CMA adheres to the Safe Harbor Framework as set forth by the U.S. Department of Commerce concerning the collection, use and retention of Personal Information from the European Union (EU) member countries and transfer of that data to the United States. CMA has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
CMA Technology Solutions (“CMA”) respects the privacy of its customers, business partners and employees and recognizes the need for appropriate protection and management of personal information provided. CMA, a U.S. based company, has made a decision to voluntarily participate in the U.S. – EU Safe Harbor and observe the data protection principles available to U.S. organizations under the European Commission’s directive on data protection. Should there be any conflict between the U.S. – EU Safe Harbor principles and this Policy, the Safe Harbor principles will prevail. This Policy outlines the general practices for implementing the requirements of Safe Harbor in connection with personal data that is transferred from the EEA to the U.S, including the types of information that is collected and transferred, how it is used, and the choices individuals located in the EEA have regarding the use of, and their ability to correct, that information.
For purpose of this Policy, the following definitions shall apply: “Agent” means any third party that collects and/or uses personal information provided by CMA to perform tasks on behalf of and under the instructions of CMA. Personal information means any information relating to an identified or identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that is anonymous or in circumstances where the individual is not readily identifiable. “Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or that concerns health matters or sexual orientation.
4.Processing of EEA personal data
CMA may from time to time process certain EEA personal information about customers, business partners, employees and candidates for employment, including information recorded on various media as well as electronic data.
CMA will use personal information concerning business partners and customers to provide customers and business partners with information and services and to help CMA personnel better understand the needs and interests of these business partners and/or customers. Specifically, CMA uses information to help customers and business partners complete a transaction or order, to facilitate communication, to deliver products/services, to bill for purchased products/services, and to provide ongoing service and support.
CMA may also share personal information with its service providers and suppliers for the sole purpose and only to the extent needed to support the customers’ business needs. Service providers and suppliers are required to keep confidential personal information received from CMA and may not use it for any purpose other than as originally intended. Third parties receiving personal information are required to apply the same level of privacy protection as contained in this Policy.
CMA complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. CMA has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement as listed and explained below. To learn more about the Safe Harbor program, please visit http://www.export.gov/safeharbor/.
Where CMA collects personal information directly from individuals in the EEA, it will inform these individuals about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which CMA discloses that information, and the choices and means, if any, CMA offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to CMA, or as soon as practicable thereafter, and in any event before CMA uses the information for a purpose other than that for which it was originally collected.
CMA will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, CMA will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. CMA will provide individuals with reasonable mechanisms to exercise their choices.
5.3.Onward Transfer to Agents
CMA will obtain assurances from its Agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: a written contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor principles, being subject to EU Data Protection Directive 95/46, Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding. Where CMA has knowledge that an Agent is using or disclosing personal information in a manner contrary to this Policy, CMA will take reasonable steps to prevent or stop the use or disclosure.
Upon request, CMA will grant individuals reasonable access to personal information that it holds about them. In addition, CMA will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. CMA may limit or deny access to personal information in circumstances in which providing access would be unreasonable burdensome or expensive, or as otherwise permitted by the Principles. Where warranted, CMA may charge a reasonable fee for access to personal information.
CMA will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
CMA will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). CMA will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the VP of Technical Services at the address given below. CMA will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. With respect to any complaints relating to this Policy that cannot be resolved through CMA’s internal processes, CMA has designated the American Arbitration Association as our independent recourse mechanism for investigation of unresolved complaints relating to our compliance with the Safe Harbor Privacy Framework. . In the event that it is determined that CMA did not comply with this Policy, CMA will take appropriate steps to address any adverse effects and to promote future compliance.
Questions or comments regarding this Policy should be submitted to CMA by mail or e-mail as follows:
CMA Technology Solutions
Vice President, Technical Services
8180 YMCA Plaza Dr.
Baton Rouge, LA 70422
8.Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor principles. Appropriate public notice will be given concerning such amendments.