Computer Enterprises, Inc. (“CEI”) provides Information Technology consulting and outsourcing services to businesses in the United States. In the operation of its business, CEI recognizes and respects the privacy rights of all individuals. In order to protect the privacy of individuals with whom CEI comes in contact through its business activity, CEI has become a participant in the International Safe Harbor Program established by the United States, the European Union and Switzerland (see www.export.gov/safeharbor). This Privacy Statement applies to all personal data (as defined below and by applicable laws in the EEA/EU Member States and Switzerland) received by CEI in any manner including but not limited to in electronic, paper or verbal form. On occasion and pursuant only to its business practices CEI may act as a data controller and/or data processor on its own and/or on behalf of its customers as those terms are described below. When acting as a data controller and/or a data processor, CEI does not retain independent rights to control the use of personal data it processes on behalf of its customers; it acts solely on its customers’ instructions. CEI handles all personal data in accordance with the principles established by the International Safe Harbor Program whether collected on its own, via its website (www.ceiamerica.com), or as a result of performing services for its customers.
The Safe Harbor privacy principles established by the International Safe Harbor Program apply to all personal data received by CEI. Some personal data may be subject to additional CEI policies and procedures. Information CEI receives from its customers may be subject to agreements between CEI and its customers. When CEI acts as an agent of its customers, it acts in accordance with its contractual obligations associated with handing personal data.
Definitions: The following definitions apply to this Privacy Statement:
Personal Data: Personal data as used herein is defined as any information that is identifiable to an individual regardless of the medium or format in which the information is stored.
Sensitive Data: Sensitive data as used herein is defined as personal data treated in European data protection laws as posing a special risk to individuals such as information about racial or ethnic origins, political affiliations, religious or philosophical beliefs, trade-union membership, government-issued identification numbers, healthcare or lifestyle choices.
Data Controller: A data controller is a party or entity that determines the purposes and means of processing personal data. A company functions as a data controller when it decides how such data is to be used, and then uses that data accordingly.
Data Processor: A data processor is a party or entity that processes personal data on behalf of a data controller. A company functions as a data processor when it acts as an agent of another company following its instructions as to how that data should be handled and processed.
IP Addresses, Cookies and Registration:
CEI does not engage in any activity that will personally identify visitors to its website except as set forth below.
CEI may use a site visitor’s IP address to help diagnose problems with CEI servers, to administer its website and to refine its website based on which features people use most often. IP addresses may also be used to help gather broad demographic information.
In addition, CEI may use session cookies to track visits to its website. A “cookie” is a small piece of data that a website can send to a user’s browser which may then be stored on that user’s computer or network. A user can set his or her browser to notify him or her when it receives a cookie. A user can also block cookies from certain websites giving the user the opportunity to decide whether or not to accept it.
Visiting www.ceiamerica.com does not require registration of any kind.
CEI may collect and use personal data such as a name, an email id or a phone number in the regular course of business. CEI will use any such information only for purposes that are consistent with those for which it was originally collected and/or authorized. CEI will not sell or disclose such information to any third-party other than as set forth herein.
Notice and Choice:
When CEI collects personal data, CEI always provides individuals with notice that it has collected personal data and provides them with an option to have their personal data kept confidential and/or destroyed.
Occasionally, the collection of personal data does not require the explicit consent of the individual whose personal data may be collected. In addition, CEI may send unsolicited emails to individuals in the regular course of business. In such cases, CEI informs such individuals about the possibility of disclosures to third parties of their personal data including sensitive personal data. CEI offers such individuals the opportunity to choose from the following options (or to opt out): (1) to stop receiving emails and to have their personal data destroyed; (2) to allow their personal data to be disclosed to a third party; or (3) to allow their personal data to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized.
CEI discloses personal data only under the following circumstances: to third-party contractors or agents that process the data on CEI’s behalf; to satisfy government reporting requirements; to meet other legal obligations; to assert or defend legal claims or interests; or with the consent of the individual. Before making disclosures to a third party, CEI first applies the Notice and Choice principles as described above. CEI also ensures that the third party to whom the disclosure is made is obligated (by law, contract, or its own Safe Harbor certification) to provide at least the same level of privacy protection as is required by this Privacy Statement. Where CEI contracts with third parties to process personal data on its behalf, CEI’s policy is to contractually obligate the third parties to maintain the confidentiality and security of the personal data; to act upon it only in accordance with the instructions received from CEI and/or its client; and to handle the information strictly in accordance with these principles.
CEI employs accepted standards and procedures for security of data, networks, infrastructure and applications which are designed to safeguard and secure personal data and sensitive data against loss, misuse, theft, unauthorized access, disclosure, alteration and destruction. However, CEI does not guarantee the security of data transmitted through the internet.
When acting as an agent processing personal data under the direction of its customers, CEI enters into agreements with its customers specifying the conditions under which personal data can be processed and kept secure.
CEI takes reasonable steps to ensure that personal data is accurate, complete, current and reliable for its intended use. CEI limits its collection of personal data to that which is relevant for its business and legal purposes. CEI does not use the data in a way that is incompatible with the purposes for which it was collected and/or subsequently authorized by the individual.
If an individual believes that his or her personal data is stored in CEI’s database(s) or is otherwise in the possession of CEI, and wishes to correct, amend and/or delete such data therefrom, requests can be emailed to email@example.com. The words “Safe Harbor” should be put in the subject line of the email. CEI will honor all such requests in a timely manner except where there is a significant burden or expense associated with doing so or where others’ rights may be violated.
When CEI acts as an agent of its customers, CEI usually has no direct relationship with the individuals whose personal data it processes. In such cases, the request to access, correct, amend and delete personal data should be sent to the entity to which the information was originally provided.
CEI uses a self-assessment approach to assure compliance with this Privacy Statement and periodically verifies that the policy is accurate, prominently displayed, completely implemented and accessible. CEI will cooperate with European Data Protection Authorities, the U.S. Department of Commerce, the U.S. Federal Trade Commission, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or CEI’s International Safe Harbor commitments. CEI will rectify any non-compliant practices as they are discovered.
CEI’s adherence to the Safe Harbor Principles may be limited to the extent necessary to meet national security, public interest or law enforcement requirements.
CEI uses an annual self-assessment program to verify that the attestations it makes under the Safe Harbor Program are true and that its privacy policies are being followed in practice. In addition, CEI will cooperate with European Data Protection Authorities to resolve any complaints that may arise in relation to personal data transferred under the Safe Harbor Program.
Changes to this Policy:
This Privacy Statement may be amended from time to time, consistent with the requirements of the Safe Harbor Principles, and will be posted on this website.
Point of Contact:
Questions or concerns about this Privacy Statement or CEI’s data collection and processing practices can be emailed to firstname.lastname@example.org. Please put “Safe Harbor” in the subject line of the email.