• Business and Professional Services

Purpose of Data Collection

Personal information that CSR may collect includes: - Browser based data such as IP Address, geographical location, browser type and version, operating system, referral source, etc. - Account number of provider for our online solution sets, such as CSR Readiness®, user name and password, and Personal Information during registration of our online solution tools such as email address, full mailing or physical address, company name, industry, and phone number(s); - Information for subscribing into our email newsletters; and - Personal Business information provided when utilizing the CSR Breach Reporting Service, such as the organization’s service provider name and account number. Organization information directly collected pertains to the organization that has experienced a confirmed or suspected breach incident, and their vendors, consultants, attorneys, or others directly involved, and may include one or more of the following: Organization name, contact names, email addresses, mailing or physical address, locations, and phone numbers. All BRS calls are recorded. Personal information is sometimes collected during the interview or evaluation process such as the names of individuals or employees also involved with the incident. Incoming BRS calls may be answered by an answering service to ensure no calls are missed. Call information at the answering service is deleted every three months. When consumer notification is provided, CSR or a processor (such as an entity providing credit monitoring services) may need to receive the contact information of the affected individuals including one or more of the following: name, company name, email address, mailing address, telephone number, national security number, etc. Only minimum information needed is used. CSR or processors may require payment. Efforts may include printing, emails, and toll-free call center. The information is only to be kept long enough to provide the service and then destroyed. - Information submitted as a request through our web based online forms or direct correspondence. CSR may post open positions on our website. Collection of personal data will occur if you submit a resume and/or cover letter in response to the posting. Authorized use of personal data includes: - Providing CSR online products and professional services to you and your business; - Personalizing and enhancing your experience on our online solution sets; - Sending solutions and products purchased through our online solutions; - Confirmations, statements, invoices, or other necessary emails; - Email communication; - Newsletters and other email communication mailing lists that you have subscribed to; - Submission of summary result reporting based on the product and services you are subscribed to; - Providing statistical information to appropriate parties on overall usage of products and services; and - Sending notification on updates to this policy. Processors (third parties, vendors, agents) that may receive personal data include payment card processors, financial institutions, email service providers (ESP), and vendors related specifically to the CSR Breach Reporting Service including answering service and third-parties that directly assist with consumer notification efforts such as credit monitoring, printing, emails, and toll-free call center. If required, personal data may be used to comply with local, state, federal and foreign countries as mandated or to comply with a court order, subpoena, search warrant or other valid legal process.

Verification Method

Self-Assessment

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact CSR Privacy Solutions, Inc. at: