Privacy Policy
1. Introduction
Crown Worldwide Holdings Limited (“Crown”) has developed this Privacy Policy out of respect for the privacy preferences and choices of our customers and prospects. We have established procedures to ensure that every reasonable effort is made to address your concerns. Crown, its subsidiaries and affiliates provide services to corporations, individuals and their family members. To provide the contracted services, Crown needs to collect and process personal data. This Privacy Policy describes Crown’s policies and practices regarding how we collect and process your personal data and sets forth your privacy rights. We may update this Privacy Policy as we adopt new privacy practices.
2. Data Protection Officer
Crown has appointed an internal data protection officer for you to contact if you have any questions or concerns about Crown’s personal data policies or practices. Crown’s data protection officer’s name and contact information are as follows:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
Email: dpo@crownww.com
3. How we collect and use (process) your personal information
We collect personal information on our customers to provide services to them. Crown only collects personally identifiable information about individuals when such individuals specifically provide such information to Crown on a voluntary basis or while requesting information on Crown’s services. For example, an online service request requires the collection of personal data for us to respond promptly and correctly to the service request.
Crown collects personal information about its customers and prospective customers. The personal information collected is limited to what is necessary to provide the services requested by the customer: first name, last name, employer name, home address, email address, phone number, biographical information, and in some cases passport details and financial information. We use this information specifically to provide the services requested by our customers. We do not sell personal information to anyone and only share the personal information with third parties who are directly assisting Crown in delivering the requested services.
4. Use of Crown websites
As is true of most websites, Crown’s websites collect certain information automatically to maintain optimum performance. The information may include internet protocol (IP) addresses, the country or general location where your computer or device is accessing the internet, browser type, operating system, and other information about the use of Crown’s website, including a history of the pages you view. We use this information to help us design our site to better suit our customers’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Crown’s website also uses cookies and web beacons. For more information about cookies, please visit allaboutcookies.org. Crown uses third-party providers to help manage and maintain the security and performance of our websites, therefore some information is collected and processed on all visitors to our website by our third-party providers. The third-parties also help Crown in generating reports about trends of visitors to our websites.
When individuals voluntarily submit their personal details to Crown via our website or other means to receive quotes for our services or subscribe to marketing information from Crown, those personal details submitted to Crown are processed by third parties on behalf of Crown to respond to the inquiries or requests. Crown may sometimes engage third parties to mail responsive information to customers who request Crown’s services, newsletters, white papers, and other information about Crown and its services. Any third-party providing such services for Crown has contractually committed to use the data only for the intended purpose and has agreed to securely process the data.
Crown’s websites may contain links to other sites. Crown is not responsible for the privacy practices or the content of such linked websites. Users should check the applicable Privacy Policy of such websites when providing personally identifiable information on those linked websites. Crown does not track users when they cross to third-party websites.
5. When and how we share information with others
The personal information Crown collects from you may be stored in one or more encrypted databases hosted in the Netherlands, Hong Kong, or the United States. For email and other related services, Crown uses established third-party cloud service providers who do not use or have access to your personal information.
Due to the nature of Crown’s business, we use qualified Service Partners to provide some of the services requested by our customers. For those third parties to be able to provide the services, Crown must transfer your personal data to the Service Partner on a need-to-know basis. We will not share more information with the third-party than they require to deliver the service. Third parties are contractually obliged to protect your data in a secure manner at all times. We remain responsible for the handling of your personal information by those third parties as provided in the EU (European Union) and UK GDPR (General Data Protection Regulation) Framework Principles, including the Supplemental Principles. If you request Crown to provide immigration or cross-border services on your behalf, Crown may need to provide your personal information to those necessary and responsible government agencies to deliver the service successfully.
6. Transferring personal data outside of the European Economic Area
Information we collect from you will usually be processed in the country or countries in which the service you requested will be provided. At other times, we may need to transfer the data to Crown affiliates in countries outside of the European Economic Area to generate management information. Crown transfers personal data only with your consent; to fulfil the contract with you; or to fulfill a compelling legitimate interest of Crown in a way that does not outweigh your rights and freedoms. Crown endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Crown and the practices described in this Privacy Policy including the usage of the GDPR Standard Contractual Clauses with our Service Partners. Crown also minimizes the risk to your rights and freedoms by not collecting, storing, or transferring more information than needed to provide your requested service.
7. Security of your information
To help protect the privacy of data and personally identifiable information you transmit through this site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data only to those employees who need to know that information to provide services to you. In addition, we regularly train our employees in the importance of confidentiality and maintaining the privacy and security of your information. We will also take appropriate disciplinary measures to ensure Crown staff protect personal data.
8. Data storage and retention
Your personal data is stored by Crown on its servers, and on the servers of the cloud-based services Crown engages. Unless your contract or the law provides otherwise, Crown will not retain your data for longer than seven years.
9. Data subject rights
This Privacy Policy is intended to provide you with information about the personal data Crown collects about you and how it is used. If you have any questions, please contact our Data Protection Officer.
If you wish to confirm that Crown is processing your personal data, or to have access to the personal data Crown may have about you, please contact our Data Protection Officer.
Crown’s customers always have a choice to consent or not consent to the sharing of their information with third parties. Crown only processes the information for a specific purpose and according to the consent given by the individual.
You will always have the right to access, review, and correct any personal information that we may have collected about you. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate information in Crown’s possession should contact Crown, and Crown will review and make corrections accordingly. For more information on where and for how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Crown’s Data Protection Officer.
10. Independent recourse mechanism for privacy complaints
Crown also agrees to cooperate with the EU and UK Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for complaints involving the collection of personal data.
1. Changes and updates to the Privacy Policy
The foregoing policy is revised and effective as of December 1st, 2023. Crown reserves the right to change this policy at any time by notifying users of the existence of a new Privacy Policy. This policy is not intended to create any contractual or other legal rights in or on behalf of any party.
As our organization practices may change, this Privacy Policy is expected to change too. We reserve the right to amend the Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy on our websites.
11.Questions, concerns or complaints
Please contact Crown’s Data Protection Officer:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
Email: dpo@crownww.com
12.Non-Compliance
Any employee who violates this policy shall be subject to disciplinary action, up to and including termination of employment.
13.Further Information
Employees should contact their Regional IT Manager or the Data Protection Officer with any questions or clarifications regarding this policy. Regional IT Managers should contact the Chief Privacy Officer with any questions or clarifications regarding this policy.
14.Review Schedule
This policy must be reviewed at least annually. The policy review process is managed by the Chief Risk Officer and approved by Group Vice President of IT.
15. Change Control
1.2 Gary Maguire Removal of Privacy Shield 01 Dec 2023
1.1 Chris Davis-Pipe Regular Review – No Change 29 Apr 2022
1.1 Chris Davis-Pipe Update CRO to Gary Maguire 15 Jun 2021
1.0 Chris Davis-Pipe Regular Review – No Change 30 Apr 2020
1.0 Wincey Chek Regular Review – No Change 10 May 2019
1.0 Philip Poon Initial Draft 07 May 2018