DATA PRIVACY FRAMEWORK (DPF) STATEMENT

CELERIUS GROUP, INC. DATA PRIVACY FRAMEWORK(DPF) STATEMENT

Updated Jan 4, 2025

TABLE OF CONTENTS

Scope and Responsibility

Definitions

Types of Personal Data Collected

Purpose of Collection and Use

Security

Onward Transfers of Personal Data

Third Party Disclosures

Categories of Third Parties With Whom We Share Personal Data

Choice

Recourse, Enforcement, and Liability

Commitment to Comply with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF

Complaints and Alternative Dispute Resolution (ADR)

Binding Arbitration

Changes to this Data Privacy Framework Statement

How to Contact Celerius Group.

 

Scope and Responsibility

Celerius Group commits to comply with the Principles with respect to the Personal Data it receives from its Customers or their Users in the EEA and Switzerland in connection with the use of (i) Celerius Group’s applications (“Subscription Service”), (ii) related support service (“Support Service”), and (iii) expert service (including but not limited to professional services) (“Expert Service”) that Celerius Group provides to Customers. In this Statement, the Subscription Service, Support Service and Expert Service are collectively referred to as “Service.”

All employees of the Celerius Group that have access in the U.S. to Personal Data covered by this Statement are responsible for conducting themselves in accordance with this Statement and the Principles. Adherence by Celerius Group to this Statement may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Statement shall not be collected, used or disclosed in a manner contrary to this Statement without the prior written permission of the Celerius Group Chief Executive Officer (CEO).

Celerius Group employees responsible for engaging third parties to which Personal Data covered by this Statement will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of the Principles, including any applicable contractual assurances required by the DPF.

Definitions

For the purposes of this Statement:

“Cookies” means any file with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to a browser from a website and transferred to a user’s device. 

“Customer” means any entity that purchases the Service.

“Customer Data” means the electronic data uploaded into the “Subscription Service” or “Support Service” by or for a Customer or its Users.

“Log Data” means any information such as a computer’s Internet Protocol (IP) address, browser type, browser version, the pages of the Service that are visited, the time and date of a visit, the time spent on those pages and other statistics.

“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Celerius Group in the U.S. from the EEA or Switzerland in connection with the Service.

“User” means an individual authorized by Customer to access and use the Service.

Types of Personal Data Collected

Celerius Group hosts and processes Customer Data and Log Data, including any Personal Data contained therein, at the discretion of and pursuant to the instructions of Celerius Group Customers and Users. Celerius Group also collects several types of information from Users and Customers, including:

  1. Information and correspondence of Customers and Users submitted to the Celerius Group in connection with the Service and other requests related to the Service.
  2. Information received from business partners in connection with Customers’ and Users’ use of the Service or in connection with services provided by business partners on their behalf, including configuration of the Service.
  3. Information received from third-party services, such as Google Analytics that collect, monitor and analyze information in order to increase the functionality of the Service.
  4. Personal information that may include, but is not limited to email addresses, names, and telephone numbers.
  5. Cookies are used to collect information in order to improve Celerius Group services. Browsers can be instructed to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify when receiving a new cookie. If a browser does not affect cookies, it may prevent a user from being able to use some of the features of the Service. Accordingly, Celerius Group recommends enabling cookies.

Category of Personal Information

Personal Information Collected

Source of Personal Information

Personal Identifiers
  • Name
  • Address
  • Email Address
  • IP Address
  • Job Title
  • Job Function/Role

You/Affiliates

Commercial Information

Data associated with historical interaction with Celerius Group customers used for sales and marketing

You/Clients

Internet or other similar network activity information

Data associated with historical interaction with Celerius Group customers used for sales and marketing

You/Clients

Geolocation Data

General location as enabled by cookies and IP address

You/Clients

Professional or employment-related information
  • Job Title
  • Job Function/Role

You/Clients

 

Purposes of Collection and Use

Celerius Group may use Personal Data submitted by Customers and Users as necessary to provide the Service, including updating, enhancing, securing and maintaining the Service and to carry our Celerius Group’s contractual obligations to Customers. Celerius Group also obtains general information in connection with providing the Service and maintaining Celerius Group’s relationships with its Customers.

Security

Celerius Group takes reasonable, commercially-available, acceptable security procedures and practices appropriate to the nature of the information stored, in order to protect Personal Data covered by this Statement from unauthorized access, destruction, use, modification, or disclosure.

Onward Transfers of Personal Data

In the event the Celerius Group transfers Personal Data covered by this Statement to a third party acting as a controller, Celerius Group will do so consistent with any notice provided to Customers and Users and any consent they have given, and only if the third party provides contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Customers and Users, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Celerius Group has knowledge about a third party acting as a controller is processing Personal Data covered by this Statement in a way that is contrary to the Principles, Celerius Group will take reasonable steps to prevent or stop such processing.

With respect to agents of Celerius Group, the Celerius Group will transfer only the Personal Data covered by this Statement needed for an agent to deliver to Celerius Group the requested product or service. Furthermore, the Celerius Group will:

  1. Permit the agent to process such Personal data only for limited and specified purposes.
  2. Require the agent to provide at least the same level of privacy protection as is required by the Principles.
  3. Take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with the Celerius Group’s obligations under the Principles.
  4. Require the agent to notify Celerius Group if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Principles, Celerius Group will take reasonable and appropriate steps to stop and remediate unauthorized processing.

Celerius Group remains liable under the Principles if an agent processes Personal Data covered by this Statement in a manner inconsistent with the Principles, except where Celerius Group is not responsible for the event giving rise to the damage.

Third Party Disclosures

Celerius Group employs third party companies and individuals, and therefore may disclose Personal Data that Customers and Users provide to the service on Celerius Group’s behalf:

  1. To subsidiaries and affiliates.
  2. To perform Service-related services and/to assist in analyzing how the Service is used.
  3. In the event Celerius Group sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case Personal Data held by Celerius Group about its Customers will be among the assets transferred to the buyer or acquirer. In such cases, Celerius Group will provide notice before Personal Data is transferred and/or becomes subject to a different Privacy Policy.
  4. If required to do so by law or legal process.
  5. In response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.

Categories of Third Parties With Whom We Share Personal Data

We disclose personal information to the following categories of service providers and other parties:

  • Service providers, including:
    • Payment processors
    • Name and address verification providers
    • Hosting and other technology and communication providers
    • Email distribution companies
    • Staff augmentation and contract personnel
    • Analytics providers
  • Our Affiliates
  • Other parties at your direction, including:
    • Third party business partners who you interact with through the Service; 
    • Other parties authorized by you

Choice

Customers and Users whose Personal Data is covered by this Statement have the right to access such Personal Data and to opt-out, correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of other persons other than the Data Subject would be violated).

Requests for access, opt-out, correction, amendment, or deletion should be sent using the contact information indicated below.

Recourse, Enforcement, and Liability 

Celerius Group’s participation in the DPF is subject to investigation and enforcement by the Federal Trade Commission.

In compliance with the DPF Principles, Celerius Group commits to resolve complaints about your privacy and our collection or use of your Personal Data free of charge. Data Subjects with inquiries or complaints regarding this DPF Policy should first contact Celerius Group using the contact information below.

Commitment to Comply with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF

Celerius Group, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Celerius Group, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Celerius Group, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Complaints and Alternative Dispute Resolution (ADR)

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Celerius Group, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS Alternative Dispute Resolution (ADR) Services, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and Switzerland. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Binding Arbitration 

For more information on binding arbitration, see U.S. Department of Commerce’s DPF:
Annex I (Binding Arbitration).


Changes to this Data Privacy Framework Statement

This Statement may be amended from time to time consistent with the requirements of the Principles. Appropriate notice regarding such amendments will be given.

How to Contact Celerius Group

To ask questions or comment about this Statement and privacy practices, or to update, change or remove Personal Data, contact Celerius Group at https://www.funnelenvy.com/contact/.