The privacy principles in this policy are based on the Safe Harbor Principles:
Where CDA collects “Personal Data” directly from individuals in the EU, it will inform them about the type of “Personal Data” collected, the purposes for which it collects and uses the “Personal Data,” and the types of third parties to which CDA discloses or may disclose that information, and the choices and means, if any, CDA offers individuals for limiting the use and disclosure of their “Personal Data.” Notice will be provided in clear and conspicuous language when individuals are first asked to provide “Personal Data” to CDA, or as soon as practicable thereafter, and in any event before CDA uses or discloses the information for a purpose other than that for which it was originally collected. Where CDA receives “Personal Data” from the company’s subsidiaries, affiliates or other entities in the EU, the Company will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such “Personal Data” relates.
CDA will offer individuals the opportunity to choose (“opt out”) whether their “Personal Data” is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For “Sensitive Personal Data,” CDA will give individuals the opportunity to affirmatively and explicitly consent (“opt in”) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. CDA will provide individuals with reasonable mechanisms to exercise their choices.
C. Integrity of Data
CDA will use “Personal Data” only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. CDA will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
D. Transfers to Vendor Partners
On occasion, CDA will provide information stored on our servers to vendor partners, for the purpose of integrating with that vendor’s product or service offerings, e.g., to providers of insurance products that CDA employees have voluntary requested and agreed to purchase via payroll deduction. This integration is performed at the request of our vendor partner to further their business needs and to provide services or to improve those services. Data that is shared may include name, e-mail address, employee ID, address, Social Security Number, date of birth and other information; but CDA only transmits to these vendors data that is essential to the fulfillment of the product or service that the employee has voluntarily agreed to purchase. Contractual agreements are made between CDA and the vendor to whom the data is being transferred. CDA’s vendor partners are assumed to hold similar privacy standards as CDA When CDA becomes aware that a vendor is using or disclosing “Personal Data” or “Sensitive Personal Data” in a manner that is improper or that is contrary to this Safe Harbor Policy, CDA will take all reasonable measures to stop or prevent the use or disclosure of such data.
E. Access and Correction
Information that is stored about the users of CDA’s web site(s) is accessible and editable directly from within our web site(s). CDA permits users to edit, correct, or delete any information that they feel is inaccurate or incomplete. Should an individual not be able to access or correct this information, he or she should contact the Safe Harbor Officer listed at the bottom of this policy to obtain information about how to access and edit “Personal Data” or “Sensitive Personal Data” within the site. In the event that the individual still cannot access or correct their Personal Data, they may contact CDA through one of the communication methods described below.
F. Security of Information
CDA is committed to protecting the privacy of all of its employees and to ensuring the security and safety of employee information. CDA will take all reasonable precautions to protect all “Personal” and “Sensitive Personal” data in its possession from unauthorized access, loss, or misuse. This includes, but is not limited to, the use of 128-bit encryption technology, regularly scheduled backups of data, secured storage of all Sensitive Personal information and access limitations and restrictions to the servers and computers that contain such data.
G. Enforcement of Policy
CDA will conduct periodic audits of its relevant privacy practices to verify its compliance and adherence to this Safe Harbor Policy. Any employee or agent that CDA determines is in violation of this policy will be subject to corrective action including, but not limited to, fines, sanctions, criminal prosecution, and revocation of contract and/or termination of employment.
H. Resolution of Disputes
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to CDA’s Safe Harbor Officer at the address given below. CDA will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy. For complaints that cannot be resolved between CDA and the complainant, CDA has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.
I. Limitations on Application
CDA’s adherence to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule, or regulation. Web sites created by CDA may contain links to other Web sites. Please be aware that CDA is not responsible for the privacy practices of these web sites. CDA does not endorse them or make any representations about them or any information, services, products, or materials found on them. Users are strongly encouraged to read the privacy policies of any third-party sites accessed through links.