Effective: February 28, 2020
At The Sourcing Group (“TSG”) and its wholly-owned subsidiary CarpeDiem Inc., we place a high priority on maintaining the privacy and confidentiality of our customer’s personal information. In order to provide our services to you, we may collect, use and transfer personal information. This notice intends to help you understand our commitment to protecting this information at all times. We are providing this information to describe the information that we may process, and the situations where we may disclose that information to another party. Any questions or comments may be addressed to any member of our senior leadership team at 646-572-7520.
The Sourcing Group participates and has certified its compliance with the in the EU-US Privacy Shield Framework. TSG is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
TSG is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. TSG complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
As part of our commitment, TSG will only disclose information to third parties directly involved in fulfillment activities for purposes of completing the transaction. We will only collect the minimum required information and will not disclose any of such to third parties for any purpose. The identities of authorized third parties will vary depending upon the material being ordered or manufactured but will be limited to authorized branded apparel manufacturers and printers as certified by TSG to deliver to the locations within the EU. This program is subject to oversight and enforcement by the US Department of Commerce.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, The Sourcing Group is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and/or the U.S. Department of Transportation. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback- form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Click here to view our verification status.
INFORMATION WE COLLECT
TSG will process our customer’s information for purposes of printing and mailing documents which may or may not contain personally identifiable information as described by the HIPAA standards. We may store certain aspects of this information on a short term basis for purposes of reporting, reconciling, or augmenting the data as part of our standard service offering to our clients. We may keep and present on a temporary basis, composed documents for viewing by authorized representatives of our customers for purposes of review and approval to release the printed output into the mail. In the process of doing so we may have information specific to a medical service or condition of a person and their family, association with providers, financial standing, enrollment status, and other documents as mandated by city, state, and federal authorities. As a print broker, we may enter into contractual relationships with print shops that we will transmit this data to for actual processing. These shops are held to the same exacting standards and agreement that we commit to our customers. All of this information is only collected and used on an as needed basis for the business benefit of our customers and their constituents.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Personally Identifiable Information
Personally identifiable information refers to information that can be used to identify you, such as your name, email address, phone number, address, billing information such as credit card number and billing address etc. In many cases, we ask for this information to provide the service you wish to use. The amount of personally identifiable information that we know about you is entirely up to you. We will only know personally identifiable information if you choose to share this information about yourself; however, some features or services may not be available unless we obtain a certain amount of personally identifiable information.
We may also collect from you the following personal information about your contacts: Name and email address. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at [email protected].
HOW WE USE THE INFORMATION
We may use this information to Fulfill your order, send you an order confirmation, assess the needs of your business to determine suitable products, send you requested product or service information, send product updates or warranty information, respond to customer service requests, administer your account, send you a catalog, send you a newsletter, send you marketing communications, respond to your questions and concerns Improve our website and marketing efforts, or display content based upon your interests. We may retain your information for as long as your account is active or as needed to provide your services, comply with our legal obligations, resolve disputes and enforce our agreements.
USE OF TRACKING TECHNOLOGIES
HOW WE PROTECT YOUR INFORMATION
In accordance with applicable laws and corporate policies, TSG has a responsibility to protect the privacy of all our customer’s information. We maintain security standards and processes including physical, electronic and procedural safeguards to ensure that any access to personal information is on a need-to-know basis and limited to authorized employees or designees in the performance of fulfillment services which we are contracted for. Some of the procedures we implement are limiting unnecessary printing of documents containing personal information, utilizing secure file transfers mechanism, routine and frequent vulnerability assessments, encryption of any transactional data or output, utilizing locked cabinets for storage of records, and document shredders for proper destruction and disposal of such items when they are no longer needed. We also guard against malicious and unauthorized access by utilizing secure websites as certified by recognized Internet security authorities for our applications, and obtaining and maintaining proper digital certificates to indicate such. . If you have any questions about the security of your personal information, you can contact us at [email protected].
WHO MAY RECEIVE INFORMATION
By entering into a Business Associate Agreement with our clients, we are authorized to use and disclose under the appropriate policies and supervision, any personal information required to provide the fulfilment services we provide. We do not and will not resell any of this information, or provide to a third party for any purposes, unless instructed by our customer in writing to do so. Any and all parties who may see any portion of this information may only do so if it is needed for the performance and quality assurance of their provided function. Any such use will ensure the minimum amount of information is displayed and to perform the function. Any information beyond a name and mailing address that is needed will be encode in such a way as to be illegible to the human eye (e.g. barcodes). Such parties may consist of digital print centers and their supporting staff of QA, Indexers, print operators and inserter operators, offset printers and their staff, mail expeditors, and USPS Postal employees.
TSG is bound by Service Level Agreements, and full transparency to our customers, to disclose any accidental disclosure of personal information that runs counter to the stated goals of this policy. Any disclosure notification will be followed up by a root cause analysis within three days or as defined by an SLA with the customer, whichever is more restrictive. In certain situations, TSG may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Accidental disclosures may occur due to bad data feeds, malfunctioning equipment or faults in programming logic. These can occur at the customer site, or at the print factory. Regardless, of whether a customer believes that they were at fault or whether TSG and its authorized representatives were, TSG will always engage in a root cause analysis for purposes of developing a remediation strategy to avoid the scenario in the future. This is our commitment to our customers for providing a quality service.
UPDATING, CORRECTING, AND DELETING PERSONALLY IDENTIFIABLE INFORMATION
We strongly believe in providing you with the ability to access, edit, or opt-out of providing personally identifiable information to us. Upon request, TSG will provide you with information about whether we hold any of your personal information. Accordingly, at any time, you may amend, update or delete the information about you contained in any registration profile you have completed with us, including any and all personally identifiable information, by contacting us at the contact information below and we will respond to your request in a timely manner.
The Sourcing Group
TSG RESERVES THE RIGHT AT ANY TIME TO MODIFY THIS DOCUMENT IN ANY WAY TO INCORPORATE OR REMOVE PROVISIONS AS DEEMED NECESSARY TO COMPLY WITH APPLICABLE LAWS, AND TO MAINTAIN A POLICY WHOSE INTENT IS TO OFFER THE BEST OF BREED IN MAINTENANCE OF PRIVACY.