Recognition of a CRC Customer’s/Client’s Expectation of Privacy
CRC recognizes and respects the privacy expectations of its customers/clients and will take the steps necessary to protect the privacy of personally identifiable information (“PII”) collected via this Site. Specifically, PII refers to any information that uniquely identifies or can be used to uniquely identify, contact, or locate the person to whom such information pertains (PII does not include information that is collected anonymously. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of PII about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any special categories of PII about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Please note that where we need to collect PII by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Collection and Use of PII
CRC may collect, use and retain certain PII that you provide via this Site, and when you sign up for any CRC products or services, including conferences/seminars, webinars, or any other events hosted by CRC (collectively “events”), whether conducted in person, electronically or via conference telephone. PII may also be obtained via automated technologies or interactions or via third parties or publicly available sources. As stated above, such PII may include, without limitation, your name, your e-mail address, your company name, your title, your telephone number, and your physical address. Your credit card information may also be collected via this Site, including your credit card number, the credit card expiration date, the amount charged, and the conference or seminar that you are registering for. In all such cases, you choose whether to provide us with this PII.
In terms of using your PII, we will most commonly use your PII where we need to perform a contract we will enter into or have entered into with you, where it is necessary for our legitimate interests and fundamental rights do not override those interests, or where we need to comply with a legal obligation. In this context, Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your PII for our legitimate interests. We do not use your PII for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
We may also use any PII you provide to us via this Site to respond to any inquiries, feedback or requests submitted by you via this Site and to communicate with you in connection with our provision and offering of CRC products and services requested by you, including, without limitation, seminars and/or events registered by you. Your failure to provide us with the requested PII may result in our inability to respond to any such inquiries, feedback or requests and to communicate with you in connection with our provision and offering of products and services. We may use the anonymous information that we collect to improve the design and content of our Site and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze this Site’s usage.
We may disclose your PII in response to legal process – for example, in response to a court order or a subpoena. We also may disclose PII in response to a law enforcement agency’s request, or where we believe it is necessary to protect the confidentiality and security of our records pertaining to you, to limit our legal liability or to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or as otherwise required or permitted by law.
This Site is operated in the United States, in the State of Ohio. If you are located in the European Economic Area (EEA), Canada or elsewhere outside of the United States, please be aware that any information that you provide to us will be collected within the United States. By using our Site, participating in any of our services, purchasing any of our products, and/or registering for any of our seminars, events, and/or providing us with your PII, you consent to this transfer. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data to the United States.
If you unsure about the lawful ground for the processing of your PII, or are unsure about any of the above, please contact us if you need to know further details.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your PII to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing. We will get your express opt-in consent before we share your PII with any third party for marketing purposes.
We will only retain your PII for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your PII for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for PII, we consider the amount, nature and sensitivity of the PII, the potential risk of harm from unauthorized use or disclosure of your PII, the purposes for which we process your PII and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Information from Other Sources
We might receive PII about you from other sources. Any information received from other sources will be used and retained per the above statements.
Electronic (Cookies) and Non-PII Information Collected via this Site
Links to Third-Party Websites
Our Site may include links to other websites. If so, except to the extent that such third parties represent an affiliate and/or agent of ours and are using information provided by us solely to perform their duties and functions for us, we do not provide any PII to these third-party websites.
Your use of CRC’s “login” features, i.e., any features for which login is required (all of the foregoing, collectively, “Login-Enabled Features”) is pursuant to and governed by the terms and conditions of the applicable agreement(s) by and between you and CRC. You represent and warrant that you have all right, title and interest in and to any information, whether anonymous or PII, that you provide via the Login-Enabled Features. You agree to indemnify and hold harmless CRC, its affiliates and subsidiaries, if applicable, and its or their respective officers, directors, employees and agents, and each of them, against any loss, cost, damage, claim, expense or liability arising out of, as a result of, or in connection with your use or misuse of the Login-Enabled Features and/or any use by CRC of the information you provide via the Login-Enabled Features.
CRC’s Research, Warranty Disclaimers, and Limitation of Liability
Please be advised that you and/or your organization, if applicable, may not use CRC research or materials as a source for further publication. CRC’s research information is highly confidential and may not be further disseminated. By registering for CRC conference, seminars and/or events, and/or by purchasing or subscribing to CRC materials, you acknowledge that CRC’s research and materials are highly confidential, proprietary to CRC, and, in some cases, CRC’s protectable trade secrets – and that you will not republish such information.
YOU ACKNOWLEDGE THAT ANY MATERIALS, SERVICES, CONFERENCES, EVENTS, AND/OR SEMINARS PROTECTED BY CRC ARE PROVIDED “AS IS” AND WITHOUT WARRANTY OF ANY KIND. CRC EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CRC DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF CRC’S MATERIALS OR INFORMATION LEARNED IN CRC CONFERENCES, SEMINARS AND/OR EVENTS. YOU ACKNOWLEDGE THAT ANY USE OF CRC’S PRODUCTS OR INFORMATION LEARNED IN CRC CONFERENCES, SEMINARS AND/OR EVENTS IS AT YOUR OWN RISK. CRC SHALL NOT BE LIABILE TO YOU OR YOUR ORGANIZATION, IF APPLICABLE, FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OR LOST PROFITS, LOST FUNDING, LOST SAVINGS, OR FOR CLAIMS OF A THIRD PARTY, ARISING OUT OF YOUR USE OF CRC MATERIALS AND/OR ARISING OUT OF YOUR ATTENDANCE AT CRC CONFERENCES, SEMINARS AND/OR EVENTS.
This Site is not directed at children and we do not knowingly collect any PII from children under sixteen (16) years of age. If you are under sixteen (16) years of age, do not send any information about yourself to us. If we discover that a child under the age of sixteen (16) years has provided us with PII, we will use commercially reasonable efforts to delete that child’s PII from our system.
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit Privacy Information for California Residents found in Appendix A.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Limited Access to Information
CRC limits employee access to PII to those with a business reason to access such information. CRC educates these relevant employees so that they will understand the importance of confidentiality and privacy. Through this statement, CRC also speaks to all employees as to the safeguarding of collected PII. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
While we work to protect the security of your information by using a reasonable encryption technology that encrypts information you input, as well as physical, electronic, and managerial procedures as required by law and as we deem reasonable to safeguard and help to prevent unauthorized access, maintain data security, and correctly use the information we collect online, we cannot guarantee the security of any information that is disclosed by you via the Site. As a result, we make no warranty regarding the security of any information you transmit to us via this Site and you do so at your own risk. In addition, it is important for you to also protect against unauthorized access to your computer. Be sure to sign off when using a shared computer.
Notice and Revisions
Assignability; Governing Law
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
Effective January 1, 2020
(A) This Notice
This Privacy Notice for California Residents (“CCPA Notice”) supplements, and should be read in conjunction with, the information contained in our Privacy Notice above and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). CRC adopts this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this CCPA Notice.
This CCPA Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.
(B) Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, address, telephone number, driver’s license or state identification card number, employment, employment history, and bank account number. Some personal information included in this category may overlap with other categories.|
|Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.|
|Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.|
|Professional or employment-related information.||Current or past job history.|
(C) Use of Personal Information
In addition to all the stated uses of Personal Data set forth in Paragraph (G) of the Privacy Notice above, we may use or disclose your personal information for any purpose described to you when collecting your personal information or as otherwise set forth in the CCPA.
(D) Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- California Customer Records personal information categories.
- Commercial Information.
(E) Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B personal information.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfil the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us, such as future field campaigns or product safety issues.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at toll free at 800-283-1401
- Emailing us at firstname.lastname@example.org
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Your name
- Email Address
- Additional information depending upon the type of request and the sensitivity of the information.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.