We at Cass Europe B.V. and Cass TEM UK Ltd. ("Cass" or "we/our/us") respect your privacy and are committed to safeguarding and protecting your privacy in connection with the recording, organization, structuring, storage, adaptation, alteration, retrieval, collection, consultation, use, disclosure, dissemination, restriction, erasure or destruction (“processing”) of your Personal Data. We may process your Personal Data for a variety of reasons and in a variety of ways.
This privacy statement (“Statement”) contains important information regarding our privacy practices and the choices we offer you with respect to your Personal Data. If you choose to provide us with your Personal Data, you are telling us that you have read, fully understand, and accept the privacy practices summarized in this Statement. We strongly encourage you to read this Statement in its entirety to understand our privacy practices before submitting any Personal Data to us.
If you have any questions about this Statement and/or the processing of your Personal Data, please do not hesitate to contact our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510 or our US Privacy Manager at email@example.com.
This Statement will inform you about:
Cass is operationalizing compliance changes in connection with the new EU General Data Protection Regulation (GDPR). The GDPR replaces the Data Protection Directive 95/46/EC, and similar domestic legislation in EU Member States with respect to most (but not all) areas of data privacy and protection. Significant changes include, but are not limited to:
Scope of this Statement
This Statement applies to our processing of the Personal Data of our business contacts, vendors, directors, agents, and customers (including their representatives and service providers), when the General Data Protection Regulation (EU 2016/679) applies to such Personal Data.
Personal Data is any information that relates to an identified or identifiable natural person and is sufficient to enable such person to be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. We act as a data processor for purposes of these processing activities. In this Statement, we use the word “you” to refer to anyone within the scope of this Statement.
How We Collect Your Personal Data
We use Personal Data on a day-to-day basis to run our business, provide our services, enter into contracts, and to protect our interests. We collect Personal Data from you when you provide it to us, or when we collect it from you, for instance, in the course of your dealings with us, because you use certain services (such as our online reporting tools), or because your Personal Data is included in our customer's invoices, documentation, files, or systems.
Depending on the processing activity, the Personal Data we process in relation to you may include, without limitation:
It is necessary to provide us with certain Personal Data in order for us to be able to provide you with our services, as applicable. In certain situations, if you do not provide us with your Personal Data, we may be unable to provide you with our services.
We may use various technologies to collect Personal Data about you when you visit and use our website, http://www.cassinfo.com (“Site”). These technologies may include:
Who Has Access to Your Personal Data
Access to Personal Data relating to you is limited. It is our policy that persons within the organization should only have access to Personal Data on a need-to-know basis.
Under certain circumstances, we may share your Personal Data with third parties:
We will only transfer your Personal Data to the above mentioned third parties for the purposes stated in this Statement, and only to the extent that is permitted under the applicable data protection law.
Third parties to whom we transfer your Personal Data are themselves responsible for compliance with applicable data protection law. We are neither responsible nor liable for the processing of your Personal Data where we do not determine the purposes and means of the processing of that Personal Data.
International Transfers of Personal Data
We take steps to protect your Personal Data no matter what country to which it is transferred. We have procedures and controls in place, as appropriate, to help ensure this is the case. That said, in connection with our business, and for administrative, management, and legal purposes, when processing Personal Data in line with this Statement, we may transfer your Personal Data outside the European Economic Area (“EEA”), including to the United States. If we transfer your Personal Data outside the EEA, such as to our parent, Cass Information Systems, Inc., in the United States, we do so in accordance with applicable data protection laws, including on the basis of an EU Commission adequacy decision, where the transfer takes place pursuant to recognized appropriate safeguards, and/or where a specific derogation is permissible.
Furthermore, our parent company, Cass Information Systems Inc., and two affiliates, Cass Commercial Bank and Cass International, LLC are EU-US Privacy Shield certified and adhere to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability (“Privacy Shield Principles”).
If you would like to know more about how we protect your Personal Data when it is transferred outside the EEA, please contact our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510 or our US Privacy Manager at firstname.lastname@example.org.
Legal Ground(s) for Processing Personal Data
Under applicable data protection law, we are allowed to process Personal Data only if we can rely on one or more of the legal grounds for processing. The legal grounds we are most likely to rely on for processing Personal Data in relation to you are:
Purposes for Which We Process Your Personal Data
Cass processes your Personal Data for certain purposes described below. As explained above, processing in this context might include transfers to third parties and/or transfers outside of the EEA. From time to time, we may publish specific notices setting out details regarding particular processes or programs being adopted by us.
Cass does not engage in decision-making based solely on automated processing.
Your Rights with Respect to Your Personal Data
Under applicable data protection law, you may have the following rights:
Please note that the above individual rights are not absolute, and we may be entitled to refuse requests where certain exceptions apply. If you have given your consent and you wish to withdraw it, please contact our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510 or our US Privacy Manager at email@example.com.
Please note that where our processing of your Personal Data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services. If you have any questions about your rights regarding your Personal Data, please simply write to us at the postal address provided in our Contact Information below or contact our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510 or our US Privacy Manager at firstname.lastname@example.org, where you may initiate a request to access, reject, correct, restrict, or erase your Personal Data, or where you may initiate a request for transfer of your Personal Data or initiate a request that we refrain from sending you marketing information.
Protection of Your Personal Data
Cass takes reasonable and appropriate physical, administrative, and technical measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
Retention of Your Personal Data
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Statement. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (such as, if we are required to retain your information to comply with applicable tax/revenue laws, resolve disputes, and enforce our agreements).
Where we rely on legitimate interests as a reason for retaining your Personal Data, we have carefully considered whether or not those interests are overridden by your rights and freedoms and have concluded that they are not.
Please note that for corporate law and tax purposes, in the Netherlands, we are required to keep certain data, which might include Personal Data we hold about you (whether directly or indirectly), for a period of seven (7) years after the information has lost its relevance, and in the UK, we are required to keep certain data, which might include Personal Data we hold about you (whether directly or indirectly), for a period of six (6) years after the information has lost its relevance. In certain limited cases, local legal requirements in the Netherlands and UK may result in the preservation or retention of Personal Data for longer periods of time.
Revisions to this Statement
Cass reserves the right, at its sole discretion, to change, modify, add, remove, or otherwise revise portions of our policies and this Statement at any time, consistent with the requirements of applicable law. If we change the Statement in a material way, we will provide appropriate notice to you. The “Effective Date” at the top of this Statement reflects the date of the most recent revisions.
Our Privacy Concern Handling Process
Cass is committed to resolving concerns about your privacy and our processing of your Personal Data. Individuals with inquiries or concerns regarding this Statement should first contact our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510 or our US Privacy Manager at email@example.com. In the event that resolution cannot be reached, individuals may also contact their local data protection authority (“DPA”), which may investigate your concern further.
2509 AJ DEN HAAG
(+31) (0)70 888 85 00
Information Commissioner’s Office
(+44) 0303 123 1113
Our Contact Information
If you have any questions or comments about this Statement and/or the processing of your Personal Data, please contact Cass at +31 76 5315 384 or +44 1256 679510 or at firstname.lastname@example.org. You may also write us at:
Cass Europe B.V.
EU Privacy Manager
Graaf Engelbertlaan 75
Cass TEM UK Ltd.
UK Privacy Manager
Cass Information Systems, Inc.
US Privacy Manager
12444 Powerscourt Drive, Suite 550
St. Louis, Missouri 63131