Home / Safe Harbor Policy
CSI Leasing, Inc.
The European Commission’s Directive 95/46/EC on Data Protection (“Directive”) went into effect in 1998 and sets standards for the security and transfer of personal data. This Directive prohibits the transfer of personal data to non‐EEA countries that do not meet the EU “adequacy” standard for privacy protection. The United States Department of Commerce and the EU developed a “Safe Harbor” framework which provides a means for U.S. organizations to comply with the Directive. The Safe Harbor contains a set of Principles that, when followed, permit an organization to certify that it provides adequate protection for the transfer of personal information from the EEA to the US for processing. CSI fully commits to follow the Safe Harbor Principles with respect to personal information received from the EEA.
Personal Information: The term “Personal Information” or “Information” means information that (1) is transferred from the EEA to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual. Personal Information does not include information that is encrypted or anonymized, or publicly available information that has not been combined with non‐public personal information.
Sensitive Personal Information: The term “Sensitive Personal Information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life.
CSI adheres to the seven Safe Harbor Privacy Principles set out below.
CSI and its affiliates will inform individuals about the purposes for which we collect and use personal information, the types of third parties to which we disclose the information, the choices job applicants, employees, customers, and others have for limiting the use and disclosure of their information and how to contact CSI about our practices concerning personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to CSI, or as soon as practicable thereafter, and in any event before CSI uses or discloses the information for a purpose other than for which it was originally collected.
In all cases, CSI will give an individual about whom sensitive personal information is being collected an affirmative choice to “opt in” and allow sensitive personal information to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual.
CSI will provide individuals with reasonable methods in order to exercise their choices.
CSI will not transfer or disclose an individual’s personal information to a non‐agent third party unless: (1) the individual about whom the personal information is being collected has consented to the transfer or disclosure; (2) the personal information is already publicly available; (3) the proposed transferee is certified compliant with the Safe Harbor or is subject to the Directive or another adequacy finding; or (4) the proposed transferee agrees in writing to provide at least the same level of privacy protection as is required by the relevant Safe Harbor Privacy Principles.
CSI may share personal information with its agents, employees or affiliates in connection with services that these individuals or entities perform for or with CSI. These agents, employees, or affiliates are restricted from using this data in any way unrelated to the services they provide to CSI and its affiliates.
CSI may also disclose personal information to third parties without notice: (1) if we are required to do so by law or legal process; (2) to law enforcement authorities or other government officials based on an enforceable government request or as may be required under applicable law; or (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Access and Correction
Upon request, CSI will grant individuals reasonable access to personal information that it holds about them. In addition, CSI will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. These requests can be made by contacting CSI or by calling the CSI affiliate in the country where you reside.
CSI shall take reasonable steps to protect information from loss, misuse, unauthorized access or disclosure, alteration and destruction. CSI has put in place appropriate physical, electronic and organizational measures to protect personal information from loss, misuse, unauthorized access or disclosure, alteration and destruction. CSI cannot guarantee the security of information on or transmitted via the internet.
CSI processes personal information only in ways that are compatible with the purpose for which the information was collected or subsequently authorized by the individual. CSI will take reasonable steps to ensure information is reliable and relevant for its intended use and remains accurate, complete and current.
CSI uses a self‐assessment approach to assure compliance with this Policy and periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, completely implemented, accessible and in conformity with the Privacy Principles. Should we determine that any employee of CSI has failed to adhere to the terms of this Policy, such employee may be subject to disciplinary action up to and including termination.
Any questions, concerns, or complaints regarding the use or disclosure of personal information should be directed to CSI as set forth below or to its affiliate located in the country in which you reside. CSI will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the Principles contained in this Policy.
For complaints that cannot be resolved between CSI and the complainant not involving EEA human resources information, CSI has agreed to participate in the dispute resolution procedures of JAMS pursuant to the Safe Harbor Principles.
For complaints that cannot be resolved between CSI and the complainant involving EEA human resources information, CSI agrees to cooperate in investigations by and comply with the advice of the European Data Protection Authorities.
This Policy may be amended from time to time consistent with the requirements of the Safe Harbor.
Information Subject to Other Policies
CSI is committed to following the Privacy Principles for all personal information within the scope of the Safe Harbor Agreement. However, certain information is subject to policies of CSI that may differ in some respects from the general policies set forth in this Policy.
Questions, comments or complaints regarding CSI’s Safe Harbor Policy or data collection and processing practices can be mailed or emailed to:
CSI LEASING, INC.
9990 Old Olive Street Road, Ste. 101
St. Louis, Missouri 63141
To learn more about the Safe Harbor program, and to view CSI Leasing’s certification, please visit http://www.export.gov/safeharbor/.