- What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Core Compliance complies with and is committed to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and to the rights of EU and UK individuals and Swiss individuals.
- By email: at email@example.com
- By post/mail: Core Compliance & Legal Services, Inc., 1350 Columbia Street, Suite 300, San Diego, CA 92101 USA, Attn: Privacy
Information Collection, Use, and Storage
Upon Visiting www.corecls.com
All visitors of our website are free to explore the Website without providing any Personal Information. When you visit the Website or register for any of our Subscription Services or Events, we request that you provide Personal Information about yourself, and we collect Navigational Information.
What is “Personal Information”
The term refers to any information that you voluntarily submit within our website that may identify you personally, which may include (but not limited to) contact information, such as your name, email address, company, job title, phone number, and any other information about you or your business. Personal Information can also include transaction history that was entered into the Website, as well as information that may be available on the internet (Facebook, LinkedIn, Twitter, Google, etc.) as well as information that may be acquired through numerous service providers.
Navigational Information is also included under the umbrella of Personal Information, due to its ability to directly or indirectly identify the user. Navigational Information references the information about your computer and your visits to this Website. For example, IP address, browser type, referral source, page visited and length of visit.
Log Files and Visit Information
When using our services or viewing content provided by CORE COMPLIANCE, we will automatically collect information about your computer and software. This includes, but not limited to, browser, domain names, IP address, Internet Service Provider (ISP), the files viewed, operating system, clickstream, etc. This information is applied to the Subscription Service provided by CORE COMPLIANCE, to not only maintain quality, but to also provide general usage statistics. For these purposes only, we link the automatically collected data to Personal Information records.
We Will Never Sell Your Personal Information
We will not sell or rent this information to have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
Use of Personal Information
- to respond to you regarding the reason you contacted us;
- improve your browsing experience by improving the Website and Subscription Services;
- send information or CORE COMPLIANCE content to you that we this may be of interest to you by email or other means, as well as marketing communications that relate to CORE COMPLIANCE Services;
- promote the use of our services to you and share content with you in, referencing your communication preferences;
- to meet legal requirements.
We may, on occasion, contact you on behalf of our external business partners about offerings that may be of interest. In those instances, we do not transfer your Personal Information to the third-party.
Information gathered through our Subscription Service by our customers are for the following purposes:
- to provide the Subscription Service (which may include the detection, prevention and resolution of security and technical issues);
- to respond to customer support requests; and
- otherwise, to fulfill the obligations under our Terms of Service.
Legal basis processing of Personal Information (EEA only)
If we do request you provide Personal Information to comply with legal requirements or to preform contract, we will make this clear at the appropriate time and advise you is your Personal Information is mandatory (as well as consequences is you fail to comply). Alike the situation, if we collect and use your Person Information outside of legal requirement or contract performance (such as legitimate third-party interest), we will clearly disclose the legitimate interest for the communication.
Use of Navigational Information
Our use of Navigational Information is mainly used to operate and improve the Website’s functionality and Subscription Service. On occasion we may collect your Navigational Information in combination with Personal Information to best provide you with personalized information, contracts/agreements, or service.
Security of your Personal Information
We have implemented numerous security technologies, measures and procedures to protect your Personal Information from unauthorized access, use or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures.
Social Media Features
We offer our visitors an accessible forum for commenting through message boards and/or blog comments. We urge users to keep in mind that sharing or directly disclosing any Personal Information on public messaging boards may be collected and used by others. CORE COMPLIANCE will attempt to correct and or delete any information posted to the Website as requested. This also applies within the “Opting Out/Unsubscribing” portion below.
Retention of Personal Information
We reserve the right to retain the information we collect, depending on the type of information recorded. At a certain point (upon CORE COMPLIANCE discretion), we will attempt a regular review of data, where we will either delete or anonymize your information. If this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, if it is required to contact you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
We will delete this information from the servers at an earlier date if you so request.
By participating in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Core Compliance is committed to these frameworks and to the rights of EU, UK, and Swiss individuals.
Sharing Information that We Collect
Who we Share the Information With
In the rare occasion that Core Compliance does share the information gathered it would only be with a limited third-party and you would be notified via email and/or a prominent notice on our Website upon a completion of any form. In this event, the third parties that receive this information would be as follows:
- A co-sponsor of any online or in-person Core Compliance event you may attend, wish to attend, and/or register; and/or
- A panelist or speaker for an online or in-person Core Compliance event you may attend, wish to attend, and/or register.
If Core Compliance (or our assets) is acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Core Compliance on the Websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights; protect your safety or the safety of others; investigate fraud; the possibility -under certain conditions, for the individual to invoke binding arbitration; or comply with a law, court order, or legal process.
Core Compliance uses the Subscription Service to build webpages, content deliverables, and best analyze the Website, usage, and services. We control and are responsible for correcting, deleting, or updating information we have collected from you using the Subscription Service. If requested to remove data, we will respond within a reasonable timeframe. We may work with our service partners to help provide notice to visitors about data collection, processing, and usage. We are prohibited from using our Subscription Service to collect, manage, or process Sensitive Information.
If you request to no longer be contacted within our Subscription Service, please contact Core Compliance directly.
EU-US Data Privacy Framework, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Notice
With respect to personal data received or transferred pursuant to the Data Privacy Framework Program, Core Compliance is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF Principles, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
This policy states how Core Compliance collects, uses, shares, and secures the personal information it obtains and subsequently transfers to our third-party suppliers under the Data Privacy Framework Principles including personal data from the EU, UK, and Switzerland as well as the onward transfer liability provisions.
In certain situations, Core Compliance may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Core Compliance’s accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the DPF Principles. In particular, Core Compliance remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the principles, unless Core Compliance proves that it is not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Principles, Core Compliance commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF. European Union, UK, and Swiss individuals with DPF inquiries or complaints should first contact Core Compliance by email at firstname.lastname@example.org or via post at:
Core Compliance & Legal Services, Inc.,
1350 Columbia Street, Suite 300,
San Diego, CA 92101 USA,
Attn: Privacy Complaint
Core Compliance has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated in the United States by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Also, Core Compliance is committed to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities regarding human resources data transferred from the EU in the context of the employment relationship.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Core Compliance commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Cookies & Other Technology
If you have elected to receive marketing communications from us, we retain data regarding your marketing preferences for a reasonable period from the date you last expressed interest in our content, or services, such as when you last opened an email from us or opted out of our communications. We retain information derived from cookies and other tracking technologies for a reasonable period from the date such information was created.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Effective Date: November 2019
Recertified: October 2023