PRIVACY SHIELD POLICY

 

Global Outsource Services, LLC (“Global”) is a leading provider of banking systems to the financial services industry. Global has adopted this Privacy Shield Policy (“Policy”) in order to maintain an adequate level of protection concerning the transfer of its serviced financial institutions (“Clients”) customers’ Personal Information from the European Union (EU) member countries to Global’s facilities in the United States of America.

Global complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce (DOC) regarding the collection, use, and retention of Personal Information from our Customers. Global has certified that it adheres to the EU-US Privacy Shield Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between Global’s Policy and the EU-US Privacy Shield Framework Principles, the EU-US Privacy Shield Framework Principles shall govern. To learn more about the US DOC Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

The Federal Trade Commission (FTC) has jurisdiction over Global’s compliance with the EU-US Privacy Shield Framework.

SCOPE

Global’s Policy applies only to Personal Information that is processed, maintained or stored on behalf of Global’s Clients. “Personal Information” for purposes of this policy means information relating to an identified or identifiable natural person. An “Identifiable Person” is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity that are within the scope of the EU-US Privacy Shield Framework, recorded in any form and that is received by a participant from the EU. For the purposes of this Policy, our Clients may use Global’s systems to store Personal Information on their customers that includes name, address and date of birth. “Processing” of personal data means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

NOTICE

Global acts as a service provider to its Clients who use its banking products and services. Any Personal Information sent to us by our Clients is used exclusively for the purposes for which we were contracted.

CHOICE

The use of Personal Information from our Clients is governed by the service agreements with our Clients and this Policy. We do not rent or sell our Personal Information to any third parties. We do not collect sensitive information (e.g., Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).

ACCOUNTABILITY FOR ONWARD TRANSFER

Except as otherwise provided herein, Global discloses Personal Information only to Third Parties who reasonably need to know such data and only for the scope of the services contracted and not for other purposes. Such recipients of Personal Information must agree to abide by confidentiality agreements.

Please be aware that Global may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Global is liable for appropriate onward transfers of Personal Information to Third Parties.

DATA INTEGRITY AND SECURITY

Global takes reasonable steps to ensure that Personal information we Process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. Additionally, Global has implemented physical, technical and administrative safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

ACCESS TO PERSONAL INFORMATION

Global acknowledges that individuals have the right to access their Personal Information. Global maintains Personal Information solely as a processor on behalf of its Clients and, as a result, has no direct relationship with the individuals whose Personal Information we Process. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should first contact their financial institution in the European Union.

ENFORCEMENT AND DISPUTE RESOLUTION

Global uses a self-assessment approach to assure compliance with its Privacy Shield Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the principles. In compliance with the EU-US Privacy Shield Framework Principles, Global commits to resolve complaints about your privacy and our collection or use of your Personal Information. EU individuals with questions or concerns regarding our Privacy Shield Policy should contact us at:

Global Outsource Services, LLC

c/o Governance, Compliance & Risk Management

770 Ponce de Leon Blvd. – Penthouse

Coral Gables, Florida USA 33134

Office: (305) 441-0417 / Fax: (305) 441-0418

Global has further committed to refer unresolved EU-US Privacy Shield Framework complaints to the JAMS, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you. If claims are not remedied, under certain limited conditions, individuals may invoke binding arbitration as a last resort before the EU-US Privacy Shield Framework Panel.

AMENDMENTS / RENEWALS

Global’s Policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield Framework. Global also reviews this policy annually as part of the re-certification process.

It is GLOBAL OUTSOURCE SERVICES, LLC’s formal policy to adhere to the requirements and guidelines of federal Regulation P, Privacy of Consumer Financial Information, as it relates to maintaining the confidentiality of customer records, when arid if, its staff and/or contract personnel are exposed to such records during the course of:

• Software installation

• System upgrades, maintenance or enhancements

• Employee/user training at a financial institution

• Problem resolution

• Customer support resolution

• Disaster Recovery Testing and/or Operation

GLOBAL OUTSOURCE SERVICES, LLC’s employees or contractors will not remove from premises, share, copy or print customer information records unless specifically requested and/or authorized in writing by the client or financial institution that owns the data/ information.

GLOBAL OUTSOURCE SERVICES, LLC will observe and enforce this policy within its employees, contractors or anyone representing GLOBAL OUTSOURCE SERVICES, LLC. while servicing the client.

This statement of policy will apply to the client’s premises, GLOBAL OUTSOURCE SERVICES, LLC premises and operation centers, GLOBAL OUTSOURCE SERVICES, LLC’s. Disaster Recovery Operation Center, and anywhere where an employee of GLOBAL OUTSOURCE SERVIES, LLC becomes exposed to or in control of the client’s data.

Further, it is the policy of GLOBAL OUTSOURCE SERVICES, LLC, to notify its customer base of our Consumer Information Privacy Policy. GLOBAL OUTSOURCE SERVICES, LLC is not responsible for administering the client’s financial institutions’ procedures regarding Regulation P compliance, nor how the client protects their financial information privacy.

GLOBAL OUTSOURCE SERVICES, LLC will train its staff and contract employees in the required precautionary measures they must take to ensure customer information confidentiality and privacy.

The client and not GLOBAL OUTSOURCE SERVICES, LLC, is responsible to provide timely training to its staff in the handling of consumer/customer issues concerning financial information privacy. As part of its annual System Maintenance Billing, GLOBAL OUTSOURCE SERVICES, LLC will incorporate the following or similar verbiage reiterating the Company’s policy regarding Consumer Information Privacy:

“It is the policy of GLOBAL OUTSOURCE SERVICES, LLC, Inc. to maintain the confidentiality of customer records it may come in contact with as a result of interacting with the client and while performing the services contracted in the outsource service agreement/contract between the client and GLOBAL OUTSOURCE SERVICES, LLC..

Under no circumstances will GLOBAL OUTSOURCE SERVICES, LLC Inc., or one of its representatives, copy, share, print or disseminate the bank’s customer information records to anyone outside the bank.”

 

Policy Effective Date:              March 15, 2017