Cass Global Data Privacy Policy

Global Data Privacy Policy

Unlike ever before, data privacy and the protection of personal information are of paramount concern to our transportation, utility, telecom, waste, and banking customers around the world.

We at Cass Information Systems, Inc. respect your privacy and are committed to safeguarding your personal information. This is why we want you to have a clear picture of how we intend to treat the personal information that you provide to us and how it will be processed and managed by us.

As a company serving these diverse sectors worldwide, we have put in place policies and procedures to ensure that the personal information that you provide and we collect is properly protected in compliance with the latest data privacy laws and regulations. These policies and procedures are indicative of the same level of care that we deliver to our customers every day so that they may achieve visibility, control, and efficiency in their supply chains, communications networks, facilities, and operations.

You will always be able to locate this Global Data Privacy Policy, as it is prominently displayed on our website at www.cassinfo.com.

If you have any questions regarding this Global Data Privacy Policy or any of our related policies, procedures, and statements, please do not hesitate to contact our US Privacy Manager at privacy@cassinfo.com.

Effective Date: December 19, 2018

Sincerely,

p4_Brunngrabersignature

Eric H. Brunngraber, CEO

 


 

GLOBAL DATA PRIVACY POLICY OVERVIEW

 

Scope

This Global Data Privacy Policy applies to all customers, contacts, vendors, and agents of Cass Information Systems, Inc., Cass Commercial Bank, Cass Europe, B.V., and Cass TEM UK Limited (“Cass”, “we/our/us”), and all visitors to our website, except as specified herein.

 

Personal Information/Data

We collect personal information and data directly from you and in our transactions and interactions with you.  We also occasionally obtain information about you from verification services and commercial sources, such as to acquire permission-based marketing lists.

 

Uses

We use your personal information to provide (and facilitate the provision of) services to our customers as well as to respond to their inquiries for the same.

We explicitly do not sell your personal information or our contacts to outside parties, including marketers.

 

Your Choices

We only market other services to you with your consent, based on your marketing preferences. You may create or change your privacy preferences in connection with our marketing efforts by contacting us at privacy@cassinfo.com.

You may also amend your cookie preferences for any website through your browser settings. However, please remember that cookies are often used to enable and improve certain functions of a website, including our own.  If you choose to switch off or disable certain cookies, it is likely to affect how our Site works on your computer, smartphone, or device.

 

Cass Europe and Cass TEM UK

Cass Europe and Cass TEM UK, our European affiliates, have taken appropriate and reasonable measures to comply with the European Union (“EU’s”) General Data Protection Regulation (“GDPR”). Their externally-facing GDPR privacy statement may be found here and applies to the personal information of their customers, contacts, vendors, and agents, when the GDPR applies to such personal information.

 

HR Data

We take the privacy of our employees’ data seriously as well.  For the time being, US-based Cass employees can obtain a copy of our domestic internal privacy statement by contacting our US Privacy Manager at privacy@cassinfo.com and EU resident employees can obtain a copy of our internal privacy statement for Cass Europe and Cass TEM UK by contacting our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510, respectively.  In time, we aspire to apply a single set of standards to all employee and non-employee personal information that we process, regardless of the citizenship or residency of the data subject.  

 

Privacy Shield

We also elect to participate in the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks regarding the collection, use, and retention of personal information transferred from the EU and European Economic Area (“EEA”) member countries and Switzerland to the United States (the “Privacy Shield”) pursuant to the Privacy Shield. Our Non-HR Data Privacy Shield Policy can be found here.

 

How to Contact Us

We welcome you to review our Global Data Privacy Policy in its entirety.  Should you have any questions or concerns about our privacy practices and/or our policies, procedures, and statements, please do not hesitate to contact our US Privacy Manager at privacy@cassinfo.com or write to us at:

Cass Information Systems, Inc.

Attn: US Privacy Manager

2444 Powerscourt Drive, Suite 550

St. Louis, MO 63131

United States

 

GLOBAL DATA PRIVACY POLICY

 

This Global Data Privacy Policy applies to the processing of personal information of all customers, contacts, vendors, and agents of Cass and all visitors to cassinfo.com and our other websites, except as specified herein.

Click on one of the links below to jump to a specific section: 

  • Personal Information We Collect and How We Use It
  • Information We Collect by Automated Means
  • How We Share Your Information
  • Links to Other Sites
  • How We Protect Personal Information
  • International Transfers of Personal Information
  • How Long is Personal Information Retained
  • Changing and Accessing Your Personal Information
  • Children
  • California Residents
  • Updates to Our Privacy Policy
  • How to Contact Us

 

Personal Information We Collect and How We Use It             

We may collect personal information from individuals through our website or by other means (such as email, mail, phone, business partners’ contact information, and other third-parties such as commercial data vendors and public databases). The principal ways you may provide the information and the types of information you may submit, as well as the ways we may use the information, are listed below. 

 

Business Purposes – On our website you may be able to register using your personal information to gain access to information related to your business relationship with us or the services Cass offers. We use these details to provide you with access to information about your business relationship with us and to facilitate your use of the website or mobile applications.  You may also choose to provide, or we may obtain, your personal information at trade shows or from our distributors. It is in our legitimate business interests to use this personal information so that we can manage our business relationships and carry out marketing and sales activities.

 

Careers – Individuals apply for jobs with Cass through our website, third-party job posting sites, job fairs, or directly to the various business locations.  The personal information job seekers provide through this process is often maintained by third-party service providers. This personal information may be maintained in locations within the United States, accessible to our recruiting team, and shared with our corporate affiliates for the purpose of evaluating job seekers for permanent and temporary positions with our company. The personal information submitted by job seekers, such as name, contact details, and any other information relevant to the application is used to evaluate their qualifications for employment and to contact them regarding possible employment opportunities. It is in our legitimate business interests to use this personal information in the selection process and to communicate with you, and it is necessary to provide us with this personal information so that we can assess and evaluate your application.

 

Contact – You may contact us with questions, requests, or comments through the “Contact” link on our website or via the contact information provided in the “How to Contact Us” section of this Global Data Privacy Policy.  When you do so, we may ask you for your personal information to verify your identity or to track the inquiry internally to ensure we appropriately respond to your questions, requests, or comments. 

 

Contractual Obligations – If you are a vendor or an independent contractor, we may ask you to provide personal information such as your name, contact details, or business and financial details to establish and administer your account, process payments, and for compliance with internal and legal requirements.  We use your personal information for this purpose so that we can comply with our contractual obligations to you.

 

Feedback – You may be able to submit feedback on our website.  If you choose to give us your feedback, we may ask you for your personal information. We may also ask you about your experience using our website. It is in our legitimate business interests to use the personal information you provide to enhance our website, evaluate the quality of our services, or to communicate with you about our services. 

 

Information Technology Security – We may collect personal information when detecting and defending against security threats in accordance with our legitimate business interests and our legal obligations. We use various IT tools to detect and defend against online security threats (e.g., attacks, viruses, malware, spam, phishing, malicious web content), to promote business continuity of our information systems and assets, and to maintain optimal performance of our IT systems. To ensure physical security of our facilities we may, where permitted under local law, utilize surveillance systems and/or location tracking while you are on Cass property.

 

Other Uses of Information – We may use the personal information you provide to us for internal general business purposes in accordance with our legitimate business interests. These purposes include administration of our website, data analytics, fraud prevention, and compliance with our legal obligations, standards, policies and procedures (i.e., due diligence checks and sanctioned and embargoed screening, where necessary). 

We may obtain your explicit consent to collect and use certain types of personal information when we are required to do so by law.

 

Information We Collect by Automated Means    

When you visit and interact with our website and applications, we may collect “Other Information” that does not inherently reveal your specific identity, in order to learn how to best tailor our website for our visitors’ needs.  Examples of what Other Information we may collect and how we and third-party service providers may collect this information include:

 

Aggregated Information – Aggregated user information does not personally identify you or any other user (for example, we may aggregate user information to calculate the percentage of our users who have a particular telephone area code).  Aggregated data is treated strictly in accordance with this Global Data Privacy Policy.

 

Browser and Device Information – Certain information is collected by most browsers or automatically through your device, such as your computer type, operating system, name and version, device manufacturer and model, Internet browser type and version, and the name and version of the online services you are using.  We use this information to ensure that the online services function properly.

 

Cookies – Cookies are pieces of information stored directly on the computer or mobile device that you are using.  Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other aggregated website traffic data.  We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, to collect statistical information, and to personalize your experience while online. At this time, we do not respond to browser “Do-Not-Track” signals except in jurisdictions where we are required to do so by law. Further details about our use of cookies can be found in our Cookies Policy [link].

 

IP Address – Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address may be identified and logged automatically in our server log files whenever a user accesses the online services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services.  We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering our online services.  We may also derive your approximate location from your IP address to understand from what regions of the world our website visitors come.

 

Pixel Tags or Similar Technologies – Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some online services to, among other things, track the actions of users of the online services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the online services and response rates.  We also use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of our services and report on activities and trends.  These services may collect information regarding the use of other websites, apps and online resources.  You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

 

How We Share Your Information   

We do not sell or otherwise disclose your personal information except as described in this Global Data Privacy Policy.  We may also share your information as disclosed at the time you provide it and in the following circumstances:

 

Business Transfers – We may disclose your personal information, usage information, and other information about you to parties acquiring part or all of our assets, as well as to attorneys and consultants. If we transfer your information to an acquirer, we will use reasonable efforts to direct the acquirer to use your information in a manner that is consistent with this Global Data Privacy Policy. Also, if any bankruptcy or reorganization proceeding is brought by or against us, your personal information may be considered a company asset that may be sold or transferred to third parties.

 

Corporate Affiliates – We may share the information you provide (such as information about your orders, enquiries, applications, or use of our website) with our affiliates for marketing, recruitment, and internal reporting purposes.  We do this to run our business more efficiently and to have a better understanding of our customers across business lines.

 

Law Enforcement Agencies, Courts, Regulators, Government Authorities, or Other Third Parties – We may transfer and disclose your information to third parties (i) to comply with a legal obligation, (ii) when we believe in good faith that the law requires it, (iii) at the request of governmental authorities conducting an investigation, (iv) to verify or enforce our policies, procedures, Terms of Use, and other agreements, or to protect the rights, property, or safety of Cass, our customers, or others, including visitors of our website (v) to respond to an emergency, (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity or (vii) otherwise to protect the rights, property, safety, or security of third parties, users of our services, visitors of to our website, or the public.

 

Marketing Partners – In some cases, we may permit certain network advertising companies and publishers to collect personal information on our website. In addition, our business partners may access personal information about you that we have combined with such business partners’ data. We may collaborate with our business partners to jointly send tailored promotional communications to you using the combined set of information.  If you prefer not to receive these joint communications, you can opt out by following the instructions included in any such communication.

 

Non-Personal Information – We may share non-personal information, such as aggregate user statistics, demographic information, and usage information with third parties.

 

Sharing With Your Consent – Our services may present you with the opportunity to opt in to receive information or marketing offers from third parties or to otherwise consent to the sharing of your information with third parties. If you agree to have your personal information shared, your personal information will be disclosed to the third-party subject to the privacy notice and business practices of that third party.

 

Third-Party Service Providers – In order to carry out your requests, to make various features, services, and materials available to you through the services, to respond to your inquiries, and for other purposes described in the “How We Use Your Information” section of this Global Data Privacy Policy, we may share your personal information or usage information with third parties that perform functions on our behalf (or on behalf of our partners), such as companies or individuals that: host or operate our sites; analyze data; provide customer service; mail product samples or manage payments; advertisers; sponsors or other third parties that participate in or administer our promotions, e-commerce activities, or assist with risk management, compliance, legal and audit functions. These service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.

 

Links to Other Sites   

Our website and communications may provide links to other websites, including to social networks or partners that may use our logo(s) as part of a co-branding agreement.  To the extent that any linked services are not provided by Cass, we are not responsible for the services, or any of the content found on these websites.  If you provide information on and use third-party services or websites, the privacy policy and terms of service on those sites are applicable.  We encourage you to read the privacy policies of websites that you visit before submitting your personal information.

 

How We Protect Personal Information   

In proportion to the sensitivity of the information, we maintain reasonable administrative, technical, and/or physical safeguards and appropriate security measures to protect personal information from loss, misuse or unauthorized access, disclosure, alteration, or destruction of the personal information you provide. However, we cannot absolutely guarantee the security of your personal information, as no electronic data transmission or storage of information is completely secure. If an incident is reported affecting your personal information, we will investigate and comply with all required reporting obligations.

 

International Transfers of Personal Information

Cass is a global organization - headquartered in the United States – that does business in many countries.  We may share your personal information among Cass, our service providers, and other third parties that may be located in countries outside of your own.  Although the data protection laws of these various countries may differ from those in your own country, we have put in place appropriate safeguards (such as contractual commitments) to ensure that your personal information is handled as described in this Privacy Policy and in accordance with the law. For transfers of data outside of the EU, EEA, and Switzerland, we participate in the Privacy Shield. Our Non-HR Data Privacy Shield Policy can be found here.  For more information on the appropriate safeguards in place, please contact us via the contact information provided in the “How to Contact Us” section of this Global Data Privacy Policy.

 

How Long is Personal Information Retained

We will keep your personal information for as long as we have a relationship with you.  Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Comply with record retention requirements under the law;
  • Defend or bring any existing or potential legal claims; and
  • Address any complaints regarding our services.

We will delete your personal information when it is no longer required for these purposes.  If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the personal data.

 

Updating Your Personal Information

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.  Please note that we will likely require additional information from you in order to verify your identity and respond to your requests. If you would like to update your information, please contact us via the contact information provided in the “How to Contact Us” section of this Global Data Privacy Policy. We will timely respond to your request.

 

Children

Our services are generally not directed to children under 16.  We do not knowingly collect personal information from anyone under 16 without parental consent.  If you become aware that we have collected personal information from a child under the age of 16 without parental consent, please let us know so we can take appropriate action.

 

California Residents

If you are a California resident and have provided us with your personal information, you may ask us to refrain from sharing your personal information with third parties, including our affiliates if they are separate legal entities, for direct marketing purposes.  Please tell us your preference by contacting us via the contact information in the “How to Contact Us” section of this Global Data Privacy Policy.

 

Updates to Our Global Data Privacy Policy   

We may modify or update this Global Data Privacy Policy from time to time. We will always indicate at the top of this policy when it was most recently updated.  If we substantially change this Global Data Privacy Policy, we will notify you of the changes. Any changes will be effective immediately upon the posting unless otherwise indicated.  Where changes to this Global Data Privacy Policy will have a fundamental impact on the nature of processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights. 

 

How to Contact Us

If you have any questions or comments about this Global Data Privacy Policy or if you would like us to update information we have about you or your preferences, please email, write, or call the following applicable contact at Cass or one of its affiliates:

Cass Information Systems, Inc.

US Privacy Manager

12444 Powerscourt Drive, Suite 550

St. Louis, Missouri 63131

privacy@cassinfo.com

 

or

 

Cass Europe B.V.

EU Privacy Manager

Graaf Engelbertlaan 75

4837 DS

Breda

The Netherlands

+31 76 5315 384

 

or

 

Cass TEM UK Limited

UK Privacy Manager

Belvedere House

Basing View

Basingstoke

RG21 4HG

United Kingdom

+44 1256 679510