A Note to Consumers about US Privacy Regulations & GDPR
Cross Country Computer (CCC) takes privacy and security very seriously. We understand that some consumers may visit our website to understand our position regarding US Privacy Regulations and the European Union’s General Data Protection Regulation (GDPR), with which we are compliant. The following section is written as if we are explaining to a consumer what we do, how we do it and what that consumer can do to best resolve their inquiry.
CCC does not collect personal information about consumers aside from a small list of professional business contacts that our own new business development team maintains to send infrequent communications about our own company’s news and hours of operation. All CCC emails to this group include proper opt-out links.
In accordance with the various privacy laws, CCC is generally considered a Service Provider. Many of our clients send us some of their own customers and prospects so that we can help them understand and grow their business. This can include using programs to match name and address information to remove duplicates so that our client can send you a catalog or other offer promoting products that they believe you may be interested in. In this regard, we do handle and transmit consumer Personally Identifiable Information (PII), typically including your name, address and sometimes your email. CCC does not design the mail piece or print the mail sent. Neither does CCC take or fulfill the resulting orders, process physical returns or handle customer service calls. Importantly, we do not require or encourage clients to provide us with credit card numbers or bank account information because we do not process payments. Meaning, we only handle a subset of the data so that we can provide our portion of the services to our clients.
Any of your consumer opt-out or privacy requests must be sent directly to our clients – the company name associated with the mail or email that you received. Our client contracts generally prevent us from taking direction from anyone other than them. This is why our clients need to send us your request themselves. Depending on the nature of your request, our client may also need to remove your record from their own internal systems to avoid sending it to CCC again. In the event that you as a consumer contact CCC directly, then to help you we may request information on the specific promotion you received so that we can attempt to put you in touch with the right person at the proper company.
Sometimes a consumer (like you) may call the company that sent you a catalog and someone at that company may give you our name or number to call. While the person that you communicated with was likely well-intentioned, they just may not have realized that someone in their own organization has to be the one to contact us with the request (again, because we can’t act on your consumer request directly).
Once we receive a request from our client, if our client asks us to change your preferences or identify and remove or correct data, then we make a best effort to do so using commercially reasonable techniques. If the information that we are being asked to change or remove is not sent to us in a manner similar to how we have it stored in our systems then it may not immediately be found. For example, maybe you have moved to a new address, or perhaps you used a different email when placing a prior order. If this happens, we take it seriously and will work hard with our client to resolve it. The more information you can provide to our client, the easier it will be.
Please note that it takes several months for a mailing to go from the planning stages to the execution and delivery stage. As a result, a request to be removed from a mailing list may take time in order to fully go into effect because campaigns can be in various stages of progression at any given time. There can also be cases where information exists on our backup systems and in those cases it ‘ages off’ in accordance with our normal and customary purge cycles. Consumers should contact the marketer again if a reasonable time has passed and you are still receiving mailings or emails.
Regarding European Union residents, the EU GDPR regulations set forth specific requirements. CCC does not provide products or services to EU citizens, but in connection with some of our client contracts CCC may handle a limited amount of data belonging to EU citizens. As a ‘service bureau’, CCC is considered a ‘Processor’, taking direction from our client who is considered the ‘Controller’. The ‘Controller’ tells CCC what to do and then in accordance with our contracts and within generally acceptable guidelines, CCC takes action to comply. Within our current client contracts, we offer to add terms so that we can help our clients satisfy their own GDPR obligations. For example, we agree to take appropriate measures to ensure security, cooperate with audits and help them allow consumers to manage their data rights. Because the GDPR framework has very strict guidelines, these representations allow us to comply with key US regulations as well.
Cross Country Computer Corp.
Attn: Data Privacy Officer
250 Carleton Avenue
East Islip, New York 11730