CohnReznick Client Data Privacy Notice

Who is providing this notice and who does it apply to?

This privacy notice (“Notice”) is made on behalf of CohnReznick LLP (“CR”) and CohnReznick (Cayman) Certified Public Accountants (“CR Cayman”). CR and CR Cayman are collectively referred to herein as “CohnReznick”. However, CR and CR Cayman are separate legal entities, and each entity is solely responsible for its own acts and/or omissions.

This Notice applies to the extent CR or CR Cayman, as applicable, (i) accesses, collects, uses, processes and/or stores personal information in furtherance of the performance of services and obligations and exercise of rights under an engagement letter, agreement for services or other contract between CR and/or CR Cayman, as applicable, and Client (referred to herein as the “Contract”) and/or discussions in connection with a potential Contract and (ii) such personal information is subject to laws governing such access, collection, use and processing of personal information (collectively referred to herein as the “Privacy Laws”). Such Privacy Laws may include the California Consumer Privacy Act (the “CCPA”), EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the Data Protection Law, 2017 of the Cayman Islands (the “DPL”).

References to “Client” herein refer to the individual(s) or entity(ies) for whom services are or may be performed and the individual(s) or entity(ies) who signed or may sign a Contract. Please refer to your Contract to identify the name and contact details of the relevant CohnReznick entity for the purposes of this Notice.

This Notice sets out the basis on which personal information will be processed by CohnReznick. All capitalized terms used but not defined herein shall have the meanings set forth for such terms in the applicable Privacy Laws.

It is important to read this Notice together with any other privacy notice or policy CohnReznick may provide on specific occasions when CohnReznick collects or processes personal information so that Client is fully aware of how and why CohnReznick is using the personal information. This Notice supplements any such other notices and is not intended to override them.

Where do we collect personal information from?

CohnReznick collects personal information by lawful means (for example, when CohnReznick is engaged to perform services or participate in discussions in connection with a potential engagement to perform services). CohnReznick may collect personal information from the Client or from third-party sources. These sources include: 

- publicly available and accessible directories and sources, including websites;

- governmental agencies and departments and tax and other regulatory authorities;

- bankruptcy registers and credit reference agencies; and

- fraud prevention and detection agencies and organizations, including law enforcement.

CohnReznick may combine personal information provided to CohnReznick with personal information obtained from third-party sources. This may include personal information collected in an online or offline context.

Why and how do we process personal information?

CohnReznick may use, disclose, process and/or retain personal information of Client, customers and service providers of Client, employees and personnel of Client, and third parties whose information is provided by Client or is required to perform a service on Client’s behalf (i) if necessary for the performance of services and other purposes set forth in the Contract, (ii) as required to comply with applicable law, regulations or obligations to the Client, (iii) for CohnReznick’ legitimate business purposes or those of a third party to whom your information is disclosed, and (iv) in accordance with the instructions of Client or as consented by the data subject. Such use, disclosure, processing and/or retention of personal information shall be performed as follows:

- For execution of the Contract (e.g., performing services, maintaining the client relationship, keeping the client informed, invoicing and bill collection);

- To perform client acceptance procedures, including verifying identities and addresses and performing other due diligence to protect our business interests; 

- To comply with legal, tax, accounting, or regulatory obligations to which CohnReznick or a third party is subject, including complying with auditing standards;

- To manage risk and operations, including ensuring internal compliance with our policies and procedures;

- To protect the security and integrity of CohnReznick information technology systems;

- To respond to regulatory and governmental oversight applicable to CohnReznick and other requests from tax and law enforcement authorities;

- To investigate complaints or pursue or defend any claims, proceedings, or disputes (domestic or foreign);

- To enforce the terms and conditions of the Contract and protect the respective rights of CohnReznick and its service providers under the Contract;

- To provide information (including via mail, electronic mail or telephone) about relevant services offered by CohnReznick and relevant developments in the marketplace and industry unless Client notifies CohnReznick at any time that Client does not wish to receive such information;

- To evaluate, develop and improve CohnReznick’s services;

- To evaluate or facilitate the sale or potential sale of all or part of CohnReznick; and

- To seek professional advice, such as from legal advisors;

- To the extent Client or a data subject provides other consent to the collection, use, disclosure and storage of personal information.

What sort of personal information do we collect?

The types of personal information CohnReznick collects depends on the nature of the Contract and services to be performed by CohnReznick. Such personal information may include:

- Names, signatures, photographs, copies of identification, and contact information, such as home or business addresses, email addresses and telephone numbers;

- Biographical information, which may include date of birth, places of birth, country of domicile and/or your nationality, tax identification number, tax status, passport number or national identity card details, and employment history;

- Financial Information relating to income, expenditure, assets and liabilities, ownership interest in an entity, source of funds and wealth, as well as bank account details; and

- Background Information for client acceptance procedures, such as to assess whether an individual is or may represent a politically exposed person or money laundering risk.

Do you have to provide us with this personal information?

CohnReznick will request and collect personal information for the purposes set forth in this Notice and the relevant Contract. Some of the personal information CohnReznick requests must be provided in order for CohnReznick to perform the services and/or obligations set forth in the relevant Contract. If you do not provide the personal information, CohnReznick will not be able to perform such services and/or obligations. In other instances, personal information provided by you is purely voluntary, and there are no implications for you if you do not wish to provide such personal information to CohnReznick. 

Who do we share personal information with?

CohnReznick may disclose personal information to its affiliates, contractors, and service providers (collectively, “Service Providers”) provided such disclosures are lawful and made in furtherance of approved purposes. Such disclosures may include transfers of personal information to Service Providers located in other countries (including countries located outside of the EEA) where the laws governing the use and disclosure of personal information may be different and possibly less stringent. CohnReznick will comply with the requirements of the applicable Privacy Laws in the process of performing such transfers. CohnReznick shall remain responsible for the confidentiality and security of personal information transferred to or accessed by such Service Providers. To request more information about the Service Providers, please contact us using a method identified in the “Contact Us” section.

Client is responsible for ensuring that, in connection to any third-party personal information made available to CohnReznick, it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection and it has, and will continue to have, the right to transfer, or provide access to, such personal information to CohnReznick for processing in accordance with the terms of the Contract and this Notice. In relation to any special categories of personal information made available to CohnReznick, Client is responsible for obtaining the explicit consent from each data subject(s) for the processing of such personal information by CohnReznick in accordance with the terms of the Contract and this Notice. 

How do we protect and handle Personal Data?

CohnReznick will use commercially reasonable efforts to keep personal information confidential and to not disclose personal information to any third party except as permitted by the Contract, this Notice or with Client’s prior written consent, except as stated herein. CohnReznick will implement appropriate technical and organizational security measures designed to protect against the accidental loss, destruction, damage and/or unauthorized use of personal information. CohnReznick will also enter into contracts with its Service Providers that require them to use commercially reasonable efforts to keep personal information confidential and implement appropriate security measures in connection with any processing of personal information performed on CohnReznick’s behalf. CohnReznick will notify Client without undue delay after becoming aware of a breach of personal information as required by applicable law.

Your Rights

All Clients

Upon reasonable request and to the extent required by the applicable Privacy Laws, CohnReznick will make available to the Client all reasonable information necessary to demonstrate compliance with the applicable Privacy Laws governing the personal information and contribute to audits and inspections conducted by Client, or its designee, relating to such compliance. All such activities shall be conducted at Client’s cost and expense and shall be performed during regular business hours and in a manner that does not unreasonably disrupt CohnReznick’s business.

Under the CCPA, Client may also have the right to request, up to twice a year free of charge, (i) what categories of personal information we have collected over the past 12 months, (ii) a copy of your personal information that we have collected over the past 12 months, (iii) deletion of your personal information, and (iv) what categories of services providers and third parties with which we have shared your information over the past 12 months. Client may exercise such rights by sending a request to CohnReznick. CohnReznick will not discriminate against you for having exercised your rights with respect to your personal information.

Clients in the European Union and Cayman Islands

To the extent CohnReznick is a Controller, data subjects whose personal information we process or retain are entitled to (i) be informed about the purposes for which CohnReznick processes personal information; (ii) request a description and a copy of the personal information in CohnReznick’s possession, (iii) request that CohnReznick rectify any incomplete or incorrect personal information or delete any personal information in our possession, (iv) request that CohnReznick stop using personal information or limit the processing of such information, (v) request transfer of a copy of personal information to another party (if technically feasible and subject to applicable law, regulations and professional standards), (vi) withdraw consent previously provided in relation to personal information, and (vii) be informed of a breach of personal information (unless the breach is unlikely to be prejudicial to you). CohnReznick will comply with all such requests, to the extent it is a Controller of the data subject’s personal information, provided we do not have a legitimate business interest for processing such personal information or are not required to retain any such personal information pursuant to applicable law (e.g., if CohnReznick prepares a data subject’s U.S. tax returns, then CohnReznick is required to retain the data subject’s personal information and all backup information used to prepare the tax return for seven (7) years after the tax return is filed).
To the extent that CohnReznick is a Processor or if CohnReznick is a joint Controller of personal information on behalf of the Client, CohnReznick will provide to Client all information received from data subjects who have contacted CohnReznick to exercise any rights pursuant to the applicable Privacy Laws (including Articles 13 to 23 of the GDPR) and provide all reasonable assistance to Client in responding to data subject requests pursuant to such applicable Privacy Laws.  To the extent that CohnReznick is a sole Controller of personal information, CohnReznick will respond to data subject requests under the applicable Privacy Laws (including Chapter 3 of the GDPR).  

Retention of Personal Information

Client information, which may include personal information of Client’s customers, employees or other third parties, will be retained by CohnReznick in accordance with applicable law, regulations, professional standards and our internal document retention policies. CohnReznick’s document retention policies generally provide that Client information be retained for a period of seven (7) years from issuance of the work product or completion of the services. Under certain circumstances, this retention period may be extended. Any personal information retained by CohnReznick shall remain subject to the protections of the Contract and this Notice.

Contact Us

If any data subject whose personal information CohnReznick holds has any questions about CohnReznick’s collection, use, disclosure, processing and/or retention of his or her personal data under the Contract, the data subject may contact CohnReznick using the following methods:

(i) If the relevant Contract is with CR:

a. By written notice to:

CohnReznick LLP 

Attn: Legal Department

1301 Avenue of the Americas

New York, New York 10019,

b. By email to: Privacy@CohnReznick.com;

(ii) If the relevant Contract is with CR Cayman: 

a. By written notice to:

CohnReznick (Cayman) Certified Public Accountants 

Attn: Cayman Data Protection Enquiry

P.O. Box 1748 GT

27 Hospital Road

Georgetown, Grand Cayman

The data subject also has the right to lodge a complaint with applicable governmental, regulatory, supervisory or data protection authorities, including the Data Protection Ombudsman under the DPL.

Changes to this Notice 

This Notice is subject to regular reviews and updates. This Notice was last updated February 2020.