Control Solutions, Inc. (“Control Solutions”) adheres to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (EU) to the United States of America. We recognize that the European Data Protection Directive (95/46/EC) generally restricts the transfer of personally identifiable information about individuals in the EU to the Unites States, unless there is “adequate protection” for such information when it is received in the United States. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (“Principles”) with respect to all such data. This statement outlines our general policy and practices for implementing the Principles, including the types of personal data the company gathers, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, the personal data relating to them. If there is any conflict between this statement and the Principles, the Principles will govern.
This policy applies to all personal data we handle, including on-line (except as noted below), off-line, and manually processed data. For purposes of this statement, “personal data” means information that:
- is transferred from EU to the United States
- is about, or pertains to, a specific individual
- can be linked to that individual
Principles Protecting Individuals Privacy Notice and Choice
We notify individuals about the personal data we collect from them, how we use it and how to contact us with privacy concerns. We provide such notice through this Statement, our engagement letters or other similar documents, and direct communication with individuals from whom we collect personal data. We collect and process personal data about Control Solutions personnel for the purpose of human resources administration and recruitment. We collect and process personal data about our clients and their personnel for the purpose of rendering professional services to our clients.
We collect personal data from individuals only as permitted by the Principles. Consent for personal data to be collected, used, and/or disclosed in certain ways (including opt-in consent for sensitive data) may be required in order for an individual to obtain or use our services. Such consent is provided through our engagement letters or other similar documents, as well as through employment agreements or other similar documents.
Disclosures and Transfers
We do not disclose an individual’s personal data to third parties, except when one or more of the following conditions is true:
- We have the individual’s permission to make the disclosure
- The disclosure is required by law, legal process or mandatory professional standards
- The disclosure is reasonably related to the sale or other disposition of all or part of our business
- The information in question in publicly available
- The disclosure is reasonable necessary for the establishment of legal claims
- The disclosure is to another Control Solutions entity or to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
- Is subject to law providing an adequate level of privacy protection
- has agreed in writing to provide an adequate level of privacy protection
- subscribes to the Principles
Permitted transfers of personal data, either to third parties or within Control Solutions include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal data may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the data originated. In such cases, we will take appropriate measures to protect personal data in accordance with the Principles.
Data, Security, Integrity, and Access
We employ various physical, electronic, and managerial measures, including education and training of our personnel, designed to provide personal information with reasonable protection from loss, misuse or unauthorized access, disclosure, alteration or destruction. Personal data collected or displayed through our website is protected in transit by our security processes. However, we cannot guarantee the security of information on or transmitted via the Internet.
We process personal data only in ways compatible with the purpose for which it was collected or authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal data is accurate, complete, current, and otherwise reliable with regard to its intended use.
If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. The individual will need to provide sufficient identifying information, such as name, address, birth date, and Social Security number. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Principles. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.
Accountability and Enforcement
Control Solutions has put in place mechanisms to verify our ongoing adherence to these privacy principles. We encourage individuals covered by this Policy to raise any concerns that they have about the way that we process their personal data by contacting us at the address below, and we will do our best to resolve them. We have also agreed to participate in the dispute resolution program provided by the American Arbitration Association.
Individuals may file a complaint with us in connection with our processing of their personal data under the Safe Harbor Principles. With respect to any dispute relating to this policy that cannot be resolved through our internal processes:
- If the dispute involves data collected in the context of an employment relationship, we will cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.
- If the dispute involves other types of data, individuals may pursue the matter by filing a claim with the American Arbitration Association.
- Personnel who violate our privacy policies will be subject to disciplinary process.
We may amend this policy from time to time consistent with the Principles of the Safe Harbor Agreement by posting a revised policy on this website, that replaces any former policies.
Information subject to Other Policies
We are committed to following the Principles for all personal data within the scope of the Safe Harbor Agreement. However, certain information is subject to policies of the company that may differ in some respects from the general policies set forth in this statement. Certain Control Solutions affiliate websites have their own privacy policies that apply to those websites.
Information relating to present or former Control Solutions personnel is subject to our policies concerning personnel data privacy.
Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or letters with the client, and applicable laws and professional standards. Adherence by Control Solutions to these privacy principles may be limited to the extent required to meet a legal, governmental, national security or public interest obligation.