The General Data Protection regulation (GDPR) is a set of laws enacted in the EU in 2018 regarding use of personal information obtained by companies about individuals. Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US.
The GDPR has specific requirements regarding the transfer of data out of the EU. One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws. In general the EU does not list the US as one of the countries that meets this requirement.
Privacy Shield is designed to create an program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information. In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR.
For more information regarding how Privacy Shield relates to the GDPR visit this link: GDPR and Privacy Shield.
Chromatography Research Supplies, Inc. (CRS), sells products intended for laboratory use to end users and distributors throughout the world. Protecting user privacy is important to CRS.
CRS complies with the EU-U.S. Privacy Shield Framework and the
Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, retention, and transfer of personal information data from the European Union (“EU”) member countries and Switzerland to the United States of America, respectively.
CRS has certified to the Department of Commerce that we adhere to the Privacy Shield principles including: notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
“Personal Information” or “Information” means information that (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
CRS shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which CRS discloses or may disclose that Information. CRS shall provide the individual with the opportunity and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to CRS, or as soon as practicable thereafter, and in any event before CRS uses or discloses the Information for a purpose other than for which it was originally collected.
CRS will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, CRS will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
- Accountability for Onward Transfers
Prior to disclosing Personal Information to a third party, CRS shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. CRS shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. CRS acknowledges liability in cases of appropriate onward transfer to third parties.
- Data Security
CRS shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. CRS has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. CRS cannot guarantee the security of Information on or transmitted via the Internet. CRS may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
- Data Integrity and Purpose Limitation
CRS shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, CRS shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
CRS shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information.
- Recourse, Enforcement and Liability
Chromatography Research Supplies, Inc.
2601 Technology Drive
Louisville, KY 40299 USA
tel. +1 502 491 6300
CRS has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield to an independent dispute resolution mechanism, the EU Data Protection Authorities (DPAs); as well as for the Swiss-US Privacy Shield to the Swiss Federal Data Protection and Information Commissioner (FDPIC). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by CRS, please contact the DPA for your country or the FDPIC. Contact information for the DPAs and FDPIC can be found at their web sites listed below:
The Federal Trade Commission has jurisdiction over CRS compliance with the Privacy Shield. Under certain limited conditions, it is possible for individuals to invoke binding arbitration before the Privacy Shield Panel, a binding arbitration mechanism.
What are Cookies?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. Some cookies are necessary to site function, for example, to track the state of the user session during checkout, some are used to track the user’s preferences on the website, for example, for automatic login or to identify the most significant site features.
It is possible to disable the placement of cookies on your computer by setting your browser to disable cookies in the browser configuration settings. You will still be able to access the CRS website, but some functionality will be lost.
What information is gathered and how is it used?
Business, Navigational and Analytical Information
CRS operates solely as a business-to-business entity, and any collection of personal data is inadvertent. Business data, such as order history and bill to and ship to addresses are maintained by CRS as is required for accounting, engineering and safety regulations.
External Links to Social Media Sites
CRS maintains links to many websites created and maintained by other public and/or private organizations such as Social Media sites. If you click a link to an outside website, such as Twitter or YouTube, you will leave the ChromRes.com site and are subject to the privacy and security policies of the owners/sponsors of the outside website.
CRS manages a presence on several social media sites (e.g., Twitter, YouTube, Facebook, and Linked In) in order to share CRS marketing information and engage with the public. We do not collect any Personally Identifiable Information through those sites. We also do not provide personal information made available by the user to these third-party sites.
Right to be forgotten, Data Deletion Requests, Opt-Outs, Unsubscribes
A user may unsubscribe from CRS communications at any time by clicking the unsubscribe option at the bottom of any newsletter communication, or by contacting CRS. Any personal information gathered including name, company, address, phone, or email address can be fully deleted at any time upon request, within a reasonable and legal manner.
Information about Children
This website is not intended for or targeted at children or any person under the age of 18. We do not knowingly or intentionally collect information about children or any person under the age of 18. If you believe we have mistakenly collected information about a child, please contact CRS to start the data deletion process.
Additional Examples of Data Use:
- To Improve browsing experience on the website. For example, keeping a user logged in throughout their browsing visit and the ability to "remember" what is in their cart.
- Cookie a user so that we do not ask you to accept the privacy terms or complete a survey every single time you visit the website.
- When full consent is given, we will periodically contact you via phone, mail, or email to send out newsletters or other information we think our customers may find useful.
How Long Information is Retained
We will retain information for a reasonable period of time to ensure that we can fulfill legitimate business needs to contact a user. For Example, if a user continues to order products, we must retain their information and contact them with routine communications such as order acknowledgements, invoices, and receipts, etc., for as long as legally needed. Information for marketing materials and navigational purposes will be reviewed on an annual basis for a user to reconfirm receipt of information and retention of data.
Information Subject to Other Policies
Questions, comments or complaints regarding the CRS Privacy Shield Policy or data collection and processing practices can be emailed to firstname.lastname@example.org or mailed to:
Chromatography Research Supplies, Inc.
2601 Technology Drive
Louisville, KY 40299