Coresecure

Client Privacy Statement

last updated 9/28/2016


Privacy Policy With Respect to Data Received From Clients

INTRODUCTION

Coresecure, Inc. (“Coresecure”) provides software development and managed hosting solutions. Coresecure also provides other related offerings to its clients. In connection with providing its services, Coresecure occassionally  receives personally identifiable information (“personal information”) from its clients about a variety of online form submissions (“transaction data”). This policy sets forth Coresecure’s general privacy and security practices with respect to this personal information. While this policy sets forth Coresecure’s general privacy and security practices, the detailed obligations and commitments of Coresecure to our clients is set forth in the contractual arrangements with clients. In the event of a conflict between this policy and a client contract, the client contract prevails.

This policy does not describe how personal data is collected and processed by our clients who obtain personal information directly from consumers. Consumers should review the privacy policies of the business entities with which they directly share their data to learn about such entities’ privacy practices.

For information about Coresecure’s privacy and security practices relating to visits to the Coresecure website, please review the Coresecure Website Privacy Statement.

Coresecure also has registered offices in the United States and Italy, both of which also adhere to all aspects of this Privacy Statement, including the EU-US Privacy Shield Principles and the US-Switzerland Safe Harbor Framework.

NATURE OF THE DATA RECEIVED

Coresecure receives form submission data from its customers, which generally are individuals interested in marketing campaigns laid out by it customers. Coresecure does not conduct or these marketing efforts.Coresecure does not collect or receive personal information directly from consumers. Rather, Coresecure processes transaction data that consumers have provided to Coresecure’s clients.

Coresecure may collect and use the following kinds of personal information:

  • information about your use of this website;
  • information that you provide using for the purpose of registering with the website;
  • information about transactions carried out over this website;
  • information that you provide for the purpose of subscribing to the website services; and
  • any other information that you send to Coresecure.

USE OF THE DATA RECEIVED

Coresecure processes personal information to help its clients prevent fraud online scams and policy abuse and may use your personal information to:

  • administer this website;
  • personalize the website for you;
  • enable your access to and use of the website services;
  • publish information about you on the website;
  • send to you products that you purchase;
  • supply to you services that you purchase;
  • send you statements and invoices;
  • collect payments from you; and
  • send you marketing communications.

The period for which personal information is retained is determined by the contract between Coresecure and each individual client and may vary based on the type of Coresecure service.

However, specific elements of a form submission (such as an email address or phone number), believed to have been used in a fraudulent manner will be retained for longer periods consistent with Coresecure’s agreements with its individual merchant clients. Clients should contact the business entities with which they directly share their data to learn how long their transaction data may be retained. Coresecure has put in place mechanisms to protect the accuracy and integrity of personal information.

In cases of onward transfer to third parties or data of EU individuals received pursuant to the EU-US Privacy Shield, Coresecure, Inc is potentially liable.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

DISCLOSURES TO THIRD PARTIES

Coresecure does not share form submission data with third parties, except in the following limited circumstances: (1) personal information may be accessible to third-party service providers processing data on behalf of its customers; however, any such service providers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the US-Switzerland Safe Harbor; (2) personal information may be disclosed to third parties as directed by the client which sent the information to Coresecure, including to third-party services used to validate data elements; (3) personal information may be provided to a third party to the extent Coresecure enters into a transaction for the acquisition of all or substantially all of Coresecure’s assets. In this case we record Customer’s information into our ERP solution provided by Netsuite, Inc Coresecure's ERP solution also provides the individual opt-out or opt-in choices and allows the customer to select which type of communication it wishes to receive by flagging different subscriptions.

ACCESS, CHOICE, CORRECTION, AND DELETION OF PERSONAL DATA

Data subjects whose data is received by Coresecure have the right under the Privacy Shield and Safe Harbor to access, correct or delete their personal data. They may do so by contacting Coresecure’s client that collected their data, or by contacting Coresecure directly at the contact information noted below.

E-mail:
support@coresecure.com
(put “Privacy Compliance” in subject line)

Mailing address:
Legal/Privacy Compliance
Coresecure, Inc.
10 Rogers Street; Suite 120
Cambridge, MA 02142 USA

Telephone:
617.621.3300

EU-US PRIVACY SHIELD FRAMEWORK

Coresecure complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries with respect to personal information we receive from our merchant clients. Coresecure has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/list.

In compliance with the EU-US Privacy Shield Principles, Consecure, Inc commits to resolve complaints about your privacy and our collection or use of your personal information.  European individuals with inquiries or complaints regarding this privacy policy should first contact Coresecure, Inc at:

E-mail:
support@coresecure.com
(put “Privacy Compliance” in subject line)

Mailing address:
Legal/Privacy Compliance
Coresecure, Inc.
10 Rogers Street; Suite 120
Cambridge, MA 02142 USA

Telephone:
617.621.3300

Consecure, Inc has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

U.S. – SWITZERLAND SAFE HARBOR FRAMEWORK

Coresecure complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Coresecure has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

PRIVACY COMPLAINTS BY EUROPEAN UNION (EU) OR SWISS INDIVIDUALS

EU Individuals:

In compliance with the US-Swiss Safe Harbor Principles, Coresecure, Inc commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Coresecure, Inc at:

E-mail:
support@coresecure.com
(put “Privacy Compliance” in subject line)

Mailing address:
Legal/Privacy Compliance
Coresecure, Inc.
10 Rogers Street; Suite 120
Cambridge, MA 02142 USA

Telephone:
617.621.3300

Coresecure has further committed to refer unresolved privacy complaints under the US-Switzerland Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

ENFORCEMENT

Coresecure has implemented internal mechanisms to verify ongoing adherence to this policy. We periodically verify that this policy remains accurate, comprehensive for its intended purpose, and is accessible in accordance with applicable law. Coresecure is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

AMENDMENTS

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield and Safe Harbor. Coresecure will post any revised policy on this website.

CONTACT FOR QUESTIONS

Any questions about the accuracy, use, processing or storage of data received by Coresecure should be directed to support@coresecure.com.

SECURITY OF YOUR PERSONAL INFORMATION

Coresecure uses various organizational and technical measures to protect your privacy and avoid unauthorized use or disclosure of your personal data. However, you should note that no transfer of data over the Internet is completely secure. While we use reasonable efforts to protect your data on our systems, when the data is transferred over the Internet, it may be accessed and used by unauthorized third parties. Coresecure has no control over the performance, reliability, availability or security of the Internet and does not warrant that any information transfer via the Internet or any communication through the Internet is secure. Coresecure shall not be liable for any disclosure, unauthorized use, loss, damage, expense, harm or inconvenience resulting from the loss, delay, interception, corruption, intervention, misuse or alteration of any personal information due to any action beyond Coresecure’s reasonable control.

CHILDREN’S PERSONAL INFORMATION

www.coresecure.com is a site not targeted to children and is not intended to collect personal data from children under age of 13. If you have questions regarding privacy of your personal information you submit to us through our website, please send an e-mail to support@coresecure.com.