necessary respond to attacks, intrusions or unauthorized access to confidential information.
- Restricting access to your personal data to employees who need to know that information to provide products and services to you, and appointing specific employees to oversee our information security program.
- Employee training programs to insure that all employees are trained regarding our information security program, the confidentiality of your information, and the laws applicable to the proper safeguarding and disposal of your personal data.
- Updating and testing our security technology on an ongoing basis.
- A commitment to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
However, we cannot and do not guarantee that unauthorized, inadvertent disclosure never may occur.
DISPOSAL OF BUSINESS RECORDS
CDI disposes of all business records containing personal data in accordance with applicable state and federal laws.
COMMUNICATIONS FROM CDI
Based upon any personal data you may provide to us, we may occasionally send you some or all of the following promotional communications:
- information on products, services, special deals, promotions
- CDI newsletters Out of respect for your privacy, we provide you a way to unsubscribe from these communications. Please see the “Choice and Opt-out” section.
In addition, however, based upon any personal data we receive from you as a result of an account you create or products or services you request from us, we also may occasionally send you some or all of the following:
- service-related announcements, on rare occasions when it is necessary to do so (for instance, if our service is temporarily suspended for maintenance, we might send you an email)
- communications in response to inquiries, service requests, and account management Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account, subject to any contractual obligations.
CHOICE AND OPT-OUT
If you no longer wish to receive any promotional communications from us, you may opt- out of receiving them by following the instructions included in each newsletter.
Log files are collected directly and indirectly by CDI, and your personal data may be stored with either approach.
Direct collection consists of the CDI website and email systems, which gather certain user information automatically, storing it in log files. This information may include, among other things, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, sending servers, operating system, date/time stamp, and clickstream data. We may use this information to analyze trends, to administer the site, to track users’ movements around the site, perform spam filtering, and to gather demographic information about our user base as a whole.
Indirect data collection may occur automatically through the services we provide to our customers, such as hosted email services, hosted application servers, and management of customer systems. This data is controlled by our customers, not by CDI, and is managed following their privacy policies.
We may use both session cookies and persistent cookies. A session cookie expires when you close your browser. We use session cookies to simplify your use of our site. A persistent cookie remains on your hard drive for an extended period of time. We may set a persistent cookie to store your identity, so you don’t have to enter your username and password more than once. We may also use persistent cookies to enable us to track and target the interests of our users and to enhance your experience on the website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
If you reject cookies, you may still use the website, but your ability to use some areas of the website, such as contests or surveys, may be limited.
OTHER SITES AND SERVICES
The website may contain links to other sites that are not owned or controlled by CDI. CDI is not responsible for the privacy practices of such other sites. Similarly, CDI provides services to customers who may hold a relationship with you separate from CDI. While CDI may process such data, CDI does not control it.
If you have concerns regarding the privacy practices of other sites, you should read the privacy statements available at those sites.
This privacy statement applies only to information collected by the CDI website and services that CDI controls.
TRANSFER OF CUSTOMER INFORMATION
Customer lists and other information provided to us are our business assets. If we merge with another entity or if we sell our assets to another entity, such information, including personal data provided us, may be included among the assets to be transferred.
To provide services to our customers, CDI may need to transfer personal data to a third party. Under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce, CDI shall remain liable if the third party improperly processes your personal data unless we prove that we are not responsible for the event giving rise to the damage.
TRANSFERRING PERSONAL DATA FROM THE EU TO THE US
CDI has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). CDI relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, CDI collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of CDI in a manner that does not outweigh your rights and freedoms. CDI endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with CDI and the practices described in this Data Privacy Statement. CDI also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
DATA SUBJECT RIGHTS
To the extent that GDPR applies to the processing of your personal data, this Data Privacy Statement is intended to provide you with information about what personal data CDI collects about you and how it is used. If you reside in the EU and your HR data exists on CDI’s systems, you have several rights regarding the limitation and use and disclosure of your personal data – ranging from how it is used in communications to how it is stored and accessed on our systems. If you have any questions, please contact us at [email protected].
If you wish to confirm that CDI is processing your personal data, or to access the personal data CDI may have about you, please contact us at [email protected].
SECURITY OF YOUR INFORMATION
To help protect the privacy of data and personally data you transmit through use of this Web site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
DATA STORAGE AND RETENTION
Your personal data is stored by CDI on its servers, and on the servers of the cloud-based database management services CDI engages, located in the United States. CDI retains data for the duration of the customer’s business relationship with CDI. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data protection officer at [email protected].
PROTECTION OF MINORS’ PERSONAL INFORMATION
Our products and services are primarily designed for adults. Anyone who is identified to be a minor customer under the laws of the country in which he or she is located must obtain the consent of his or her parents or guardians before using our products and services upon purchase.
We value the privacy protection of minors and encourage parents to always play an active role in their child’s online experience.
We are not responsible for how third-parties collect, use, share, transfer and protect user’s personal information, and cannot control how it is processed.
In compliance with the EU-U.S. DPF, CDI commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact CDI at [email protected]
In compliance with the EU-U.S. DPF, CDI has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your DPF Principles-related complaint to your satisfaction, please contact or visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
CHANGES IN THIS PRIVACY STATEMENT
We reserve the right to modify this privacy statement at any time, so please review it frequently.
If we decide to change our Privacy Statement, we will post those changes on the website so our users and investors are always aware of what information we collect, use and disclose. If at any point we decide to use or disclose personal data received from you in a manner different from that stated at the time it was collected, we will notify you in writing. We will otherwise use and disclose personal data in accordance with the Privacy Statement that was in effect when such information was collected.
We may e-mail periodic reminders of our notices and terms and conditions and will e-mail of material changes thereto, but you should check the Web site frequently to see the current Data Privacy Statement that is in effect and any changes that may have been made to it.
DATA PROTECTION OFFICER
CDI is headquartered in New York, in the United States. CDI has appointed an internal data protection officer for you to contact if you have any questions or concerns about the CDI’s personal data policies or practices. CDI’s data protection officer’s name and contact information are as follows:
Data Protection Officer
585 Colonial Park Drive
Roswell, GA 30075
EU-REPRESENTATIVE AND UK REPRESENTATIVE
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/13809481
PrighterGDPR-Rep is the Art 27 GDPR representative of Computer Design & Integration LLC
PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG
c/o Computer Design & Integration LLC
Please add the following subject to all correspondence: ID-13809481
PrighterUK-Rep is the Art 27 UK-GDPR representative of Computer Design & Integration LLC
PrighterUK-Rep by Prighter Ltd
c/o Computer Design & Integration LLC
Kemp House 160 City Road
London EC1V 2NX
Please add the following subject to all correspondence: ID-13809481
DATA PROTECTION AUTHORITY
CDI commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to European Union data subjects data transferred from the EU. Notwithstanding the generalities of the foregoing, CDI reserves its rights to defend itself or choose whether to implement any changes to its information security program or Data Privacy Statement requested by DPA, including, but not limited to, any such changes CDI reasonably believes are necessary or required by security or privacy requirements set forth in applicable data protection law or by a DPA of competent jurisdiction.
AVAILABILITY OF OUR PRIVACY STATEMENT
The most up-to-date Privacy Statement is posted on the website at www.cdillc.com/privacy-policy, or you may call us at 770-542-0001 to request a copy.