Skip to main content

Privacy and Cookies

Global CSC Privacy Notice

At CSC® we value your relationship and respect your trust.

CSC has updated this page in accordance with recent developments in the data privacy field and applicable privacy legislation.

The CSC Data Processing Protocol can be found here.

The CSC Sub-Processor List can be found here.

In this Privacy Notice, “CSC group”, "CSC", "we", "us", "our" means (as the context dictates) the Corporation Service Company, a corporation incorporated in the State of Delaware, under registration number 0101330 and/or the relevant CSC group company (which includes the Intertrust Group companies) that delivers services to you or otherwise handles your personal data as a controller.

We are a global business headquartered in the U.S. and our group companies deliver diverse services in accordance with local laws. If there is any conflict between the policies in this Privacy Notice and the Data Protection Legislation (as defined below), the Data Protection Legislation shall govern in respect of EU data subjects.

CSC is subject to the investigatory and enforcement authority of the United States Federal Trade Commission. Local group companies are supervised by, and accountable to, local data protection authorities (see more below).

About this Privacy Notice

In this Privacy Notice, references to "you" and "your" are references to a user of our websites https://www.cscglobal.com/cscglobal/home/ and/or https://www.intertrustgroup.com/ or our apps, an individual who submits a query to or does business with CSC in their personal or professional capacity, applies for a job via cscglobal.com/careers or other individuals whose Personal Data we obtain or control in the course of carrying on our commercial activities. Those individuals could be clients or prospective clients or their representatives, agents or appointees, or employees, directors, officers, or representatives of another organization with which we have a business or other relationship.

We are committed to protecting and respecting your privacy and handling your information in an open and transparent manner. This Privacy Notice explains how we handle and protect your personal data, how we gather this data, and how we manage this data to serve you. This Privacy Notice may be supplemented by local service line privacy policies or notices we provide from time to time alongside our business terms. We may change this Privacy Notice from time to time as the need arises to accurately reflect how we gather and manage your personal data.

All changes to this Privacy Notice will be effective upon posting to the websites https://www.cscglobal.com/cscglobal/home/ and / or https://www.intertrustgroup.com/legal/data-protection-and-privacy/ without any other notice to you, unless an alternative notice is required under law. This Privacy Notice is effective as of December 1, 2014 and was last updated on 1 March, 2024.

In this Privacy Notice the term "Data Protection Legislation" means the EU General Data Protection Regulation 2016/679 (“GDPR”); together with (where the context dictates) all other applicable legislation relating to privacy or data protection including the GDPR as incorporated into UK law by the UK European Union (Withdrawal) Act 2018 (“UK GDPR”), the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”), the Personal Information Protection Law of the People's Republic of China (“PIPL”), and Personal Data (Privacy) Ordinance of Hong Kong (“PDPO”).

This Privacy Notice also describes, in section 16, our information practices and the rights afforded to California residents under the California Consumer Privacy Act (Civ.Code 1798.100-.199) (“CCPA”).

1. What is Personal data?

"Personal data," where used in this Privacy Notice, shall mean any information or set of information that identifies an individual, or could be used by or on behalf of CSC to identify an individual, and shall include any data about an identified or identifiable individual that are within the scope of Data Protection Legislation and recorded in any form. Personal data does not include information which is anonymized. Personal information about California residents (“CCPA Personal Information”) is defined in section 16.

We may refer to your personal data as your information and may sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data.

2. Scope of this Privacy Notice

Except as otherwise provided herein, this Privacy Notice applies to personal data submitted to or collected by us for our service providing, through this website, CSC's various service applications and otherwise in connection with the carrying out of our business save that it does not apply when CSC act on behalf of its clients as processors. This Privacy Notice may be supplemented by service or group member specific privacy policies and notices provided alongside our business terms from time to time.

3. What information we collect, and why

CSC collects, uses, stores and transfers different kinds of personally identifiable information which can be grouped together as follows:

  • Identity Data: includes first name, last name, marital status, business or other title or role (employment status), date of birth, nationality, gender, source of wealth, and copies of identity documents (such as passport, national ID card, driver’s license, employee identification).

  • Contact Data: includes home or work address county details, email address and telephone numbers.

  • Purchase Data: includes payment information, purchase history, and your reviews and opinions about our products and services.

  • Marketing and Communications Data: includes your preferences in receiving marketing from CSC, your communication preferences, interests and engagement information.

  • Website and App Data: includes your IP address, your browser type and language and information about your visit to our website, including log files, the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

  • Device Data: includes information about the device which you use to access the website and our apps (as set out in more detail in section 4.2 below).

  • Compliance Data: includes, if legally required to collect such information, Know Your Customer / Anti Money Laundering information from relevant individuals, such as source of wealth, tax residency, details of shareholdings and other assets which are legally or beneficially owned by you, and details of people and organizations which may be connected to you.

  • Contract Information: includes information necessarily processed in a project or contractual relationship with CSC or voluntarily provided by a relevant individual such as personal data relating to orders placed, payments made, requests, and project milestones.

Some CSC services may require additional information which we will inform you of when we request such information.

4. How we collect your information

4.1 Information provided by you

CSC may collect or obtain personal data directly from you (for example by completing a form related to a service request or to a KYC procedure).

If you use one of our websites or apps, its various applications, or during our exchanges or otherwise in connection with our services, you may be required to provide Identity Data, Contact Data, Marketing and Communications Data, Contract Information, Compliance Data, as well as account number, service and product interest information, and intended use of services or products. In addition, you may choose to provide additional information relating to yourself or your companies to take advantage of different services available on our websites, apps or elsewhere.

We generally do not require you to provide sensitive personal data, such as that which reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health, biometrics or sexual orientation or life. To the extent you make sensitive personal data available to CSC, we would usually obtain your consent to CSC processing such personal data in accordance with this Privacy Notice save where any other legal grounds applied.

4.2. Information we collect about you

CSC may also collect or obtain personal data indirectly because other people give that Personal Data to us (for example your employer or adviser) or because it is publicly available.

We also periodically gather certain information about the device of website and app users with your consent where required under law where required or automatically and store it in log files. This information includes browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and click-stream data.

We collect information which your device transmits to connect to our websites and apps in order to identify the device which you use to log in to the restricted parts of our websites and apps, and to identify logins from new devices. This technique is known as "device fingerprinting" and we use it to keep your account and the services we provide to you or your employer secure. The data which we collect in this manner is comprised of information about your device display, your operating system, and your browser, namely the language settings of your browser and system, the fonts used by your system, the dimensions of your display, and the geolocation and time-zone of your device.

We also use "cookies" and similar technology to access or store information on your devices to help us make our sites – and the way you use it – better, as well as to provide you with online advertising which is relevant to you. Cookies mean that a website will remember you. They're small text files that sites transfer to your device (computer, phone, or tablet etc.). They improve website use and speed – for example by automatically filling in your name and address in text fields. There are more details in the section on our cookies policy below.

4.3. Children's information

We do not knowingly collect information from children under the age of 18 and we do not target our websites, apps or services to children under 18. Where CSC collects and processes personal data of minors as defined under applicable laws in the course of its service providing, the disclosing party hereby confirms that the consent of the minor’s guardian or a person with parental responsibility has been provided.

5. How we use your information

We may use the personal data we collect:

  • to provide you with information, goods, or services which you have requested;

  • to contact you in connection with support-related activities;

  • for planning, performing and managing our contractual relationships;

  • for compliance with statutory and regulatory obligations of CSC or internal policy requirements and the order of a competent court, as well as (but not limited to) accounting, commercial communications, know-your-customer and anti-money laundering requirements, general management of the services or customer relationship purposes;

  • to contact you in the event that we have announcements regarding our services, our websites, the applications within our websites or our apps;

  • for general research and development of our business;

  • to fulfill any other purpose for which you provided it;

  • for billing and collection purposes;

  • to analyze the use of our services and websites;

  • to secure the services which we provide to you or your employer;

  • in any other way we may describe when you provide the data;

  • in connection with services CSC receive from professional advisors, such as lawyers and consultants or other service providers either to execute CSC’s contractual obligations towards you or CSC’s clients or our business purposes;

  • to solve disputes, enforce our contractual agreements and to establish, exercise or defend legal claims; and/ or

  • for any other purpose with your consent.

We do not conduct automated decision-making including profiling.

We may also use your personal data to contact you about our own goods and services that may be of interest to you in line with your preferences and Data Protection Legislation.

If you do not want us to use your information in this way, or any of the ways described above, please contact us using the details below. You have certain rights, set out in sections 9 and 14 below.

6. Legal grounds for using your personal information

The law permits us to process your personal data in the way that it does because the processing is:

  • necessary for the purposes of the legitimate interests that we pursue, which are to run and administer our business, to ensure the security our services, to discharge our legal obligations to store and disclose information where necessary and to evaluate, develop and improve our services and market new and improved services; and/or

  • necessary for the performance of our contract to provide you with the services you have ordered; and/or

  • necessary in order to comply with a legal obligation to which we are subject.

7. Disclosure and transfer of your information

In some instances, we may be asked to disclose certain personal data pursuant to a court order, subpoena, search warrant, or law enforcement request. We may also disclose your information in order to enforce our terms of use or to protect the rights, property, or the personal safety of (in each case) us, our staff, customers, and others. In addition, we may disclose your information in order to permit us to pursue available remedies or limit the damages that we may sustain, to respond to an emergency, or in the event that we sell (or propose to sell) any property, business or assets, we may disclose your information to the prospective buyer under a confidentiality agreement, in which case we shall notify you as may be required pursuant to applicable legislation. Please note that CSC may be required to release an individual's personal information in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.

7.1. CSC affiliates and service providers

Subject to all applicable laws, each relevant CSC group company we may disclose your personal data on a need-to-know basis for the purposes described in this Privacy Notice to any other member of our company group to include those set out in Section 18 below.

Some CSC group companies may have their own websites and apps with their own unique privacy policies, tailored to the services they provide. We encourage you to read those privacy policies carefully when you visit those affiliated sites or receive their services.

From time to time, we may engage our affiliated entities or other carefully selected third parties to provide services on our behalf, such as legal advisors, accounting firms and information technology providers in particular to collect, process, and use your personal data as required to provide services to you. We may disclose your information to such service providers in compliance with applicable data protection law, and provided that they agree to use your information only for the purposes of providing the services. We will not disclose your personal data to a third party without complying with Data Protection Legislation requirements including those relating to notice and consent unless otherwise required by law.

When using third-party vendors or agents to which CSC intends to transfer personal data, CSC shall perform adequate due diligence to help ensure the security of such information, including ensuring that such third party has entered into a written agreement with CSC requiring the third party to provide at least the same level of privacy protection as is required by the Data Protection Legislation. CSC shall continue to be liable under the Data Protection Legislation if third parties to which CSC has transferred personal data for processing on CSC's behalf do so in a manner that is inconsistent with the Data Protection Legislation. However, CSC will not be liable if it can prove that it is not responsible for the event that caused damage.

7.2. Transfers overseas

The personal data we receive will be held on our computers and systems in the United States and the European Economic Area (EEA) and may be accessed by or given to our staff, one of our affiliates or carefully selected suppliers working in the United States or otherwise outside the EEA.

Where recipients are outside the EEA, we ensure that the recipient provides an adequate level of protection for your personal data or the transfer is otherwise permitted under applicable Data Protection Legislation, by methods including using standard contractual clauses, or by relying on a relevant adequacy decision by the European Commission or any other competent body. We undertake risk assessments for each type of transfer and will apply additional safeguards where the results of these assessments recommend such action.

Where you are a controller that shares personal data with us where we are also a controller, Module 1 of the standard contractual clauses contained in the annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and, where relevant, the International Data Transfer Addendum to the EU Standard Contractual Clauses issued by the ICO under s119A(1) of the Data Protection Act 2018, version B1.0, in force 21 March 2022, both as may be amended from time to time, shall be deemed to be incorporated into any arrangement in place between us.

8. Job Applicants

This section describes how the CSC group handles and protects the personal information of job applicants, i.e. through the online CSC careers website.

CSC processes the following types of personal data of job applicants:

  • Name, address, email address, telephone number and other contact information;

  • Date and place of birth;

  • Nationality;

  • Immigration, right-to-work and (tax) residence status;

  • Job-related information such as years of experience and work records;

  • Educational and training information;

  • Skills and competencies;

    • Name and contact details of references (please note that if you provide us with contact details of reference it is your responsibility to obtain consent from that individual before sending this information to us).

    • Any other personal information you choose to submit to us in connection with your application.

CSC use the personal data you provide for the purpose of carrying out our recruitment activities. The personal data will, inter alia, be used to assess qualifications, to verify the information and for communication purposes.

9. Opting Out

Where required by Data Protection Legislation, you will be given a choice when you provide us with your personal information to opt into certain uses we may intend to make of that information, such as sending you our newsletter, information or offers containing updated information about us, our goods, services, and promotions. You may also be asked if you would like to receive marketing from third-party organizations. You will be able to indicate your consent to each specific proposed use by checking the relevant box to opt in. We will not send you direct marketing or pass your details to third parties for the purpose of them sending you direct marketing, without your consent.

You also have the option of "unsubscribing" from our mailing list for newsletters, alerts, and updates at any time, thereby disabling any further such e-mail communication from being sent to you.

Details of how to unsubscribe will be included on each electronic mailing we send you. Alternatively, just send an email to onlinemarketing@cscglobal.com with "URGENT – UNSUBSCRIBE REQUEST" in the subject line and the email address that you wish to be removed from the email.

We will action any opt out request from you without delay, and in any event within one month.

10. Website links to other sites

For your convenience, our websites and apps may contain links to websites that are owned or operated by third parties not affiliated with CSC. We can make no promises or guarantees regarding personal data collection or privacy practices on websites that are not owned or operated by CSC. We strongly suggest that you review each such third parties' privacy policies before providing any personal data to them. These other sites may send their own cookies to users, collect data, or solicit personal data. You should contact these entities directly if you have any questions about their use of the information that they collect.

11. Steps we take to ensure your privacy

The security of your personal data is important to us. We use generally accepted, industry standard tools and techniques to protect your personal data against unauthorized disclosure. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

11.1. Perimeter security

We use firewalls to secure the perimeter of our information network and monitor our systems regularly.

11.2. Data security

An authentication and authorization mechanism based on (i) user identification (ID) and password, and (ii) device identification, is used to restrict access to information on CSC's websites and apps. Each authenticated user only has access to the information that he or she is authorized to use. We use physical, administrative, and technical procedures to limit access to personal information.

We identify devices through the use of device fingerprinting. A description of the data which we collect for this purpose can be found in section 4.2 of this policy.

11.3. Transaction security

All personal data exchanged between our servers and your web browser is encrypted using Secure Sockets Layer.

12. Social engineering (our employees)

All of our employees are made aware of and reminded of our Confidentiality of Client Information Policy regularly and must acknowledge that they have received and read it.

13. Steps you can take to ensure your privacy

Remember that you play a vital role in ensuring the security of your information on our websites and the applications within. Here are a few steps you can take to maintain the privacy of your information:

13.1. Managing your personal data

Registration for access to our websites requires that you provide personal data (including name, company name, company address, including city, state, country, ZIP code, company email address, and company phone number). It is your responsibility to make sure this information is accurate and current. If your personal data changes, you should update it by logging into the sites and visiting the account detail pages or by contacting us using the contact details above. If you require assistance with updating this information, you may contact our staff twenty-four hours a day, seven days a week, at +1 (302) 636-5400 X 68952 or your local office.

We will process all information update requests in a timely manner.

13.2. Safeguard passwords

You should take the necessary precautions to safeguard your user ID and password to prevent unauthorized access to your personal data stored on our websites and the applications within. If you feel that your user ID and password have been compromised, access our website and reset your password or contact our Technical Support staff immediately twenty-four hours a day, seven days a week, at: +1 (302) 636-5400 X 68952 or your local office.

13.3. Erase temporary files

Any information you entered during your session may be temporarily stored in the memory storage area of your computer. Closing the browser will erase this information if you have your browser set to automatically erase temporary files when it is closed.

13.4. Use of a firewall

Consider using a firewall to help prevent unauthorized access to your network or personal computer, especially if you are using a DSL or cable modem to access the internet.

14. Your rights in relation to your personal information

At any time, you have the right:

  • to be informed about the processing of your personal data (i.e. for what purposes, what types of personal data, to what recipients it is disclosed, storage periods, any third-party sources from it was obtained, data transfers outside the EEA and UK, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance, and envisaged consequences);

  • to request access to or a copy of any personal data which we hold about you;

  • to rectification of your personal data, if you consider that it is inaccurate;

  • to ask us to delete your personal data, if you consider that we do not have the right to hold it;

  • to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);

  • to ask us to stop or start sending you marketing messages (e.g. our newsletter) at any time by using the below contact details;

  • to restrict processing of your personal data;

  • to data portability (moving some of your personal data elsewhere) in certain circumstances;

  • to object to your personal data being processed in certain circumstances; and

  • to not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.

In addition, you have the right to make a complaint to your local supervisory authority with respect to the way CSC is processing your personal data or the way CSC handles your rights.

Individuals wishing to access their personal information can do so in writing or may request it orally twenty-four hours a day, seven days a week, by contacting CSC's Data Protection Officer directly at DPO@cscglobal.com or calling +1 (302) 636-5400 X 68952. CSC will endeavor to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.

If you wish to exercise any of the other rights detailed above please contact us at DPO@cscglobal.com.

We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.

We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change.

If you wish to exercise any of the other rights detailed above please contact us at DPO@cscglobal.com or if you require additional assistance you may contact our staff twenty-four hours a day, seven days a week, at: Phone: +1 (302) 636-5400 X 69852 or your local office.

15. Suspected or known security events

CSC users who report suspected or known security events that may jeopardize the confidentiality, integrity, or availability of CSC information, information systems, and/or information processing facilities shall not be retaliated against, intimidated, or otherwise prevented or harassed for making such a report.

16. How long we keep your information

We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal or contractual obligation to which we are subject, exercise or defense of legal claims, and where we have a legitimate interest for doing so. This will involve us regularly reviewing our purposes or files to check that information is accurate, up-to-date and still required.

We may send you direct marketing communications and retain your contact information as necessary for this purpose, (provided that we are entitled to send you these, and for as long as you do not unsubscribe from receiving the same from us.

17. California Consumer Privacy Act Rights

The CCPA provides California residents with rights with respect to CCPA Personal Information. “CCPA Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. The information practices described in this section include CCPA Personal Information we receive either online or off-line in any format.

17.1. As of January 1, 2020, verified California residents will have the right:

  • to request and receive disclosure of our CCPA Personal Information collection practices during the prior 12 months, including the categories of CCPA Personal Information we collect, the categories of sources of such information, our business purpose for collecting o sharing such information, and the categories of third parties with whom we share such information.

  • to request and receive a copy of the CCPA Personal Information we have collected about them during the prior 12 months.

  • to request and receive disclosure of our information sale practices during the prior 12 months, including a list of the categories of CCPA Personal Information disclosed for monetary or other valuable consideration and the categories of third-party recipients and a list of the categories of CCPA Personal Information that we disclosed for a business purpose and the categories of third-party recipients.

  • to request that we not sell CCPA Personal Information about them and

  • to request that we delete (and direct our service providers to delete) their CCPA Personal Information subject to certain exceptions.

We will not discriminate against you as a result of your exercise of any of these rights.

17.2. Making Requests

In order to make a request for disclosure California residents may contact us at DPO@cscglobal.com or if you require additional assistance you may contact our Customer Service staff from 8:00 a.m. to 8:00 p.m. U.S. Eastern Time, Monday through Friday, at: Phone: +1 (800) 927-9800. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected CCPA Personal Information) and will use that information only for that purpose. We cannot respond to your request or provide you with disclosures if we cannot verify your identity and confirm that the CCPA Personal Information we hold relates to you.

You may make a request up to twice within a 12-month period. We will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

If you are over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here. We do not sell personal information of individuals we actually know are less than 16 years of age. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorize personal information sales.

17.3. Information Collection, Use and Disclosure

The information practices described below include information collected from our site visitors, registered users, employees, vendors, suppliers, and any other person that interacts with us either online or offline. Not all types of information are collected about all people interacting with us. For instance, we may collect different information from applicants for employment than we do from our customers.

17.3.1. Our Collection of CCPA Personal Information during the past 12 months

We may have collected the following categories of information directly from you: information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from third parties : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing. We may have collected the following categories of information from our own observations : information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information), protected classification information (like race, gender, ethnicity, etc.), commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.

17.3.2. Our use and disclosure of CCPA Personal Information during the past 12 months

We have used the collected information for the purposes set forth in Section 5 above.

We may have disclosed the following categories of information in order to conduct our business operations and for our business purposes (for instance providing services to you, completing transactions, managing employees and vendors, security, quality control, marketing and analytics): information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.

We do not provide your data to third parties in exchange for monetary consideration but during the past 12 months we may have disclosed data to certain third parties that provide us with services such as data analysis and security information, which may fall under the definition of “consideration” and therefore be deemed a “sale” under the CCPA. We have disclosed the following categories of information to third parties for valuable (but not monetary) consideration: information protected against security breaches, protected classification information, commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, and inferences from the foregoing.

18. Contact details and independent recourse mechanism

Any questions, complaints, access requests, and any other issues arising under the Data Protection Legislation should be directed first to CSC's Data Protection Officer at DPO@cscglobal.com.

CSC commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Notice should first contact CSC at DPO@cscglobal.com.

If your complaint is not satisfactorily addressed by CSC, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, the data protection authority (“DPA”) in your jurisdiction (for example in the UK the Information Commissioner's Office (“ICO”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”).

To do so, you should contact the state or national DPA in your jurisdiction (e.g. the ICO in the UK). CSC agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.

Should your complaint remain fully or partially unresolved after a review by CSC and the relevant DPA, you may be able to, under certain conditions commence legal proceedings in your local jurisdiction or possibly, under certain conditions, individuals may invoke binding arbitration.

19. Cookie Policy

CSC is committed to transparency when it comes to the technologies we use, and we've outlined below how we use cookies (and similar technologies) when you visit our website and apps. CSC is committed to transparency when it comes to the technologies we use, and we've outlined below how we use cookies when you visit our website and apps.

19.1 What are cookies (and similar technologies)?

Cookies

Cookies are small pieces of code issued to your device when you visit a website or app, which store and sometimes access or track information about your use of our site or our app. We use cookies to elevate your user experience and the quality of our site and service. When you enter our sites, our web servers send a cookie to your device, which allows us to recognize your device.

When you access our website outside of Europe or the UK, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).

If visiting a CSC website from Europe or the UK, we display a banner to explain how we use cookies on our homepage, so that you can consent to our placement of cookies on your browser. The banner appears until you click "I agree." We place a persistent cookie on your browser to log your consent, if appropriate.

You are free to refuse consent but please be aware that restricting cookies will impact your user experience and may prevent you from using part of our website.

Cookies can be removed from your browser in two ways: automatically (when they expire), or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use and how you can manage them.

Email tracking

Our e-communications platforms include technology and code which works by incorporating and sending tracking pixels and/or images within certain email communications and updates we issue - including those sent in accordance with section 9 (above).

The technology automatically returns information to our platforms when an email is opened – so we can confirm if the email was opened or not. The technology also allows e-commerce platforms to record the time and date of opening, how many times it is opened, the general location when opening, operating systems or the device used, user IP address, any click through using hyperlinks in the communications, whether attachments are opened, further browsing information and whether the communication is forwarded.

Technologies similar to cookies: Device fingerprinting

In addition to cookies, we also use "device fingerprinting". This entails collecting information which you affirmatively provide (such as a mobile phone number associated with your device) or your device automatically transmits to connect to our website or mobile apps that builds a unique image of your device.

Unlike cookies, this does not involve issuing pieces of code to your device. However, similar to cookies, it enables us to recognize your device.

We only use device fingerprinting to keep your account and the services we provide to you or your employer secure. We consider this to be strictly necessary for providing our services therefore we do not require consent to use device fingerprinting.

19.2 Why does CSC use cookies, email tracking and device fingerprinting?

CSC's primary reason for using cookies is to make our website and apps work more effectively.

We use cookies to track the performance of our website and apps so that we can improve them, and enable the selection and delivery of online advertising, which is relevant to you.

We use email tracking technology and pixels to assess whether an email has been opened or otherwise. This is for the purpose of assessing engagement with our communications, tailoring our communications, service and legal updates, newsletters, marketing and assessing their value and effectiveness. When used, this technology helps us to consider whether, when and how we should issue further communications or whether they should stop sending them generally to specific recipients.

As explained above, we only use device fingerprinting to keep our services secure.

19.3 What kinds of cookies does CSC use and why?

Our websites and apps use the following cookies:

  • Strictly necessary cookies.

    • These are cookies that are required for the operation of our site and the apps. They include, for example, cookies that enable you to log into secure areas of our site and apps. We do not require your consent to place these cookies. Nevertheless, you may be able to block these cookies yourself on your device/ browser, but restricting these cookies is likely to mean that our site will not work as you would expect and certain functionality may be inoperable.

Our use of device fingerprinting also falls under this category.

  • Non-essential cookies. These include the following:

    • Analytical/performance cookies.

      • These allow us to recognise and count the number of visitors and to see how visitors move around our site and apps when they are using them. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. We use cookies to compile visitor statistics such as how many people have visited our site and apps, how they reached our site, what type of technology they are using (e.g. Mac or Windows, which helps to identify when our site isn't working as it should for particular technologies), how long they spend on the site and apps, what page they look at etc. This helps us to continuously improve our website and apps.

    • Functionality cookies.

      • These are used to recognise you when you return to our site or apps. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

    • Advertising cookies.

      • CSC uses remarketing. Placing a remarketing tag on our website can help us reach visitors who have previously visited our website as they visit other sites on the Google Display NetworkTM service or search on Google®. Using remarketing, these visitors will be shown messages tailored to which sections of our site they visited. The remarketing tag uses third-party cookies from the Google Display Network. Visitors can opt-out of Google's use of cookies by visiting Google Ads settings. Remarketing tags are not used on CSC's microsites such as cscglobal.co.uk, cscglobal.de, cscglobal.es and cscglobal.fr.

These cookies may be:

  • Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser. We use session cookies to grant our customers access to content and to enable commenting.

  • Persistent cookies: These usually have an expiration date in the distant future and remain in your browser until they expire or you manually delete them. Persistent cookies may be used for a variety of purposes including remembering our users' preferences and choices when using our site or to target advertising. First- and third-party cookies: Whether a cookie is "first" or "third" party refers to the website or domain placing the cookie. In basic terms, first-party cookies are set by a website visited by the user—the website displayed in the URL window. Third-party cookies are cookies that are set by a domain, such as google.com, other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website, this would be a third-party cookie.

19.4 What other cookies might you encounter on a CSC website?

We may also use third-party cookies on the site. In keeping with our policies, these session or persistent cookies are set only by trusted partners of CSC. These cookies may collect information about your online activities across websites and over time.

The third parties who set cookies through our site include LinkedIn, Maxmind, Youtube, Facebook and Doubleclick.

The third-party cookies we may use on our website and apps may track site performance and usage, monitor chat sessions or a users' location, or compile reports that help us improve the site and apps. When you access our website, in certain jurisdictions, as required by law, you will receive a clear notice advising you that we intend to use cookies and that you must click an "I accept" box in order for cookies to be placed.

If you prefer not to receive cookies through our website, you can set your browser to either reject all cookies (see below), to allow only "trusted" websites to set them, or to accept only those cookies from those sites you currently use. If you access our website in Europe, you can refuse to click the "I accept" box or click the "I disagree" box when you are presented with a cookie notice on our homepage.

When you access our website outside of Europe, our system will automatically issue cookies when you log on to our website and apps (unless you have set your browser to reject them).

19.5 Cookies we do not use

We do not use flash cookies (sometimes known as local shared objects or LSOs).

19.6 Does CSC use cookies to sell customer information?

We do not use cookies to provide your data to third parties in exchange for monetary consideration, but we may receive other consideration for allowing third parties to access cookies.

19.7 Will the site work if you disable cookies?

You can browse our site with cookies disabled, though some interactions may not work properly.

19.8 EU cookie law

If visiting a CSC website from Europe, we display a banner to explain how we use cookies on our homepage, so that you can consent to our placement of cookies on your browser. The banner appears until you click "I agree" or "I disagree." We place a persistent cookie on your browser to log your consent, if appropriate. Please be aware that our microsites will not display this banner, as we do not utilize cookies on any of our microsites.

19.9 Manage your cookies

There are several ways you can manage your cookie settings and preferences.

19.10 Do Not Track

This website currently does not recognize Do-Not-Track signals from your web browser.

You can stop email tracking using your email and privacy settings and preferences. You should set your preferences to ‘do not track’.

Additional items

CSC全球隐私声明

Contact information Data Protection Officer / Data Protection Contact Point

Data controllers in Switzerland:

  • CSC Corporate Services (Suisse) GmbH

  • CSC Services (Schweiz) GmbH

  • Intertrust Zug GmbH

  • Intertrust Services (Liechtenstein) Trust Reg.

  • Intertrust Nominees Limited

  • Directo S.A.

  • Edelweiss (Directors) Limited