ONLINE PRIVACY NOTICE
CSC has adopted this Privacy Notice in order to assure Users of our commitment and dedication to privacy. The following Privacy Notice applies to the Web site "www.csc.com" (Site). This Privacy Notice does not apply to information collected offline or via online sources other than www.csc.com. We invite you to visit the Site to search or browse without revealing personal information or registering with CSC, however, as we gather information about your usage or as you may choose to give CSC personal information via the Site, CSC will let you know how we will use such information and provide you with an option to opt out. With this notice, your continued use of the Site will indicate your agreement to this Privacy Notice.
Registration is not required to gain access to the Site. However, there are sections of the Site which do require a password to provide you with certain services, specific material and information.
Whether you register or not, when you visit the Site, some information such as your Internet Protocol (IP) address, Internet service provider, operating system, the service from which you arrived, the page you requested, the time and date of your visit, and potentially other site usage statistics will be collected automatically as part of the software processes of the Web page. This information itself does not personally identify you, but could potentially be linked with personal information that you provide CSC. These statistics allow CSC to analyze the effectiveness of its Site, make improvements where needed and potentially to market CSC's products and services to you. Generally, this information is kept as long as required to support the improvements of the Site and could be shared with our advisors, agents or other third parties.
Any time CSC collects information that you voluntarily submit, CSC will inform you why this information is being requested, how it is going to be used and to whom it may be disclosed. CSC may collect personal information from you including your name, phone number, Email address, or other information you choose to provide at various times, for example, when you complete an online form or request or participate in an online community. CSC uses the personal information it collects at this Site and from other sources to process your requests, provide online services, inform you of opportunities that CSC believes you might find interesting, and to understand your needs so that CSC can provide you with the highest quality of service.
EU - US Safe Harbor Privacy Statement
A Message to our Clients About EU-US Safe Harbor
The ruling last week by the European Court of Justice (ECJ) invalidating the long-standing Safe Harbor data protection framework between the US and the European Union (EU) has created uncertainty for companies in all industries. This communication is intended to summarize the relevant facts, explain the impact of the court's ruling on CSC, and highlight CSC's approach to privacy and data protection compliance.
- The Safe Harbor data protection framework was long ago agreed by the European Commission and the US Federal Trade Commission as a means to streamline and legitimize data transfers that international companies make between the US and EU member states. CSC began to certify Safe Harbor compliance in 2014 as an additional means to comply with the EU Directive 95/46/EC on the protection of personal data.
- On October 6, 2015 the European Court of Justice (ECJ) ruled "Safe Harbor" to be invalid.
- Advocates expect after a brief transition period, the national supervisory authorities will suspend personal data transfers that are legitimized on the basis of Safe Harbor alone.
Implications for CSC Clients
- CSC is well-positioned to carry on in compliance with EU and member state privacy and data protection law despite the recent Court ruling that invalidated the Safe Harbor framework.
- Safe Harbor compliance is only one of several strategies companies like CSC may choose to comply with EU and member state data protection laws. Companies may legitimize personal data transfers between US-EU by:
- Executing data transfer agreements which contain standard data protection contract terms required by EU law
- Implementing a system of "binding corporate rules" that are approved by EU and other data protection authorities
- Obtaining an individual's informed and freely given consent to a personal data transfer.
- Since long before CSC began in 2014 to certify compliance with the Safe Harbor framework, our strategy has been to execute and maintain data transfer agreements to legitimize our US-EU data transfers. These data transfer agreements continue in force today as the primary means by which CSC's transfer of personal data between the US and the European Union complies with EU privacy law. Our Safe Harbor certification has offered only supplemental assurances to clients who may have expected or required it.
- CSC's Privacy and Data Protection Office has determined that all client personal data transfers which are necessary for CSC to deliver its Cloud, Cybersecurity, Big Data, Applications, and Mobility services comply with EU and member state privacy legislation.
- The personal data of CSC clients and of client's customers located within the EU/Switzerland are today transferred solely in accordance with legally-valid data transfer agreements that incorporate the EU's standard contractual clauses.
- As always, CSC's Global Privacy and Data Protection Office continues to liaise with the relevant national data protection authorities and confer with our legal advisors in order to monitor and prepare the business for any additional changes in the privacy and data protection legal and regulatory landscape.
Privacy and Data Protection at CSC
At CSC our commitment to privacy goes beyond the minimum legal and regulatory requirements. We strive for "best in class" data protection and privacy management, which requires a sound data privacy governance structure and an effective data privacy compliance and best practices program to ensure CSC meets ever-changing and increasingly-complex regulatory standards and all contractually agreed privacy obligations.
CSC's Global Privacy and Data Protection Office has strategic and operational responsibility for this program, which is adequately resourced and appropriately organized to ensure the policies and compliance processes, technology and physical controls and security we rely upon to govern the collection, use, and transfer of personal data all over the world meets statutory and regulatory requirements. Therefore, CSC's approach is to coordinate the contribution of several corporate disciplines - including ethics and compliance, legal, human resources, and information security - to achieve our "best in class" data protection and privacy management objectives. Highlights of this approach include:
- Strong board and executive management commitment to CSC's CLEAR Values and a culture of compliance with policy and the law.
- Our CLEAR Values are the distinguishing hallmarks of CSC's performance and reputation. They inform our decisions and drive personal responsibility. CSC's CLEAR Values define a culture in which the way we achieve our objectives matters as much, if not more, than our results.
- CSC's Global Privacy and Data Protection Office (PDPO).
- Based in Germany, CSC's global PDPO is a well-resourced and qualified strategic compliance function that operates under the authority of CSC's global Ethics and Compliance Office.
- The PDPO is responsible and accountable to advise CSC's businesses on best practices in privacy compliance, and to develop policies, procedures, training, and risk assessment and monitoring programs that enable CSC to provide adequate levels of personal data protection for its clients and employees in all geographies and jurisdictions the world over.
- Compliance Policies, Standards, and Processes
- A strong, globally-applicable Privacy and Data Protection Policy which reflects the Generally Accepted Privacy Principles ("GAPP") applicable to the collection, use, and processing of personal data.
- Comprehensive and cohesive compliance standards, processes, and procedures, which ensure consistent privacy and data protection across all of CSC's legal entities and businesses.
- Employee Training and Awareness
- CSC takes a holistic approach to ensure privacy-aware employees throughout the employment lifecycle including new-hire instructions, annual awareness briefings, targeted training for high-risk populations, and periodic awareness messaging through newsletters and PDPO bulletins.
- Strong Risk Management Programs
- In light of the inherent exposures to CSC's operational and strategic goals, the company is committed to ensuring that risk, issue, and opportunity management (RIOM) is a core competency, and an integral part of CSC's business operations that supports and informs everyday decision making.
- The resources in both the Ethics and Compliance Office and its Privacy and Data Protection Office are integral parts of CSC's overall risk assessment program and posture, which includes internal and external audit and monitoring functions.
- With regular privacy risk assessments, the PDPO monitors emerging exposures and remediates weaknesses in an effort to constantly mature CSC's compliance capabilities.
- A consistent Privacy Impact Assessment program is carried out on new and changed services, systems, and processes, aiming to disclose potential issues before they become a problem.
- Formal data breach handling procedures and a robust 24/7 operated incident response center supplement regulatory and contractual notification requirements, enabling constant vigilance and readiness in case of a crisis.
- Strong, Collaborative Cross-Disciplinary Partnerships
- Inclusive of key internal stakeholders, including information and physical security, legal, human resources, and key business unit personnel without whom strict compliance with privacy laws is not possible.
- Flexible Service Delivery Model
- A strong and robust global service delivery model that is flexible enough to meet the privacy requirements of the highly sensitive, regulated, and classified data environments.
- Formal Dispute Resolution Mechanism
- A one-stop point of contact for our employees and clients for any privacy related matters regardless of the geography, business, or service including an independent external resource to resolve any privacy related disputes.
At any time, you may acquire more detailed privacy information and support from CSC's Privacy and Data Protection Office. If you have specific questions please feel free to send an email to email@example.com.
CSC is committed to resolve any complaints you may have in relation to your privacy and CSC's collection and use of your personal information. Please send any privacy related complaints or requests, including request for access to information to firstname.lastname@example.org.
Keeping Personal Information Secure
Security is a high priority for CSC and to protect the personal data you submit to this Site we have implemented appropriate organizational, technical and physical safeguards to prevent unauthorized access or disclosure. We require the same high standard of information security and information management of any third parties we share your data with.
Disclosures to Third Parties
CSC does not sell or rent your personal information to any third party, and will not do so without your knowledge and consent. CSC frequently uses the services of outside vendors, agents and advisors. We require these third parties to respect our privacy practices and not use your personal information for purposes other than to carry out our instructions. CSC may be obligated by mandatory law to disclose your personal information to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. CSC reserves the right to disclose personal information as necessary in an apparent emergency; as an asset in any sale to a third party of our company or a portion of its assets; or as necessary in order to mount a legal claim or defense.
CSC is not liable for any personal information that you submit to third parties or to any Web site linked to this Site.
The Site provides a capability for Users to submit their resumes to CSC via email. Any resume so received by CSC will be held in confidence and used only for the purpose of considering the submitting party for employment. Such information is not shared with third parties external to CSC domestic and international branches. Please see Career Source's Privacy Statement.
This Site is intended for adult use only. It is not intended for children, and CSC asks that minors not submit any personal information.
Certain features and services of www.csc.com - especially highly interactive features - may involve types of personal information and data handling that are not specifically discussed here in this general Privacy Notice. Rest assured that this notice applies wherever you go within www.csc.com. We may, however, provide additional privacy information at a particular feature or service so you can be better informed about CSC's practices, including how that service may be collecting and using your personal information and opportunities you may have to access and correct your information. Additional terms may also explain how this Privacy Notice applies to the particular feature or service.
CSC is a global organization with business units and subsidiaries operating worldwide. Any personal information that you provide when using the CSC Site, will be transferred between CSC business units, subsidiaries and affiliates for the purposes outlined in this Privacy Notice. This applies to all jurisdictions including the European Economic Area and by using the services provided you consent to the transfer of your personal information to CSC global entities for the limited purposes.
Changes to this Notice
CSC reserves the right to change this Privacy Notice from time to time and will provide a summary of any material changes that may affect how we process or use any personal information you previously gave CSC. Be sure to check this page periodically for updates.
CSC is committed to resolve any complaints you may have in relation to your privacy and CSC's collection and use of your personal information. Please send any privacy related complaints or requests to email@example.com.
If you have any questions about this Site, please Email the Web Master at firstname.lastname@example.org.
This policy is subject to a regular policy review process.
Last Updated: October 2015 to incorporate the European Court of Justice (ECJ) invalidating the long-standing Safe Harbor data protection framework.