EU-U.S. Privacy Shield Privacy Statement
Cassidy Consulting Group (“C2G,” or “we”) make reasonable efforts to protect Personal Data transferred from the European Union (EU)/European Economic Area (EEA) to C2G’s operations in the United States (U.S.). This Privacy Statement sets forth the standards under which C2G will treat such Personal Data.
C2G’s participation in Privacy Shield is subject to investigation and enforcement by the Federal Trade Commission.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Data Subject” means an identified or identifiable natural person to whom any given Personal Data covered by this Privacy Statement refers. An identified or identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
“Personal Data” means information relating to a Data Subject.
“Processor” means a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of a Controller.
“Sensitive Personal Data” means Personal Data regarding any of the following:
Health or medical condition.
Racial or ethnic origin.
Religious or philosophical beliefs.
Trade union membership; or
“Third Party” is any natural or legal person, public authority, agency, or any other body other than the Data Subject, the Controller, the Processor, and the persons who, under the direct authority of the Controller or the Processor, are authorized to process the data.
SCOPE AND RESPONSIBILITY
This Privacy Statement applies to the collection, use, and disclosure in the U.S. of Personal Data of employees (current and former), dependents, beneficiaries, applicants, consultants, and contract workers transferred from countries in the EU/EEA to C2G’s operations in the U.S.
All employees of C2G that have access to such Personal Data in the U.S. are responsible for conducting themselves in accordance with this Privacy Statement. C2G employees responsible for engaging third parties to handle Personal Data covered by this Policy on behalf of C2G (e.g., temporary staff, independent contractors, sub-contractors, business partners, or vendors) are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Statement, including any applicable contractual assurances required by the Privacy Shield Principles.
Failure of a C2G employee to comply with this Privacy Statement may result in disciplinary action up to and including termination.
C2G complies with the following principles with respect to the Personal Data described in the “Scope and Responsibility” section of this Privacy Statement that is transferred from countries in the EU/EEA to C2G’s operations in the U.S.
C2G collects, uses, discloses, and disposes of Data Subjects’ Personal Data for human resource management and other business purposes, including:
Determining, evaluating, and implementing employment-related actions and obligations.
Designing, evaluating, and administering compensation, benefits, payroll, training, and other human resource programs.
Monitoring and evaluating employee conduct and performance.
Implementing security programs and policies.
Maintaining facility and employee security, health, and safety.
Collecting and conducting accounting, auditing, and financial transactions and analyses.
Collecting and storing customer information in compliance with our contractual and legal obligations.
Facilitating business communications, negotiations, and transactions.
Cooperating with law enforcement and other governmental agencies.
Candidates for Employment with Clients. C2G provides a wide variety of services and solutions to its business clients (“Clients”) that facilitate the selection, hiring, and internal mobility of individual candidates for specific employment (“Candidates”). In some instances, C2G may obtain access to Personal Data about such Candidates in the course of providing the services and solutions. In other specific instances, C2G may also obtain access to data about our clients’ existing employees or end users in the course of providing support services to the Clients (“End Users”). Such data may include contact details, work history, educational history, work preferences, and other information, depending on the particular Client and application at issue. Wherever we obtain access to Personal Data about Candidates or End Users, we are acting as a Processor on behalf of our clients, and we therefore conduct such activities strictly in accordance with their instructions and pursuant to our contractual arrangements with them. If you are a Candidate for employment with one of our clients, or an End User with an existing relationship with one of our clients, you should refer to the Client's website or human resources manager to understand the privacy practices that apply to Personal Data that we may maintain about you. Moreover, if you would like to access and review your Personal Data, you should contact our client (your potential or existing employer) with any such requests. We will cooperate as appropriate with requests from our clients to assist with such responses.
C2G may disclose Data Subjects’ Personal Data to third parties acting as its agent such as consultants, accountants, auditors, lawyers, benefit vendors, and financial services vendors for the purposes described above.
Data Subjects have the right to access Personal Data about them that C2G holds and will be able to correct, amend, or delete such Personal Data if they can demonstrate it is inaccurate (except when the burden or expense of providing access would be disproportionate to the risks to their privacy, or where the rights of persons other than Data Subjects would be violated). To request access to, correct, amend, or delete Personal Data, please contact C2G at: C2G Privacy Office (firstname.lastname@example.org).
C2G will notify Data Subjects before (a) disclosing their Personal Data to any Third-Party Controller or (b) using their Personal Data for a purpose that is materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized by the Data Subject. That notice will provide Data Subjects with instructions on how they can opt out of such disclosure or use. You may exercise your choice to opt out by contacting C2G at: C2G Privacy Office (email@example.com).
If C2G collects Sensitive Personal Data, C2G will not (a) disclose that information to a Third Party or (b) use that information for a purpose other than that for which the information originally was collected or subsequently authorized by the Data Subject, unless the Data Subject provides prior, explicit consent.
A Data Subject’s decision to opt out of, or refusal to consent to, a particular use or disclosure does not mean that Personal Data already collected will be erased or deleted or that C2G cannot continue to use or disclose the information already collected for the purpose(s) for which it originally was collected or subsequently authorized by the Data Subject or, with respect to non-Sensitive Personal Data, for compatible purposes.
Accountability for Onward Transfer
Except as otherwise explained in this Privacy Statement, C2G will transfer Personal Data only to (a) an entity that a Data Subject has specifically authorized to receive the data (and its designated representatives), or (b) Third Parties acting as C2G’s agents (e.g., service providers that help host or support C2G's web site, or that otherwise provide technical assistance). Furthermore, C2G will transfer Personal Data to such Third Parties only if the transfer is for limited and specified purposes and the Third Party will provide at least the same level of privacy protection as is required by this Privacy Statement and as applicable, the Privacy Shield Principles.
With respect to transfer to its agents, C2G will transfer only the Personal Data needed for an agent to deliver to C2G the requested product or service. The agent will be prohibited from using such Personal Data for any other purpose and will be required to maintain commercially reasonable security measures to protect the confidentiality and security of that Personal Data. C2G remains responsible under the Privacy Shield Principles if an agent processes Personal Data in a manner inconsistent with the principles, except where C2G is not responsible for the event giving rise to the damage.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, C2G is potentially liable.
C2G may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
C2G takes reasonable physical, technical, and organizational measures to protect the security of Data Subjects’ Personal Data. Such Personal Data is subject to restricted access in our offices. Only employees who need the information to perform a specific job are granted access to Personal Data. Furthermore, all employees are regularly informed about our security and privacy practices. When new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to protect our users' and customers' Personal Data. Finally, we maintain reasonable physical, technical, and organizational measures to make sure that the servers on which we store Personal Data are kept in an access restricted, physically secure, and monitored environment.
Data Integrity and Purpose Limitation
C2G collects only Personal Data that is necessary for the purposes described above and, with respect to non-Sensitive Personal Data, for compatible purposes. C2G takes reasonable steps to ensure that the Personal Data it collects is accurate, complete, current, and reliable for its intended use.
Recourse, Enforcement and Liability
C2G is subject to the investigatory and enforcement powers of the Federal Trade Commission.
C2G will periodically review and verify its compliance with the Privacy Shield Principles and remedy issues arising out of any failure to comply with those Principles.
In compliance with the EU-US Privacy Shield Principles, C2G commits to resolve complaints about your privacy and our collection or use of your personal information. Data Subjects with inquiries or complaints regarding C2G’s collection, use, disclosure, or transfer of their Personal Data should first contact C2G at: 15275 Collier Blvd Suite 201 Naples Florida 34119; Email: firstname.lastname@example.org; Telephone: 703-483-1991.
C2G has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY Shield, located in the United States and operated by BBB National Programs. If your inquiry or complaint does not involve human resource data and you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. This service is provided free of charge to you.
Should your complaint remain fully or partially unresolved after a review by C2G, BBB EU Privacy Shield and the relevant DPA, you may be able to, under certain conditions, seek arbitration before the Privacy Shield Panel. For more information, please visit https://www.privacyshield.gov.
Human Resources Data
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by C2G, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. C2G agrees to cooperate and comply with the decisions of the DPA Panel.
If you have any questions about this Privacy Statement, or if you would like to request access to Personal Data that we may maintain about you, please contact: C2G Privacy Office (email@example.com).
Effective Date: July 7, 2023