Unlike ever before, data privacy and the protection of personal information are of paramount concern to our transportation, utility, telecom, waste, and banking customers, vendors, and business partners around the world.
Whether you are interacting with Cass Information Systems, Inc. directly, working with one of our corporate affiliates, or are engaging us through one of our websites, we at Cass want you to know that we respect your privacy and are committed to safeguarding your personal information. This is why we want you to have a clear picture of how we intend to treat personal information and how it will be processed and managed by us.
As a company serving diverse sectors worldwide, we have put in place policies and procedures to ensure that the personal information we process is properly protected in compliance with the latest data privacy laws and regulations. These policies and procedures are indicative of the same level of care and forethought that we deliver to our customers every day so that they may achieve greater visibility, control, and efficiency in their supply chains, communications networks, facilities, and operations.
Last Updated: January, 2024
Martin Resch, CEO
We primarily use your personal information to provide (and facilitate the provision of) our services to our customers as well as to respond to their inquiries for the same.
We also use your personal information to market to you, to communicate with you, to manage our business operations, and to comply with our legal obligations.
We explicitly do not “sell” (in the traditional sense of this term) your personal information to outside parties, including, but not limited to, marketers. We do, however, provide your personal information to third party service providers for legitimate business purposes.
We will keep your personal information for as long as we have an active relationship with you. Once our relationship with you has come to an end, we will only retain your personal information for legitimate business purposes, such as business record auditing, statutory record retention, the defence or maintenance of a legal claim, or complaint handling and resolution purposes. We will delete or anonymize your personal information when it is no longer required for these purposes.
Nonetheless, you have the right to review and correct your personal information that we have received from you. You also have the right to request that personal information collected be erased before the end of our normal information retention periods.
We are also concerned with the security of your personal information and take great care in implementing appropriate physical, technical, and administrative controls to protect your personal information. Unfortunately, no information transmission over the Internet, or maintenance and processing of personal information, can be guaranteed to be 100% secure.
We only market our services to you with your consent, based on your marketing preferences. You may create or change your privacy preferences in connection with our marketing efforts by contacting one of our Privacy Managers at email@example.com.
You may also amend your cookie preferences for any our websites through your browser settings. However, in addition to marketing and analytics reasons, please remember that cookies are often necessary to enable and improve certain functions of a website, including our own websites. If you choose to switch off or disable certain cookies, it is likely to affect how our websites work on your computer, smartphone, or device.
Cass Europe and Cass TEM UK, our corporate affiliates in Europe, have taken appropriate measures to comply with the European Union’s (“EU’s”) General Data Protection Regulation (“GDPR”). Their externally-facing GDPR privacy statement may be found here and applies to the personal information of their customers, contacts, vendors, and agents, when the GDPR applies to such personal information.
We take the privacy of our employees’ personal information seriously as well. In time, we aspire to apply a single set of standards for all employee and non-employee personal information that we process, regardless of the citizenship or residency of the data subject. But for the time being, US-based Cass employees can obtain a copy of our domestic internal privacy statement by contacting one of our US Privacy Manager at firstname.lastname@example.org and EU resident employees can obtain a copy of our internal privacy statement for Cass Europe and Cass TEM UK by contacting our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510, respectively.
We also elect to comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) regarding the collection, use, and retention of personal information transferred from the EU and European Economic Area (“EEA”) member countries. Our EU-U.S. DPF Policy can be found here.
California residents have certain rights regarding their personal information under the California Consumer Protection Act (“CCPA”) and other applicable laws. More information about rights for California residents can be found here or by calling us on 314-506-5500. You can designate an agent to exercise rights for you. Please note that we may take reasonable steps to verify your identity before implementing your rights request, including asking you to provide identification, if necessary.
Cass Information Systems, Inc.
Attn: US Privacy Manager
12444 Powerscourt Drive, Suite 550
St. Louis, MO 63131
Click on one of the links below to jump to a specific section:
We may collect personal information from individuals through our websites or by other means (such as email, mail, phone, business contact information, and other third-parties, such as commercial data vendors and public databases). The principal ways you may provide the information and the types of information you may submit, as well as the ways we may use the information, are detailed below.
On our websites you may be able to register your personal information to gain access to information related to our business relationship with you or the services we offer. We use these details to provide you with access to information about your business relationship with us and to facilitate your use of the websites. You may also choose to provide, or we may obtain, your personal information at trade shows. It is in our legitimate business interests to use this personal information so that we can manage our business relationships and carry out marketing and sales activities.
Individuals apply for jobs with Cass through our primary website, third-party job posting sites, job fairs, or directly at our various physical locations. The personal information job seekers provide through this process is often maintained by third-party service providers. This personal information may be maintained in locations within the United States, accessible to our recruiting team, and may be shared with our corporate affiliates in other parts of the globe for the purpose of evaluating job seekers for permanent and temporary positions with our company. The personal information submitted by job seekers, such as name, contact details, and any other information relevant to the application is used to evaluate their qualifications for employment and to contact them regarding possible employment opportunities. It is in our legitimate business interest to use this personal information in the selection process and to communicate with you, and it is necessary to provide us with this personal information so that we can assess and evaluate your application.
If you are a vendor or an independent contractor, we may ask you to provide personal information such as your name, contact details, or business and financial details to establish and administer your account, process payments, and for compliance with internal and legal requirements. We use your personal information for these purposes so that we can comply with our contractual obligations to you.
You may be able to submit feedback on our websites. If you choose to give us your feedback, we may ask you for your personal information. We may also ask you about your experience using our websites. It is in our legitimate business interest to use the personal information you provide to enhance our websites, evaluate the quality of our services, or to communicate with you about our services.
We may collect personal information when detecting and defending against security threats in accordance with our legitimate business interests and our legal obligations. We use various IT tools to detect and defend against online security threats (e.g., attacks, viruses, malware, spam, phishing, malicious web content), to promote business continuity of our information systems and assets, and to maintain optimal performance of our IT systems. To ensure physical security of our facilities we may, where permitted under local law, utilize surveillance systems while you are on Cass property.
We may use the personal information for internal general business purposes in accordance with our legitimate business interests. These purposes include administration of our websites, data analytics, fraud prevention, and compliance with our legal obligations, standards, policies, and procedures (including due diligence checks and sanctioned and embargoed screening, where necessary).
We may obtain your explicit consent to collect and use certain types of personal information when we are required to do so by law.
When you visit and interact with our websites, we may collect other information that does not inherently reveal your specific identity, in order to learn how to best tailor our website for our visitors’ needs. Examples of what other -information we may collect and how we and third-party service providers may collect this information include:
Certain information is collected by most browsers or automatically through your device, such as your computer type, operating system, name and version, device manufacturer and model, Internet browser type and version, and the name and version of the online services you are using. We use this information to ensure that our websites function properly.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the online services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering our online services. We may also derive your approximate location from your IP address to understand from what regions of the world our website visitors come.
We may share the information you provide (such as information about your orders, enquiries, applications, or use of our websites) with our corporate affiliates for marketing, recruitment, and internal reporting purposes. We do this to run our business more efficiently and to have a better understanding of our business relationships across business lines.
In some cases, we may permit certain network advertising companies and publishers to collect personal information on our websites. In addition, our business partners may access personal information about you that we have combined with such business partners’ data. We may collaborate with our business partners to jointly send tailored promotional communications to you using the combined set of information. If you prefer not to receive these joint communications, you can opt out by following the instructions included in any such communication.
We may share non-personal information, such as aggregate user statistics, demographic information, and usage information with third parties.
At times, in the course of providing our services we may present you with the opportunity to opt in to receive information or marketing offers from third parties or to otherwise consent to the sharing of your information with third parties. If you agree to have your personal information shared, your personal information will be disclosed to the third party and will be subject to the privacy notice and business practices of that third party.
In proportion to the sensitivity of the information, we maintain reasonable administrative, technical, and/or physical safeguards and appropriate security measures to protect personal information from loss, misuse or unauthorized access, disclosure, alteration, or destruction of the personal information provided. However, we cannot absolutely guarantee the security of personal information, as no electronic data transmission or processing of information is completely secure. If an incident is reported affecting your personal information, we will investigate and comply with all required reporting obligations.
We will keep your personal information for as long as we have an active relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
We will delete or anonymize your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to safeguard any further processing or use of the personal data.
Please note that you have the right to request that personal information collected from you be erased and forgotten before the end of our information retention periods.
Our services are not directed to children under the age of sixteen (16). We do not knowingly collect personal information from anyone under sixteen (16) without parental consent. If you become aware that we have collected personal information from a child under the age of sixteen (16) without parental consent, please let us know so that we can take appropriate action.
For purposes of this section on California residents, “personal information” means “information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Cal. Civ. Code § 1798.140(o)(1).
Personal Information Does Not Include:
The categories and purposes of collection of personal information are described in the section “Personal Information We Collect and How We Use It” above and reflect how we intend to and how we have collected and used information in the twelve months prior to the effective date. The Section “How We Share Your Data” above describes how we intend to and have disclosed personal information in the twelve months prior to the effective date. We will not collect further information or use your personal information for additional purposes without providing you additional notice.
Categories and Purposes of Personal Information collected from California Residents
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
The section “Personal Information We Collect and How We Use It” above reflects how we intend to and how we have used personal information of California residents in the twelve (12) months prior to the effective date of this policy. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose your personal information to a third party for a legitimate business purpose. When we disclose personal information for a legitimate business purpose (which we have done in the preceding twelve (12) months), we enter a contract that describes the purpose and prohibits the recipient from: (1) selling the personal information; (2) retaining, using, or disclosing the personal information for any purpose other than for the specific business purpose specified in the contract; and (3) retaining, using, or disclosing the information outside of the direct business relationship with us.
We intend to disclose, and in the preceding twelve (12) months have disclosed, the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information.
We disclose your personal information for a legitimate business purpose to the following categories of third parties:
You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you, as it pertains to the twelve (12) months prior to the request:
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Beginning January 1, 2020, California residents have the right to opt out of the sale (or disclosure for other valuable consideration) of personal information about them or their household, such as (though not limited to) their name, postal or email address, and other personally-identifying information.
This right is subject to certain exemptions. For example, the law does not apply to information that has been aggregated and/or de-identified such that it could not reasonably be used to identify you. It also does not apply to information that we share with third-party service providers in order for them to perform certain business functions for us.
If you would like to opt out, please send your request to email@example.com.
Our services are not directed to children. As such, it is not our intention to sell personal information of children under the age of sixteen (16), children between the ages of thirteen (13) and sixteen (16) may affirmatively opt-in to the sale of personal information. Children below the age of thirteen (13) may only consent to the sale of personal information with parental consent.
To exercise the access, data portability, and deletion rights, as well as the opt-out rights described above, please submit a verifiable consumer request to us by either:
Only you or (a) a natural person that you authorize to act on your behalf or (b) a business entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent to submit a request on your behalf, we will require that you provide written evidence that you have granted the authorized agent permission to make such a request, and we will verify your identity.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may charge you a different price or rate, or provide a different level or quality of services to you, if that difference is reasonably related to the value provided to you by the use of your personal information.
We will confirm receipt of a rights request within ten (10) days of receipt and provide information regarding how we will process the request. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Cass Information Systems, Inc.
US Privacy Manager
12444 Powerscourt Drive, Suite 550
St. Louis, Missouri 63131
Cass Europe B.V.
EU Privacy Manager
Graaf Engelbertlaan 75
+31 76 5315 384
Cass TEM UK Ltd.
UK Privacy Manager
+44 1256 679510