United States Privacy Statement
This Privacy Statement governs the collection and processing of personal data of United States residents or data subjects accessing our services while in the United States. When reference is made to “CFGI”, “we”, “our” or “us”, such reference is to be understood as referring to the affiliate acting as controller of the respective personal data.
CFGI collects your personal data for various purposes, as detailed in this Privacy Statement. When we collect or use your data, we determine how and why your personal data is processed; provided, that we do so in accordance with applicable legal requirements, including, where required, with your consent. This Privacy Statement sets out the different ways we collect personal data and how we use it. It also explains your rights in relation to your personal data and how to contact us.
UPDATED: JULY 2024
We publish the current version of this Privacy Statement on our website, and we may update this from time to time.
We will notify you of these updates where:
- we are making substantial changes; or
- we are doing something with your personal data, which you might not expect based on what we have told you in this Privacy Statement.
Please read our Privacy Statement to understand our approach to processing your personal data.
1. Definitions
“Geolocation Data” means any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area.
“Precise Geolocation” means any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by law or regulation.
“Personal Information” is information that identifies you or is reasonably capable of being associated with or linked, directly or indirectly, with you or your household. It does not include aggregate, de-identified, and/or anonymous information that is not reasonably capable of being associated with or linked, directly or indirectly, with you or your household.
2. Our Contact Information
If you have a question on this Privacy Statement or how we use your personal data, you can contact the data controller at any time. Depending on the service you obtain from us, the CFGI affiliate controlling the processing of your personal data may differ. For your convenience, we have set up a central point of contact which can be reached by way of email or phone:
- dataprotection@cfgi.com
- 1 (888) 925-4240
Alternatively, you can contact the CFGI affiliate controlling your respective personal data. The respective information is provided as part of the service you obtain from us.
3. Types of Personal Information We Collect About You
Depending on how you interact with us or our services, We may collect, hold and use the following personal data from or about you. Some of these are optional or depend on CFGI’s obligations to its customers, employees and job applicants:
- Contact details: this may include your email address, phone number, telephone number and home address;
- Identity details: this may include your first name, maiden name, last name, marital status, title, date of birth and gender;
- Health data: this may include your medical certificates, self-certification forms, records of sickness absence, medical reports and health assessments;
- Financial data: this may include your billing address, bank account and payment card details;
- Criminal offense data: this may include information relating to any criminal convictions or criminal charges secured or brought against you;
- Trade union membership data: this may include data about your trade union membership;
- Data about your use of CFGI’s websites: this may include your IP address, cookies, web beacons, browser type and version, time zone and language and notification preferences;
- Information about how you use our IT, communication, and other systems: this may include your user account, email activity and call details;
- Personal data provided when you apply for work with us: this may include personal data you provide in your curriculum vitae and covering letter, information provided as part of the interview process; and
- Other personal data about yourself that you provide voluntarily (for example, when you sign up to our services, subscribe to our communications, provide information to us and/ or access certain resources on our website): this may include your interests, social media profile links, job title, emergency contact details and absence records.
- Geolocation Data, such as the location of your device when you access the services.
- Sensitive Personal Information, such as your social security number, driver’s license number, state Identification card number, and/or passport number; your login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; trade union membership, health information, criminal offense information, marital status, gender, and Precise Geolocation, as defined above.
4. The Personal Information We Collect
We may obtain Personal Information about you in the following ways:
4.1. Personal Information You Provide Directly to Us
You may give us Personal Information, such as Identifiers, Information in customer records, Financial information associated with You, Professional or employment-related information, and Sensitive Personal Information, including when you apply for, subscribe to, or purchase our services; communicate with us using our contact information; or provide us with your device when you relinquish, exchange, return, or recycle your device or provide it to us, our contractors, or our vendors for maintenance.
4.2. Personal Information Automatically Collected from You
We, our service providers, or contractors may automatically or passively collect Personal Information, such as Internet or other electronic network activity information, Geolocation Data, Sensitive Personal Information (Precise Geolocation) when you use or interact with our services, including through the use of network management technology and third-party analytics and advertising tools, which may use cookies, web beacons, pixel tags, log files, local shared objects (Flash cookies), HTML5 cookies, or other technologies to automatically or passively collect information about your use of and interaction with the services.
We may use standard technology called cookies on this Site. Cookies are small data files that are downloaded onto your computer when you visit a particular web site. You can disable cookies by turning them off in your browser, however, some areas of this Site may not function properly if you do so. We use cookies to recognize you as a customer, to help track usage to help us understand which parts of the Site are the most popular, where our visitors are going, and how much time they spend there, to make usage of the Site even more rewarding as well as to study the effectiveness of our customer communications and to customize each visitor’s experience and provide greater convenience. We may transfer your Personal Information to third-party service providers in order to help us analyze usage, as discussed in further detail below.
4.3. Personal Information We Receive from Third Parties
We may collect any category of Personal Information from affiliates, business partners, federal and state regulators, subsidy program administrators, compliance and service support entities, or third parties (such as social media platforms, data aggregators, public databases, and other commercially available sources), which may include the information you provide those entities or that they automatically collect from you.
Please note that the information we may receive from those third-party sites (such as Facebook, Instagram, Twitter and YouTube) is governed by the privacy settings, policies and/or procedures of the applicable platform, and we strongly encourage you to review them before submitting any information using a social media platform.
We may combine the various types of Personal Information we receive from or about you, including information you provide to us, information we automatically collect, and information from other sources, and use it as described in this Privacy Statement.
5. How We Use Personal Information We Collect About You
Except as otherwise prohibited by law or regulation, and subject to applicable instructions from you to us, we may use your Personal Information for a variety of business and commercial purposes, including for:
- Providing, Improving, and Maintaining Our services. To provide, improve, and maintain our services, including to: initiate and render our services; maintain the accuracy of the information we collect; track, measure, and analyze the usage and operations of our services; maintain, manage, optimize, and resolve problems with our wireless networks, information technology, and our services; develop and improve our business, content, products, and services; and interact with third-party services, at your request.
- Customer Service. To respond to questions and comments about your account and services, to communicate with you about your account status and technical issues, and for training or quality assurance purposes.
- Billing and Payments. To complete your purchases, including billing and payment processing, which may involve the use of cookies.
- Preventing and Detecting Unlawful and Unauthorized Use. To prevent and detect fraud, abuse, and other unlawful and unauthorized use of our services, including to investigate possible violations of and enforce our Terms and Conditions and any other contracts, and to otherwise protect the security or integrity of the services, our business and property, and our rights and interests, and those of you, our other customers, our service providers or contractors, and other businesses.
- Complying with Legal and Regulatory Obligations. To comply with our legal and regulatory obligations, including responding to legal process, such as subpoenas, court orders, and search warrants.
- Marketing and Advertising. To serve you promotional offers, content, advertisements, and other marketing about our services, or those of our affiliates, partners, and third parties, through our website, applications, social media, direct mail, email, or manual, autodialed, or prerecorded calls and texts, each with your consent, where necessary, including by: personalizing marketing and advertising to your interests (“interest-based advertising”); measuring, analyzing, and optimizing the effectiveness of our marketing and advertising; and using your comments and communications with us about our services as customer testimonials (with only your first name and your last name initial) or for other purposes that benefit us.
- Conducting Surveys. To administer surveys.
We may use your Personal Information as otherwise disclosed and explained to you at the point of collection and with your consent, where necessary.
6. How We Share or Allow Access to Your Personal Information
Except as otherwise prohibited by law or regulation, and subject to applicable instructions from you to us, we may disclose or allow access to your Personal Information for a variety of business and commercial purposes, including, for example:
- For Our Business Purposes and to Our Affiliates. With our parent, subsidiary, and affiliate companies for business, operational, and legal purposes.
- To Our Service Providers or Contractors in Order to Provide, Improve, and Maintain Our Services. We use service providers or contractors who may need access to your Personal Information in order to provide services for us. These organizations are contractually required to treat your Personal Information as confidential and to use Personal Information only to provide the services we request of them.
- Protect Our Services and Users. With governmental authorities or other entities if we believe disclosure is necessary or appropriate to: protect against fraudulent, malicious, abusive, unauthorized, or unlawful use of our services; protect our network, databases, services, devices, users, and employees from physical or financial harm; and investigate violations of our Terms and Conditions or other contracts.
- For Identity Verification and Fraud Prevention services in Order to Protect our Services and Users. To help protect customers and consumers from fraudulent use of our services, we share Personal Information or risk scores derived from such data with banks or other entities that provide us with fraud prevention services.
- For Legal Process and Protection. We may disclose Personal Information to governmental authorities or other entities if we believe disclosure is necessary or appropriate, including:
- to protect against fraudulent, malicious, abusive, unauthorized, or unlawful use of our services;
- to protect our network, databases, services, devices, users, and employees from physical or financial harm;
- to investigate violations of our Terms and Conditions or other contracts;
- to respond to subpoenas, court orders, search warrants, or other legal process;
- to respond to requests for cooperation from law enforcement or other government entities, including pursuant to the Communications Assistance for Law Enforcement Act (CALEA), which may require that we monitor or facilitate monitoring and otherwise disclose the nature and content of communications transmitted through the services or devices without any further notice or liability;
- to recover payment for previously billed services;
- to facilitate or verify the appropriate calculation of taxes, fees, or other obligations due to local, state, or federal governments and governmental agencies; and
- in emergency situations involving danger of death or serious physical injury to you or any other person, to respond to 911 requests, and for other emergencies or exigencies.
- In a Business Transfer or Transaction. We may disclose or transfer Personal Information as part of a corporate business transaction, such as a sale, assignment, divestiture, merger, bankruptcy, consolidation, reorganization, liquidation, or other transfer of the business or its assets. If another entity acquires Rizz Wireless or any of our assets, your Personal Information may be transferred to such entity. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, such information may be considered an asset of ours and may be sold or transferred to third parties. Should such sale or transfer occur, we will use reasonable efforts to try to require that the buyer or transferee use your Personal Information in a manner that is consistent with this Privacy Statement.
- For Commercial Marketing Purposes. With our affiliates, service providers, contractors, or marketing partners for our marketing and advertising purposes, including when we use our marketing partner’s analytic and advertising tools, such as cookies, web beacons, pixel tags, log files, local shared objects (Flash cookies), HTML5 cookies, or other technologies that automatically or passively collect Personal Information from your use of our services.
7. How You Might Share Your Information with Third Parties
When using our services, you may choose to install, access, or use services offered by third parties, such as websites and applications. In some cases, our services may have links to websites operated by third parties, plugins for social media services, or third-party advertisements.
When you interact with third-party services, you may be consenting to those third parties accessing, collecting, using, or disclosing your Personal Information through our services or directing us to share or allow access to your Personal Information by those third parties, such as your IP address, browsing activity, or location information. Those services operate independently of our services, and your Personal Information will be governed by their terms and conditions, including their privacy policies, not this Privacy Statement. We encourage you to review the privacy policies of any third-party services that you use to better understand their privacy practices. You may be able to restrict or disable the use and disclosure of certain information, such as your location information, using settings available on your device or through the third-party services.
8. Your Advertising Choices and Consent Options
Google Analytics and Google AdWords. We may use Google Analytics on our Sites to help us analyze traffic and improve services. For more information on Google Analytics’ processing of Personal Information, please see http://www.google.com/policies/privacy/partners/. You may opt-out of the use of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Our Sites also use the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to our Sites. Any data we collect will be used in accordance with this Privacy Statement, and Google is responsible to abide by its own privacy policy. You can set your preferences for how Google advertises to you using the Google Ad Preferences page: https://adssettings.google.com.
You have certain choices and consent options related to the use and disclosure of your Personal Information for advertising purposes. Exercising these choices and options will not affect our provision of services to you. Please note that these choices and options may not prevent you from receiving all advertising; you may continue to receive generic advertising from us or interest-based advertising from third parties, depending on how they operate.
Interest-Based Advertising. You have choices and options concerning interest-based advertising on our services or across other websites and online services as follows:
- To opt-out of collection and use of your Personal Information for interest-based advertising by companies participating in the Digital Advertising Alliance (“DAA”), please visit optout.aboutads.info or click on the DAA icon when you see it on an online ad.
- To opt-out from the use of Personal Information about your online activities for interest-based advertising by Network Advertising Initiative (“NAI”) member companies, please visit optout.networkadvertising.org.
- To opt-out of the use of your mobile device ID for targeted advertising, please visit www.aboutads.info/appchoices.
- To prevent your Personal Information from being used by Google Analytics to measure and improve marketing and advertising and understand the use of our services, including through Google AdWords, Google Display Network Impression Reporting, DoubleClick Platform Integrations, and Google Analytics Demographics and Interest Reporting, add the Google Analytics opt-out plugin to your browser, available at tools.google.com/dlpage/gaoptout.
- To manage flash cookies, visit Adobe’s Global Privacy Settings Panel.
- You may be able to adjust your browser, computer, or device settings to disable cookies, remove or prevent the storage of HTML5, or control other advertising and analytics technology to stop or reduce the amount of interest-based advertising you receive, but doing so may prevent you from using certain features of our services.
Do Not Track. Because Do Not Track (“DNT”) and similar signals do not yet operate according to common, industry-accepted standards, our services may not respond to DNT signals.
9. How We Store, Retain, AND Protect Personal Information We Collect About You, and How Long We Keep Your Personal Information
We have implemented technology and security features, such as encryption, to safeguard the privacy of your customer specific information from unauthorized access or improper use and will continue to enhance our security measures as technology becomes available. Unfortunately, there is no such thing as foolproof security on the Internet, and therefore, we make no guarantees with regard to the sufficiency of our security measures.
We will keep your Personal Information as long as necessary to provide your services, or as otherwise required by federal or state law, subpoena, or court order.
The Personal Information we collect from or about you is stored on servers which we take commercially reasonable efforts to secure in the United States (“U.S.”), subject to the laws of the U.S. Electronic access to the databases and physical access to the servers on which this Personal Information is stored are restricted to those employees, agents, contractors, service providers, and other third parties who have a business need for such access. They will only access and use your Personal Information based on our instructions and they are required to keep your Personal Information confidential. While we take reasonable steps to help ensure the integrity and security of our network and servers, we cannot guarantee their security, nor can we guarantee that your communications and information will not be intercepted while being transmitted over our underlying carrier’s network or the Internet.
Your Personal Information is stored on servers in the U.S.; however, some of our service providers may store information on servers hosted in other countries. As such, your Personal Information may be subject to the laws of other countries, where the data protection and other laws may differ from those of the U.S. Should your Personal Information be transferred to other countries, we will require our service providers to protect your Personal Information. Your Personal Information may be disclosed in response to inquiries or requests from government authorities or to respond to judicial process in the countries in which we operate.
We may assign you a user ID and a password when you as part of your participation and access to the Site and your account. Only you may use your user ID and password. You may not share your user ID and password with anyone else, and you are solely responsible for maintaining and protecting the confidentiality of your user ID and password. You are fully responsible for all activities that occur under your user ID. You play a role in protecting your information as well.
10. Governing Law and Notice to Non-U.S. Residents
Our services are provided to individuals located within the U.S. and its territories and are subject to U.S. law. If you are located outside of the U.S. and its territories, please do not use the services.
If you do not reside in the U.S. and provide Personal Information to us, please note that your Personal Information will be transferred, processed, collected, used, accessed and/or stored in the U.S. and subject to U.S. laws. The laws in the U.S. may not provide the same protections for your Personal Information as the jurisdiction in which you are located. Do not provide your Personal Information to us if you do not want this information to be transferred or processed outside of your country, or if the laws in your country restrict such transfers.
11. Information from Children
Our services are not directed toward children, and we do not knowingly collect Personal Information from children under the age of 13 (or under the age of 16 in California).
If you are a minor, please do not provide us with any Personal Information or use or access the services without receiving your parent’s or guardian’s permission. If we learn that we have collected any Personal Information from a child under the age of 13 (or under the age of 16 in California), we will take steps to delete the information as soon as possible. If you believe that we might have any Personal Information provided by a child under 13 (or under the age of 16 in California), or if you are a parent or guardian of a child under 13 (or under the age of 16 in California) that has provided us with Personal Information without your consent, please contact us at the contact information provided in this Privacy Statement.
12. OBLIGATIONS and RIGHTS UNDER Various State Privacy Laws
We are not subject to the defined scope of many state privacy laws, and therefore the specific rights and obligations identified in these laws do not currently apply to us. However, residents of these states may refer to these Privacy Statement provisions regarding our current data practices and may contact us regarding data inquiries or further information requests via the Our Contact Information section below. We also recognize that privacy laws continue to evolve rapidly, so we are undertaking reasonable means to monitor developments in these laws and update our polices accordingly.
13. California Resident Privacy Rights
This section explains how we collect, use, and disclose personal information about users, customers, and visitors who reside in California (“consumers” or “you”). It also explains certain rights afforded to consumers under California’s Shine the Light law and the California Consumer Privacy Act of 2018 (“CCPA”), as revised and updated by the California Privacy Rights Act (“CPRA”). This section uses certain terms that have the meaning given to them in the CCPA including personal information. “Personal Information” for purposes of this Privacy Statement is as defined by applicable laws.
The following section does not apply to individuals who do not live in California on a permanent basis, individuals who do not collect personal information about, or individuals for whom all of the information we collect is exempt from California laws.
13.1. Categories of Personal Information Collected
We may collect (and have collected during the 12-month period prior to the effective date of this Privacy Statement) the above categories of Personal Information about you in the Types of Personal Information We Collect About You section above.
13.2. Sources of Personal Information
During the 12-month period prior to the effective date of this Privacy Statement, have obtained Personal Information about you from the sources identified in The Personal Information We Collect section above.
13.3. Purpose of Collection
We used during the 12-month period prior to the effective date of this Privacy Statement your Personal Information for the business or commercial purposes described in the How We Use Personal Information We Collect About You section above.
13.4. Disclosures of Personal Information for a Business Purpose
We may disclose your Personal Information to a contractor or service provider for a business purpose.
When we disclose Personal Information for a business purpose, we enter a contract that prohibits any such contractor or service provider from selling or sharing your Personal Information. Any such contract requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
During the 12-month period prior to the effective date of this Privacy Statement, we have disclosed the categories of Personal Information about you for a business purpose as described in the How We Share or Allow Access to Your Personal Information section above.
13.5. Sale and Sharing of Personal Information
We do not sell or share your Personal Information in exchange for monetary consideration.
However, the definitions of Personal Information, ‘share,’ and ‘sale’ under CCPA are broad. The CCPA defines “sharing” as “communicating orally, in writing, or by electronic or other means, a consumer’s personal information” to “a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration.” We may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content.
We do not knowingly sell or share personal information related to children under 16 years of age.
During the 12-month period prior to the effective date of this Privacy Statement, we have shared the following categories of Personal Information as follows:
Category of Personal Information that May Be Shared
- Contact details: this may include your email address, phone number, telephone number and home address;
- Identity details: this may include your first name, maiden name, last name, marital status, title, date of birth and gender;
- Data about your use of CFGI’s websites: this may include your IP address, cookies, web beacons, browser type and version, time zone and language and notification preferences;
- Information about how you use our IT, communication, and other systems: this may include your user account, email activity and call details;
- Personal data provided when you apply for work with us: this may include personal data you provide in your curriculum vitae and covering letter, information provided as part of the interview process; and
- Other personal data about yourself that you provide voluntarily (for example, when you sign up to our services, subscribe to our communications, provide information to us and/ or access certain resources on our website): this may include your interests, social media profile links, job title, emergency contact details and absence records.
Third Parties with Which Personal Information May Be Shared
- Marketing and advertising partners and platforms.
Purpose for Sharing Personal Information
- To deliver marketing communications which we think may be of interest to you.
13.6. Use and Disclosure of Sensitive Personal Information
We do not use or disclose sensitive personal information about you except as necessary to provide you with our services, including processing and fulfilling orders and verifying your information, to prevent fraudulent or illegal actions, and for other purposes that are not for the purpose of inferring characteristics about you.
For purposes of this section, “sensitive personal information” is defined as:
Personal information that reveals:
- A consumer’s social security, driver’s license, state identification card, or passport number.
- A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
- The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
- A consumer’s genetic data.
- The processing of biometric information for the purpose of uniquely identifying a consumer.
- Personal information collected and analyzed concerning a consumer’s health.
- Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
Category of Sensitive Personal Information that May Be Disclosed
- Identity details: this may include your first name, maiden name, last name, marital status, title, date of birth and gender;
- Health data: this may include your medical certificates, self-certification forms, records of sickness absence, medical reports and health assessments;
- Financial data: this may include your billing address, bank account and payment card details;
- Trade union membership data: this may include data about your trade union membership;
- Criminal history data: this may include information relating to any criminal convictions or criminal charges secured or brought against you;
- Trade union membership data: this may include data about your trade union membership;
- Personal data provided when you apply for work with us: this may include personal data you provide in your resume and cover letter, information provided as part of the interview process; and
- Other personal data about yourself that you provide voluntarily (for example, when you sign up to our services, subscribe to our communications, provide information to us and/ or access certain resources on our website): this may include your interests, social media profile links, job title, emergency contact details and absence records.
Third Parties with Which Sensitive Personal Information May Be Disclosed
- Cloud-based email and data storage providers;
- Business application software providers;
- Payroll agencies;
- Benefit (including pension) providers;
- HM Revenue, Irish Revenue Commissioners & Customs;
- Computer maintenance companies;
- Professional advisers;
- Other affiliates (CFGI, LLC and other holding and parent companies are all affiliates);
- Potential purchasers of the business.
Purpose for Disclosing Sensitive Personal Information
- To provide our website or our services to you
- To improve our website, your browsing experience and / or the services we provide to you
- To conduct our business
- To perform our responsibilities as employer and administer the employment relationship (during the application process and after the employment)
- To conduct checks to identify our clients and verify their identity to comply with legal and regulatory obligations;
- To ensure compliance with CFGI’s policies and detect any unauthorised use of CFGI’s IT infrastructure and systems;
- To send you marketing communications which we think may be of interest to you. This may include where you sign up to our CFGI newsletter or contact us for a Request for Proposal.
13.7. California Consumer Privacy Rights
Under CCPA, consumers have certain rights regarding their Personal Information, as described below.
- Right to Know: The provisions in this Privacy Statement, including Types of Personal Information We Collect About You, The Personal Information We Collect, How We Use Personal Information We Collect About You, How We Share or Allow Access to Your Personal Information, and Sale and Sharing of Personal Information, inform you about the Personal Information we collect from you and how we use it.
- Right of Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information about you, limited to the preceding twelve (12) months:
- The categories of Personal Information that we collected about you;
- The categories of sources from which the Personal Information was collected;
- The business or commercial purpose for collecting or selling Personal Information;
- The categories of third parties with whom we share Personal Information;
- The specific pieces of Personal Information that we have collected about you;
- The categories of Personal Information that we disclosed about you for a business purpose or shared with third parties; and
- For each category of Personal Information identified, the categories of recipients or third parties to which the information was disclosed or with which the information was shared.
- Right of Deletion: You have the right to request that we delete any Personal Information about you which we have collected from you, subject to exceptions within the law.
- Right to Opt-Out: You have the right to opt-out of the sale or sharing of Personal Information as described in Sale and Sharing of Personal Information above.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific limitations on further sharing, use, or disclosure of your Sensitive Personal Information that is collected or processed for “the purpose of inferring characteristics about a consumer.” However, as described in Use and Disclosure of Sensitive Personal Information above, we do not collect or process Sensitive Data for this purpose. You may also request that we limit our use of Sensitive Personal Information to that use which is necessary to provide services to you or as otherwise expressly permitted under applicable law.
- Right to Correction: You have the right to request that we maintain accurate Personal Information about you and correct any Personal Information about you which we have collected from you, subject to exceptions within the law.
Under California’s “Shine the Light” law, California residents have the right to request in writing, once per year (a) a list of the categories of Personal Information, such as name, e-mail and mailing address and the type of services provided to the customer, that we have disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us as directed in the Our Contact Information section below with a reference to California Disclosure Information.
To opt out of the sale or sharing of your personal information or otherwise take advantage of the foregoing rights, please contact us as described in the Our Contact Information section.
13.8. Consumer Requests and Verification
Right to Non-Discrimination
We do not discriminate against you if you exercise any rights described in this section.
Verifying Requests
You may request to exercise your rights under this Privacy Statement by contacting us as described in the Our Contact Information section below. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Information, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:
- As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
- We will confirm that you want your information accessed, corrected, and/or deleted.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.
Authorized Agents
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the Our Contact Information section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:
- The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;
- You to verify your identity directly with us; or
- You to directly confirm with us that you provided the authorized agent permission to submit the request.
14. Nevada Resident Privacy Rights
We comply with applicable requirements of the Nevada privacy law (Nevada Revised Statutes Chapter 603A), which in some instances provides Nevada residents with choices regarding how we use and share your personal information.
Nevada Personal Information (“Nevada PI”) includes personally identifiable information about a Nevada consumer collected online, such as an identifier that allows the specific individual to be contacted. Nevada PI also includes any other information about a Nevada consumer collected online that can be combined with an identifier to identify the specific individual.
We may collect your telephone number in addition to the categories information we outline in the Types of Personal Information We Collect About You section above (which include the Nevada PI categories of first and last name; physical address; email address; and username).
We may share such Personal Information with categories of third parties including federal and state regulators, subsidy program administrators, compliance and service support entities, and marketing entities.
Unaffiliated third parties outside of our control may collect covered information about your online activities over time and across different Internet websites or online services (via, e.g., “cookies”) when you use our services.
You have the right to request that we not sell your Personal Information. Although we do not currently sell Personal Information, you may submit a request directing us to not sell Personal Information if our practices change in the future. To exercise this right, you may contact us using one of the methods described in the Our Contact Information section below.
15. Virginia, Colorado, AND Connecticut Resident Privacy Rights
This section is applicable to residents of Virginia, Colorado, or Connecticut. If you are a resident of Virginia, Colorado, or Connecticut, you have certain rights described below. The following do not apply to individuals who do not live in Virginia, Colorado, or Connecticut on a permanent basis, individuals we do not collect personal information about, or individuals for whom all of the information we collect is exempt from the statutes. “Personal Data,” for purposes of this section regarding the rights of residents, means any information that is linked or reasonably linkable to an identified or identifiable natural person and does not include de-identified information or publicly available information.
This section applies only to Virginia, Colorado, and Connecticut residents to the extent their Personal Data is subject to the Virginia Consumer Data Protection Act (VCDPA), or the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), or any amendments or acts thereto upon their effective dates. The categories of Personal Data processed, the purposes of processing, the categories of Personal Data shared, and the categories of third parties to which Personal Data is shared are provided in the above sections of this Policy.
If you would like to learn whether Rizz Wireless is subject to the requirements of these state laws, you may contact us via the Our Contact Information section below.
15.1. Rights under VCDPA, CPA, and CTDPA
To the extent applicable, Virginia, Colorado, and Connecticut privacy law provide residents with specific rights regarding Personal Data, including:
- Right to Access. You have the right to confirm whether or not we are processing your Personal Data and to access such information.
- Right to Correct. You have the right to correct inaccuracies in your Personal Data which we have collected, taking into account the nature of the Personal Data and the purposes of processing the Personal Data.
- Right to Delete. You have the right to request deletion of Personal Data provided by or obtained about you, subject to legal exemptions.
- Right to Data Portability. You have the right to obtain a copy of your Personal Data.
- Right to Opt-Out. You have the right to opt out of the processing of Personal Data for purposes of (1) targeted advertising; (2) the sale of Personal Data; or, if you are in Virginia or Colorado (3) profiling in furtherance of decisions that produce legal or similarly significant effects.
If you would like to exercise any of the rights provided, please refer to the Consumer Requests and Verification section below.
15.2. Consumer Requests and Verification
15.2.1. Right to Non-Discrimination
You have the right not to receive discriminatory treatment by Rizz Wireless for exercising any of your privacy rights. We will not discriminate against you for exercising any of your rights under this section.
15.2.2. Verifying Requests
You may request to exercise your rights of access, deletion, or correction by contacting us as described in the Our Contact Information section below. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Data, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:
- As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
- We will confirm that you want your information accessed, corrected, and/or deleted.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.
15.2.3. Authorized Agents
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the Our Contact Information section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:
- The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;
- You to verify your identity directly with us; or
- You to directly confirm with us that you provided the authorized agent permission to submit the request.
15.2.4. Virginia and Connecticut Appeal Process
If you have made a request to access, correct, or delete your Personal Data under VCDPA and CTDPA, and we have declined to take action, you may appeal our decision within 45 days of the denial. When you make such an appeal, you can expect the following:
We will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
We will review your appeal and respond in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision, within 45 days upon receipt of your appeal. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
In certain cases, an appeal may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing services or completing an order. If we deny your appeal, we will explain why we denied it and provide you with a method to contact your state’s Attorney General to submit a complaint.
16. Changes and Updates to this Privacy Statement
We reserve the right to modify this Privacy Statement at any time. When we do, we will post the changes on this page. We will give you notice of any materially adverse changes to this privacy policy and may give you notice of all other changes but reserve the right to make such modifications immediately if required. It is your responsibility to regularly check this page to determine if there have been changes to the Privacy Statement and to review such changes.
The most current version of this Privacy Statement can be viewed by visiting our website and clicking on “Privacy Statement” located at the bottom of the pages. Any changes will take effect immediately. The effective date of this Privacy Statement is stated below. Continued access or use of our services following the effective date of any changes shall indicate your acceptance of such changes. If you do not agree to the modified provisions of this Privacy Statement, you must discontinue your access and use of the services.
European Union, the United Kingdom, and Singapore Privacy Statement
This Privacy Statement governs the collection and processing of personal data of CFGI affiliates seated in or operating in either the European Union, the United Kingdom or Singapore. When reference is made to “CFGI”, “we”, “our” or “us”, such reference is to be understood as referring to the affiliate acting as controller of the respective personal data.
CFGI collects your personal data for various purposes, as detailed in this Privacy Statement. When we collect or use your data, we being controller decide how and why your personal data is processed. This Privacy Statement sets out the different ways we collect personal data and how we use it. It also explains your rights in relation to your personal data and how to contact us.
UPDATED: JULY 2024
We publish the current version of this Privacy Statement on our website, and we may update this from time to time.
We will notify you of these updates where:
- we are making substantial changes; or
- we are doing something with your personal data, which you might not expect based on what we have told you in this Privacy Statement.
Please read our Privacy Statement to understand our approach to processing your personal data.
1. Contact Information and Controllership
If you have a question on this Privacy Statement or how we use your personal data, you can contact the data controller at any time. Depending on the service you obtain from us, the CFGI affiliate controlling the processing of your personal data may differ. For your convenience, we have set up a central point of contact which can be reached by way of email. The address is the following:
Alternatively, you can contact the CFGI affiliate controlling your respective personal data. The respective information is provided as part of the service you obtain from us. You may address your communication to the competent Data Protection Officer at the following addresses:
- CFGI (UK) Limited; 1 Park Row, Leeds, LS1 5AB, United Kingdom
- CFGI (Ireland) Limited; 1 Windmill Lane, Dublin 2, Dublin, D02F206
- CFGI Germany GmbH & Co. KG; Maximiliansplatz 17, 80333 Munich, Germany
- CFGI Germany Verwaltungs GmbH; Maximiliansplatz 17, 80333 Munich, Germany
- CFGI Germany GmbH; Theodor-Heuss-Str. 10, 70174 Stuttgart, Germany
- CFGI Germany Power Finance; Theodor-Heuss-Str. 10, 70174 Stuttgart, Germany
- CFGI (Singapore) Private Limited; 38 Beach Road, #29-11 South Beach Tower Singapore 189767
2. How we collect your personal data
Your personal data is collected by CFGI in a few ways:
- Personal data you give directly;
- Personal data we collect from third parties;
- Personal data we collect from the monitoring of system use.
3. Personal data we collect
- Contact details: this may include your email address, phone number, telephone number and home address;
- Identity details: this may include your first name, maiden name, last name, marital status, title, date of birth and gender;
- Health data: this may include your medical certificates, self-certification forms, records of sickness absence, medical reports and health assessments;
- Financial data: this may include your billing address, bank account and payment card details;
- Criminal offence data: this may include information relating to any criminal convictions or criminal charges secured or brought against you;
- Trade union membership data: this may include data about your trade union membership;
- Data about your use of CFGI’s websites: this may include your IP address, cookies, web beacons, browser type and version, time zone and language and notification preferences;
- Information about how you use our IT, communication, and other systems: this may include your user account, email activity and call details;
- Personal data provided when you apply for work with us: this may include personal data you provide in your curriculum vitae and covering letter, information provided as part of the interview process; and
- Other personal data about yourself that you provide voluntarily (for example, when you sign up to our services, subscribe to our communications, provide information to us and/ or access certain resources on our website): this may include your interests, social media profile links, job title, emergency contact details and absence records.
4. Personal data we do not collect: Children’s data
CFGI’s websites are intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.
5. Who we share your personal data with
We use third party sub-processors and other third-party service providers to provide our service and communicate with you in connection with the purposes set out in the section How and why we use your personal data. We have certain safeguards in place to protect your personal data. For example, written agreements that only permit third party sub-processors to process your personal data for specified purposes and subject to certain security measures.
We routinely share personal data with:
- Cloud-based email and data storage providers;
- Business application software providers;
- Payroll agencies;
- Benefit (including pension) providers;
- HM Revenue, Irish Revenue Commissioners & Customs, Inland Revenue Authority of Singapore;
- Central Provident Fund of Singapore,
- Computer maintenance companies;
- Professional advisers;
- Other affiliates (CFGI, LLC and other holding and parent companies are all affiliates);
- Potential purchasers of the business.
We may also share anonymous aggregate usage statistics or anonymous individual data for service evaluation and improvement purposes with consultants or research organisations that we work with from time to time. This anonymous data is not itself personal data, and we take care to ensure that individuals cannot be identified (or indeed re-identified) in the data.
6. How and why we use your personal data
Under the EU General Data Protection Regulation (EU) 2016/679 (the “EU GDPR”), UK General Data Protection Regulation 2018/679 (the “UK GDPR”),the Irish Data Protection Acts 1988 to 2018 (the ‘Irish DPA’), the UK Data Protection Act 2018 (the “UK DPA 2018“) the German Federal Data Protection Act (the “BDSG”) and Personal Data Protection Act 2012 of Singapore (“PDPA”), (together the “Data Protection Laws”), CFGI is allowed to use personal data only if we have a proper reason to do so. This is called our ‘lawful basis’ for processing. The four main ways that we are permitted to use your personal data are:
- When you consent to us using your personal data.
- When we fulfil our contractual commitments to you.
- When we need to meet our legal obligations.
- When it is in our legitimate interests.
Many of these uses are mandatory – in other words, where we need to use your personal data to meet our contractual obligations to you, or to meet our legal obligations. We have provided more detail below on what personal data we use, why and which of the above categories we are relying on for each purpose. We have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal data in certain circumstances (we have stated this below and set out our legitimate interests). We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual. We have provided more detail below on what personal data we process, why we process your personal data and which of the above categories we are relying on for each purpose. We may use your personal data for more than one purpose, depending on the circumstances. We have listed the primary lawful basis that we will typically rely on in the tables below. There may be situations where we rely on two lawful bases as a matter of course to achieve the same or similar purposes.
Purpose | Lawful basis and applicable EU GDPR/UK GDPR law |
To provide our website or our services to you | It is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). Where it is not in our legitimate interests, we will obtain your explicit consent (EU GDPR / UK GDPR Article 6(1)(a)). |
To improve our website, your browsing experience and / or the services we provide to you | It is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). Where it is not in our legitimate interests, we will obtain your consent (EU GDPR / UK GDPR Article 6(1)(a)). |
To send you marketing communications which we think may be of interest to you. This may include where you sign up to our CFGI newsletter or contact us for a Request for Proposal. | It is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). Where it is not in our legitimate interests or consent is required under the direct marketing rules, we will obtain your consent (EU GDPR / UK GDPR Article 6(1)(a)). |
To provide you with service communications. This may include where we inform you of changes to our terms or policies, our services or other important notices.. | It is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). Where it is not in our legitimate interests to do so, we will obtain your consent (EU GDPR / UK GDPR Article 6(1)(a)). |
To conduct our business | The lawful basis for processing your personal data for this purpose is to fulfil our contractual commitments to you (EU GDPR / UK GDPR Article 6(1)(b)). Where the above does not apply, it is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). We will obtain your consent in the required manner (EU GDPR / UK GDPR Article 6(1)(a) and Art. 9(2) (a) EU GDPR) should neither of the above-mentioned lawful bases apply. This applies in particular to special category data such as your health data. |
To perform our responsibilities as employer and administer the employment relationship (during the application process and after the employment) | The lawful basis for processing your personal data, including trade union membership data, for this purpose is to meet our legal obligations (EU GDPR / UK GDPR Article 6(1)(f) and Section 26(1) BDSG). Where the above does not apply, the lawful basis for processing your personal data will be to fulfil our contractual commitments to you (EU GDPR / UK GDPR Article 6(1)(b)). Where the above bases do not apply, it is in our legitimate interests to process your personal data in connection with this purpose (EU GDPR / UK GDPR Article 6(1)(f)). Where the above bases do not apply, the lawful basis for processing your personal data will be by obtaining your explicit consent (EU GDPR / UK GDPR Article 6(1)(a)). Where we process special category data, the lawful basis for processing your personal data is one of the following exemptions:
|
To conduct checks to identify our clients and verify their identity to comply with legal and regulatory obligations | The lawful basis for processing your personal data for this purpose is to meet our legal obligations (EU GDPR / UK GDPR Article 6(1)(f)). Where the above does not apply, the lawful basis for processing your personal data is when it is in our legitimate interests (EU GDPR / UK GDPR Article 6(1)(f)). Where we process special category data, the lawful basis for processing your personal data is one of the following exemptions:
|
To ensure compliance with CFGI’s policies and detect any unauthorised use of CFGI’s IT infrastructure and systems | The lawful basis for processing your personal data for this purpose is when it is to meet our legal obligations (EU GDPR / UK GDPR Article 6(1)(f)). Where the above does not apply, the lawful basis for processing your personal data will be to fulfil our contractual commitments to you (EU GDPR / UK GDPR Article 6(1)(b)). Where neither of the above bases apply, the lawful basis for processing your personal data is when it is in our legitimate interests (EU GDPR / UK GDPR Article 6(1)(f)).
Where we process special category data, the lawful basis for processing your personal data is one of the following exemptions:
|
7. Links to other websites
You should also be aware that where you link to another website from CFGI, CFGI has no control over that website. Accordingly, CFGI cannot guarantee that the controller of that website will respect your privacy in the same manner as CFGI.
8. Data security and storage
In order to prevent unauthorised access or disclosure, we have put in place suitable policies and procedures to safeguard and secure the information we process.
All CFGI employees are contractually bound to respect the confidentiality of any personal data held by CFGI.
9. Retention of personal data
We shall retain personal data in accordance with our Information Security Policy. In summary:
- We use Microsoft 365 for email and file storage.
- We are not required to retain any client work product given the nature of our services. Our work output is immediately owned by the client upon delivery and payment. Client information is retained in accordance with a non-disclosure agreement (“NDA“) or engagement letter. We will dispose of client information if requested by a client if it is in accordance with the NDA, engagement letter and regulatory requirements.
- We have policies in place to ensure that documents that we do retain are disposed in accordance with applicable laws.
10. Sending data across regions and jurisdictions
The levels of data protection differ from region to region and jurisdiction to jurisdiction. This is due to regional and/or national regulatory differences. As we operate in various regions around the globe, we make sure when transferring personal data across regions and jurisdictions to meet the requirements of each region and/or jurisdiction in due course. This includes adhering to provisions relating to cross-border data transfer. In the following, we provide you with guidance how this is achieved.
10.1 Data transfers outside of the UK or the EEA
Certain personal data is stored within the UK and/or the EEA. Such personal data may be transferred to third-party organisations, some of whom (where applicable) may be located outside of the UK or the EEA, to facilitate provision of our services. For example, this could happen if any of our servers that store your personal data are located in a country outside of the UK or the EEA, or when one of our service providers is located in a country outside of the UK or the EEA, such as South Africa or Australia. Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under the Data Protection Laws.
We will have agreements with these third-party organisations which provide that they will not use your personal data for any purposes other than those we have agreed with them. We require that any third-party organisations that use your personal data on our behalf implement adequate safeguards to protect your personal data, in accordance with applicable UK and EU data protection legislation. For example, we may put contracts in place (which are approved by the UK Information Commissioner and, where applicable, the European Commission and are known as “Standard Contractual Clauses“) with those service providers, or alternatively will ensure they have signed up to, and comply with, any other approved mechanisms that may become available to us in the future. We will also carry out an appropriate risk assessment of the laws and practices of the destination country to ensure that your personal data is fully protected when in that country.
We may also share some of your personal data with other CFGI companies within the CFGI group for internal administrative purposes or to provide a service to you. This will include transfers to our affiliate, CFGI, LLC in the United States. In doing so, we will adopt necessary safeguards, such as the Standard Contractual Clauses and conducting the appropriate risk assessment referred to above.
10.2 Data transfer outside of Singapore
Certain personal data is stored within Singapore. Such personal data may be transferred to third-party organisations, some of whom (where applicable) may be located outside of Singapore, to facilitate provision of our services. Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under the PDPA.
We will have agreements with these third-party organisations which provide that they will not use your personal data for any purposes other than those we have agreed with them. We will require that any third-party organisations that use your personal data on our behalf implement adequate safeguards to protect your personal data, in accordance with the PDPA. We will also carry out an appropriate risk assessment of the laws and practices of the destination country to ensure that your personal data is fully protected when in that country.
We may also share some of your personal data with other CFGI companies within the CFGI group for internal administrative purposes or to provide a service to you.
Any transfers of personal data to a territory outside of Singapore will be made in accordance with the PDPA and we will take steps to ensure that your personal data so transferred continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
11. Marketing
We wish to send you marketing communications for products and services that may be relevant to you. We may also need to send you communications that are not direct marketing communications (service communications by post, telephone or email/MMS/SMS) from time to time. Service communications relate to information that is necessary for us to convey when you are receiving products and services.
We will only contact you, or businesses associated with you, with marketing messages by email/MMS/SMS where we are permitted to do so in accordance with Data Protection Laws and other applicable laws (i.e. where we have collected the appropriate permissions).
Where we rely on your consent, we may seek, or re-seek, your marketing consent any time that there is a change in our marketing strategy or your relationship with us, including where there is a change in law or where there is a structural change in our organisation.
From time to time, we may send you marketing messages by email relating to our own products and services without your consent where you have not opted out of receiving marketing message. Under the Data Protection Laws, we are permitted to do this in relation to existing customers. We will give you the chance to opt out of receiving direct marketing messages by email when we first collect your personal data and, thereafter, in every marketing message that we send (via the “unsubscribe” link at the foot of the marketing message). Where you exercise this option, we will cease to send you marketing message by email. Additionally, you have a right to object to all marketing messages whether electronic marketing or by post or telephone. Please see Your rights below. You are free to change your preferences by contacting us – please see Contact information above.
12. Cookies
A cookie is a file with a small amount of data which is sent to a user’s browser from a web server and stored on a user’s computer, used to store and track information about the user. When you visit our site, we may use cookies containing information (such as unique user ID) to track your usage of our site.
12.1 We use the following types of cookies
- Strictly necessary cookies – We use this for the operation of our website. Under the EU GDPR and UK GDPR, this is on the basis of Article 6(1)(f).
- Analytical or performance cookies – We use this to allow us to recognise and count the number of visitors and see how many visitors move around our website when they are using it. Under the EU GDPR and UK GDPR, this is on the basis of your consent according to Article 6(1)(a).
- Targeting cookies – We use this to record your visit to our website, the pages you have visited and the links you have followed. Under the EU GDPR and UK GDPR, this is on the basis of your consent according to Article 6(1)(a).
12.2 Your consent to the use of cookies and the associated personal data
Cookies and associated personal data used for non-necessary purposes
We will only store and read cookies for non-necessary purposes on your device and process the associated personal data (or allow third party providers and partners to do so) if you have given us your prior consent and have not withdrawn it. We request this using the cookie tool, which is displayed when you visit a page on the website for the first time.
When and how to give your consent
When you visit the website for the first time, you will be asked to give your consent to the non-mandatory cookies and the personal data we collect as a result of their use. You can consent to all non-essential cookies by selecting “Accept all” or refuse consent for all non-essential cookies by selecting “Reject all”. Alternatively, you can consent to cookies according to their respective categories of use. If you do not consent to these cookies, we will not use them or process any personal data in connection with them. Consequently, your provision of personal data in connection with the cookie is voluntary and you can revoke your consent at any time for the future. Until you withdraw your consent, the use of cookies and the associated data processing is lawful.
The duration for which your consent is valid
If you give us your consent to process your personal data using cookies and other technologies, we will rely on this for a period of 6 months from the date on which you last gave us your consent using the cookie tool on this website. After this period, the cookie tool will automatically treat your consent as withdrawn and you will be asked to give your consent again on your first subsequent visit to this website.
How to withdraw your consent
Depending on the type of cookie, you can revoke the consent previously given for cookies in two ways:
- The cookie tool is available in the footer of the website. You can access the cookie tool at any time from any page of this website and revoke your consent by switching off the option for the relevant category of cookies using the slider.
- Customise the settings in your web browser. Most web browsers are set by default to accept all cookies. However, you have the option to configure your web browser settings so that cookie information is displayed before it is saved or you can reject them outright. You can find details of the different cookie settings available and the associated changes for the most popular web browsers by clicking on the relevant link:
- Google Chrome:
https://support.google.com/accounts/answer/61416?hl=en - Internet Explorer:
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies - Microsoft Edge:
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy - Mozilla Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences - Opera:
http://www.opera.com/help/tutorials/security/privacy/ - Safari:
https://support.apple.com/kb/PH19214?locale=cs_CZ&viewlocale=en_US
- Google Chrome:
Please note that any changes to your web browser settings only apply to the web browser for which you have adjusted your settings. If you use more than one web browser on a device, you must change the settings for each browser and each device separately. You may find additional information on cookies in the help function of the browser or operating system or in the operating instructions for your device.
Storage after you have withdrawn your consent
After you have withdrawn your consent to non-necessary cookies, this website will no longer access or read these cookies. Depending on the cookies, this means that files, scripts, codes and other cookie-related information may remain stored on your device. You can delete these cookies by deleting your cookies and browser cache using your web browser settings. For more information on this and how to proceed, please refer to the links for the common browsers mentioned above.
Consequences of refusing/withdrawing your consent
If you refuse or withdraw your consent to the use of non-necessary cookies or associated personal data, the relevant functions or features of this website may either not function properly or not function at all. Your use of the core functions and features of the website will remain unaffected.
How long will we process and store your personal data?
We do not process or store personal data in an identifiable format for longer than necessary. We process and store your personal data for the following periods:
In relation to necessary cookies, the processing of your personal data will end with your browsing session, after which your personal data will be deleted (except in relation to cookies used to store your consent preferences, which we will retain and process for [6] months from the date you granted consent).
All other personal data relating to cookies will be processed until the consent authorising such processing is withdrawn or expires (i.e. after [6] months in most cases). Ten they will be deleted.
13. Data deletion and storage duration
The personal data of the data subject will be deleted as soon as the purpose of storage ceases to apply. Data may also be stored if this is provided for by applicable regulations, laws or other provisions to which CFGI is subject. The data will also be deleted if a storage period prescribed by the aforementioned laws expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
14. Your rights
You have rights regarding your personal data. If you wish to exercise any of your rights outlined below, please contact us using one of the contact details mentioned in Contact information.
Right to access your personal data – You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.
Right to change or remove your details – You have the right to correct any inaccurate data or remove data if it is not necessary for us to hold it where there is no compelling reason for its continued processing by us.
Right to restrict or object to processing – You can object to processing if it could affect your rights, freedoms or interests. For example, you have the right to object to direct marketing and automated decision-making (although we do not engage in the latter).
Right to withdraw consent – where the processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to data portability – We will provide your data in a portable format.
Right to lodge a complaint – You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact us first. Please contact our Data Protection Manager at dataprotection@CFGI.com if you believe that your personal data is not being processed in line with this Privacy Statement. If you are not satisfied with the response, you might wish to lodge a complaint with the competent supervisory authority. You can make a complaint to the Irish Data Protection Commission at www.dataprotection.ie. You can find out on website of UK’s Information Commissioner’s Office how to report a concern at ico.org.uk/concerns/. A list of the German data protection supervisory authorities to which you can submit your complaint can be found at:: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.html.
Note that if you exercise your right to remove your details, to restrict processing or to object, this may adversely affect your ability to obtain our products and services from us, or to use our website.