CPA Global North America
LLC Privacy Shield Policy

CPA Global North America complies with both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.  CPA Global North America has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. 

Introduction

CPA Global is the world’s leading intellectual property (IP) management and Technology Company. Protecting personal data is important to CPA Global. CPA Global, North America LLC and its United States affiliates: CPA Global Support Services LLC; CPA US Holdings Inc; CPA Global (Landon IP) Inc; CPA Global (First to File) Inc; CPA Global (Foundation IP) LLC, Innography Inc; CPA Global (Ipendo) Inc; CPA Software Solutions (North America) Ltd.; CPA Global Patent Research LLC; Patent Resources Group Inc; Markpro US LLC (hereinafter collectively referred to as “CPA Global,” “we,” “us,” or “our”) comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. CPA Global has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit privacyshield.gov

This Privacy Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Privacy Policy applies to all personal information, whether in electronic, paper, or verbal format, received by CPA Global directly from individuals in the EU and Switzerland.

Definitions

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Personal Information” or “Information” means information that (1) is transferred from the EU or Switzerland to the US; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual’s health.

Provisions

NOTICE

CPA Global processes Personal Information that comes into our possession through electronic methods (website form, email, FTP sites), by accessing the Personal Information internally on source repositories such as our Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), document databases, billing platforms, or via other technology.

Types of Data Collected

CPA Global are a business to business (B2B) service provider with limited contact with consumers, therefore we will only collect and process a limited amount of personal data for the purposes stated in the ‘Purpose of Data Use’ section below.  Where it concerns existing and prospective business customers, vendors and suppliers, typical categories of data relating to their employees that we will collect include; full names, postal addresses, email address, telephone number, job title and opinions on services provided as well as satisfaction levels.  With regards to employees, contractors and temporary workers, only personal data required to manage and administer their employment with us will be collected and processed.

Personal Data Collected Via Technology

To make web based software products and related services more useful to our clients, our servers (usually hosted by a third party service provider) collect Personal Information, including browser type, Internet Protocol (IP) address (a number that is automatically assigned to a computer when it uses the Internet, which may vary from session to session), domain name, and/or a date/time stamp for use by those web based software products. We also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of the visit, as well as the solutions and information for which our clients search and view. We automatically gather this Personal Information and store it in log files each time a person visits our website or accesses his or her account on our network. “Cookies” are small pieces of information that a website sends to a visitor’s computer’s hard drive while the visitor is viewing a web site. We may use both session Cookies (which expire once the visitor closes the web browser) and persistent Cookies (which stay on visitor’s computer until the visitor deletes them) to provide clients with a more personal and interactive experience on our website. Persistent Cookies can be removed by following Internet browser help file directions. If a visitor chooses to disable Cookies, some areas of our website may not work properly.  Please refer to our Cookie Notice for further information.

Purpose of Data Use

CPA Global processes Personal Information for clients, employees, and vendors for various business related purposes that most frequently support clients’ use of our products and services, enable us to manage employees, or adhere to multinational regulations where we conduct business. Examples of the type of activities that support these objectives include client account management, sales support, software support, client issue resolution, compensation analysis, third party risk management and personnel management and administration.

Feedback

If you provide us with feedback on any of our products or related, we may use such feedback for any purpose, however, we will not associate such feedback with your Personal Information (i.e. we will anonymise the data where possible). CPA Global will collect any information contained in such communication and will treat the Personal Information therein in accordance with this Privacy Policy.

CHOICE

CPA Global will offer individuals the opportunity to (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company will not disclose Personal or Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive personal information, CPA Global will obtain your affirmative express consent (opt in) if such information is to be disclosed to (i) a third party, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorised by you through the opt-in choice.  CPA Global will treat as sensitive, any Personal Information received from a third party where the third party identifies and treats it as sensitive.

ACCOUNTABILITY FOR ONWARD TRANSFERS

In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the Privacy Shield Frameworks, CPA Global is potentially liable.  Except as otherwise stated in this policy, we do not generally share the Personal Information collected from our services with other entities. However, we may be required to share Personal Information if we believe in good faith that such disclosure is necessary; (a)(i) to comply with relevant laws or to respond to subpoenas or warrants served on CPA Global; (a)(ii) in response to a lawful request by public authorities, including to meet national security or law enforcement requirements (b) protect or defend the rights or property of CPA Global or users of CPA Global’s products or services; or (c) to support our business objectives described in the ‘Purpose of Data Use section’ above.

CPA Global may transfer personal information to a third party acting as a controller in accordance with the Notice and Choice Principles above.  CPA Global will enter into a contract with the third party controller that provides that; such data will only be processed for the limited and specified purposes consistent with the consent you have provided, that the third party will provide the same level of protection as the Principles and will notify CPA Global it if makes a determination that it can no longer meet its obligations.  Such contract will provide that if such a determination is made, the third party controller will cease processing or take reasonable and appropriate steps to remediate.

When transferring personal data to third party contractors or service providers (i.e. ‘agents’) that may be selected to support the business objectives described in the Purpose of Data Use section of this policy, CPA Global will (1) transfer such data only for limited and specified purposes; (2) obligate the agent to provide at least the same level of privacy protection as is required by the Principals; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with CPA Global’s obligations under the Principles; (4) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (5) upon notice; including under point (4), take reasonable and appropriate steps to stop and remediate unauthorised processing; and (6) provide a summary or a representative copy of the relevant privacy provisions of our contract with our agent to the Department of Commerce upon request.

SECURITY

CPA Global is committed to protecting the security of our data subject’s Personal Information. Therefore, we have implemented reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Such measures include a variety of industry-standard security technologies and procedures, such as policies restricting access to Information to authorized personnel, mechanisms to protect Information from interception during transmission, physical safeguards to protect Information stored in electronic or hard copy form, and training, reviews and audits of our security and operational procedures.

DATA INTEGRITY AND PURPOSE LIMITATION

CPA Global shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, CPA Global shall take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.

CPA Global will take reasonable and appropriate measures to only retain personal information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the previous paragraph.

ACCESS

Individuals have the right to access and change any of their Personal Information, and may do so by contacting their CPA Global’s Compliance Group, company contact or Human Resources (HR) representative. Individuals may correct, amend, or delete inaccurate Information or information processed in violation of these Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may request deletion of their Personal Information by us, but please note that we may be required (by law or otherwise) to keep this Information and not delete it (or to keep this Information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). When we delete any Information, it will be deleted from the active database, but may remain in our archives.

RECOURSE, ENFORCEMENT & LIABILITY

CPA Global uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the Principles. Accordingly, CPA Global is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

We encourage interested persons to raise any concerns using the contact information provided. We will investigate and attempt to resolve any complaints and disputes regarding collection, use, or disclosure of Personal Information in accordance with the Principles.  European Union or Swiss individuals with inquiries, comments, or complaints regarding this Privacy Policy or data collection and processing practices should first contact CPA Global using the following details:

Attention: The Data Privacy Officer
Subject: Privacy Shield [Query] OR [Complaint] (Select the relevant option)
Compliance@cpaglobal.com

CPA Global has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. CPA Global agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield Frameworks. We will post any revisions to this policy on our website.

Information Subject to Other Policies

CPA Global is committed to following the Principles for all Personal Information within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of CPA Global that may differ from the general policies set forth in this privacy policy.