GDPR Privacy Statement
This GDPR Privacy Statement (the “Statement”) applies only to the extent CohnReznick collects, uses, processes and/or retains Personal Data that is subject to the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) in furtherance of the performance of services and obligations and exercise of rights under an agreement(s) for services between CohnReznick and Client (the “Agreement”). References to “Client” herein refer to the individual(s) or entity(ies) for whom services are performed and the individual(s) or entity(ies) who signed the Agreement. All capitalized terms used but not defined herein shall have the meanings set forth for such terms in the GDPR.
CohnReznick will collect, use, disclose, process and/or retain Personal Data of Client, customers and service providers of Client, employees of Client, and third parties whose contact information is provided by Client or is required to perform a service on Client’s behalf (i) if this is necessary for the performance of services and other purposes set forth in the Agreement, (ii) as required to comply with applicable law, regulations or obligations to the Client, (iii) for CohnReznick’ legitimate business purposes, and (iv) in accordance with instructions of Client or as consented by the Data Subject. Such collection, use, disclosure, processing and/or retention shall be performed as follows:
- For execution of the Agreement (e.g., performing services, maintaining the client relationship, keeping the client informed, invoicing and bill collection);
- To perform client acceptance procedures, including performing due diligence to protect our business interests;
- To respond to routine regulatory oversight applicable to CohnReznick;
- To enforce the terms and conditions of the Agreement and protect the respective rights of CohnReznick and its service providers under the Agreement;
- To provide information (including via mail, electronic mail or telephone) about relevant services offered by CohnReznick and relevant developments in the marketplace and industry unless Client notifies CohnReznick at any time that Client does not wish to receive such information;
- To evaluate, develop and improve CohnReznick’s services;
- To evaluate or facilitate the sale or potential sale of all or part of CohnReznick; and
- To the extent Client or a Data Subject provides other consent to the collection, use, disclosure and storage of Personal Data.
CohnReznick may disclose Personal Data to its affiliates, contractors, and service providers (collectively, “Service Providers”) provided such disclosures are lawful and made in furtherance of approved purposes. Such disclosures may include transfers of Personal Data to Service Providers located in other countries (including countries located outside of the EEA) where the laws governing the use and disclosure of Personal Data may be different and possibly less stringent. CohnReznick will endeavor to comply with the requirements of Chapter 5 of GDPR in the process of performing such transfers. CohnReznick shall remain responsible for the confidentiality and security of Personal Data transferred to or accessed by such Service Providers.
Client is responsible for ensuring that, in connection to any third party Personal Data made available to CohnReznick, it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection and it has, and will continue to have, the right to transfer, or provide access to, such Personal Data to CohnReznick for processing in accordance with the terms of the Agreement. In relation to any special categories of Personal Data made available to CohnReznick, Client is responsible for obtaining the explicit consent from each data subject(s) for the processing of such Personal Data by CohnReznick in accordance with the terms of this Agreement.
CohnReznick will use commercially reasonable efforts to keep Personal Data confidential and to not disclose Personal Data to any third party except as permitted by the Agreement, this Statement or with Client’s prior written consent, except as stated herein. CohnReznick will implement appropriate technical and organizational security measures designed to protect against the accidental loss, destruction, damage and/or unauthorized use of Personal Data. CohnReznick will also enter into contracts with its Service Providers that require them to use commercially reasonable efforts to keep Personal Data confidential and implement appropriate security measures in connection with any processing of Personal Data performed on CohnReznick’s behalf. CohnReznick will notify Client without undue delay after becoming aware of a breach of Personal Data as required by applicable law.
Upon reasonable request and to the extent required by applicable law, CohnReznick will make available to the Client all information necessary to demonstrate compliance with applicable law governing protection of Personal Data and contribute to audits and inspections conducted by Client, or its designee, relating to such compliance. All such activities shall be conducted at Client’s cost and expense.
To the extent CohnReznick is a Controller, Data Subjects whose Personal Data we process or retain are entitled to (i) request a description and a copy of the Personal Data in CohnReznick’s possession, (ii) request that CohnReznick rectify any incomplete or incorrect Personal Data or delete any Personal Data in our possession, (iii) request that CohnReznick stop using Personal Data or limit the processing of such data, (iv) object to automated decision making, (v) request transfer of a copy of Personal Data to another party (if technically feasible and subject to applicable law, regulations and professional standards), and (vi) withdraw consent previously provided in relation to Personal Data. CohnReznick will comply with all such requests, to the extent it is a Controller of the Data Subject’s Personal Data, provided we are not required to retain any such Personal Data pursuant to applicable law (e.g., if CohnReznick prepares a Data Subject’s U.S. tax returns, then CohnReznick is required to retain the Data Subject’s Personal Data and all backup information used to prepare the tax return for seven (7) years after the tax return is filed).
To the extent that CohnReznick is a Processor or if CohnReznick is a joint Controller of Personal Data on behalf of the Client, CohnReznick will provide to Client all information received from Data Subjects who have contacted CohnReznick to exercise any rights pursuant to Articles 13 to 23 of the GDPR and provide all reasonable assistance to Client in responding to Data Subject requests pursuant to such Articles. To the extent that CohnReznick is a sole Controller of Personal Data, CohnReznick will respond to Data Subject requests under Chapter 3 of the GDPR.
Client information, which may include Personal Data of Client’s customers, employees or other third parties, will be retained by CohnReznick in accordance with applicable law, regulations, professional standards and our internal document retention policies. CohnReznick’s document retention policies generally provide that Client information be retained for a period of seven (7) years from issuance of the work product or completion of the services. Under certain circumstances, this retention period may be extended. Any Personal Data retained by CohnReznick shall remain subject to the protections of the Agreement and this Statement.
If any Data Subject whose Personal Data CohnReznick holds has any questions about CohnReznick’s collection, use, disclosure, processing and/or retention of his or her Personal Data under the Agreement, the Data Subject may contact CohnReznick using the contact information provided in the Agreement. The Data Subject also has the right to lodge a complaint with applicable data protection authorities.