C.A. Short Company EU Data Privacy Framework

• Commitment to Privacy
• Data Privacy Framework
• Notice Principle
• Types of Personal Data Collected
• Commitment to Subject to the Principles
• Purposes of Collection and Use
• Onward Transfer Principle
• Right to Access
• Choices and Means
• Independent Dispute Resolution Body and Enforcement Principle
• Investigatory and Enforcement Powers of the FTC
• Arbitration
• Requirement to Disclose
• Liability
• Privacy Policy Changes
• How to Contact Us

Commitment To Privacy

Effective Date:  January 1, 2024 Casco International, Inc. dba C.A. Short Company (“C.A. Short Company”, “we”, “us”) is a US-based corporation that partners with companies to offer incentives, awards, and prizes for achieving benchmarks and performance outcomes.  The privacy of your data is important to us.  Therefore we are providing this policy to describe and explain our information practices and the measures we take to protect your privacy.  This Notice does not apply to data that we collect from other jurisdictions; we cover such data in other, separate notices.

Data Privacy Framework

CA Short Company complies with the EU-U.S. Data Privacy Framework (EU-.S. DPF) as set forth by the U.S. Department of Commerce.  CA Short Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Notice Principle

As your data processor, we make available to you this Policy so that you can better understand our data practices.

Types of Personal Data Collected

We may collect the following types of personal data from EU Users when provided on registration or in connection with a comment or question: 

• Name
• Home Address
• E-mail address
• Phone number
• Month and Date of birth (not year) for companies that give recognition on birthdays
• Hire Date

We may also automatically collect the following types of personal data when EU Users use our websites and mobile sites, and download and use our mobile applications:

• Location information, which allows us to periodically determine your location
• Computer, device and usage information, which may include (i) internet protocol (IP) address and other technical information about your computer and website usage, such as your browser type and version, time zone setting, and operating system and platform (ii) information specific to the device you use to access the application (including, but not limited to, make, model, operating system, advertising identifier, language, carrier and similar information) and (iii) information about your use of features, functions, or notifications on the device.

Commitment to Subject to the Principles

We are subject to the Principles for all personal data that we receive from companies or individuals in the EU in reliance on the Data Privacy Framework.  We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Purposes of Collection and Use

C.A. Short Company collects and uses personal data of EU Users for one or more of the following purposes:

• Administering your access to our websites, mobile sites and mobile applications, including any accounts for which you may have registered
• Improving and personalizing your experience on our websites and mobile applications
• Providing information about our products and services
• Providing products, services and support of EU Users
• Communicating with corporate business partners about business matters
• Conducting related tasks for legitimate business purposes
• Aggregating data; and
• Other purposes disclosed at the time of collection.

Onward Transfer Principle

We may share personal data we collect from EU Users with the following types of third parties and for the following purposes:

• Service Providers. We may engage service providers to perform certain business-related functions, such as mailing information or providing products, maintaining databases, processing credit card transactions, supporting our marketing activities, and providing hosting services, in which case we may provide the service provider with the information that it needs to perform its specific function, including personal data from EU Users where necessary.  Service providers are authorized to use EU Users’ personal data only as necessary to provide these services to us.

• Legal Requirements. We may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a subpoena or similar legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of any Site or the public, (d) protect against legal liability, or (e) or as otherwise required or permitted by law.

• Business Transfers. As we develop our business, we might sell or buy businesses or assets.  In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal information may be part of the transferred assets.  You will be notified via e-mail and/or a prominent notice on our websites or mobile applications of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

• Affirmative Consent. To any other third party with your affirmative consent. 

In these situations, we will take reasonable steps to require the recipient of the data to protect the data in accordance with the relevant principles in the Data Privacy Framework or otherwise take steps to ensure that the EU personal data is appropriately protected, and we will be liable for our actions/inactions with regard to the transfer or disclosure of the data to third parties. 

Right to Access

EU Users have the right to access personal data about them and to correct, amend or delete information that is either inaccurate or processed in violation of the Data Privacy Framework.  To access your personal data, please contact privacy@cashort.com. 

Choices and Means

EU Users may choose to change their personal data, unsubscribe from e-mail lists, stop having their personal data shared with third parties, or cancel an account by contacting privacy@cashort.com with information necessary to process the request.  EU Users may choose to unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message. 

Independent Dispute Resolution Body and Enforcement Principle

C.A. Short Company maintains procedures for verifying that commitments we make in this Policy to adhere to the Data Privacy Framework principles have been implemented.  To do this we, we complete an annual privacy compliance assessment and make improvements based on the results.

In compliance with the EU-US Data Privacy Framework Principles, CA Short Company commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact CA Short Company at:

C.A. Short Company, Inc.
Attn:  Privacy
4205 E. Dixon Blvd.
Shelby, NC  28152

CA Short Company has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Data Privacy Framework complaints concerning human resources data transferred from the EU in the context of the employment relationship.

Investigatory and Enforcement Powers of the FTC

C.A. Short Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Arbitration

If you are located in the EU and have exhausted all other means to resolve your concern regarding a potential violation of C.A. Short Company’s obligations under the Data Privacy Framework Principles, you may seek resolution via binding arbitration.  For additional information about the arbitration process, please visit the Data Privacy Framework website:  https://www.dataprivacyframework.gov/

Requirement to Disclose

C.A. Short Company may be required to disclose personal information in response to lawful requests by public authorities, including in order to meet national security or law enforcement requirements.

Liability

If a third party service provider providing services on C.A. Short Company’s behalf processes personal data from the EU in a manner inconsistent with the Data Privacy Framework Principles, C.A. Short Company will be liable unless we can prove that we are not responsible for the event giving rise to the damages.

Privacy Policy Changes

We reserve the right to modify this Policy at any time.  When we make only minor modifications, we may do so without notifying you.  When we make material modifications affecting data practices and where we operate as the data controller, we will post the new Policy on this Site under the “Privacy” link and notify you at the email address specified in your account or by means of notice on this Site prior to the change becoming effective.  We encourage you to periodically review this page for the latest information on our privacy practices.  The effective date at the top of this Policy will allow you to quickly know when the last changes were made.

How to Contact Us

If you have any questions regarding this notice or if you need to update, change or remove personal data that we control, you can do so by contacting privacy@cashort.com  by regular mail addressed to:

 C.A. Short Company, Inc.
Attn:  Privacy
4205 E. Dixon Blvd.
Shelby, NC  28152

C.A. Short Company will respond to your request to access or delete your information within 30 days.