Client Data Privacy and CUI Notices

 

     

    ➢ Client Data Privacy Notice (Last Updated: April 1, 2024)

    ➢ Controlled Unclassified Information (“CUI”) Policy Notice (Last Updated: April 1, 2024)

    Client Data Privacy Notice

    WHO IS PROVIDING THIS NOTICE AND WHO DOES IT APPLY TO?

    "CohnReznick" is the brand name under which CohnReznick LLP and CohnReznick Advisory LLC and their respective affiliates (each, a member of the “Company Group”) provide professional services. CohnReznick LLP and CohnReznick Advisory LLC (and their respective affiliates) practice in an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. CohnReznick LLP is a licensed CPA firm that provides attest services to its clients. CohnReznick Advisory LLC provides tax and business consulting services to its clients. CohnReznick Advisory LLC and its affiliates are not licensed CPA firms. Each entity is a separate legal entity and solely responsible for its own acts and/or omissions.  

    This privacy notice (“Notice”) is made on behalf of CohnReznick and CohnReznick (Cayman) Certified Public Accountants (“CR Cayman”). CohnReznick and CR Cayman are collectively referred to herein as “CohnReznick” for purposes of this policy. However, CohnReznick LLP, CohnReznick Advisory LLC and CR Cayman and their respective affiliated entities are separate legal entities, and each entity is solely responsible for its own acts and/or omissions.

    This Notice applies to the extent CohnReznick, as applicable, accesses, collects, uses, processes and/or stores personal information in furtherance of the performance of services and obligations and exercise of rights under any type of agreement for services or other contract between CR and/or CR Cayman, as applicable, and Client (referred to herein as the “Contract”) and/or discussions in connection with a potential Contract. 

    References to “Client” herein refer to the individual(s) or entity(ies) for whom services are or may be performed and the individual(s) or entity(ies) who signed and/or may sign a Contract. Please refer to your Contract to identify the name and contact details of the relevant CohnReznick entity for the purposes of this Notice.

    This Notice sets out the basis on which personal information will be processed by CohnReznick, and supplements CohnReznick’s other policies which address laws governing access, collection, use and processing of personal information for residents or consumers located in other jurisdictions (collectively referred to herein as the “Privacy Laws”).   All capitalized terms used but not defined herein shall have the meanings set forth for such terms in the applicable Privacy Laws.

    It is important to read this Notice together with all other applicable CohnReznick privacy policies which explain CohnReznick’s methods for collecting or processing personal information so that Client is fully aware of how and why CohnReznick is using the personal information. This Notice supplements any such other policies and is not intended to override them. For more information concerning CohnReznick’s website collection practices, please see the Privacy Policy. For more information on the applicable Privacy Laws and your rights if you are a resident of one of the covered jurisdictions, please visit each jurisdictional policy, found on our website.  

    Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to enter into a Contract with us. By agreeing to a Contract, you agree to this Privacy Notice. This Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of our services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

    WHERE DO WE COLLECT PERSONAL INFORMATION FROM?

    CohnReznick collects personal information by lawful means (for example, when CohnReznick is engaged to perform services or participate in discussions in connection with a potential engagement to perform services). CohnReznick may collect personal information from the Client or from third-party sources. These sources include, but are not limited to: 

    - any information provided by Client at any time;

    - from our service providers or other entities assisting with our business;

    - marketing purposes such as registering for events, requesting information about CohnReznick and its services, completing a survey; 

    - publicly available and accessible directories and sources, including websites;

    - governmental agencies and departments and tax and other regulatory authorities;

    - third parties, such as bankruptcy registers and credit reference agencies; and

    - fraud prevention and detection agencies and organizations, including law enforcement.

    CohnReznick may combine personal information provided to CohnReznick with personal information obtained from third-party sources or from our website. This may include personal information collected in an online or offline context.

    WHY AND HOW DO WE PROCESS PERSONAL INFORMATION?

    CohnReznick may use, disclose, process and/or retain personal information of Client, customers and service providers of Client, employees and personnel of Client, and third parties whose information is provided by Client or is required to perform a service on Client’s behalf (i) if necessary for the performance of services and other purposes set forth in the Contract, (ii) as required to comply with applicable law, regulations, professional standards or obligations to the Client, (iii) for CohnReznick’s legitimate business purposes or those of a third party to whom your information is disclosed, and (iv) in accordance with the instructions of Client or as consented by the data subject. Such use, disclosure, processing and/or retention of personal information may be used for the purpose of performing and improving services, supporting business operations and maintaining Client relationships, and may include the following:

    1. For execution of a Contract, to execute and protect our rights or the rights of our service providers under a Contract, or enforce the terms and conditions arising under a Contract (e.g., performing services, maintaining the client relationship, keeping the client informed, invoicing and bill collection) or other agreement between the parties;
    2. To perform client acceptance procedures, including verifying identities and addresses and performing other due diligence to protect our business interests and to determine eligibility for services; 
    3. To comply with legal, tax, accounting, or regulatory obligations to which CohnReznick or a third party is subject, including complying with auditing standards;
    4. To manage risk and operations, legal obligations, including ensuring internal compliance with our policies and procedures, to respond to regulatory and government oversight applicable to CohnReznick, and to investigation complaints or pursue and defend claims, proceedings, or disputes;
    5. To protect the security and integrity of CohnReznick’s information technology systems;
    6. To provide information about relevant services offered by CohnReznick, opportunities and experiences offered by CohnReznick;
    7. To evaluate, develop and improve the quality of CohnReznick’s professionals and services or our website and for other related internal business purposes;
    8. To seek professional advice, such as from professional advisors (including, but not limited to, legal counsel);
    9. For recruitment and evaluation of qualifications for employment or internships;
    10. For website related services, like analytics, insights, or customer support, quality and safety maintenance, or to develop new technological improvements; 
    11. To evaluate or facilitate the sale or potential sale of all or part of CohnReznick or CohnReznick’s potential acquisition of other entities; 
    12. For other purposes that are compatible with this Privacy Policy or where permitted by applicable law; and
    13. As otherwise disclosed upon collection, or to the extent Client or a data subject provides other consent or authorization to the collection, use, disclosure and storage of personal information.

    WHAT SORT OF PERSONAL INFORMATION DO WE COLLECT?

    The types of personal information CohnReznick collects depends on the nature of the Contract and services to be performed by CohnReznick. Such personal information may include:

    - Names, signatures, photographs, copies of identification, and contact information, such as home or business addresses, email addresses and telephone numbers;

    - Biographical information,  including date of birth, places of birth, country of domicile and/or your nationality, tax identification number, social security number, tax status, passport number or national identity card details, race (only upon your consent), and employment history;

    - Financial Information relating to income, expenditure, assets and liabilities, ownership interest in an entity, source of funds and wealth, as well as bank account details; and

    - Background Information for client acceptance procedures.

    DO YOU HAVE TO PROVIDE US WITH THIS PERSONAL INFORMATION?

    CohnReznick will request and collect personal information for the purposes set forth in this Notice and the relevant Contract. Some of the personal information CohnReznick requests must be provided in order for CohnReznick to perform the services and/or obligations set forth in the relevant Contract. If you do not provide the personal information, CohnReznick will not be able to perform such services and/or obligations. In other instances, personal information provided by you is purely voluntary, and there are no implications for you if you do not wish to provide such personal information to CohnReznick. 

    WHO DO WE SHARE PERSONAL INFORMATION WITH?

    CohnReznick may disclose personal information to its affiliates, contractors, and service providers (collectively, “Service Providers”) provided such disclosures are lawful and made in furtherance of approved purposes. Service Providers may include, but not be limited to, external contractors, accounting and professional services firms, information technology vendors, cloud hosting providers, technology providers, and relationship management software providers for business and marketing purposes, to provide the CohnReznick services, to support business operations, to store and protect information, and for other approved purposes. 

    CohnReznick may also disclose your personal information to third parties, including, but not limited to: 

    • our employees, members of the Company Group and their respective affiliates, contractors, agents and third-party vendors to perform services related to your account, to offer our products and services, and for business operations;
    • professional service providers for business operations; 
    • information technology, software, and cloud providers, security providers, and similar services in connection with providing services and in the support of daily operations;
    • service providers to support business operations, develop, operate, and maintain our website, and for marketing purposes;
    • government agencies and regulators to fulfill legal obligations;
    • a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred or to third parties in connection with CohnReznick’s acquisition of other entities; 
    • to third parties for the purposes of fraud prevention and credit risk reduction (e.g., if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of CohnReznick, our clients, or others);
    • to enforce or apply any agreements, contracts between us, including for billing and collection purposes;
    • law enforcement or government officials; or 
    • any other entity disclosed by CohnReznick when you provide the information, or for which you provide consent.

    Client is responsible for ensuring that, in connection to any third-party personal information made available to CohnReznick, it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection and it has, and will continue to have, the right to transfer, or provide access to, such personal information to CohnReznick for processing in accordance with the terms of the Contract and this Notice. In relation to any special categories of personal information made available to CohnReznick, Client is responsible for obtaining the explicit consent from each data subject(s) for the processing of such personal information by CohnReznick in accordance with the terms of the Contract and this Notice. 

    HOW DO WE PROTECT AND HANDLE PERSONAL INFORMATION?

    CohnReznick will use commercially reasonable efforts to keep personal information confidential and to not disclose personal information to any third party except as permitted by the Contract, this Notice or with Client’s prior written consent, except as stated herein. CohnReznick may utilize service providers to assist with or directly provide Services to you as outlined in the “Who Do We Share Personal Information With” section above. CohnReznick will notify Client after becoming aware of a breach of personal information as required by applicable law.

    YOUR RIGHTS

    Upon reasonable request and to the extent required by the applicable Privacy Laws, CohnReznick will make available to the Client all reasonable information necessary to demonstrate compliance with the applicable Privacy Laws governing its personal information and contribute to audits and inspections conducted by Client, or its designee, relating to such compliance. All such activities shall be conducted at Client’s cost and expense and shall be performed during regular business hours and in a manner that does not unreasonably disrupt CohnReznick’s business.
    Certain states and countries have enacted privacy laws that may apply to you.  Please visit our website to find our specific policies for those particular jurisdictions, which contain specific disclosures and information concerning your rights. All such jurisdictional privacy policies are incorporated by reference herein.

    RETENTION OF PERSONAL INFORMATION

    Client information, which may include personal information of Client’s customers, employees or other third parties, will be retained by CohnReznick will only be retained for as long as is required for the purposes for which it was collected and for the purposes of satisfying any legal, accounting, contractual or reporting requirements. Any personal information retained by CohnReznick shall remain subject to the protections of the Contract and this Notice.

    CONTACT US

    If any data subject whose personal information CohnReznick holds has any questions about CohnReznick’s collection, use, disclosure, processing and/or retention of his or her personal information under the Contract, the data subject may contact CohnReznick using the following methods:

    (i) If the relevant Contract is with CohnReznick LLP or CohnReznick Advisory LLC:

    a. By written notice to:

    CohnReznick Advisory LLC

    Attn: Legal Department
    14 Sylvan Way
    Parsippany, New Jersey 07054

     

    b. By email to: [email protected];

    c. By telephone at:  1-862-245-5031

    (ii) If the relevant Contract is with CR Cayman: 

    a. By written notice to:

    CohnReznick (Cayman) Certified Public Accountants 
    Attn: Cayman Data Protection Enquiry
    P.O. Box 1748 
    19 Tarpon Island Drive
    Newlands, Grand Cayman KY1-1109

    Please note that we may ask you to verify your identity before responding to such requests. We may also require that you confirm your identity by providing a driver’s license, passport or other form of identification as allowable under each applicable Privacy Law.  The data subject also has the right to lodge a complaint with applicable governmental, regulatory, supervisory or data protection authorities, including the Data Protection Ombudsman under the applicable Cayman Island Privacy Laws.

    CHANGES TO THIS NOTICE

    You are advised to review this Notice periodically for any changes. We may update this Notice from time to time as it may be revised due to legislative changes, changes in technology or our privacy practices or new uses of Personal Information not previously disclosed in this policy. We will notify you of any material changes and update the “Last Updated” date at the top of this Notice.  Changes to this policy are effective when they are posted on our website.  If you have any comments, concerns or questions about this policy, please contact us. 

    Controlled Unclassified Information (“CUI”) Policy Notice

    "CohnReznick" is the brand name under which CohnReznick LLP and CohnReznick Advisory LLC and their respective affiliates (each, a member of the “Company Group”) provide professional services. CohnReznick LLP and CohnReznick Advisory LLC (and their respective affiliates) practice in an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. CohnReznick LLP is a licensed CPA firm that provides attest services to its clients. CohnReznick Advisory LLC provides tax and business consulting services to its clients. CohnReznick Advisory LLC and its affiliates are not licensed CPA firms. Each entity is a separate legal entity and solely responsible for its own acts and/or omissions.  

    This CUI Policy Notice applies to any agreement for services (“Contract”) between CohnReznick and a client (“Client” or “you”). With the exception of the defined terms in the above paragraph, the terms used in this CUI Policy Notice shall have the same meaning ascribed to them in your Contract with CohnReznick.

    Unless otherwise mutually agreed and expressly set forth in writing, you acknowledge and agree that CohnReznick’s services are not intended to process, store, disclose or transmit any data or information that requires safeguarding or dissemination controls, under Federal Acquisition Regulations, the Defense Federal Acquisition Regulations Supplement, the International Traffic in Arms Regulation, Export Administration Regulations, the Arms Export Control Act and any other applicable law, regulation or government policy concerning data or information that is restricted for dissemination or disclosure to foreign nationals (“Restricted Data”). For clarity, Restricted Data shall include any controlled unclassified information (“CUI”).

    You shall not provide or otherwise make available Restricted Data to CohnReznick or its personnel without CohnReznick’s prior written approval. If you become aware that any known or suspected Restricted Data has or will be disclosed to CohnReznick, you will (a) immediately notify CohnReznick in writing and cease any further transfer of such information unless CohnReznick provides its express written approval; (b) identify which documents (with pinpoint references to any affected pages therein) contain any such information; and (c) identify any export control regulations and relevant export control classifications that apply to such information.

    You agree to fully cooperate with CohnReznick in the investigation of and response to any known or suspected Restricted Data disclosed to CohnReznick.