DATA PRIVACY FRAMEWORK POLICY
Global Outsource Services, LLC ("Global") is a leading provider of banking systems to the financial services industry. Global is committed to maintain an adequate level of protection of its serviced financial institutions customers’ Personal Information.
Global complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Global has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern.
Global is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
SCOPE
This Data Privacy Framework Policy applies only to Personal Information within the scope of Global’s Data Privacy Framework certification, that is processed, maintained, or stored on behalf of Global’s serviced financial institutions.
For the purposes of this Data Privacy Framework Policy
-
"Personal Information" means information relating to an identified or identifiable natural person. Our serviced financial institutions may use Global’s systems to store Personal Information on their customers that includes name, address, and date of birth.
-
"Identifiable Person" is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the individual's physical, physiological, mental, economic, cultural, or social identity that are recorded in any form and that is received by a participant from the EU.
-
“Processing” of personal data means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
-
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
PRINCIPLES
-
NOTICE
Global acts as a service provider to its serviced financial institutions who use its banking products and services. Any Personal Information sent to us by our serviced financial institutions is used exclusively for the purposes for which we were contracted.
-
CHOICE
The use of Personal Information from our serviced financial institutions is governed by the service agreements with our serviced financial institutions and this Policy. We do not rent or sell our Personal Information to any third parties. We do not collect sensitive information (e.g., Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).
-
ACCOUNTABILITY FOR ONWARD TRANSFER
Except as otherwise provided herein, Global discloses Personal Information only to Third Parties who reasonably need to know such data and only for the scope of the services contracted and not for other purposes. Such recipients of Personal Information must agree to abide by confidentiality agreements.
Please be aware that Global may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Global is liable for appropriate onward transfers of Personal Information to Third Parties.
-
DATA INTEGRITY AND SECURITY
Global takes reasonable steps to ensure that Personal information we Process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. Additionally, Global has implemented physical, technical, and administrative safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
-
ACCESS TO PERSONAL INFORMATION
Global acknowledges that individuals have the right to access their Personal Information. Global maintains Personal Information solely as a processor on behalf of its clients and, as a result, has no direct relationship with the individuals whose Personal Information we process. An individual who seeks access, or limiting the access, or who seeks to correct, amend, or delete inaccurate data should first contact their financial institution.
-
ENFORCEMENT AND DISPUTE RESOLUTION
Global uses a self-assessment approach to assure compliance with its Data Privacy Framework Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the principles. In compliance with the EU-US Data Privacy Framework Principles, Global commits to resolve complaints about your privacy and our collection or use of your Personal Information.
EU individuals with questions or concerns regarding our Data Privacy Framework Policy should contact us at:
Global Outsource Services, LLC
c/o Governance and Compliance Officer
770 Ponce de Leon Blvd. - Penthouse
Coral Gables, Florida USA 33134
Office: (305) 441-0417 / Fax: (305) 441-0418
In compliance with the EU-U.S. DPF, Global commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your complaint is not resolved by us or by JAMS, you may, under certain conditions, have the option to invoke binding arbitration as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to Global and following the procedures and subject to conditions set forth in Annex I of Principles. For further information, please see the Data Privacy Framework website: https://www.dataprivacyframework.gov/s/article/ANNEX-1-introduction-dpf
-
POLICY AMENDMENTS / RENEWALS
Global will renew its EU-U.S. DPF certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Global’s Policy may be amended from time to time consistent with the requirements of the EU-US Data Privacy Framework. Global also reviews this policy annually as part of the re-certification process.
Policy Effective Date
January 1, 2024