2. Data Protection Officer
Crown has appointed an internal data protection officer for you to contact if you have any questions or concerns about Crown’s personal data policies or practices. Crown’s data protection officer’s name and contact information are as follows:
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
3. How we collect and use (process) your personal information
We collect personal information on our customers to provide services to them. Crown only collects personally identifiable information about individuals when such individuals specifically provide such information to Crown on a voluntary basis or while requesting information on Crown’s services. For example, an online service request requires the collection of personal data for us to respond promptly and correctly to the service request.
Crown collects personal information about its customers and prospective customers. The personal information collected is limited to what is necessary to provide the services requested by the customer: first name, last name, employer name, home address, email address, phone number, biographical information, and in some cases passport details and financial information. We use this information specifically to provide the services requested by our customers. We do not sell personal information to anyone and only share the personal information with third parties who are directly assisting Crown in delivering the requested services.
4. Use of Crown websites
When individuals voluntarily submit their personal details to Crown via our website or other means to receive quotes for our services or subscribe to marketing information from Crown, those personal details submitted to Crown are processed by third parties on behalf of Crown to respond to the inquiries or requests. Crown may sometimes engage third parties to mail responsive information to customers who request Crown’s services, newsletters, white papers, and other information about Crown and its services. Any third-party providing such services for Crown has contractually committed to use the data only for the intended purpose and has agreed to securely process the data.
5. When and how we share information with others
The personal information Crown collects from you may be stored in one or more encrypted databases hosted in the Netherlands, Hong Kong, or the United States. For email and other related services, Crown uses established third-party cloud service providers who do not use or have access to your personal information.
Due to the nature of Crown’s business, we use qualified Service Partners to provide some of the services requested by our customers. For those third parties to be able to provide the services, Crown must transfer your personal data to the Service Partner on a need-to-know basis. We will not share more information with the third-party than they require to deliver the service. Third parties are contractually obliged to protect your data in a secure manner at all times. We remain responsible for the handling of your personal information by those third parties as provided in the EU (European Union) and UK GDPR (General Data Protection Regulation) Framework Principles, including the Supplemental Principles. If you request Crown to provide immigration or cross-border services on your behalf, Crown may need to provide your personal information to those necessary and responsible government agencies to deliver the service successfully.
6. Transferring personal data outside of the European Economic Area
7. Security of your information
To help protect the privacy of data and personally identifiable information you transmit through this site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data only to those employees who need to know that information to provide services to you. In addition, we regularly train our employees in the importance of confidentiality and maintaining the privacy and security of your information. We will also take appropriate disciplinary measures to ensure Crown staff protect personal data.
8. Data storage and retention
Your personal data is stored by Crown on its servers, and on the servers of the cloud-based services Crown engages. Unless your contract or the law provides otherwise, Crown will not retain your data for longer than seven years.
9. Data subject rights
If you wish to confirm that Crown is processing your personal data, or to have access to the personal data Crown may have about you, please contact our Data Protection Officer.
Crown’s customers always have a choice to consent or not consent to the sharing of their information with third parties. Crown only processes the information for a specific purpose and according to the consent given by the individual.
You will always have the right to access, review, and correct any personal information that we may have collected about you. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate information in Crown’s possession should contact Crown, and Crown will review and make corrections accordingly. For more information on where and for how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Crown’s Data Protection Officer.
10. Independent recourse mechanism for privacy complaints
Crown also agrees to cooperate with the EU and UK Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for complaints involving the collection of personal data.
11.Questions, concerns or complaints
Please contact Crown’s Data Protection Officer:
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
Any employee who violates this policy shall be subject to disciplinary action, up to and including termination of employment.
Employees should contact their Regional IT Manager or the Data Protection Officer with any questions or clarifications regarding this policy. Regional IT Managers should contact the Chief Privacy Officer with any questions or clarifications regarding this policy.
This policy must be reviewed at least annually. The policy review process is managed by the Chief Risk Officer and approved by Group Vice President of IT.
15. Change Control
1.2 Gary Maguire Removal of Privacy Shield 01 Dec 2023
1.1 Chris Davis-Pipe Regular Review – No Change 29 Apr 2022
1.1 Chris Davis-Pipe Update CRO to Gary Maguire 15 Jun 2021
1.0 Chris Davis-Pipe Regular Review – No Change 30 Apr 2020
1.0 Wincey Chek Regular Review – No Change 10 May 2019
1.0 Philip Poon Initial Draft 07 May 2018