PRIVACY POLICY
EU-U.S., UK Extension and Swiss-U.S. Data Privacy Framework: Consumer Privacy Policy
CORETELLIGENT LLC
This document was last updated April 26, 2024.
If you are located in the European Union, United Kingdom or Switzerland, please note that as part of our service, we may transfer your personal information to other regions, including to the United States.
Coretelligent LLC, United Technology Group, LLC, Soundview IT Solutions, LLC, and Soundshore Technology Group, L.L.C. (collectively, “we” or “us” or “Coretelligent”), complies with the US Department of Commerce EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. regarding the transfer of Personal Information from European Union member countries, the United Kingdom and Switzerland to the United States. Coretelligent has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF Principles and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF Principles. Coretelligent has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF Principles. . If there is a conflict between our Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit: https://www.dataprivacyframework.gov/.
For purposes of this Policy:
“Consumer” means any natural person who is located in the EU, UK or Switzerland but excludes any individual acting in his or her capacity as an Employee.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“DPF Principles” means the Principles and Supplemental Principles of the Data Privacy Framework.
“Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of Coretelligent, who is located in the EU, UK or Switzerland.
“EU” means the European Union and Iceland, Liechtenstein and Norway.
“Personal Data” means any information, including Sensitive Data that is (i) about an identified or identifiable individual, (ii) received by Coretelligent in the U.S. from the EU, UK or Switzerland, and (iii) recorded in any form.
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor or other third party located in the EU, UK or Switzerland that provides services or products to Coretelligent.
“UK” means the United Kingdom.
For more information about Consumer Personal Data processing with respect to information obtained through Coretelligent’s website, please visit our privacy statement at: https://coretelligent.com/privacy-policy/.
Types of Personal Data Coretelligent Collects
Coretelligent collects Personal Data directly from Consumers. This collection occurs, for example, when a Consumer visits Coretelligent’s website www.coretelligent.com (“Website”) or uses its comprehensive managed IT and private cloud services (“Services”). We may use this information for the purposes indicated in our privacy statement.
The types of Consumer Personal Data Coretelligent collects includes:
- Contact information, such as name, postal address, email address and telephone number; and
- Personal Data in content Consumers provide on Coretelligent’s Website and through its Services and other data collected automatically through the Website (such as IP addresses, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our website, and dates and times of website visits).
In addition, Coretelligent obtains Personal Data, such as contact information and financial account information, of its Suppliers’ representatives. Coretelligent uses this information to manage its relationships with its Suppliers, process payments, expenses and reimbursements, and carry out Coretelligent’s obligations under its contracts with the Suppliers.
Coretelligent also may obtain and use Consumer Personal Data in other ways for which Coretelligent provides specific notice at the time of collection.
Coretelligent’s privacy practices regarding the processing of Consumer Personal Data comply with the DPF Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.
Notice
Coretelligent provides information in this Policy and its privacy statement about its Consumer Personal Data practices, including the types of Personal Data Coretelligent collects, the types of third parties to which Coretelligent discloses the Personal Data and the purposes for doing so, the rights and choices Consumers have for limiting the use and disclosure of their Personal Data, and how to contact Coretelligent about its practices concerning Personal Data.
Relevant information also may be found in notices pertaining to specific data processing activities.
Choice
Coretelligent generally offers Consumers the opportunity to choose whether their Personal Data may be (i) disclosed to third-party Controllers or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant Consumer. To the extent required by the DPF Principles, Coretelligent obtains opt-in consent for certain uses and disclosures of Sensitive Data. Consumers may contact Coretelligent as indicated below regarding our use or disclosure of their Personal Data. Unless Coretelligent offers Consumers an appropriate choice, we use Personal Data only for purposes that are materially the same as those indicated in this Policy.
Coretelligent shares Consumer Personal Data with its affiliates. Coretelligent may disclose Consumer Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third-party Processors we have retained to perform services on our behalf and pursuant to our instructions, (ii) if we are required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Coretelligent also reserves the right to transfer Personal Data in the event of an audit or if we sell or transfer all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
Accountability for Onward Transfer of Personal Data
This Policy and the Website Privacy Statement describe Coretelligent’s sharing of Consumer Personal Data.
Except as permitted or required by applicable law, Coretelligent provides Consumers with an opportunity to opt out of sharing their Personal Data with third-party Controllers. Coretelligent requires third-party Controllers to whom it discloses Consumer Personal Data to contractually agree to (i) only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant Consumer, (ii) provide the same level of protection for Personal Data as is required by the DPF Principles, and (iii) notify Coretelligent and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party Controller determines that it cannot meet its obligation to provide the same level of protection for Personal Data as is required by the DPF Principles.
With respect to transfers of Consumer Personal Data to third-party Processors, Coretelligent (i) enters into a contract with each relevant Processor, (ii) transfers Personal Data to each such Processor only for limited and specified purposes, (iii) ascertains that the Processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the DPF Principles, (iv) takes reasonable and appropriate steps to ensure that the Processor effectively processes the Personal Data in a manner consistent with Coretelligent’s obligations under the DPF Principles, (v) requires the Processor to notify Coretelligent if the Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, (vi) upon notice, including under (v) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the Processor, and (vii) provides a summary or representative copy of the relevant privacy provisions of the Processor contract to the Department of Commerce, upon request. Coretelligent remains liable under the DPF Principles if our third-party Processor onward transfer recipients process relevant Personal Data in a manner inconsistent with the DPF Principles, unless Coretelligent proves that it is not responsible for the event giving rise to the damage.
Security
Coretelligent takes reasonable and appropriate measures to protect Consumer Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
Recourse, Enforcement and Liability
Coretelligent has mechanisms in place designed to help assure compliance with the DPF Principles. Coretelligent conducts an annual self-assessment of its Personal Information practices to verify that the attestations and assertions Coretelligent makes about its Data Privacy Framework privacy practices are true and that Coretelligent’s privacy practices have been implemented as represented and in accordance with the DPF Principles.
You may file a complaint concerning Coretelligent’s processing of your Personal Information. Coretelligent will take steps to remedy issues arising out of its alleged failure to comply with the DPF Principles. You may contact Coretelligent as specified below about complaints regarding Coretelligent’s personal information practices.
In compliance with the DPF Principles, Coretelligent commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Coretelligent at privacy@coretelligent.com.
Coretelligent has further committed to refer unresolved complaints to JAMS, an alternative dispute resolution provider located in the United States pursuant to the JAMS International Mediation Rules.. The services of JAMS are provided at no cost to you. For more information and/or to file a complaint, please visit: www.jamsadr.com/international-mediation-rules. The mediator may propose any appropriate remedy, such as deletion of the relevant Personal Data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of your Personal Data. The mediator or you also may refer the matter to the U.S. Federal Trade Commission, which has Data Privacy Framework investigatory and enforcement powers over Coretelligent. If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a DPF Panel.
How to Contact Coretelligent
To contact Coretelligent with questions or concerns about this Policy or Coretelligent’ Consumer Personal Data practices:
Coretelligent LLC
Attention: Privacy Statement Personnel
197 1st Ave
Suite 360
Needham Heights, MA 02494
781.247.4900