DATA PRIVACY FRAMEWORK POLICY

EU-US DATA PRIVACY FRAMEWORK POLICY

 

Global Outsource Services, LLC ("Global") is a leading provider of banking systems to the financial services industry. Global has adopted this EU-US DATA FRAMEWORK POLICY ("Policy") in order to maintain an adequate level of protection concerning the transfer of its serviced financial institutions (“Clients”) customers’ Personal Information from the European Union (EU) member countries to Global’s facilities in the United States of America.

 

Global complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Global has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

 

The Federal Trade Commission (FTC) has jurisdiction over Global's compliance with the EU-US Data Privacy Framework.

​

SCOPE

​

Global’s Policy applies only to Personal Information that is processed, maintained or stored on behalf of Global’s Clients. "Personal Information" for purposes of this policy means information relating to an identified or identifiable natural person. An "Identifiable Person" is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the individual's physical, physiological, mental, economic, cultural or social identity that are within the scope of the EU-US Data Privacy Framework Principles, recorded in any form and that is received by a participant from the EU. For the purposes of this Policy, our Clients may use Global’s systems to store Personal Information on their customers that includes name, address and date of birth. “Processing” of personal data means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

​

NOTICE

​

Global acts as a service provider to its Clients who use its banking products and services. Any Personal Information sent to us by our Clients is used exclusively for the purposes for which we were contracted. 

​

CHOICE

​

The use of Personal Information from our Clients is governed by the service agreements with our Clients and this Policy. We do not rent or sell our Personal Information to any third parties. We do not collect sensitive information (e.g., Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual). If you have any issues for limiting the use and disclosure of your personal data, please contact your financial institution directly.

 

 

ACCOUNTABILITY FOR ONWARD TRANSFER

​

Except as otherwise provided herein, Global discloses Personal Information only to Third Parties who reasonably need to know such data and only for the scope of the services contracted and not for other purposes. Such recipients of Personal Information must agree to abide by confidentiality agreements.

 

Please be aware that Global may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Global is liable for appropriate onward transfers of Personal Information to Third Parties.

​

DATA INTEGRITY AND SECURITY

​

Global takes reasonable steps to ensure that Personal information we Process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. Additionally, Global has implemented physical, technical and administrative safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

​

ACCESS TO PERSONAL INFORMATION

​

Global acknowledges that individuals have the right to access their Personal Information. Global maintains Personal Information solely as a processor on behalf of its Clients and, as a result, has no direct relationship with the individuals whose Personal Information we Process. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should first contact their financial institution in the European Union.

​

ENFORCEMENT AND DISPUTE RESOLUTION

​

In compliance with the EU-U.S. DPF, Global commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS  resolution provider’s website] for more information or to file a complaint. The services of JAMS are provided at no cost to you.

 

Individuals with questions or concerns regarding our EU-US Data Framework Policy should contact us at:

 

            Global Outsource Services, LLC

            c/o Governance and Compliance Officer

            770 Ponce de Leon Blvd. - Penthouse

            Coral Gables, Florida USA 33134

            Office: (305) 441-0417 / Fax: (305) 441-0418

​

AMENDMENTS / RENEWALS

​

Global’s Policy may be amended from time to time consistent with the requirements of the EU-US Data Privacy Framework Principles. Global also reviews this policy annually as part of the re-certification process.

 

 

Policy Effective Date:              March 15, 2017